Project Details
Abstract
The major application area of the standard of electronic pedigree (or ePedigree)
established by the EPCGlobal, Inc. is in the source identification and tracing of medicines.
The content of electronic pedigree documents increases as the number of transactions does.
Electronic pedigree documents completely keep track of processes of manufacturing and
supply chain of the healthcare industry. The use of ePedigree documents might reduce the
probability that consumers purchase or take counterfeit medicines. Electronic medical
records (EMR), which are also critical to consumers’ welfare, share similar characteristics
that the content of EMR increases as the number of the patient’s visits does. EMR is an
important reference when physicians treat patients. Furthermore, EMR provides critical and
important evidence based on which negligence in healthcare processes can be determined
and medical dispute might be settled. Because ePedigree documents and EMR involve
critical issues, it is necessary to have a reliable method to examine the integrity of their
contents: the authenticity, correctness, and completeness. That is, the integrity of contents of
ePedigree documents and EMR should not be compromised with unauthorized modification.
The verification of information integrity is an essential component of information systems
auditing. Besides, when disputes regarding the content arise, in addition to verifying the
authenticity of records, a reliable method is needed in order to identify the accountability of
information creators who compromise the information integrity.
Currently, digital signature is the major technique for creating methods for verifying the
information integrity. Digital signature can provide evidence of non-repudiation for business
transactions so that those who are involved in the transaction could be held accountable
when disputes arise. The Department of Health, Executive Yuan officially requires that
healthcare givers must sign digital signatures for EMR that they enter. The format of
ePedigree documents includes digital signatures signed by vendors who are involved in the
transaction so they will be responsible for the content they add. As a result, both types of
documents accumulate multiple digital signatures signed with private keys. In order to verify
each digital signature, it is necessary to use the public key corresponding to the private key
and examine the certificate to assure the authenticity of the public key. Such a verification
process is relatively complex. Also, it is quite time-consuming and cannot meet the need for
efficiency of applications because the execution of complex calculations for such a
verification process is a function of the number of digital signatures. This shortcoming must be remedied with an innovative method. In our preliminary study, we believe that one
feasible approach is to separate the attribution of accountability from the verification of
information integrity. That is, the attribution of accountability of the information creator
could be determined only when the information integrity of documents has been verified as
“compromised with unauthorized modification”. As for the determination of accountability
for compromised information integrity, we believe that the implementation of a
well-designed management system could significantly reduce the need for the use of digital
signature.
One-way hash function, an alternative to digital signature, is another technology that is
frequently used to design verification methods for information integrity. In general, a method
based on one-way hash function is applicable to the verification of a single record or
document. This might meet the efficiency need for practical uses. Nevertheless, ePedigree
and EMR records are documents that are accumulative and may come from multiple sources.
Because of those characteristics, when developing a verification method with one-way hash
function, it will be necessary to customize the method to accommodate those characteristics.
In addition, the project will examine new issues resulting from these types of documents,
including verifying temporal sequence of document segments added at different points in
time, the efficiency issue of constantly growing documents, and the need for selective
inspection of segmented contents.
The principal investigator of the proposal has been devoted to research into the issue of
information integrity. Through his long-term dedicated effort in this area, the PI has obtained
insightful expertise of the need for information integrity verification and the design of
non-digital signature-based verification methods. Recently, the PI extended his research
areas into the study on the framework and relevant standards of EMR and ePedigree
documents and identified the need for addressing the above research issues. The title of the
proposed project is “An innovative information integrity verification method and its
applications”. The proposed project is expected to finish in three years:
The study focus of the first year will be on the development of an efficient and low-cost
verification method for information integrity. We plan to address issues surrounding
information integrity and privacy in supply chains and develop feasible solutions. In the
second year, based on the findings of the first year’s research, we will apply the verification
method to address issues related to EMR. The research objective is to extend the information
integrity verification method with the consideration of patient’s privacy as well as to develop a credible auditing framework. The focus is to address information integrity and privacy
issues in healthcare systems and propose feasible solutions. In the third year, we intend to
identify an innovative business model and conduct a feasibility study for implementing a fair
mechanism to resolve disputes occurring in electronic commerce transactions. The expected
outcomes of the proposed project include an innovative information integrity verification
method and a business model. The innovative method is capable of verifying the information
integrity of a single segment of an ePedigree and EMR document and is able to examine
temporal sequence of content segments added at different points in time. Additionally, it
takes into account the efficiency issue resulted from progressive addition of contents to the
document. Another feature of the method is that it meets the need for selective inspection of
segmented contents. The expected business model will provide services to accounting firms,
law firms or government agencies that frequently face the need to assure the information
integrity of documents. Furthermore, the business model can provide an unbiased
mechanism to settle disputes in case they arise.
Project IDs
Project ID:PF9806-1156
External Project ID:NSC98-2410-H182-002
External Project ID:NSC98-2410-H182-002
Status | Finished |
---|---|
Effective start/end date | 01/08/09 → 31/07/10 |
Keywords
- Information Integrity
- EPCglobal
- Electronic Pedigree
- Electronic MedicalRecord
- Compound Document
- Audit
Fingerprint
Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.