JP5032274B2 - Portable information terminal authority management system and medical diagnostic apparatus equipped with the system - Google Patents

Description

  The present invention relates to a personal digital assistant authority management system and a medical diagnostic apparatus including the system.

  In recent years, for example, patient examination results can be processed and displayed on a monitor, or information can be obtained during examinations and examinations, such as storage using electronic media such as medical records that were previously stored on paper (so-called electronic medical records). The use of medical diagnostic apparatuses equipped with functions of terminals and information terminals has been widely used. Accordingly, medical information such as doctors and nurses may use these electronically stored medical information when performing medical examinations and examinations outside medical institutions such as home visits. In such a case, medical information is taken out of the medical institution, so access to the medical information, which is one of the most confidential personal information, must be strictly managed.

  In this regard, when using the protected object, a comparison cipher is generated based on the acquired position information, and the generated comparison cipher is compared with the reference cipher generated at the time of initial setting in advance. However, a proposal has been made that the protected object can be used only when these reference ciphers and comparison ciphers are matched and matched (see Patent Document 1). In the present invention, it is assumed that the reference cipher is generated by using the position information when performing the initial setting of the protected object, and the apparatus cannot be used when the protected object is separated from the initial setting location by theft or the like. By doing so, it protects the protected object from being taken out or stolen.

In addition, an area in which confidential information such as medical information can be used is registered as an allowable area in advance, and the terminal device in which the confidential information is stored is stolen or lost, and the allowable area is obtained from the position information acquired by the terminal device. When this terminal device exists outside, the terminal device etc. which can prevent unauthorized use by deleting the confidential information stored in the terminal device have also been proposed (see Patent Document 2). .
JP 2004-178209 A JP 2005-339255 A

  However, the invention disclosed in Patent Document 1 can be used for a protected object unless the reference cipher and the comparison cipher match, that is, the same place where the reference cipher is generated. It cannot be used when the object to be protected is a portable information terminal. In particular, as described above, when a medical worker uses a portable information terminal for a home visit or the like, it is assumed to be used outside the medical institution such as the patient's home, so the same place as the place where the reference encryption was generated If it is limited to use at the time of medical care, the medical information accumulated electronically cannot be used at the time of a home visit or the like, and inconvenience may occur.

  Further, in the invention disclosed in Patent Document 2, since the confidential information is deleted at places other than those previously registered as the allowable area, the medical information cannot be used outside the allowable area. Accordingly, it is impossible to perform medical examinations using medical information stored in the portable information terminal in an emergency such as an emergency.

  Further, in any of the inventions, in order to ensure a high level of security, the use of the protected object itself is prohibited, or confidential information is deleted. In terms of the use of information, this can only be selected from the choice of whether the information can be used or not, and it can be used by an appropriate user according to the location and situation of the information. It is not taken into consideration to take meticulous measures such as limiting medical information that can be obtained.

  The present invention has been made to solve the above-mentioned problems, and the object of the present invention is to manage the authority for access to information while ensuring a high level of security and to manage the authority according to the place where the information is handled. It is to provide a portable information terminal authority management system that allows a user to easily access information by changing the level, and a medical diagnostic apparatus equipped with the system.

In the medical portable information terminal authority management system, the feature according to the embodiment of the present invention is that the location information together with the location identification means for identifying the location where the portable information terminal exists and the location information of the portable information terminal from the location identification means Location information sent from the authority management means, including location information type indicating the type of means for detecting the information and authority determination information acquisition means for acquiring information of the user who uses the portable information terminal as authority determination information The location representative name stored in association with the type and location information and the accessible target data stored in association with the location representative name and the user are stored in the portable information terminal. Business management means having business authority information for determining whether or not there is authority to access the information.

  According to the present invention, a user can easily access information by managing authority for access to information while ensuring high security and changing the authority level according to the location where the information is handled. It is possible to provide a portable information terminal authority management system that can be used and a medical diagnostic apparatus that includes the system.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

(First embodiment)
As shown in FIG. 1, a portable information terminal 1 used in a portable information terminal authority management system according to an embodiment of the present invention includes a CPU (Central Processing Unit) 1a, a ROM (Read Only Memory) 1b, a RAM ( Random Access Memory) 1c and an input / output interface 1d are connected via a bus 1e. An input unit 1f, a display unit 1g, a communication control unit 1h, a storage unit 1i, and a removable disk 1j are connected to the input / output interface 1d.

  In the following description, the case where the portable information terminal authority management system is mounted on the portable information terminal 1 will be described as an example. This portable information terminal authority management system is, for example, a portable It may be used by being mounted on a medical diagnostic apparatus such as a sonic diagnostic apparatus.

  The CPU 1a reads out and executes a boot program for starting the portable information terminal 1 from the ROM 1b based on the input signal from the input unit 1f, and reads out various operating systems stored in the storage unit 1i. Further, the CPU 1a controls various devices based on an input signal from an external device not shown in FIG. 1 via the input means 1f or the input / output interface 1d, or is stored in the RAM 1c, the storage means 1i, or the like. This is a processing device that reads a program and data and loads the program and data into the RAM 1c, and realizes a series of processing such as data calculation or processing based on a program command read from the RAM 1c.

  The input means 1f is constituted by an input device such as a keyboard and a mouse through which the user of the portable information terminal 1 inputs various operations. The input means 1f creates an input signal based on the user's operation and sends the CPU 1a via the bus 1e. Sent to. The display unit 1g is, for example, a liquid crystal display, and is a unit that receives an output signal from the CPU 1a via the bus 1e and displays a processing result of the CPU 1a.

  The communication control unit 1h is a unit such as a LAN card or a modem, and is a unit that connects the portable information terminal 1 to a communication network such as the Internet or a LAN. Data transmitted / received to / from the communication network via the communication control unit 1h is transmitted / received to / from the CPU 1a via the input / output interface 1d and the bus 1e as an input signal or an output signal.

  The storage means 1i is composed of a semiconductor or a magnetic disk, and stores programs and data executed by the CPU 1a. The removable disk 1j is an optical disk or a flexible disk, and signals read and written by the disk drive are transmitted to and received from the CPU 1a via the input / output interface 1d and the bus 1e.

  In the storage unit 1i of the portable information terminal 1 in the embodiment of the present invention, for example, a business application storing programs and data such as an electronic medical record program and a nursing system program is stored. Further, the business management means 2 and the authority management means 3 are mounted on the portable information terminal 1 by reading and executing an electronic medical record program or the like on the CPU 1 a of the portable information terminal 1. In addition, authority information that is a basis for performing authority determination for a user who uses the portable information terminal 1 is also stored in the storage unit 1i.

  In the following, a case where business applications, authority information, and the like are stored in the storage unit 1i will be described as an example. However, business applications, authority information, and the like may be stored in the removable disk 1j.

  As shown in FIG. 2, the business management unit 2 includes an input unit 2a, an authority request unit 2b, an authority determination unit 2c, a control unit 2d, and an output unit 2e.

  The authority requesting unit 2b is configured such that when the business management unit 2 is mounted on the CPU 1a and an electronic medical record program in a business application is activated, for example, the authority to use the program is authorized to the authority management unit 3 to be described later. Inquire whether there is any.

  The authority determination unit 2c receives authority determination information, which is an answer as to the presence or absence of the use authority of the inquired program, from the authority management unit 3 through the input unit 2a, and determines whether or not the user of the mobile information terminal 1 has the use authority. judge. The control unit 2d controls whether or not to activate the target program based on the presence or absence of the authority determined by the authority determination unit 2c via the output unit 2e.

  As shown in FIG. 3, the authority management unit 3 includes an input unit 3a, a place identification unit 3b, an authority determination information acquisition unit 3c, and an output unit 3d.

  The location identification unit 3b obtains location information from the location information detection unit 4 such as a GPS (Global Positioning System) device connected to the input / output interface 1d of the portable information terminal 1 from the outside. From this location information, the location where the portable information terminal 1 is currently located is identified (see FIG. 1). Further, the authority determination information acquisition unit 3c determines whether or not the user who uses the portable information terminal 1 can use the target program for the information on the place identified by the place identification unit 3b. It is acquired as information to be determined, and is transmitted to the authority determination means 2c in the job management means 2 via the output means 3d.

  Here, a description will be given of storing (registering), in the storage unit 1i, basic authority information for performing authority determination for a user who uses the portable information terminal 1. A screen 10 shown in FIG. 4 is a schematic diagram showing an example of a screen for registering authority information.

  The items shown in FIG. 4 are examples of registration items, but the first area 11 is an area for registering information about medical workers such as doctors and nurses who use the portable information terminal 1. The area 12 is an area for registering information about the patient.

  First, in the first area 11, the “user” is a medical worker such as a doctor or a nurse who uses the portable information terminal 1, and a staff ID or name that can uniquely identify the user. input. In the “target data type”, data that can be used by the user such as an electronic medical record program and a nursing system program is input. For the management of input data, for example, data names such as medical record data and nursing record data, or vital information that is basic information of the body such as the name of a medical record patient, nursing record, patient's height and weight, etc. More detailed data attribute names may be used.

  As “access authority”, “R” meaning reference (reading) and “W” for editing (writing) can be selected. In addition, as "access authority", for example, it is also possible to set access restrictions by time and restrictions by restricting items displayed on medical charts so that they can access only during the time when medical staff visit It is.

  In the second area 12, the “subject” is a patient to be displayed such as a chart or nursing record to be displayed, and a patient ID or name that can uniquely identify the patient is input. The “place representative name” is a name of a place that is input in association with the input “target person”, and is, for example, the home of the “target person”.

  The authority information is registered in the storage unit 1i by inputting the authority information described above or selecting it from a pull-down menu and registering it.

  Next, the flow of authority management of the portable information terminal according to the embodiment of the present invention will be described with reference to the flowcharts of FIGS.

  There is a case where a medical worker performs a medical examination or the like while displaying an electronic medical record or the like on the portable information terminal 1 before going to a patient's home. In this case, the medical worker turns on the portable information terminal 1 to perform a login procedure to activate the portable information terminal 1, and activates a business application stored in advance in the storage means 1i of the portable information terminal 1. Let In the following description, for example, a case where a medical worker uses an electronic medical record program stored in a business application will be described as an example.

  When the business management means 2 is mounted on the CPU 1a and a business application is started (ST1), a login screen is displayed on the display means 1g of the portable information terminal 1, and an input of a password or the like by a medical worker as a user is accepted. (ST2). If the password is appropriate, the login is approved (ST3), and each program of the business application stored in the storage unit 1i is displayed on the display unit 1g.

  Various programs are stored in this business application, and a medical worker selects a necessary program from them. In the embodiment of the present invention, for example, an electronic medical record program is selected, and further, which patient's electronic medical record is displayed is selected (input display screen selection) (ST4). In this state, the authority request unit 2b in the task management unit 2 causes the authority management unit 3 installed in the CPU 1a to display the electronic medical record of the patient whose location of the portable information terminal 1 is on the display unit 1g. An inquiry is made as to whether the location is suitable for the user (authorization request) (ST5). That is, in the first embodiment, this authority request requests location information of the portable information terminal 1.

  When there is an authority request from the authority request unit 2b, the authority management unit 3 acquires the authority determination information and replies to the job management unit 2 (ST10). The authority management means 3 acquires authority determination information according to the flow of the flowchart shown in FIG.

  When the authority management means 3 receives the authority request from the authority request means 2b via the input means 3a (ST11), the location identification means 3b asks the location information detection means 4 where the portable information terminal 1 is currently located. A request for detecting whether or not there is is issued (ST12). Here, the location information detection means 4 is attached to the outside of the portable information terminal 1, and transmits information on the current position of the portable information terminal 1 to the location identification means 3b via the input / output interface 1d (see FIG. 1). As the location information detecting means 4, for example, a GPS device, an IC tag receiver that reads the contents of an IC card that stores information indicating the current position, or the contents of a magnetic card that stores information indicating the current position are read. A card reader can be suitably used.

  In the embodiment of the present invention, the location information detecting means 4 is connected to the outside of the portable information terminal 1, but the portable information terminal 1 may have the same function as the above-described device. . In addition to connecting the location information detecting means 4 to the portable information terminal 1, the location information may be transmitted to the location identifying means 3b when the user directly inputs the location information to the portable information terminal 1.

  When the location information detection means 4 detects the location of the portable information terminal 1 in accordance with the characteristics of each device (acquires location information) (ST13), the location identification means 3b receives this location information, and authority determination information acquisition means Transmit to 3c (ST14). The authority determination information acquisition unit 3c identifies the current location of the portable information terminal 1 from the received location information and the location authority information stored in the storage unit 1i, and acquires this location as authority determination information (ST15).

  The place authority information stored in the storage unit 1i is stored in three parts, "place representative name", "place information type", and "place information" as shown in FIG. The “location representative name” is a name of a location registered in advance as a location where the mobile information terminal 1 is used. In FIG. 7, “(patient) A's home” and “(patient) B's home” are shown as “location representative names”. “Location information type” indicates the type of means for detecting location information. For example, “GPS”, “IC tag”, “manual input” or the like may be connected to the portable information terminal 1. Some location information detection means 4 is shown. The “location information” is information indicating the location of the portable information terminal 1 that the “location representative name” has for each “location information type”. For example, in the place authority information shown in FIG. 7, “place information” is defined as “012-3456-789A” in the uppermost column.

  That is, “location representative name” is associated with “location information type” and “location information”, and among the information transmitted from the location identification means 3b, the “location information type” that detected the location information is “GPS”. ”And“ location information ”is“ 012-3456-789A ”, the authority determination information acquisition unit 3c determines that the portable information terminal 1 uses the information and the location authority information stored in the storage unit 1i. It can be specified that the current location is “A home”. Further, when the means for detecting location information (location information type) is “IC tag” and “location information” is “12345678”, the location where the portable information terminal 1 is currently located is “A home”. Can be specified. By associating a plurality of location information types with one location representative name, various device configurations can be adopted, and more flexible operation can be performed.

  The authority determination information acquisition means 3c identifies the current position of the portable information terminal 1 as described above, acquires this location information as authority determination information, and outputs the output means 3d as a response to the authority request from the business management means 2. To the job management means 2 (ST16).

  Upon receiving the authority determination information transmitted from the authority management means 3, the authority determination means 2c in the business management means 2 stores the authority determination information in the storage means 1i based on the “location representative name” included in the authority determination information transmitted. Search stored business authority information. For example, as shown in FIG. 8, this business authority information includes three data of “location representative name”, “target data type”, and “access authority”, and “location representative name” and “target data type” have “ Access authority "is associated.

  The “target data type” is the type of data that the user of the portable information terminal 1 stored in the business application intends to use. For example, in the case of an electronic medical record program, the “medical record”, the nursing record program The case is stored as “nursing record”. The “access authority” indicates at which level authority to access the activated program. In the embodiment of the present invention, for example, both read-only (Read: “R” is displayed) and read (“R”) and write (Write: “W” are displayed) are possible. Although not shown in FIG. 8, the case where only browsing is possible is defined.

  In the embodiment of the present invention, as shown in the uppermost column of the business authority information in FIG. 8, for example, “location representative name” which is the location information included in the authority determination information transmitted from the authority management means 3 "" A Home "," Target Data Type "is" Karte ", and the electronic chart program is selected. In this case, the “access authority” is “R / W”. Accordingly, when the electronic medical record program is activated using the portable information terminal 1 at the home of A, both reading and writing can be performed on the electronic medical record of A.

  On the other hand, when “at home B”, “nursing record” is not registered as “target data type”, the user (medical worker) of the portable information terminal 1 opens the nursing record at the home of B. There is no authority, and of course, this nursing record of B cannot be read or written.

  As described above, the authority determining means 2c determines whether or not “access authority” exists from the “location representative name” and “target data type” (ST6), and the control means 2d controls the business application according to the authorized access authority (ST7). ). For example, in the case shown in the uppermost column of FIG. 8 described above, it is said that both reading and writing can be performed on the patient A's electronic medical record. The patient receives an input to the patient A's chart (ST8).

  FIG. 9 is a schematic diagram illustrating an example of a screen displayed on the display unit 1g when access authority is recognized. In this screen example, the patient's personal information such as “patient ID”, “patient name”, and “age” is displayed at the top, and for example, the column for filling in the medical record and the result of examination by the medical diagnostic device are displayed at the bottom. Can be made.

  In addition, information related to the individual patient excluding “patient ID” can be hidden or hidden. This is because it can be set so that the authority of the display item can also be determined when determining the presence or absence of access authority (ST6 in FIG. 5). For example, when the medical staff opens the screen for registering the authority information shown in FIG. 4 as described above, the display / non-display of the personal information is also specified when the “access authority” item is input. By doing so, it is possible to prevent personal information unnecessary for medical examinations from being displayed.

  Further, although not shown in FIG. 8, for example, when the “place representative name” is “F home” and it is desired to refer to any medical record or nursing record, the medical worker has access authority. It is also possible to hide items included in personal information that is unnecessary for reference.

  In any case, items to be hidden can be set in advance. However, the patient ID is always displayed because it is an indispensable item in relation to the target data type to be displayed.

  When the reading and writing of the medical record is completed and the medical care for the patient A is completed, logout is performed and the electronic medical record program is closed (ST9).

  By performing the setting as described above, there is no risk that the patient B's chart is erroneously referred to and edited at the home of the patient A, and that the chart is stolen. In addition, since access to personal information of patients included in medical records and the like can be displayed or not displayed after judging the authority, risk of information leakage or the like can be prevented. Furthermore, even if the portable information terminal 1 is lost or stolen, the location representative name acquired by the authority determination information acquisition unit 3c is stored in the storage unit 1i even if the login to the business application is successful by some method. If the location authority information is not registered as the location representative name, it is determined that there is no access authority. Therefore, it is possible to prevent unauthorized use of the portable information terminal 1 and outflow of various stored information.

  Therefore, while ensuring high security, authority management is also performed for access to information, and by changing the authority level according to the information handling location of the portable information terminal 1, the user can easily access the information. It is possible to provide a portable information terminal authority management system that can be used.

  In addition, by installing the above-mentioned portable information terminal authority management system in a portable medical diagnostic apparatus such as a portable ultrasonic diagnostic apparatus, the authority management for access to information is performed while ensuring high security. By changing the authority level in accordance with the information handling location (where the medical diagnostic device exists), it is possible to provide a medical diagnostic device that allows the user to easily access the information.

(Second Embodiment)
Next, a second embodiment of the present invention will be described. In the second embodiment, the same components as those described in the first embodiment are denoted by the same reference numerals, and the description of the same components is omitted because it is duplicated.

  In the second embodiment, unlike the first embodiment, the information of the user who uses the portable information terminal 1 is also referred to in determining the authority, and the authority determination information is increased. There is a feature in the point. That is, in the first embodiment, the authority determination information acquisition unit 3c acquires only the location information transmitted from the location identification unit 3b as the authority determination information and transmits it to the business management unit 2 (FIG. 5). ST10, see FIG. 6), in the second embodiment, user identification information is also acquired as authority determination information.

  The “user identification information” is information for identifying a medical worker such as a doctor or a nurse who uses the portable information terminal 1, and inputs a staff ID or name that can uniquely identify the user. . This information uses the staff ID and the like input in the login procedure (see ST2 in FIG. 5) performed when starting the business application.

  When the authority management means 3 receives the authority request from the business management means 2 (ST11), as shown in the flowchart of FIG. 10, the authority determination information acquisition means 3c is stored in the portable information terminal 1 from the user identification information. A business application user is identified (ST21). The location identification unit 3b requests the location information detection unit 4 to detect the location (ST22), acquires the location information from the location information detection unit 4, and transmits it to the authority determination information acquisition unit 3c (ST23). ). The authority determination information acquisition unit 3c acquires the location information and user information transmitted from the location identification unit 3b together as authority determination information (ST24), and transmits these authority determination information to the task management unit 2 (ST16). ).

  Upon receiving the authority determination information transmitted from the authority management means 3, the authority determination means 2c in the business management means 2 uses the “location representative name” and “user identification information” included in the transmitted authority determination information. In addition, the business authority information stored in the storage means 1i is searched. For example, as shown in FIG. 11, the business authority information includes three pieces of information “place representative name”, “user”, and “target data”, and includes “place representative name” and “user”. Is associated with “target data”. In addition, in the item of “target data”, there are three data, for example, “target person name”, “target data type”, and “access authority” as detailed items.

  The “target data type” is the type of data that the user of the portable information terminal 1 stored in the business application intends to use. For example, in the case of an electronic medical record program, the “medical record”, the nursing record program The case is stored as “nursing record”. The “access authority” indicates at which level authority to access the activated program. In the embodiment of the present invention, for example, in the case of read only (R), in the case where both reading and writing (R / W) are possible, it is possible to only browse, although not shown in FIG. When to do is determined.

  For example, a case where the information of “location representative name” and “user” as authority determination information transmitted from the authority management means 3 to the business management means 2 is “(patient) A home” and “doctor α”, respectively. Let's take an example. In the case of this example, from the items shown in the top column of the business authority information in FIG. 11, the “target person name” is “(patient) A” and the “target data type” is “karte” in this example. The “access authority” is “R / W”. Accordingly, when the doctor α starts the electronic medical record program using the portable information terminal 1 at the home of A, the doctor α can read and write to the electronic medical record of A.

  On the other hand, when the doctor α is at “A home”, the data about “(patient) B” as the “target person name” is not registered as the target data. Of course, the doctor α cannot read or write the B chart.

  In addition, when “nurse β” is in “patient A's home”, only “R” is permitted as the access authority when opening the chart, so nurse β is assigned to A's chart. Cannot write.

  In this way, user identification information indicating the user of the portable information terminal 1 in addition to the location information is also handled as authority determination information, thereby ensuring higher security than ever and accessing information together. It is possible to provide a mobile information terminal authority management system that allows a user to easily access information by performing authority management for the mobile information terminal and changing the authority level in accordance with the information handling location of the mobile information terminal 1. . In addition, by installing the above-mentioned portable information terminal authority management system in a portable medical diagnostic apparatus such as a portable ultrasonic diagnostic apparatus, the authority management for access to information is performed while ensuring high security. By changing the authority level in accordance with the information handling location (where the medical diagnostic device exists), it is possible to provide a medical diagnostic device that allows the user to easily access the information.

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the above embodiments. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, you may combine the component covering different embodiment suitably.

  Further, in the above embodiment, the example of providing the login procedure after starting the business application has been described as an example. However, when the business application is started, the login procedure is not requested, and when the business application is started, the mobile phone information is not requested. It is also possible to use the password entered in the login procedure required when starting the terminal as the user information and use it as authority determination information.

It is a block diagram which shows the internal structure of the portable information terminal concerning embodiment of this invention. It is a block diagram which shows the internal structure of the work management means concerning embodiment of this invention. It is a block diagram which shows the internal structure of the authority management means concerning embodiment of this invention. It is the schematic diagram which showed the example of the screen for registering the authority information concerning embodiment of this invention. It is the flowchart which showed the example of the flow of authority management of the portable information terminal concerning the 1st Embodiment of this invention. It is the flowchart which showed the example of the flow which acquires the authority determination information concerning the 1st Embodiment of this invention. It is explanatory drawing which showed the example of the place authority information stored in the memory | storage means concerning the 1st Embodiment of this invention. It is explanatory drawing which showed the example of the business authority information stored in the memory | storage means concerning the 1st Embodiment of this invention. It is a schematic diagram which shows the example of the screen which access authority is recognized and is displayed on a display means. It is the flowchart which showed the example of the flow which acquires the authority determination information concerning the 2nd Embodiment of this invention. It is explanatory drawing which showed the example of the business authority information stored in the memory | storage means concerning the 2nd Embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Portable information terminal 2 Business management means 2b Authority request means 2c Authority determination means 2d Control means 3 Authority management means 3b Location identification means 3c Authority determination information acquisition means 4 Location information detection means

Claims (2)

Utilizing the location identification means for identifying the location where the portable information terminal exists, the location information of the portable information terminal from the location identification means, the location information type indicating the type of the location information detecting means, and the portable information terminal Authority management means for providing authority determination information acquisition means for acquiring user information as authority determination information;
Location representative name stored in association with the location information type and location information transmitted from the authority management means, and accessible target data stored in association with the location representative name and the user And business management means having business authority information for determining whether or not there is authority to access information stored in the portable information terminal;
A medical portable information terminal authority management system comprising: A medical diagnostic apparatus comprising the medical portable information terminal authority management system according to claim 1.

Images