CN113782134A - Method and system for sharing medical data - Google Patents

Method and system for sharing medical data Download PDF

Info

Publication number
CN113782134A
CN113782134A CN202111147506.1A CN202111147506A CN113782134A CN 113782134 A CN113782134 A CN 113782134A CN 202111147506 A CN202111147506 A CN 202111147506A CN 113782134 A CN113782134 A CN 113782134A
Authority
CN
China
Prior art keywords
data
preset
medical
medical data
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111147506.1A
Other languages
Chinese (zh)
Inventor
冯晓彬
张静
黎成权
吴美龙
董家鸿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
North China University of Technology
Original Assignee
Tsinghua University
North China University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University, North China University of Technology filed Critical Tsinghua University
Priority to CN202111147506.1A priority Critical patent/CN113782134A/en
Publication of CN113782134A publication Critical patent/CN113782134A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • G06F40/289Phrasal analysis, e.g. finite state techniques or chunking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/30Semantic analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H15/00ICT specially adapted for medical reports, e.g. generation or transmission thereof

Abstract

The application provides a method and a system for medical data sharing. The method comprises the following steps: the secure working environment starts an application program for generating medical data; when the safe working environment determines that the preset data characteristics are extracted from the first data generated by the application program, the first data are subjected to preset processing to obtain second data; the safe working environment sends the second data to the intermediate equipment; the intermediate equipment forwards the second data when determining that the second data is in a preset data format; the preset data format corresponds to a preset process. The method uses the safe working environment and the intermediate equipment to be matched, so that only the medical data which accords with the preset data characteristics and the preset data format can be sent out, and the safety of the medical data is improved.

Description

Method and system for sharing medical data
Technical Field
The present application relates to the field of data security protection technologies, and in particular, to a method and a system for sharing medical data.
Background
With the rapid development of information technology, medical data digitization has been widely used. Medical staff in a medical institution mostly work through an internal medical information system, and the system relates to medical data with a plurality of sensitive information including personal information, anamnesis and treatment information. Therefore, how to prevent the medical data from being leaked and stolen and protect the privacy of the user is a problem to be solved in the field.
Disclosure of Invention
The embodiment of the application provides a method and a system for sharing medical data, which are used for carrying out double processing on the medical data by using a safe working environment and an intermediate device so as to improve the safety of the medical data.
The application program for generating the medical data is started and operated in a safe working environment, and the intermediate equipment is used for screening the medical data to be transmitted, so that the privacy of a user is protected.
In a first aspect, an embodiment of the present application provides a method for medical data sharing, where the method includes: when the safe working environment determines that preset data characteristics are extracted from first data generated by the application program, presetting the first data to obtain second data; the secure working environment sends the second data to an intermediate device; the intermediate device forwards the second data when determining that the second data is in a preset data format; the preset data format corresponds to the preset processing.
According to the embodiment, the application program is started by using the safe working environment, so that the application program can only run in the safe working environment, and the medical data generated by the application program can be prevented from being stolen. Wherein the secure operating environment may be a system program that launches and runs an application. The safety working environment carries out feature extraction on first data needing to be sent, and when the preset data features are determined to be extracted, the first data are converted into second data to be sent again through preset processing, so that only the data meeting the preset data features can be sent out outwards. The intermediate device only forwards data which are sent by the safe working environment and conform to the preset data format, the intermediate device and the safe working environment are matched with each other, the medical data generated by the application program are subjected to double protection, and the safety of the medical data can be improved.
In a possible implementation manner, the forwarding, by the intermediate device, the second data includes forwarding, by the intermediate device, the second data when it is determined that the second data is in a preset data format; the preset data format corresponds to the preset processing.
In this embodiment, the intermediate device forwards the data when determining that the data is in the preset data format, so as to ensure that only the data conforming to the preset format can be sent out.
In one possible embodiment, the secure work environment launching an application for generating medical data comprises: acquiring running environment information of the application program; and when the running environment information is consistent with the preset environment information of the application program, starting the application program.
In this embodiment, the secure operating environment starts the application program when the operating environment information of the application program conforms to the preset information, which can ensure that the application program is not used illegally, thereby protecting the security of the data in the application program.
In one possible embodiment, the secure working environment extracts the preset data features from the first data by: obtaining a characteristic vocabulary of the first data by utilizing a word segmentation algorithm; inputting the feature vocabulary into a feature extraction model, and determining to extract the preset data features from the first data according to the output of the feature extraction model.
In this embodiment, the safe working environment may use a word segmentation algorithm and an extraction model to extract data features from the data, so as to determine whether the data features are preset data features.
In a possible implementation manner, when determining that the second data is in a preset data format, the forwarding, by the intermediate device, the second data includes: the intermediate device acquires identity information of a user logging in the application program when the first data is determined to be in a preset data format; and forwarding the second data when the identity information is determined to be preset identity information.
In this embodiment, before the intermediate device forwards the data, the intermediate device determines the identity information of the user who logs in the application program, so that it can be ensured that the legitimate user uses the application program to send the data to the outside, and the data security is protected.
In a second aspect, the present application also provides a method for medical data sharing, the method performed by a secure work environment in a medical data processing device, comprising: launching an application for generating medical data; when the preset data characteristics are extracted from the first data generated by the application program, presetting the first data to obtain second data; and sending the second data to the intermediate device.
In one possible embodiment, the secure work environment launching an application for generating medical data comprises: acquiring running environment information of the application program; and when the running environment information is consistent with the preset environment information of the application program, starting the application program.
In one possible embodiment, the secure working environment extracts the preset data features from the first data by: obtaining a characteristic vocabulary of the first data by utilizing a word segmentation algorithm; inputting the feature vocabulary into a feature extraction model, and determining to extract the preset data features from the first data according to the output of the feature extraction model.
In a third aspect, the present application also provides an apparatus for medical data sharing, the apparatus comprising: the starting module is used for starting an application program used for generating medical data; the processing module is used for performing preset processing on first data to obtain second data when the preset data characteristics are extracted from the first data generated by the application program; and the sending module is used for sending the second data to the intermediate equipment.
In an optional implementation manner, the starting module is specifically configured to: acquiring running environment information of the application program; and when the running environment information is consistent with the preset environment information of the application program, starting the application program.
In an optional implementation manner, the processing module is specifically configured to perform feature extraction on the first data to obtain data features by: obtaining a characteristic vocabulary of the first data by utilizing a word segmentation algorithm; inputting the feature vocabulary into a feature extraction model, and determining to extract the preset data features from the first data according to the output of the feature extraction model.
In a fourth aspect, the present application further provides a method for medical data sharing, the method being performed by an intermediary device, the method comprising: receiving second data; and forwarding the second data when the second data is determined to be in a preset data format.
In a possible implementation manner, when it is determined that the second data is in a preset data format, forwarding the second data includes: the intermediate device acquires identity information of a user logging in the application program when the first data is determined to be in a preset data format; and forwarding the second data when the identity information is determined to be preset identity information.
In a fifth aspect, the present application further provides a system for medical data sharing, the system comprising a medical data processing device and an intermediary device. The medical data processing device comprises a secure working environment for initiating: an application that generates medical data; when the safe working environment determines that preset data characteristics are extracted from first data generated by the application program, presetting the first data to obtain second data; and the secure working environment sends the second data to the intermediate equipment. The intermediate device is configured to forward the second data.
In an alternative embodiment, the secure work environment launching an application for generating medical data comprises: acquiring running environment information of the application program; and when the running environment information is consistent with the preset environment information of the application program, starting the application program.
In an alternative embodiment, the secure working environment extracts the preset data features from the first data by: obtaining a characteristic vocabulary of the first data by utilizing a word segmentation algorithm; inputting the feature vocabulary into a feature extraction model, and determining to extract the preset data features from the first data according to the output of the feature extraction model.
In an optional implementation manner, the forwarding, by the intermediate device, the second data includes forwarding, by the intermediate device, the second data when it is determined that the second data is in a preset data format; the preset data format corresponds to the preset processing.
In an optional implementation manner, when determining that the second data is in the preset data format, the forwarding, by the intermediate device, the second data includes: the intermediate device acquires identity information of a user logging in the application program when the first data is determined to be in a preset data format; and forwarding the second data when the identity information is determined to be preset identity information.
In a sixth aspect, the present application further provides a medical data processing apparatus comprising a memory and a processor, the memory storing computer instructions, and the processor executing the computer instructions to implement any of the aspects of the second aspect and its optional embodiments.
In a seventh aspect, the present application further provides a computer-readable storage medium having instructions stored therein, which when executed on the computer, cause the computer to implement any one of the foregoing second aspect and its optional embodiments or fourth aspect and its optional embodiments.
In an eighth aspect, the present application also provides a computer program product comprising instructions which, when executed by a computer or processor, implement any of the foregoing second aspect and its optional embodiments or fourth aspect and its optional embodiments.
Any one of the above-mentioned apparatuses, computer storage media, or computer program products is configured to execute the above-mentioned methods, so that the beneficial effects achieved by the apparatuses, the computer storage media, or the computer program products can refer to the beneficial effects of the corresponding schemes in the corresponding methods provided above, and are not described herein again.
Drawings
Fig. 1 is a schematic structural diagram of an application scenario for medical data sharing provided in an embodiment of the present application;
fig. 2 is a flowchart of a method for medical data sharing provided by an embodiment of the present application;
FIG. 3 is a flow chart of a method for training a feature extraction model according to an embodiment of the present disclosure;
FIG. 4 is a flowchart of a method for executing a secure working environment according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an apparatus for sharing medical data according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a medical data processing device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions of the embodiments of the present application will be described below with reference to the accompanying drawings.
In the description of the embodiments of the present application, the words "exemplary," "for example," or "for instance" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary," "e.g.," or "e.g.," is not to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the words "exemplary," "e.g.," or "exemplary" is intended to present relevant concepts in a concrete fashion.
In the description of the embodiments of the present application, the term "and/or" is only one kind of association relationship describing an associated object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, B exists alone, and A and B exist at the same time. In addition, the term "plurality" means two or more unless otherwise specified. For example, the plurality of systems refers to two or more systems, and the plurality of screen terminals refers to two or more screen terminals.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicit indication of indicated technical features. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.
In order to enhance the security of medical data and avoid the medical data from being leaked or illegally stolen, one method in the related art is to use a data encryption means to encrypt the medical data and then send the encrypted medical data out, and after receiving a ciphertext of the medical data, a receiver needs to decrypt the ciphertext to obtain the medical data, so that the sharing process is complicated, and the key of the encrypted data is at risk of being leaked. Another method in the related art is to isolate data by using a physical means, that is, to isolate an intranet from an extranet by using a physical method, thereby preventing intrusion or information leakage. The method needs to switch the intranet equipment to the extranet computer when accessing the public network, and copies the medical data between the intranet computer and the extranet computer, thereby directly increasing the risk of illegal stealing and leakage of the medical data. But the means of physical isolation also increases the cost of data protection.
Fig. 1 is a schematic structural diagram of a medical data sharing scenario provided in an embodiment of the present application. As shown in fig. 1, the scenario includes: a medical data network 100, a general network 200 and a medical data server 300, the medical data network 100, the general network 200 and the medical data server 300 can be connected to a public network through respective routers (router 1, router 2 and router 3) to share medical data through the public network. It should be noted that the connection in the present application may be an electrical connection and a communication connection.
The medical data network 100 includes: at least one medical data processing device (such as device 1 and device 2 in fig. 1), and an intermediate device (such as intermediate device 1 of connection device 1 and intermediate device 2 of connection device 2 in fig. 1) connected to each medical data processing device, wherein the intermediate device is connected to router 1 through a local area network. The general network 200 includes: at least one medical data processing device (such as device 2 and device 3 in fig. 1), and an intermediate device (such as intermediate device 3 of connection device 3 and intermediate device 4 of connection device 4 in fig. 1) connected to each medical data processing device, wherein the intermediate device is connected to router 2.
It should be noted that the medical data processing apparatus and the intermediate apparatus described later in the present application may be any one of the apparatuses and devices of the medical data network 100 and the general network 200.
In the embodiment of the present application, the medical data processing apparatus is used to provide a platform for generating medical data for a user, for example, an application program for generating medical data may be installed in the medical data processing apparatus, so that the user can use the application program to generate medical data. The user may also generate medical data in the medical data processing device, or store the medical data in the medical data processing device, send the medical data to other devices (including the medical data processing device and the medical data server 300 in the general network 200) through the public network, or obtain the medical data from other devices in case of sharing requirement. Alternatively, the medical data processing device may be a terminal device such as a computer, a notebook computer, a tablet computer, and a mobile phone. Alternatively, the user may create the medical data in the application program, or modify the existing medical data to generate the medical data, or the user may delete the data in the application program.
In the embodiment of the application, the intermediate device is used for screening the medical data from the sender according to a set network security policy under the condition that a user has a data sharing requirement, and judging whether the medical data can be forwarded to the receiver so as to ensure that the medical data is not leaked and illegally stolen.
In the embodiment of the application, in order to ensure that the medical data in the medical data processing equipment is not illegally stolen and leaked, the safe working environment of the application program is built in the medical data processing equipment, so that the application program can only be started and operated in the safe working environment. Alternatively, the secure operating environment may be a program in the device.
Fig. 2 is a flowchart of a method for sharing medical data according to an embodiment of the present application. The method is realized by the mutual cooperation of the safe working environment of the medical data processing equipment and the intermediate equipment. As shown in fig. 2, the method includes steps S201 to S204 as follows.
In step S201, the secure working environment starts an application for generating medical data.
In this embodiment, a user may trigger a start operation for starting an application program in the medical data processing device, when the safe working environment of the medical data processing device detects the start operation, determine whether the start operation occurs in the safe working environment, and when it is determined that the start operation occurs in the safe working environment, the safe working environment starts the application program. Otherwise, the medical data processing apparatus terminates the start operation at the kernel layer.
In one example, the secure work environment of the medical data processing device may obtain environment information for the start-up operation and compare the environment information with environment information of the secure work environment to determine whether the start-up operation occurred in the secure work environment.
In one example, a user may log into an application after the application is launched, using their own account number and password. The application program can determine whether the user can log in the application program by detecting the account number and the password of the user. In one example, after the user logs into the application, the medical data may be imported into the application or created using a data template in the application.
In one example, after the user generates medical data using the application, the secure work environment may redirect the medical data to be saved under its designated work directory. Optionally, the secure working environment may redirect an Application Programming Interface (API) and a bottom driver of the application layer using a process HOOK (HOOK program), so that the medical data is stored in a designated work directory, and data security is improved.
In step S202, when the secure working environment determines that the preset data feature is extracted from the first data generated by the application program, the first data is subjected to preset processing to obtain second data.
In this embodiment, when a user needs to share first data in medical data generated by an application program to another device through a public network, for example, the first data is sent to another user or uploaded to the server 300 for storage, and the secure working environment may obtain the first data to perform feature extraction, so as to obtain data features corresponding to the first data. And after the data characteristics are obtained, the safe working environment compares the data characteristics with preset data characteristics to determine whether the preset data characteristics are extracted from the first data or not. When the safe working environment determines that the preset data characteristics are extracted from the first data, the first data is processed using a preset process and converted into second data. The preset processing is built in the safe working environment, and aims to process the first data into a preset data format, and the processed first data is the second data.
In one example, a first indication may be sent to the secure work environment when a user needs to share data. The first indication may include first information of first data that the user wants to transmit, and may further include second information of receiving the first data. The first information may include a number of the first data, or other identification information of the first data; the second information may include a number or an internet protocol address (IP address) of the receiver, or other identification information of the receiver that receives the first data.
In one example, the secure work environment may process the first data using a word segmentation algorithm to obtain a feature vocabulary of the first data, then input the feature vocabulary to a feature extraction model, and determine data features of the first data from an output of the feature extraction model. Optionally, the feature extraction model may be obtained by training according to a training sample obtained in advance, and a specific training process will be described later, which is not described herein again. The preset data feature may be a department number of the first data, or a data type, or a patient disease name, etc. In practical applications, the preset data features may be specifically configured according to the medical data.
In one example, the secure working environment may perform a predetermined process on the first data, and convert the first data into a first data format. For example, the secure working environment may perform encapsulation processing (preset processing) on the first data, and encapsulate the first data into a Uniform Content tag (UCL) format. The UCL format is content metadata that is developed based on a Uniform Resource Locator (URL) and describes standardized vector features of information resources in a multidimensional and omnibearing manner. The data unit based on the UCL standard can comprehensively describe the pragmatic information, semantic information and management information of clinical contents and give consideration to users, owners and managers of data. In one example, the safe working environment may further select a first data format corresponding to the first data from the plurality of first data formats according to the data characteristics of the medical data, and then perform the conversion process. It should be noted that the UCL format is a clinical medical data format, and may include: patient information, semantic information, and management information. The patient information may include: patient name, age, gender, occupation, medical insurance, patient master index (EMPI), visit time, medical institution identification, etc., wherein EMPI may be a patient basic information retrieval directory; the semantic information may include: doctor treatment behavior, outpatient/emergency treatment information, medical images, charging details, medical records, outpatient prescription details, and the like; the management information is oriented to a data management and supervision party, including provenance, safety, signature, copyright and the like, and supports credibility authentication and traceability.
In one example, the identity information of the user may be an Identification (ID) of the user logging in to the application. When the user needs to share the medical data, the secure working environment may obtain the ID of the user currently logging in the application program as the identity information of the user. In other examples, the identity information may also be the user's profession and position, etc.
In one example, when the secure working environment does not extract the preset data features from the first data, the secure working environment may issue an alarm to the administrator and apply to the administrator whether to send the first data. And when the application result is passing, the safe working environment sends the first data, and when the application is not passing, the first data is not sent.
In step S203, the secure working environment transmits the second data to the intermediate device.
In this embodiment, when the medical data processing device is electrically connected to the intermediate device, the secure operating environment may send the second data to the intermediate device through the data transmission interface of the medical data processing device, and correspondingly, the intermediate device receives the second data through the data transmission interface thereof. When the medical data processing device and the intermediate device are in communication connection, the secure working environment can transmit the second data to the intermediate device through the communication module of the medical data processing device according to the preset communication protocol, and correspondingly, the intermediate device receives the second data through the communication module of the intermediate device.
In step S204, the intermediate device forwards the second data.
In this embodiment, when obtaining the second data, the intermediate device may determine whether the second data conforms to a set network security policy, so as to determine whether the second data may be forwarded.
In one example, the network security policy may be to receive a data sharing request of a user and forward the second data when the second data conforms to a preset data format, and to reject the data sharing request of the user and not forward the second data when the second data does not conform to the preset data format. When the data sharing request of the user is rejected, the intermediate device can also send rejection information to the safe working environment, and when the medical data processing device receives the information, the information is fed back to the user through the display interface.
In an example, before forwarding the second data, the intermediate device may further obtain identity information of a user who logs in the application program from the secure working environment, compare the identity information of the user with a preset identity information set, and forward the second data when the preset identity information set includes the identity information of the user, otherwise, not forward the second data.
It should be noted that the receiver of the second data may be set in the intermediate device in advance, or the intermediate device may obtain the receiver indicated by the user from the secure operating environment. Specifically, the receiving party may use an IP address of a device or a server to indicate, that is, the intermediate device sets the IP address of the receiving party, or the secure working environment informs the intermediate device of the IP address of the receiving party, and the intermediate device may send the medical data according to the IP address.
Fig. 2 is a flowchart of a method for training a feature extraction model according to an embodiment of the present disclosure. The method may be performed by a medical data processing device, as shown in fig. 3, the method comprising steps S301 and S302 as follows.
In step S301, training samples are acquired.
In this embodiment, the training sample includes a feature vocabulary sample and a data feature tag corresponding to the feature vocabulary sample. The medical data processing device can perform word segmentation on the medical data samples by using a word segmentation algorithm to obtain characteristic vocabulary samples of each medical data sample, wherein the medical data samples can be uploaded to the medical data processing device by a user. And then, labeling the characteristic vocabulary sample based on the data characteristic label set by the user, obtaining a data characteristic label corresponding to the characteristic vocabulary sample, and feeding back the data characteristic label to the medical data processing equipment.
In one example, the characteristic vocabulary sample may be a medical term for a board of symptoms, diseases, physical examinations, signs, laboratory examinations, imaging examinations, pathological examinations, and the like.
In step S302, the feature extraction model is trained using the training samples.
In this embodiment, the medical data processing device may input the feature vocabulary samples in the training samples into a pre-established feature extraction model, then perform error calculation according to the output of the feature extraction model and the data feature labels corresponding to the feature vocabulary samples, and adjust parameters of the feature extraction model until the errors meet preset requirements, and then end the training process of the feature extraction model. Optionally, the architecture of the feature extraction model may adopt any one of neural networks such as a convolutional neural network, a BP neural network, and a deep neural network.
In one example, the medical data processing device may also use the feature vocabulary samples of the non-medical data samples and their labels to reverse train the feature extraction model to avoid extracting data features from the non-medical data, which may be medical science popularization articles.
Based on the method embodiment shown in fig. 2, the present application further provides a method for sharing medical data, where the method is performed by a secure working environment in a medical data processing device. As shown in fig. 4, the method includes steps S401 to S403 as follows.
In step S401, an application program for generating medical data is started.
In step S402, when it is determined that a preset data feature is extracted from the first data generated by the application program, performing preset processing on the first data to obtain second data.
In step S403, the second data is sent to an intermediate device.
In this embodiment, the specific descriptions of step S401 to step S403 may refer to the descriptions of step S201 to step S203 in the foregoing embodiment of the method shown in fig. 2, and are not described again here.
Based on the method embodiment shown in fig. 4, the present application also provides an apparatus for sharing medical data. The device is applied to a medical data processing apparatus for implementing the method steps described in fig. 4. As shown in fig. 5, the apparatus includes: the device comprises a starting module 501, an obtaining module 502 and a sending module 503. It is to be understood that the structural division shown in fig. 5 is only an example of the division of the apparatus in the embodiment of the present application, and does not constitute a limitation to the apparatus, and in other embodiments, the apparatus may be further divided into other functional modules.
In one example, the launching module 501 is used to launch an application for generating medical data; the obtaining module 502 is configured to obtain feature information corresponding to the medical data; the sending module 503 sends the medical data and the feature information to the intermediate device. The specific execution processes of the three modules may also be described in steps S201 to S203 in the embodiment of the method shown in fig. 2, and are not described herein again.
Based on the method embodiment shown in fig. 2, an embodiment of the present application further provides an intermediate device, where the intermediate device is configured to execute step S204 in fig. 2, so as to implement secure forwarding of medical data.
Based on the method embodiment shown in fig. 2, the present application further provides a system for sharing medical data, where the system includes a medical data processing device and an intermediate device. The detailed steps of the specific implementation of the medical data processing device and the intermediate device are described in the summary of the invention and the foregoing method embodiments, and are not described herein again.
Based on the method embodiments shown in fig. 2 and fig. 4, the present application also provides a medical data processing device. As shown in fig. 6, the medical data processing apparatus includes a processor 610, a memory 620, an interface 630, and a bus 640.
The memory 620 may be one of a Read Only Memory (ROM), a Random Access Memory (RAM), a hard disk, and a flash memory, or any combination thereof. The memory 620 may store a program, and the processor 610 is configured to perform the method shown in fig. 2 or fig. 4 when the program stored in the memory 620 is executed by the processor 610. The memory 620 may also be used for feature extraction models and training samples, and may also store medical data.
The processor 610 may employ a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), a GPU, or any combination thereof. The processor 610 may include one or more chips. The processor 610 may include an AI accelerator, such as a Neural Processing Unit (NPU).
The interface 630 may use a transceiver module, such as a transceiver, to enable data transfer between the medical data processing device and the intermediary device, and the interface 630 may be a communication interface, or other data transfer interface.
Bus 640 may include a pathway to communicate information between the various components of the medical data processing apparatus (processor 610, memory 620, and interface 630).
It is understood that the processor in the embodiments of the present application may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. The general purpose processor may be a microprocessor, but may be any conventional processor.
The method steps in the embodiments of the present application may be implemented by hardware, or may be implemented by software instructions executed by a processor. The software instructions may consist of corresponding software modules that may be stored in Random Access Memory (RAM), flash memory, read-only memory (ROM), programmable read-only memory (PROM), Erasable Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), registers, a hard disk, a removable hard disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an ASIC.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in or transmitted over a computer-readable storage medium. The computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is to be understood that the various numerical references referred to in the embodiments of the present application are merely for descriptive convenience and are not intended to limit the scope of the embodiments of the present application.

Claims (10)

1. A method for medical data sharing, the method comprising:
a secure working environment in the medical data processing device starts an application program for generating medical data;
when the safe working environment determines that preset data characteristics are extracted from first data generated by the application program, presetting the first data to obtain second data;
the secure working environment sends the second data to an intermediate device;
the intermediate device forwards the second data.
2. The method of claim 1, wherein the intermediate device forwarding the second data comprises the intermediate device forwarding the second data when determining that the second data is in a preset data format; the preset data format corresponds to the preset processing.
3. The method of claim 1, wherein the secure work environment launching an application for generating medical data comprises:
acquiring running environment information of the application program;
and when the running environment information is consistent with the preset environment information of the application program, starting the application program.
4. The method of claim 1, wherein the secure work environment extracts the predetermined data characteristic from the first data by:
obtaining a characteristic vocabulary of the first data by utilizing a word segmentation algorithm;
inputting the feature vocabulary into a feature extraction model, and determining to extract the preset data features from the first data according to the output of the feature extraction model.
5. The method of claim 2, wherein the intermediate device, when determining that the second data is in a preset data format, forwarding the second data comprises:
the intermediate device acquires identity information of a user logging in the application program when the first data is determined to be in a preset data format;
and forwarding the second data when the identity information is determined to be preset identity information.
6. A method for medical data sharing, the method performed by a secure work environment in a medical data processing device, comprising:
launching an application for generating medical data;
when the preset data characteristics are extracted from the first data generated by the application program, presetting the first data to obtain second data;
and sending the second data to the intermediate device.
7. An apparatus for medical data sharing, the apparatus comprising:
the starting module is used for starting an application program used for generating medical data;
the processing module is used for performing preset processing on first data to obtain second data when the preset data characteristics are extracted from the first data generated by the application program;
and the sending module is used for sending the second data to the intermediate equipment.
8. A system for medical data sharing, characterized in that the system comprises a medical data processing device and an intermediate device,
the medical data processing device comprises a secure working environment for initiating: an application that generates medical data; when the preset data characteristics are extracted from the first data generated by the application program, presetting the first data to obtain second data; sending the second data to an intermediate device;
the intermediate device is configured to forward the second data.
9. A medical data processing apparatus, characterized in that the medical data processing apparatus comprises a memory and a processor, the memory storing computer instructions, the processor executing the computer instructions to implement the method of claim 6.
10. A computer-readable storage medium having stored therein instructions which, when executed on the computer, cause the computer to implement the method of claim 6.
CN202111147506.1A 2021-09-29 2021-09-29 Method and system for sharing medical data Pending CN113782134A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111147506.1A CN113782134A (en) 2021-09-29 2021-09-29 Method and system for sharing medical data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111147506.1A CN113782134A (en) 2021-09-29 2021-09-29 Method and system for sharing medical data

Publications (1)

Publication Number Publication Date
CN113782134A true CN113782134A (en) 2021-12-10

Family

ID=78854303

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111147506.1A Pending CN113782134A (en) 2021-09-29 2021-09-29 Method and system for sharing medical data

Country Status (1)

Country Link
CN (1) CN113782134A (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101382972A (en) * 2008-10-22 2009-03-11 中国网络通信集团公司 Method and system for sharing medical resource information
CN103678928A (en) * 2013-12-20 2014-03-26 广东宝莱特医用科技股份有限公司 Method, device and system for sharing medical information
CN105074719A (en) * 2013-03-15 2015-11-18 英特尔公司 Mutually assured data sharing between distrusting parties in a network environment
CN105791373A (en) * 2014-12-26 2016-07-20 北大医疗信息技术有限公司 Medical system data sharing method and system
CN108766511A (en) * 2018-05-30 2018-11-06 北京阿尔山金融科技有限公司 Medical examination data sharing method, system and electronic equipment
CN109767834A (en) * 2019-01-04 2019-05-17 浪潮软件集团有限公司 A kind of medical imaging data sharing service method and system stored based on cloud messaging service platform and object
CN109951291A (en) * 2019-02-18 2019-06-28 四川迪佳通电子有限公司 Content sharing method and device, multimedia equipment based on credible performing environment
CN110135163A (en) * 2019-03-28 2019-08-16 江苏通付盾信息安全技术有限公司 A kind of safety detection method based on target application, apparatus and system
CN111613339A (en) * 2020-05-15 2020-09-01 山东大学 Similar medical record searching method and system based on deep learning
CN112532385A (en) * 2020-11-20 2021-03-19 天翼电子商务有限公司 Data sharing method based on trusted execution environment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101382972A (en) * 2008-10-22 2009-03-11 中国网络通信集团公司 Method and system for sharing medical resource information
CN105074719A (en) * 2013-03-15 2015-11-18 英特尔公司 Mutually assured data sharing between distrusting parties in a network environment
CN103678928A (en) * 2013-12-20 2014-03-26 广东宝莱特医用科技股份有限公司 Method, device and system for sharing medical information
CN105791373A (en) * 2014-12-26 2016-07-20 北大医疗信息技术有限公司 Medical system data sharing method and system
CN108766511A (en) * 2018-05-30 2018-11-06 北京阿尔山金融科技有限公司 Medical examination data sharing method, system and electronic equipment
CN109767834A (en) * 2019-01-04 2019-05-17 浪潮软件集团有限公司 A kind of medical imaging data sharing service method and system stored based on cloud messaging service platform and object
CN109951291A (en) * 2019-02-18 2019-06-28 四川迪佳通电子有限公司 Content sharing method and device, multimedia equipment based on credible performing environment
CN110135163A (en) * 2019-03-28 2019-08-16 江苏通付盾信息安全技术有限公司 A kind of safety detection method based on target application, apparatus and system
CN111613339A (en) * 2020-05-15 2020-09-01 山东大学 Similar medical record searching method and system based on deep learning
CN112532385A (en) * 2020-11-20 2021-03-19 天翼电子商务有限公司 Data sharing method based on trusted execution environment

Similar Documents

Publication Publication Date Title
US10963578B2 (en) Methods and systems for preventing transmission of sensitive data from a remote computer device
CN108810006B (en) Resource access method, device, equipment and storage medium
CN110336810B (en) Information sharing method, platform, computing device and storage medium
CN108923908B (en) Authorization processing method, device, equipment and storage medium
CN106878264B (en) Data management method and server
US9811674B2 (en) Data leakage prevention system, method, and computer program product for preventing a predefined type of operation on predetermined data
KR101644353B1 (en) Device, method, and system for controlling access to web objects of a webpage or web-brower application
US10122693B2 (en) Protocol based key management
US20210295961A1 (en) A computer implemented method for secure management of data generated in an ehr during an episode of care and a system therefor
US20140358964A1 (en) Natural language processing (NLP) query formulation engine for a computing device
US20150302218A1 (en) Method and system for file hiding
CN111709860B (en) Method, device, equipment and storage medium for processing heritage
CN106980793A (en) TrustZone-based universal password storage and reading method, device and terminal equipment
CN111797430A (en) Data verification method, device, server and storage medium
US20150341371A1 (en) Systems and methods to provide secure storage
CN116980230B (en) Information security protection method and device
CN111046405B (en) Data processing method, device, equipment and storage medium
CN112733180A (en) Data query method and device and electronic equipment
CN114285551A (en) Quantum key distribution method and device, readable storage medium and electronic equipment
CN111581666B (en) Ultrasonic data management system and method based on blockchain
WO2023241366A1 (en) Data processing method and system, and electronic device and computer-readable storage medium
CN113782134A (en) Method and system for sharing medical data
US20140033318A1 (en) Apparatus and method for managing usim data using mobile trusted module
CN112416875B (en) Log management method, device, computer equipment and storage medium
CN113282550A (en) File preview method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20211210