摘要:The security of medical record is no doubt an issue of concern based on its importance and the required confidentiality. Electronic personal health records enable patients to access, manage, and share certain part of their own health information once it is available online. These capabilities establish the need for precise access-control mechanisms that should restrict the sharing of data to that authorized personnel. This research work explores the adoption of a relational database query for authentication as an access-control mechanism for restricting access to patient records. The project implemented the mechanism entirely in a relational database system using ANSI-standard SQL statements. Based on a set of access-control rules encoded as relational table rows, the mechanism determines via a single SQL query whether a user who accesses patient data from a specific application is authorized to perform a requested operation on a specified data object. The implementation was carried out with Microsoft Visual Studio 2010 – VB as the front-end. Testing of this query on a moderately large database has demonstrated execution times consistently below 100 milliseconds and only users who are authorized to perform specific operation are permitted by the system.
