JP2006155212A - Hospital information system, unauthorized access report formation system, and unauthorized access report formation method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To further easily detect an access that is determined as being unauthorized from access record information to patient information stored in a medical institution, and to form an unauthorized-access report. <P>SOLUTION: This system comprises a patient information access record part 7 recording, upon access to a patient checkup record by the user, identification information of the user and the patient as access record information; a user attribute information acquisition part 6 acquiring user attribute information, based on the identification information of users; a patient consultation record information acquiring part 8 for acquiring patient consultation records based on identification information of patients; an illicit access detection part 9 for detecting unauthorized access record information which is deemed unauthorized according to a predetermined condition based on the acquired user attribute information and patient consultation record, and recording it as unauthorized access record information; a report object patient designating part 10 for designating a patient that is the object of report formation; and a report preparing part 11 for preparing a report by using the unauthorized access record information for the designated patient. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a hospital information system, an unauthorized access report creation system, and an unauthorized access report creation method for detecting an access that is determined to be unauthorized from access record information to patient information stored in a medical institution and creating a report of the detection result. About.

  Conventionally, in a medical institution such as a hospital, information such as a department that a patient is on is stored and managed as medical record information. Patient visit record information is generally stored in a hospital information system or medical equipment provided in each medical institution. For this reason, consultation record information has been standardized in order to standardize hospital information systems, etc. "Provisional Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems 1" ASTM PS 115-99, DICOM Supplement 95, IHE Basic Security It is created and managed in accordance with various standards related to audit logs such as Profile.

  Since such patient visit record information is personal information, emphasis is placed on enhancement of security regarding personal information protection. For example, the “Medical Information System Development Center (MEDIS-DC)” has compiled and published “Guidelines for External Preservation of Medical Records” (for example, see Non-Patent Document 1). ). This “Guidelines for external storage of medical records and the like” provides standards regarding the storage location of medical records and the like. In some medical institutions, a list of hospital staff who have accessed an inpatient is reported to the patient.

From such a background, a technology for early detection of unauthorized use by a third party by a medical information center periodically issuing a direct access use status confirmation table to a doctor in charge of a medical site (for example, see Patent Document 1), portal site Technology to open the access log to users of the Internet and call attention (for example, see Patent Document 2), fraud to detect unauthorized access by comparing the communication record between the user and the computer system with the content reported by the user Techniques such as an access detection technique (see, for example, Patent Document 3) have been devised.
JP 2002-63280 A JP 2004-15746 A JP 2004-213476 A “Guidelines for external storage of medical records”, [online], Medical Information System Development Center, [October 29, 2004 search], Internet <URL: http://www.medis.or.jp /2_kaihatu/denshi/file/140613-d.pdf>

  Previously, a method used by medical institutions to report to the patient a list of hospital staff who accessed inpatients, and the medical information center periodically issued a direct access usage confirmation table to the physician in charge at the medical site. As a result, it is necessary to report all access records in technologies such as technology for early detection of unauthorized use by third parties, technology for opening access logs to users of portal sites, and calling attention. There is a problem that the amount of information handled is enormous.

  Further, in the conventional unauthorized access detection technology for detecting unauthorized access by comparing the communication record between the user and the computer system with the content reported by the user, the communication record is compared only with the content reported by the user. However, since it is difficult for a hospital to understand whether or not access is unauthorized unless the organization, role, business, etc. of the hospital operation are understood, it is difficult to determine whether access is unauthorized. Is considered insufficient.

  Furthermore, there is a problem that the unauthorized use of personal information after the patient's healing cannot be checked unless a medical institution requests a record of the use of personal information.

  The present invention has been made in order to cope with such a conventional situation, and more easily detects an access that is determined to be illegal from access record information to patient information stored in a medical institution, for example, after treatment. Hospital information system, unauthorized access report creation system, and unauthorized access report creation method that can create a report of detection results more appropriately according to various situations such as cases where you are not familiar with the mechanism of the hospital or hospital The purpose is to provide.

  In order to achieve the above object, a hospital information system according to the present invention includes, as described in claim 1, a patient visit recording unit that stores a patient visit record that is a patient visit record in a medical institution, In a hospital information system including a user attribute information recording unit that stores user attribute information that is user attribute information, when the user accesses the patient medical record stored in the patient medical record unit A patient information access recording unit for recording, as access record information, the identification information of the accessed user and the identification information of the patient of the patient medical record that has been accessed, and the user included in the access record information A user attribute information acquisition unit for acquiring the required user attribute information from the user attribute information recording unit based on the identification information of the user, and the access record A patient visit record information acquisition unit for acquiring the necessary patient visit record from the patient visit record unit based on the patient identification information included in the report, and the user attribute information received from the user attribute information acquisition unit And unauthorized access record that detects unauthorized access record information from the access record information according to certain conditions based on the patient visit record received from the patient visit record information acquisition unit and records the detection result as unauthorized access record information Using the detection unit, the report target patient designating unit for designating a patient for which a report is created using the unauthorized access record information, and the unauthorized access record information for the patient designated by the report target patient designating unit And a report creation unit for creating a report.

  Moreover, in order to achieve the above-mentioned object, the unauthorized access report creation system according to the present invention provides a patient visit recording unit for storing a patient visit record as a patient visit record in a medical institution as described in claim 8. Patient information that records the access information of the identification information of the accessed user and the identification information of the patient of the patient reception record that is the access target when the user accesses the patient reception record stored in Necessary user attributes from an access recording unit and a user attribute information recording unit that stores user attribute information that is attribute information of the user based on the identification information of the user included in the access record information A user attribute information acquisition unit for acquiring information and a patient visit recording unit based on the patient identification information included in the access record information. Based on the patient consultation record information acquisition unit for acquiring the patient consultation record, the user attribute information received from the user attribute information acquisition unit, and the patient consultation record received from the patient reception record information acquisition unit An unauthorized access detection unit that detects unauthorized access record information from the access record information according to the conditions of the above, and records the detection result as unauthorized access record information, and a patient who is a report creation target using the unauthorized access record information A report target patient designating unit for designating a patient and a report creating unit for creating a report using the unauthorized access record information for the patient designated by the report target patient designating unit.

  In addition, in order to achieve the above-described object, the unauthorized access report creation method according to the present invention includes a patient visit recording unit that stores a patient visit record that is a patient visit record in a medical institution as described in claim 9. Recording the patient identification information of the accessed user and the patient identification information of the patient consultation record to be accessed as access record information when the user accesses the patient consultation record stored in Based on the user identification information included in the access record information, the necessary user attribute information is acquired from a user attribute information recording unit that stores user attribute information that is the user attribute information. Acquiring the necessary patient visit record from the patient visit record unit based on the step and the patient identification information included in the access record information Detecting access record information that seems to be unauthorized from the access record information according to certain conditions based on the acquired user attribute information and the patient visit record, and recording the detection result as unauthorized access record information; And a step of designating a patient as a report creation target using the unauthorized access record information, and a step of creating a report using the unauthorized access record information for the designated patient. Is.

  In the hospital information system, unauthorized access report creation system, and unauthorized access report creation method according to the present invention, it is possible to more easily detect access that is determined to be unauthorized from access record information to patient information stored in a medical institution, for example, A report of detection results can be created more appropriately according to various situations such as after treatment or when the user is not familiar with the hospital mechanism.

  Embodiments of a hospital information system, an unauthorized access report creation system, and an unauthorized access report creation method according to the present invention will be described with reference to the accompanying drawings.

  FIG. 1 is a functional block diagram showing a first embodiment of a hospital information system according to the present invention.

  The hospital information system 1 is provided in a medical institution such as a hospital, for example. The hospital information system 1 includes an unauthorized access report creation system 2, and includes a single or a plurality of input / output terminals 3, a patient consultation recording unit 4, and a user attribute information recording unit 5.

  However, the unauthorized access report creation system 2 may be a system independent of the hospital information system 1. In this case, the unauthorized access report creation system 2 is connected to the hospital information system 1. Further, the unauthorized access report creation system 2 is provided at an arbitrary location such as a data center outside the medical institution, and is connected to a single or plural hospital information systems 1 provided in a single or plural medical institutions through a network. You can also.

  The patient consultation recording unit 4 includes an ID, which is an example of identification information of the patient P at the medical institution, the patient P examination department, the patient P appointment schedule (medical appointment and hospitalization appointment), and the patient P visit history (visit date) Any information among information such as hospitalization period, death discharge), treatment details, etc. is stored in advance as a patient visit record. The user attribute information recording unit 5 includes an ID that is an example of identification information of the user U such as a doctor, a technician, or a nurse who uses the hospital information system 1, the affiliation of the user U, the authority of the user U, and usage. Arbitrary information is stored in advance as user attribute information among information such as the role information of the person U and information such as treatment sharing.

  The input / output terminal 3 includes an input device 3a and a display device 3b. From the input / output terminal 3, it is possible to access a patient visit record that is personal information of the patient P stored in the patient visit record unit 4. For this purpose, the display device 3b of the input / output terminal 3 displays a patient visit record reference screen for referring to the patient visit record and an input screen for displaying the patient visit record reference screen. The input device 3a can be used to input necessary information such as a password, ID number, and patient P identification information necessary for accessing the patient consultation record.

  The patient consultation record may be access-restricted by performing authentication using information such as a password or an ID number, or may be open information that can be accessed by any number of people. In addition, information with access restriction and open information without access restriction may be mixed in the patient consultation record. Further, as in the case where authentication is performed, the user attribute information stored in the user attribute information recording unit 5 is referred to when accessing the patient consultation record as necessary.

  The unauthorized access report creation system 2 is constructed by having a computer read an unauthorized access report creation program, and the computer is used to obtain a user attribute information acquisition unit 6, a patient visit record information acquisition unit 7, a patient information access record unit 8, an unauthorized access detection. Unit 9, report target patient designating unit 10, and report creating unit 11. For this reason, each component is not necessarily physically separated. However, all or part of the unauthorized access report creation system 2 may be configured by a circuit. The unauthorized access report creation system 2 is connected to a monitor 13a and a printer 13b as the input device 12 and the output device 13 as necessary.

  When the user U accesses the patient consultation record by operating the input / output terminal 3, the patient information access recording unit 8 identifies the ID of the user U who has accessed the patient consultation record, and the patient consultation subject to access. It has a function of recording arbitrary information such as the ID of the patient P in the record as access record information. At this time, when a plurality of input / output terminals 3 are provided, in order to specify an access route and an access location, information related to access such as an ID of the operated input / output terminal 3 can be included in the access record information. In addition, the date and time of access to the patient consultation record can be included in the access record information.

  The user attribute information acquisition unit 6 refers to the access record information recorded in the patient information access recording unit 8 and records it in the user attribute information recording unit 5 based on the ID of the user U included in the access record information. It has a function of acquiring necessary user attribute information from the user attribute information and providing it to the unauthorized access detection unit 9.

  The patient visit record information acquisition unit 7 refers to the access record information recorded in the patient information access record unit 8, and the patient recorded in the patient visit record unit 4 based on the ID of the patient P included in the access record information It has a function of obtaining a necessary patient consultation record from the consultation record and giving it to the unauthorized access detection unit 9.

  The unauthorized access detection unit 9 refers to the function of acquiring necessary access record information from the patient information access recording unit 8, the acquired access record information, the user attribute information received from the user attribute information acquisition unit 6, and the patient visit A function of detecting access record information that seems to be unauthorized according to certain conditions based on a patient visit record received from the record information acquisition unit 7, and a function of recording a detection result of access record information that seems to be unauthorized as unauthorized access record information Have

  The conditions when the unauthorized access detection unit 9 detects access record information that is considered to be unauthorized can be a single, or a plurality of desired constraints in terms of time, location, or organization. By checking whether or not all, a part, or at least one of the conditions is violated, it is possible to detect access record information that seems to be illegal.

  The report target patient designating unit 10 has a function of receiving identification information such as an ID of a patient P for which a report of unauthorized access record information is to be created from the input device 12 and giving it to the report creating unit 11.

  The report creation unit 11 has a function of extracting unauthorized access record information from the unauthorized access detection unit 9 and creating a report based on the extracted unauthorized access record information.

  And, when the user U accesses the patient consultation record stored in the hospital information system 1 by the unauthorized access report creation system 2 having such a configuration, the function of detecting the unauthorized access and creating a report is a hospital information. The system 1 is provided.

  Next, the operation of the hospital information system 1 will be described.

  FIG. 2 is a sequence diagram showing an example of the flow of processing when the hospital information system 1 shown in FIG. 1 detects unauthorized access to a patient visit record and creates a report. Reference numeral indicates each step of the sequence diagram.

  First, the input / output terminal 3 is operated at an arbitrary timing by a single or a plurality of users U, and each user U accesses a desired patient consultation record. At this time, the ID of the user U who has accessed the patient consultation record, the ID of the patient P in the patient consultation record to be accessed, and the input / output terminal 3 that has been operated when a plurality of input / output terminals 3 are provided. Information related to access, such as ID, is recorded in the patient information access recording unit 8 as access record information together with the date and time of access to the patient consultation record. Then, after a certain period of time has passed or every time there is an access, the unauthorized access report creation system 2 detects unauthorized access to the patient consultation record and creates a report of the detection results.

  That is, in step S1, the user attribute information acquisition unit 6 refers to the access record information recorded in the patient information access record unit 8, and based on the user U ID included in the access record information, the user attribute information Necessary user attribute information is acquired from the user attribute information recorded in the information recording unit 5 and given to the unauthorized access detection unit 9.

  In step S2, the patient consultation record information acquisition unit 7 refers to the access record information recorded in the patient information access record unit 8, and based on the ID of the patient P included in the access record information, the patient visit record unit A necessary patient visit record is acquired from the patient visit record recorded in 4 and given to the unauthorized access detection unit 9.

  Furthermore, in step S <b> 3, the unauthorized access detection unit 9 acquires necessary access record information from the patient information access recording unit 8.

  Next, in step S4, the unauthorized access detection unit 9 refers to the access record information acquired from the patient information access record unit 8, and the user attribute information of the user U who has accessed the patient visit record and the visit record of the patient P. The access record information that seems to be illegal is detected from the information. Then, the unauthorized access detection unit 9 records the detected access record information that seems to be unauthorized as unauthorized access record information.

  At this time, for example, the unauthorized access detection unit 9 stores the unauthorized access record information in the access record information in an identifiable manner by adding a mark to the end of the access record information that seems to be unauthorized stored as an access log file. be able to.

  In addition, as an example of a method of detecting access record information that is considered to be unauthorized by the unauthorized access detection unit 9, for example, a list of access record information of each target patient P is created as an access list, and the reason for discharge of the target patient P is killed. In the case of discharge, there is a method in which, in the access list, the access record information of the access date and time after the consultation period of the target patient P is used as unauthorized access record information. In other words, if at least the consultation record of the consultation record information of the patient P is referred to and the patient P is found to have been discharged due to death, the access record information is regarded as unauthorized access record information. be able to.

  As another example, for example, in the above access list, access record information having an access date and time after the consultation period of the target patient P is extracted as an access record after discharge, and further, in the access record after discharge, If the affiliation of a certain user U is different from the patient's P department, there is a method of marking the access record information as unauthorized access record information. In this case, referring to at least the consultation record and department in the patient record information of the patient P, referring to at least the affiliation of the user U in the user attribute information, the consultation record indicating that the patient P is discharged. When it is found that the user U belongs to a different department from the patient P, the access record information can be regarded as unauthorized access record information.

  Furthermore, as another example, for example, in the above access list, access record information of a period whose access date and time is included in the medical treatment record of the target patient P is extracted as a treatment period access record, and the extracted treatment period access record is extracted. Then, there is a method of marking the access record information of the user U who was in the treatment sharing that does not match the treatment content to obtain unauthorized access record information. In this case, referring to at least the consultation schedule and treatment details such as medical appointments and hospitalization reservations in the medical record information of the patient P, and referring to at least the user's U treatment sharing in the user attribute information, respectively. The access record information can be regarded as unauthorized access record information when the treatment sharing of the user U is different from the treatment content of the patient P during the period.

  In this way, the access record that seems to be fraudulent is determined by determining whether or not any condition such as whether or not the patient is scheduled to be consulted and whether or not the patient P has been discharged or discharged is met. Information is detected as unauthorized access record information. Further, the unauthorized access record information for the visit record information of each target patient P detected is accumulated in the unauthorized access detector 9. Then, a report creator O such as an office worker or a nurse can create a report of access record information (unauthorized access record information) that seems to be illegal with respect to the patient consultation record at an arbitrary timing.

  In this case, in step S5, the report creator O operates the input device 12 connected to the unauthorized access report creation system 2 to illegally identify identification information such as the ID of the patient P for which the report is to be created. Input to the access report creation system 2. For this reason, the identification information of the patient P is given from the input device 12 to the report target patient designating unit 10, and the report target patient designating unit 10 gives the identification information of the patient P as a report creation target to the report creating unit 11.

  Next, in step S <b> 6, the report creation unit 11 extracts unauthorized access record information about the patient P corresponding to the identification information from the unauthorized access detection unit 9 according to the identification information of the patient P received from the report target patient designating unit 10. To do. For example, the report creation unit 11 extracts unauthorized access record information by referring to the mark at the end of the access record information stored as an access log file in the unauthorized access detection unit 9, and acquires the detection result of the unauthorized access record information. be able to.

  Next, in step S <b> 7, the report creation unit 11 creates a report based on the unauthorized access record information extracted from the unauthorized access detection unit 9. As an example of a procedure for the report creation unit 11 to create a report, for example, one or a plurality of unauthorized access record information recorded as an access log file is extracted from the unauthorized access detection unit 9, and the extracted unauthorized access record information is You can create a report content part by concatenating. Furthermore, information such as an explanation of the report and an inquiry destination can be added to the report content portion to form a report.

  Then, the report creator O and the patient P (or their agents) can check the report created by the report creation unit 11 by appropriately outputting the report to the monitor 13a and the printer 13b. As a result, the transparency to the patient P related to personal information protection is ensured, and when there is a disclosure request from the patient P or an agent regarding the use of a patient consultation record as personal information about the patient P, the report creation unit 11 The report including the unauthorized access record information created by the above can be used as an information management report to be passed to the patient P or the agent.

  According to the hospital information system 1 as described above, it is possible to improve security against unauthorized access to a patient consultation record that is personal information. In other words, it is possible not only to more easily detect unauthorized access from access record information to patient information stored in a medical institution, but also, for example, when the patient P is after treatment or discharge, Even if the user is not familiar with the mechanism, the patient P himself or his / her agent can easily check whether there is unauthorized access by checking the report.

  In particular, even if it is difficult to prevent unauthorized access only by restricting access to the hospital information system 1 using a password, it is possible to more appropriately check for unauthorized access. For example, it is necessary to give access authority to the patient consultation record to the doctor or engineer in charge of the patient P. On the other hand, if the doctor in charge accesses the patient consultation record after discharge or treatment, it is detected as unauthorized access. be able to. As another example, since the user U of the hospital information system 1 is a small medical institution having several people, the access of the user U can be performed even when access is not restricted by a password. Unauthorized access can be detected from conditions such as time and role.

  FIG. 3 is a block diagram showing a second embodiment of the hospital information system according to the present invention.

  The hospital information system 1A shown in FIG. 3 is different from the hospital information system 1 shown in FIG. 1 in that the configuration in which necessary information is acquired from the medical diagnosis apparatus and the report can be transmitted to the patient P. To do. Since other configurations and operations are not substantially different from the hospital information system 1 shown in FIG. 1, the same components are denoted by the same reference numerals and description thereof is omitted.

  The hospital information system 1A is connected to a radiation inspection apparatus 20 as an example of a medical diagnosis apparatus. The radiation examination apparatus 20 includes a user attribute information recording unit 21 and an input / output terminal 22. From the input / output terminal 22, a user U such as a doctor or an engineer can access the patient visit record stored in the patient visit record unit 4 of the hospital information system 1 </ b> A via the network.

  For this purpose, the display device 22b of the input / output terminal 22 displays an order information reference screen for referring to the patient examination record and an input screen for displaying the order information reference screen in addition to operating the radiation examination apparatus 20. On the other hand, the input device 22a of the input / output terminal 22 inputs necessary information such as the password and ID number necessary for the operation of the radiation examination apparatus 20 and access to the patient consultation record and the identification information of the patient P. Configured to be able to.

  The user attribute information recording unit 21 of the radiation inspection apparatus 20 includes the ID of a user U such as a doctor or engineer who uses the radiation inspection apparatus 20, the affiliation of the user U, the authority of the user U, and the user U Arbitrary information is stored in advance as user attribute information, such as role information and treatment sharing. Then, as in the case where authentication is performed via the input / output terminal 22, the user attribute information stored in the user attribute information recording unit 21 of the radiation examination apparatus 20 is accessed to the patient consultation record as necessary. Referenced when

  Furthermore, in the hospital information system 1A, when the user U accesses the patient consultation record by operating the input / output terminal 22 of the radiation examination apparatus 20, the ID of the user U who accessed the patient consultation record, and the access target Information regarding access such as the ID of the patient P in the patient consultation record and the ID of the operated input / output terminal 22 when a plurality of input / output terminals 22 are provided, together with the date and time of access to the patient consultation record The patient information access recording unit 8 is configured to record as access record information.

  Further, the user attribute information acquisition unit 6 of the hospital information system 1A acquires necessary user attribute information from the user attribute information recorded in the user attribute information recording unit 21 of the radiation examination apparatus 20, and detects unauthorized access. A function to be given to the unit 9;

  Further, the unauthorized access report creation system 2 of the hospital information system 1A includes a report sending unit 23, a sending destination storage unit 24, and a sending destination designating unit 25. The report sending unit 23 receives a report created from the report creation unit 11, converts it into a required data format, and then gives it to an information transmission device such as an e-mail server 26 or a FAX 27 or an internal network 28, so that the Internet or It has a function of transmitting a report to a client 30 or a FAX 31 on the patient P side via a network 29 such as a public line. At this time, the report sending unit 23 can perform encryption or anonymization in order to ensure security at the time of report transmission as necessary.

  The sending destination storage unit 24 stores the sending destination of the report. The report sending unit 23 is configured to be able to acquire the report sending destination from the sending destination storage unit 24. The destination designation unit 25 has a function of designating a report destination based on information received from the input device 12 and notifying the report destination unit 23 of the designated destination. For this reason, the report sending unit 23 is configured to send the report to the sending destination of the report received from the sending destination specifying unit 25.

  In addition, as a report delivery destination designation method, for example, there are a method of designating all report delivery destinations stored in the delivery destination storage unit 24, and a method of designating only the report delivery destination designated by the patient P side. Is possible. In addition, it is also possible to send a notification to the patient P side together with the report sent to the patient P side, such as a hospital information manager or a manager such as the hospital director, or to notify that it has been sent. it can. When notifying that the report has been sent to the patient P side, the notification is generated by the report sending unit 23, and notification that the report has been sent to the patient P side via communication means such as the network 29 is desired. Sent to the destination.

  In the hospital information system 1A configured as described above, an unauthorized access is detected when a user U such as a doctor or engineer accesses a patient examination record stored in the hospital information system 1A from the radiation examination apparatus 20. The detection result is reported and created. Further, the report sending unit 23 sends the created report to the patient P side designated by the sending destination designation unit 25 by means such as E-Mail via a network 29 such as the Internet. In addition, a notification that the report has been sent to the patient P side is created by the report sending unit 23 as needed, and is sent to a predetermined destination such as a manager in charge via a communication line such as the internal network 28. The

  Like the hospital information system 1A, the unauthorized access report creation system 2 is configured to acquire part or all of necessary information from any device such as a medical diagnostic apparatus installed outside the hospital information system 1A. You can also. In addition, since the report can be transmitted to the patient P side, the patient P can check the presence / absence of unauthorized access more easily and reliably, and thus the convenience of the patient P can be improved. Further, since the user U such as the manager in charge can grasp the report sending status, the report can be easily managed.

  The destination of the report is not limited to the method of designating by e-mail address or FAX number, but may be a designating method for a node such as a specific WWW (World-Wide Web) site or server / file system. Correspondingly, the report sending unit 23 can send the report in an arbitrary format such as an electronic file.

  FIG. 4 is a block diagram showing a third embodiment of the hospital information system according to the present invention.

  The hospital information system 1B shown in FIG. 4 is different from the hospital information system 1 shown in FIG. 1 in that the report period recording unit 40 is provided in the unauthorized access report creation system 2. Since other configurations and operations are not substantially different from the hospital information system 1 shown in FIG. 1, only the configuration of the unauthorized access report creation system 2 is illustrated, and the same components are denoted by the same reference numerals and description thereof is omitted.

  A report period recording unit 40 is provided in the unauthorized access report creation system 2 of the hospital information system 1B. The report period recording unit 40 records the recording period of the unauthorized access record information targeted at the time of the previous report creation, for example, the previous report creation period, and the recorded report creation period as the report creation unit 11. And a function to notify Then, the report creation unit 11 is configured to create a report for a desired report creation period based on the report creation period received from the report period recording unit 40.

  Next, the operation of the hospital information system 1B will be described.

  FIG. 5 is a sequence diagram showing an example of a processing flow when creating a report which is a detection result of unauthorized access to a patient visit record by the unauthorized access report creation system 2 of the hospital information system 1B shown in FIG. The code | symbol which attached | subjected the number to inside S shows each step of a sequence diagram. Further, illustration and description of the same processing as in FIG. 2 is omitted, and the same processing as in FIG.

  First, in step S <b> 6, the report creation unit 11 extracts unauthorized access record information from the unauthorized access detection unit 9.

  Next, in step S <b> 10, the report creation unit 11 acquires the previous report creation period from the report period recording unit 40.

  Next, in step S11, the report creation unit 11 determines the current report creation period according to a predetermined rule, and extracts unauthorized access record information included in the determined current report creation period.

  Next, in step S12, the report creation unit 11 creates a report using the extracted unauthorized access record information included in the current report creation period.

  Next, in step S13, the report creation unit 11 transmits the current report creation period to the report period recording unit 40, and the report period recording unit 40 updates the current report creation period as the previous report creation period.

  FIG. 6 is a sequence diagram showing another example of a processing flow when creating a report that is a detection result of unauthorized access to a patient consultation record by the unauthorized access report creation system 2 of the hospital information system 1B shown in FIG. In the figure, reference numerals with numerals S indicate steps in the sequence diagram. Moreover, illustration and description of processes similar to those in FIGS. 2 and 5 are omitted, and processes similar to those in FIGS. 2 and 5 are denoted by the same reference numerals.

  First, in step S <b> 10, the report creation unit 11 acquires the previous report creation period from the report period recording unit 40.

  Next, in step S20, the report creation unit 11 determines the current report creation period in accordance with a predetermined rule, and notifies the unauthorized report detection unit 9 of the determined report creation period.

  Next, in step S21, the unauthorized access detection unit 9 refers to the access record information included in the current report creation period received from the report creation unit 11, detects the unauthorized access record information, and records unauthorized access. Record as information.

  Next, in step S <b> 22, the report creation unit 11 acquires unauthorized access record information detected during the current report creation period from the unauthorized access detection unit 9.

  Next, in step S <b> 12, the report creation unit 11 creates a report using the unauthorized access record information in the current report creation period received from the unauthorized access detection unit 9.

  Next, in step S13, the report creation unit 11 transmits the current report creation period to the report period recording unit 40, and the report period recording unit 40 updates the current report creation period as the previous report creation period.

  That is, the hospital information system 1B as described above is provided with the report period recording unit 40 for recording the report creation period in the unauthorized access report creation system 2 so that the report can be created periodically. For this reason, according to the hospital information system 1B, in addition to the same effect as the hospital information system 1 shown in FIG. 1, by limiting the report creation period, it is possible to omit unnecessary report creation and simplify data processing. In addition to being able to check, unauthorized access checks can be performed regularly and systematically.

  FIG. 7 is a block diagram showing a fourth embodiment of the hospital information system according to the present invention.

  The hospital information system 1C shown in FIG. 7 is different from the hospital information system 1 shown in FIG. 1 in that the report target period specifying unit 50 is provided in the unauthorized access report creation system 2. Since other configurations and operations are not substantially different from the hospital information system 1 shown in FIG. 1, only the configuration of the unauthorized access report creation system 2 is illustrated, and the same components are denoted by the same reference numerals and description thereof is omitted.

  The unauthorized access report creation system 2 of the hospital information system 1C is provided with a report target period designating unit 50. The report target period specifying unit 50 receives the operation of the input device 12 and designates the recording period of the unauthorized access record information that is the target when creating a report as the report target period, and the specified report target period is the report generating unit. 11 and a function of notifying the user. The report creation unit 11 is configured to create a report for the report target period using the unauthorized access record information of the report target period specified by the report target period specifying unit 50.

  Next, the operation of the hospital information system 1C will be described.

  FIG. 8 is a sequence diagram showing an example of the flow of processing when creating a report that is a detection result of unauthorized access to a patient visit record by the unauthorized access report creation system 2 of the hospital information system 1C shown in FIG. The code | symbol which attached | subjected the number to inside S shows each step of a sequence diagram. Also, illustration and description of the same processing as in FIG. 2 is omitted.

  First, in step S30, the input device 12 is operated by a report creator O such as a patient P, an office worker, a doctor, or an engineer, and a report target period specifying unit 50 specifies a report target period. Then, the report creation unit 11 acquires the report target period from the report target period specifying unit 50.

  Next, in step S <b> 31, the report creation unit 11 acquires the unauthorized access record information for the report target period acquired from the report target period specifying unit 50 from the unauthorized access detection unit 9.

  Next, in step S32, the report creation unit 11 creates a report using the unauthorized access record information in the report target period.

  That is, in the hospital information system 1C as described above, the unauthorized access report creation system 2 is provided with a report target period specifying unit 50 for specifying a report target period for which a report should be generated, and a report for an arbitrary period is provided at an arbitrary timing. It can be created. For this reason, according to the hospital information system 1C, in addition to the same effect as the hospital information system 1 shown in FIG. 1, by specifying the report target period, it is possible to omit unnecessary report creation and simplify data processing. In addition, it is possible to check unauthorized access by focusing on a specific period.

  FIG. 9 is a block diagram showing a fifth embodiment of the hospital information system according to the present invention.

  The hospital information system 1D shown in FIG. 9 is different from the hospital information system 1 shown in FIG. 1 in that the unauthorized use report creation system 2 is provided with the secondary use consent recording unit 60. Since other configurations and operations are not substantially different from the hospital information system 1 shown in FIG. 1, only the configuration of the unauthorized access report creation system 2 is illustrated, and the same components are denoted by the same reference numerals and description thereof is omitted.

  The unauthorized access report creation system 2 of the hospital information system 1D is provided with a secondary usage consent recording unit 60. The secondary use consent recording unit 60 receives the operation of the input device 12 and sets, as an agreement range, the range of the user U who the patient P side has agreed to access to the patient consultation record (secondary use) according to any arrangement. And a function of notifying the unauthorized access detection unit 9 of the set consent range. The unauthorized access detection unit 9 is configured to record unauthorized access record information outside the agreed range received from the secondary usage consent recording unit 60. At this time, the unauthorized access detection unit 9 may detect the access record information that seems to be unauthorized once and then exclude the access record information included in the agreed range, or may be considered unauthorized from a range other than the agreed range. The access record information may be detected.

  Next, the operation of the hospital information system 1D will be described.

  FIG. 10 is a sequence diagram showing an example of the flow of processing when detecting unauthorized access to a patient consultation record by the unauthorized access report creation system 2 of the hospital information system 1D shown in FIG. Reference numerals attached indicate steps in the sequence diagram. Further, illustration and description of the same processing as in FIG. 2 is omitted, and the same processing as in FIG.

  First, according to an arbitrary arrangement, the range of the user U that the patient P side has agreed to access to the patient consultation record is determined as the agreement range. As an example of the scope of consent, there is an example in which the doctor who conducts the research is included in the consent scope when only the doctor conducting research using the patient visit record wants to permit access to the patient visit record. As another example of the scope of consent, when a user U who performs work such as accounting or auditing is allowed to use the patient consultation record for a certain period, the user U who performs the work only during that period Examples include in the scope of consent.

  However, the scope of consent is not limited to these examples, and may be determined based on affiliation and role.

  In step S <b> 3, the unauthorized access detection unit 9 acquires necessary access record information from the patient information access recording unit 8.

  Next, in step S <b> 40, the unauthorized access detection unit 9 acquires the consent range agreed with the patient P from the secondary use consent recording unit 60.

  Next, in step S <b> 41, the unauthorized access detection unit 9 refers to the access record information acquired from the patient information access record unit 8, and the user attribute information of the user U who has accessed the patient P and the visit record information of the patient P. From this, access record information that seems to be illegal is detected. Then, the unauthorized access detection unit 9 records the detected access record information that seems to be unauthorized as unauthorized access record information. However, when the unauthorized access detection unit 9 detects unauthorized access, if the access record information corresponds to the consent range acquired from the secondary use consent recording unit 60, this is excluded.

  For this reason, if the consent scope is set to the researching doctor, the access record information for which the doctor is the user U is illegal even if the access record information is considered to be fraudulent. Excluded from detection. Similarly, when the scope of consent is set for a user U for a certain period of time for work such as accounting and auditing, the access record for which the access record information that is the user U within a certain period is considered to be illegal Even if the information detection condition is met, it is excluded from fraud detection.

  That is, the hospital information system 1D as described above can exclude the access record information of the user U who the patient P has agreed upon from the detection target when detecting the access record information that seems to be illegal. For this reason, according to the hospital information system 1D, in addition to the effect equivalent to the hospital information system 1 shown in FIG. 1, there is no useless description and a more appropriate report can be created.

  In the hospital information system 1D, after the unauthorized access detection unit 9 once detects access record information that seems to be unauthorized, if it falls within the consent range, it can be excluded.

  Furthermore, the hospital information systems 1, 1A, 1B, 1C, and 1D in the above embodiments may be combined with each other, or some functions and components may be omitted. Further, the hospital information systems 1, 1A, 1B, 1C, and 1D may be configured not only to be connected to a medical examination apparatus but also to a department information system such as a radiation department information system or a specimen examination department information system. Furthermore, the unauthorized access report creation system 2 may constitute an independent system, and all or a part of the unauthorized access report creation system 2 is built in the hospital information system, medical examination apparatus, and department information system. May be.

  Further, the storage method by each storage unit or each component may be a method of storing using a database or an external recording medium, or a method of storing it in an arbitrary storage device as an electronic file.

The functional block diagram which shows 1st Embodiment of the hospital information system which concerns on this invention. The sequence diagram which shows an example of the flow of a process at the time of detecting the unauthorized access with respect to a patient consultation record and producing a report by the hospital information system shown in FIG. The block diagram which shows 2nd Embodiment of the hospital information system which concerns on this invention. The block diagram which shows 3rd Embodiment of the hospital information system which concerns on this invention. The sequence diagram which shows an example of the flow of a process at the time of creating the report which is the detection result of the unauthorized access with respect to a patient consultation record by the unauthorized access report creation system of the hospital information system shown in FIG. The sequence diagram which shows another example of the flow of a process at the time of creating the report which is the detection result of the unauthorized access with respect to a patient consultation record by the unauthorized access report creation system of the hospital information system shown in FIG. The block diagram which shows 4th Embodiment of the hospital information system which concerns on this invention. The sequence diagram which shows an example of the flow of a process at the time of creating the report which is the detection result of the unauthorized access with respect to a patient consultation record by the unauthorized access report creation system of the hospital information system shown in FIG. The block diagram which shows 5th Embodiment of the hospital information system which concerns on this invention. The sequence diagram which shows an example of the flow of a process at the time of detecting the unauthorized access with respect to a patient consultation record by the unauthorized access report preparation system of the hospital information system shown in FIG.

Explanation of symbols

1, 1A, 1B, 1C, 1D Hospital information system 2 Unauthorized access report creation system 3 Input / output terminal 4 Patient consultation recording unit 5 User attribute information recording unit 6 User attribute information acquisition unit 7 Patient consultation record information acquisition unit 8 Patient Information access recording unit 9 Unauthorized access detection unit 10 Report target patient designation unit 11 Report creation unit 12 Input device 13 Output device 13a Monitor 13b Printer 20 Radiation examination device 21 User attribute information recording unit 22 Input / output terminal 22a Input device 22b Display device 23 Report sending unit 24 Sending destination storage unit 25 Sending destination designation unit 26 E-mail server 27 FAX
28 Internal network 29 Network 30 Patient side client 31 FAX
40 Report period recording section 50 Report target period specifying section 60 Secondary use consent recording section U User O Report creator P Patient

Claims (9)

A hospital information system comprising a patient consultation recording unit for storing a patient consultation record, which is a patient consultation record in a medical institution, and a user attribute information recording unit for storing user attribute information, which is attribute information of a user of the system In
When the user accesses the patient visit record stored in the patient visit record unit, the access record includes the identification information of the accessed user and the patient identification information of the patient visit record to be accessed. A patient information access recording unit for recording as information,
A user attribute information acquisition unit that acquires the necessary user attribute information from the user attribute information recording unit based on the user identification information included in the access record information;
A patient visit record information acquisition unit for acquiring the necessary patient visit record from the patient visit record unit based on the patient identification information included in the access record information;
Based on the user attribute information received from the user attribute information acquisition unit and the patient visit record received from the patient visit record information acquisition unit, access record information that is considered to be illegal from the access record information according to certain conditions An unauthorized access detection unit that detects and records the detection result as unauthorized access record information;
A report target patient designating unit for designating a patient for which a report is created using the unauthorized access record information;
A report creation unit that creates a report using the unauthorized access record information about the patient designated by the report target patient designation unit;
A hospital information system characterized by comprising: The patient visit record includes a visit schedule of the patient, and the unauthorized access detection unit is configured to detect access record information that seems to be unauthorized from the access record information based on the presence or absence of the visit schedule. Hospital information system characterized by The patient visit record includes the results of the patient visit, and the unauthorized access detection unit determines whether the patient is discharged from the access record information by determining whether the patient is discharged or discharged from the hospital based on the visit results. A hospital information system configured to detect possible access record information. A destination storage unit for storing the destination of the report;
A destination designation section for designating a destination of the report;
A report sending unit for acquiring the transmission destination designated by the sending destination designation unit from the delivery destination storage unit, and sending the report created by the report creation unit to the obtained transmission destination;
The hospital information system according to claim 1, further comprising: A report period recording unit is provided that records a recording period of the unauthorized access record information targeted in the past generation of the report as a report generation period, and the report generation unit receives the report period recording unit from the report period recording unit The hospital information system according to claim 1, wherein the report for a desired report creation period is created based on a report creation period. A report target period designating unit that designates a recording period of the unauthorized access record information that is a target at the time of creating the report as a report target period is provided, and the report creating unit is specified by the report target period designating unit The hospital information system according to claim 1, wherein the report is created by using the unauthorized access record information of a report target period. A secondary usage consent recording unit is provided that sets a range of users that the patient has agreed to access to the patient consultation record as an agreement range, and the unauthorized access detection unit is set by the secondary usage consent recording unit. The hospital information system according to claim 1, wherein the unauthorized access record information outside the agreed range is recorded. When a user accesses the patient visit record stored in a patient visit record section that stores a patient visit record that is a patient visit record in a medical institution, the identification information of the accessed user and the access target A patient information access recording unit that records patient identification information of the patient visit record as access record information;
Use of acquiring necessary user attribute information from a user attribute information recording unit for storing user attribute information which is attribute information of the user based on identification information of the user included in the access record information Person attribute information acquisition unit,
A patient visit record information acquisition unit for acquiring the patient visit record required from the patient visit record unit based on the patient identification information included in the access record information;
Based on the user attribute information received from the user attribute information acquisition unit and the patient visit record received from the patient visit record information acquisition unit, access record information that is considered to be illegal from the access record information according to certain conditions An unauthorized access detection unit that detects and records the detection result as unauthorized access record information;
A report target patient designating unit for designating a patient for which a report is created using the unauthorized access record information;
A report creation unit that creates a report using the unauthorized access record information about the patient designated by the report target patient designation unit;
An unauthorized access report creation system characterized by comprising: When a user accesses the patient visit record stored in a patient visit record section that stores a patient visit record that is a patient visit record in a medical institution, the identification information of the accessed user and the access target Recording the patient identification information of the patient visit record as access record information;
Obtaining the necessary user attribute information from a user attribute information recording unit for storing user attribute information, which is the user attribute information, based on the user identification information included in the access record information When,
Obtaining the necessary patient visit record from the patient visit record unit based on the patient identification information included in the access record information;
Detecting access record information that seems to be unauthorized from the access record information according to certain conditions based on the acquired user attribute information and the patient visit record, and recording the detection result as unauthorized access record information;
Designating a patient to create a report using the unauthorized access record information;
Creating a report using the unauthorized access record information for the designated patient;
An unauthorized access report creation method characterized by comprising:

Images