JP5770533B2 - Personal information management server, program and method - Google Patents

Description

  The present invention relates to a personal information management server, a program, and a method thereof for providing an information terminal with access to medical or care personal information.

  In the field of medical care and nursing care, medical records and nursing care plans including personal information are stored as electronic information on a server (computer system), and the information is accessed or changed by communication terminals in hospitals and nursing care facilities. Often updated. Recently, due to the development of networks, personal information such as medical charts and nursing care plans is often exchanged between a server and a terminal via a wireless / wired communication line. These medical charts, care plans, care records, etc. are required to have the highest confidentiality and confidentiality as personal information. For example, when accessing a server of an internal network in a hospital from a terminal outside the hospital, the personal information of the patient or the examinee is transferred to the hospital by electronic information such as a web page, e-mail, image file, document file, etc. Risk of leaking outside. As a conventional technique for protecting personal information such as medical care and nursing care, the technique of Patent Document 1 has been proposed. In this method, information that can be concealed among personal information is processed and converted into invalid information using dummy data, for example, to try to prevent information leakage. Further, not only personal information but also encryption of information is widely performed in order to ensure confidentiality of information.

JP 2006-343944 A

  As described above, medical information such as medical charts, care plans, and care records and care information are required to have the highest confidentiality and confidentiality as personal information, but on the other hand, it is necessary to know the information. For a person in a certain position, for example, a doctor or a nurse, it is necessary to disclose personal information of a patient or a care recipient within an appropriate range. In the conventional technology such as Patent Document 1, a nurse, a doctor, or a caregiver who handles a terminal outside a hospital is a person who needs to know the information (Need-to-know Person). Even if it is necessary to view or fill in an electronic medical record, care plan, or care report, the information cannot be accessed. In the case of encryption, it is technically possible to leak and predict the password used for encryption and the password for decryption, so it is difficult to completely avoid attacks on encrypted information from third parties. It is. In order to increase the security of encryption, it is necessary to change the password regularly. However, the change work is cumbersome, and doctors and nurses who use it forget the changed password or make notes. It is difficult to eliminate the risk of leakage due to

  Therefore, an object of the present invention is to use personal information that permits access to personal information within the appropriate disclosure range only for users who need to access personal information including medical information and care information using location information. To provide a management server, a program, and a method thereof.

In order to solve the above-described problems, the personal information management server (personal information management apparatus) according to the first invention
Information on access to personal information of at least one of medical and nursing care (electronic medical records, MRI diagrams, blood pressure, body temperature, heart rate, electrocardiogram, X-rays, etc. diagnostic information, electronic clinic plan, electronic care plan, medication information, etc.) A personal information management server provided to the terminal,
A storage unit for storing the personal information of at least one of the medical care and the care and the location of the person to whom the personal information belongs in association;
Acquisition from the information terminal that obtains an access request to the personal information and position information of the information terminal (GPS function unit (GPS unit), position measurement unit by a base station of wireless communication (cell phone, etc.)) And
When the location indicated by the location information of the information terminal acquired by the acquisition unit approaches the location of the person to which the personal information stored in the storage unit should belong (for example, a predetermined distance between the two) An access permission unit that permits access to at least a part of the personal information;
An access providing unit for providing access to the authorized personal information to the information terminal based on the access request, if permitted by the access permitting unit;
Have
An information terminal permitted to access can acquire (browse) the permitted information and modify, change, or update it. Depending on the security level set for the information terminal and the user (doctor, nurse, etc.) to be used, it is possible to obtain only or to obtain or modify.

The personal information management server (personal information management apparatus) according to the second invention is
The acquisition unit
What is taken into the information terminal after the position information measured by a GPS device (for example, a device having a GPS function unit (GPS unit) and a USB terminal) externally connected to the information terminal is encrypted. , Obtain as the location information of the information terminal,
It is characterized by that.

A personal information management server (personal information management apparatus) according to the third invention
The access permission unit
The range of personal information that is permitted to be accessed as the location indicated by the location information of the information terminal acquired by the previous acquisition unit becomes closer to the location of the person to which the personal information stored in the storage unit belongs And control (adjust) to decrease the range of personal information that is allowed to be accessed as the distance from the location increases.
The access provision department in the previous term
If permitted by the access permission unit, based on the access request, providing access to personal information to the information terminal within a permission range controlled by the access permission unit;
It is characterized by that.

A personal information management server (personal information management apparatus) according to the fourth invention is:
The storage unit
The personal information of at least one of the medical care and the care is further associated with an access identifier (preferably, a mobile phone number, a mobile terminal identifier, etc.) for accessing the mobile terminal of the person to whom the personal information belongs. Store
Before the access permission unit determines access permission,
Using the access identifier, the location information (location function by the base station of the base station for the GPS function unit, wireless communication (cell phone, etc.) of the person from the portable terminal of the person to whom the personal information should belong, etc. ) To control the acquisition unit to acquire
Controlling the storage unit so as to replace the location of the person to which the personal information belongs, stored in the storage unit, with the acquired location information of the mobile terminal;
It is characterized by that.

A personal information management server (personal information management apparatus) according to the fifth invention
The storage unit
Further storing the user of the information terminal in association with the access permission level set for the user;
The access permission unit
Further control of the permission range of personal information according to the access permission level set for the user of the information terminal (for example, all information can be read, updated, rewritten, or medication information can be read / updated)・ Make it rewritable and allow only other information to be read)
It is characterized by that.

A personal information management server (personal information management device) according to the sixth invention
Personal information of at least one of the medical care and care stored in the storage unit is
Including the biological information of the person to whom the personal information should belong (for example, fingerprint, vein, iris, etc.)
The acquisition unit
From the information terminal, further acquiring the biometric information of the person to which the personal information acquired by the biometric information acquisition unit provided in the information terminal,
The access permission unit
The location indicated by the location information of the information terminal acquired by the acquisition unit approaches the location of the person to which the personal information stored in the storage unit belongs; and
When the biometric information acquired by the acquisition unit matches the biometric information stored in the storage unit (or when the similarity is higher than a predetermined threshold), access to at least a part of the personal information Allow,
It is characterized by that.

A personal information management server (personal information management device) according to the seventh invention
Personal information of at least one of the medical care and care stored in the storage unit is
Including the biometric information (fingerprint, vein, iris, etc.) of the person to whom the personal information should belong,
The acquisition unit
From the mobile terminal, further acquiring the biometric information of the person to which the personal information acquired by the biometric information acquisition unit provided in the mobile terminal,
The access permission unit
The location indicated by the location information of the information terminal acquired by the acquisition unit approaches the location of the person to which the personal information stored in the storage unit belongs; and
When the biometric information acquired by the acquisition unit matches the biometric information stored in the storage unit (or when the similarity is higher than a predetermined threshold), access to at least a part of the personal information Allow,
It is characterized by that.

A personal information management server (personal information management apparatus) according to the eighth invention
Personal information of at least one of the medical care and care stored in the storage unit is
Including the biometric information of the service provider (for example, the doctor's or caregiver's fingerprint, veins, iris, etc.) that should provide at least one of medical and nursing care services to the person to whom the personal information should belong,
The acquisition unit
From the information terminal, further obtain the biological information of the service provider acquired by the biological information acquisition unit provided in the information terminal,
The access permission unit
The location indicated by the location information of the information terminal acquired by the acquisition unit approaches the location of the person to which the personal information stored in the storage unit belongs; and
When the biometric information acquired by the acquisition unit matches the biometric information of the service provider stored in the storage unit (or when the similarity is higher than a predetermined threshold), the personal information Allow access to at least some,
It is characterized by that.
The biometric information of the patient to whom the personal information should belong and the medical information of the doctor who is the service provider are encrypted and stored in the storage unit, and can be encrypted even when exchanged between the terminal and the device. Is preferred. Moreover, when comparing the biometric information in the storage unit with the acquired biometric information, the encrypted information may be compared without being decrypted.

  As described above, the solution of the present invention has been described as a server (apparatus). However, the present invention can also be realized as a method, a program, and a storage medium recording the program. It should be understood that these are included in the scope of the invention. Each step of the following methods and programs uses an arithmetic processing unit such as a CPU or DSP as needed for data processing. The input data, processed / generated data, etc. It is stored in a storage device such as an HDD or a memory.

For example, the personal information management program according to the ninth aspect of the present invention, which realizes the present invention as a program,
Information on access to personal information of at least one of medical and nursing care (electronic medical records, MRI diagrams, blood pressure, body temperature, heart rate, electrocardiogram, X-rays, etc. diagnostic information, electronic clinic plan, electronic care plan, medication information, etc.) A personal information management program for causing a computer to execute a method provided to a terminal,
A storage step of associating and storing in the storage unit the personal information of at least one of the medical care and care, and the location of the person to whom the personal information should belong;
An acquisition step of acquiring an access request to the personal information from the information terminal and position information of the information terminal (a GPS function unit, a position measurement unit by a base station of wireless communication (such as a mobile phone)),
When the location indicated by the acquired location information of the information terminal approaches the location of the person to which the personal information stored in the storage unit belongs (for example, the distance between the two is less than a predetermined distance) An access permission step for permitting access to at least part of the personal information;
An access providing step of providing access to the authorized personal information to the information terminal based on the access request when permitted in the access permission step;
Have

Moreover, the personal information management method according to the tenth aspect of the present invention, which is realized as a method,
Information on access to personal information of at least one of medical and nursing care (electronic medical records, MRI diagrams, blood pressure, body temperature, heart rate, electrocardiogram, X-rays, etc. diagnostic information, electronic clinic plan, electronic care plan, medication information, etc.) A personal information management method provided to a terminal,
A storage step of associating and storing in the storage unit the personal information of at least one of the medical care and care, and the location of the person to whom the personal information should belong;
An acquisition step of acquiring an access request to the personal information from the information terminal and position information of the information terminal (a GPS function unit, a position measurement unit by a base station of wireless communication (such as a mobile phone)),
When the location indicated by the acquired location information of the information terminal approaches the location of the person to which the personal information stored in the storage unit belongs (for example, the distance between the two is less than a predetermined distance) An access permission step for permitting access to at least part of the personal information;
An access providing step of providing access to the authorized personal information to the information terminal based on the access request when permitted in the access permission step;
Have

  According to the present invention, it is possible to permit access to personal information within an appropriate disclosure range only for users who need to access the personal information using the position information.

FIG. 1 is a block diagram showing an outline of a personal information management server (medical care personal information access management device) according to Embodiment 1 of the present invention. FIG. 2 is a flowchart showing an example of processing executed by the personal information server shown in FIG. FIG. 3 is an explanatory diagram showing the relationship between the information terminal and the patient location. FIG. 4 is a transition diagram showing changes in the display unit of the information terminal IT1. FIG. 5 is a flowchart showing an example of processing executed by the personal information server shown in FIG. FIG. 6 is an explanatory diagram showing the relationship between the information terminal and the patient location. FIG. 7 is an explanatory diagram illustrating a situation when a doctor carrying the information terminal approaches the patient location. FIG. 8 is a transition diagram showing changes in the display unit when the information terminal IT1 moves. FIG. 9 is a block diagram showing an overview of a personal information management server (medical care personal information access management device) according to Embodiment 2 of the present invention. FIG. 10 is a flowchart showing an example of processing executed by the personal information server shown in FIG. FIG. 11 is an explanatory diagram showing the relationship between the information terminal and the patient location. FIG. 12 is a flowchart showing an example of processing executed by the personal information server shown in FIG. FIG. 13 is an explanatory diagram showing the relationship between the information terminal and the patient location. FIG. 14 is a block diagram showing an outline of an information terminal including a personal information management server (medical care personal information access management device) according to Embodiment 3 of the present invention. FIG. 15: is a block diagram which shows the outline | summary of the information terminal containing the personal information management server (medical care personal information access management apparatus) by Embodiment 4 of this invention. FIG. 16: is a block diagram which shows the outline | summary of the information terminal containing the personal information management server (medical care personal information access management apparatus) by Embodiment 5 of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

<Embodiment 1>
FIG. 1 is a block diagram showing an outline of a personal information management server (medical care personal information access management device) according to Embodiment 1 of the present invention. As shown in the figure, the personal information management server (PIMS) 100 includes a control unit (CPU) 110, an input unit 120, an output unit 130, a communication unit 140, a storage unit 150, and a display unit 160. . The storage unit 150 stores personal information of at least one of medical care and nursing care (for example, diagnostic information such as electronic medical records, MRI diagrams, blood pressure, body temperature, heart rate, electrocardiogram, and X-ray diagram, electronic clinic plan, electronic care plan, medication information) And the location of the person to whom the personal information should belong (position information of latitude and longitude, address information, a conversion table for converting absolute position information of latitude and longitude and address information, etc.) Personal information and location information PIL, and permission range setting information PRS that defines whether access to the personal information is permitted when the distance from the location of the patient or caregiver to the information terminal is less than or equal to each other are stored. The control unit 110 includes an acquisition unit 111, an access permission unit 112, and an access provision unit 113. The location information can be converted from the current address of the patient P1 (for example, Toranomon, Minato-ku, Tokyo x address x address) to the absolute position information of latitude and longitude, but is stored in the portable terminal MT1 possessed by the patient P1. The absolute position information may be obtained from the information related to the communication status of the base station to which the GPS unit (not shown) provided in the mobile terminal MT1 is connected.

  The personal information management server 100 is connected to the information terminal IT1 held by a care worker such as a caregiver, or a medical worker such as a doctor D1 or a nurse, or a mobile phone held by a care receiver or patient P1 via the communication unit 140 and the network NET. Information can be exchanged by connecting to the terminal MT1. The output unit 130 can output information stored in the server or generated information to the printer PRN. The display unit 160 can also display information stored in the server and generated information. The input unit 120 receives an operation instruction or information input that is input via the mouse MUS or the keyboard KBD.

  The acquisition unit 111 receives, for example, a request for access to personal information including a patient number as a personal identifier from the information terminal IT1, and a positioning unit (position positioning) by a base station of the information terminal IT1 (GPS function unit, wireless communication (cell phone, etc.) Part)) to acquire the position information measured. The access request preferably includes, for example, a patient number as a personal identifier, but may be only an access request. In the case of only an access request, the personal information management server 100 extracts the patient's personal information corresponding to the location where the information terminal IT1 carried by the doctor D1 is approaching, and permits access to the information from the information terminal IT1. Will do.

  When the location indicated by the location information of the information terminal IT1 acquired by the acquisition unit 111 approaches the location of the person to whom the patient personal information should belong, the access permission unit 112 (permission range) When the setting information PRS is set (for example, when the distance between the two becomes a predetermined distance or less), access to at least a part of the patient P1 as the personal information is permitted. The access providing unit 113, when permitted by the access permission unit 112, provides access to personal information permitted to the information terminal IT1 based on the access request.

  FIG. 2 is a flowchart showing an example of processing executed by the personal information server shown in FIG. As shown in the figure, in step S11, the storage unit stores personal information and location in association with each other. In step S12, the acquisition unit acquires an access request and position information of the information terminal from the information terminal. In step S13, the access permission unit determines whether or not the location indicated by the acquired position information is close to the location of the patient (or care recipient) stored in the storage unit (in this embodiment, The determination is made based on the permission range setting information PRS). If it is determined that they are approaching, access to the personal information is permitted, and in step S14, the access providing unit provides access to the personal information permitted to the information terminal based on the access request ( Specifically, based on the permission range setting information PRS, permitted actions (information reading, writing, updating, etc. are permitted). If not permitted, this is not an essential step, but in step S15, the access permission unit returns a message for refusing access to the information terminal.

  FIG. 3 is an explanatory diagram showing the relationship between the information terminal and the patient location. As shown in the figure, the information terminal IT1 carried by the doctor D1 is located at the position LL1. Then, the information terminal IT1 carried by the doctor D1 gradually approaches the location of the patient P1. This is an operation when a doctor visits a patient's home during a general visit. When the information terminal IT1 enters the position LL2 in the permission area RA1 defined in the permission range setting information PRS, the information terminal IT1 is permitted to access the personal information of the patient P1. The permission area is limited by setting information such as a permission action and permission items defined in the permission range setting information PRS. Thus, according to this embodiment, when a doctor or a caregiver approaches a patient or a cared person (when located in the permission area RA1), the personal information necessary for treatment or care is provided. When access is permitted and both of them are separated (when they are located outside the permitted area RA1), access is denied, so a person who needs information (Need-to-know Person) needs As a result, access to personal information can be restricted, and information leakage can be effectively suppressed.

  FIG. 4 is a transition diagram showing changes in the display unit of the information terminal IT1. The display screen DD11 of the information terminal IT1 displays the electronic medical record of the patient P1 when the information terminal IT1 is located at the position LL1 in FIG. Although the patient number KX999 is displayed on the display screen DD11, personal information is not displayed because access is not permitted at this position. In this figure, for convenience of explanation and drawing, hatched ellipses are arranged in the fields of personal information that could not be accessed. The display screen DD12 displays the electronic medical record of the patient P1 when the information terminal IT1 is located at the position LL2 (that is, within the permission area RA1) in FIG. The display screen DD12 displays a patient number KX999 and various personal information (patient name, vital information, medication information, treatment information, disease name, past illness, etc.).

  FIG. 5 is a flowchart showing an example of processing executed by the personal information server shown in FIG. In this flow, the range of personal information permitted to be accessed is adjusted in accordance with the change in distance between both positions. As shown in the figure, in step S21, the storage unit stores personal information and location in association with each other. Once the storage step such as step S21 is performed, it is not necessary to re-execute until the information is changed. Alternatively, the storing step becomes unnecessary by mounting a ROM or flash memory storing the information on the apparatus or computer. In step S22, the acquisition unit acquires an access request and position information of the information terminal from the information terminal. In step S23, the access permission unit determines whether or not the location indicated by the acquired position information is close to the location of the patient (or care recipient) stored in the storage unit (in this embodiment, The determination is made based on the permission range setting information PRS). If it is determined that the user is approaching, access to the personal information is permitted. In step S24, the access permission unit displays the location indicated by the location information of the information terminal acquired by the acquisition unit. Control (adjustment) is performed so that the range of permitted personal information is increased as it is closer to the location of the person to be attributed, and the range of permitted personal information is decreased as the location is farther away. In step S25, the access providing unit provides the information terminal with access to the controlled range of personal information based on the access request. If not permitted, this is not an essential step, but in step S26, the access permission unit returns a message for refusing access to the information terminal. Since the position of the information terminal may change, the steps after step S23 are repeated at a predetermined cycle until both positions are separated and access is denied.

  FIG. 6 is an explanatory diagram showing the relationship between the information terminal and the patient location. As shown in the figure, the information terminal IT1 carried by the doctor D1 is located at the position LL11. Then, the information terminal IT1 carried by the doctor D1 gradually approaches the location of the patient P1. When the information terminal IT1 enters the position LL12 in the permission area RA11 defined in the permission range setting information PRS, the information terminal IT1 is permitted to access the personal information of the patient P1. The range of personal information that is permitted to be accessed is limited by setting information such as a permitted action and permission items defined in the permission range setting information PRS1. When the information terminal IT1 is located at the position LL13 in the permission area RA12, the range of permitted personal information is increased according to the permission range setting information PRS1. Furthermore, when the information terminal IT1 is located at the position LL14 in the permission area RA13, the range of permitted personal information increases according to the permission range setting information PRS1, and all of the patient P1 stored in the server is stored. Access to personal information in the range is permitted. As described above, when the doctor carrying the information terminal IT1 approaches the “patient location”, the range of personal information whose access is permitted increases step by step. On the other hand, when the doctor carrying the information terminal IT1 moves away from the “patient location”, the range of personal information permitted to be accessed gradually decreases. Thus, according to this embodiment, when a doctor or a caregiver approaches a patient or a cared person (when located in the permission area RA1), the personal information necessary for treatment or care is provided. When access is granted in stages and both of them are separated (when they are located outside the permitted area RA1), the accessible range decreases step by step, so that information should be known (ie, diagnosis) Or a person who needs information (Need-to-know Person) and can provide access to the necessary range of personal information. , Information leakage can be effectively suppressed. For convenience of drawing, the doctor D1 at the position LL11 is drawn as carrying the information terminal IT1, and the drawing of the information terminal IT1 carried by the doctor is omitted at the other positions LL12, 13, and 14. The same applies to the subsequent drawings.

  FIG. 7 is an explanatory diagram illustrating a situation when a doctor carrying the information terminal approaches the patient location. As shown in the figure, an information terminal IT1 carried by a doctor D1 riding in a car is located at a position LL21. Then, the information terminal IT1 carried by the doctor D1 gradually approaches the location of the patient P1. When the information terminal IT1 carried by the doctor D1 places a car on the parking lot PA1 as indicated by the arrow AR11 and enters the position LL22 in the permission area RA11 defined in the permission range setting information PRS, the information terminal IT1 , Access to the personal information of the patient P1 is permitted. The range of personal information that is permitted to be accessed is limited by setting information such as a permitted action and permission items defined in the permission range setting information PRS1. When the information terminal IT1 visits the home PHS of the patient P1 and is located at the position LL23 in the permission area RA12, the range of permitted personal information is increased according to the permission range setting information PRS1. Furthermore, when the information terminal IT1 is located at the position LL24 in the permission area RA13 where the patient P1 can be examined, the range of permitted personal information is increased according to the permission range setting information PRS1, and the patient P1 is stored in this server. Access to all stored personal information is permitted. As described above, when the doctor D1 carrying the information terminal IT1 approaches the “patient location”, the range of personal information permitted to be accessed increases step by step. On the other hand, when the doctor D1 carrying the information terminal IT1 moves away from the “patient location”, the range of personal information permitted to be accessed gradually decreases. Thus, according to this embodiment, when a doctor or a caregiver approaches a patient or a cared person (when located in a permission area), access to personal information necessary for treatment or care is provided. Is allowed in stages and when both are separated (when they are outside the permitted range), the accessible range will gradually decrease, so the person who needs information (Need-to-know Person) ) Can provide access to personal information within a necessary range, and information leakage can be effectively and skillfully suppressed.

  FIG. 8 is a transition diagram showing changes in the display unit when the information terminal IT1 moves. The display screen DD21 of the information terminal IT1 displays the electronic medical record of the patient P1 when the information terminal IT1 is located at the position LL21 in FIG. Although the patient number KX999 is displayed on the display screen DD11, since access to the personal information of the patient P1 is not permitted at this position, the personal information is not displayed. The display screen DD22 displays the electronic medical record of the patient P1 when the information terminal IT1 is located at the position LL22 (that is, within the permission area RA11) in FIG. On the display screen DD12, the patient number KX999 and the patient name, treatment information, and past medical history are displayed as personal information. In this figure, for convenience of explanation and drawing, the field of personal information that can be accessed and newly displayed is surrounded by a dashed ellipse. The display screen DD23 displays the electronic medical record of the patient P1 when the information terminal IT1 is located at the position LL23 (that is, within the permission area RA12) in FIG. In addition to the information displayed on the display screen DD22, vital information and medication information are displayed on the display screen DD23 as newly accessible personal information. The display screen DD24 displays the electronic medical record of the patient P1 when the information terminal IT1 is located at the position LL24 (that is, within the permission area RA13) in FIG. On the display screen DD24, in addition to the information of DD23, the disease name and diagnosis information are displayed as personal information that is newly accessible.

  This server (apparatus) is a computer such as a general-purpose computer, a special purpose computer, a server, or a PC, or a program module that realizes (executes) the function and processing procedure (method) of the server on the computer. It is preferable to construct this server on a computer by holding it in a CPU or storage unit that it has, or reading from an external server or storage, and the same applies to each of the following embodiments.

<Embodiment 2>
FIG. 9 is a block diagram showing an overview of a personal information management server (medical care personal information access management device) according to Embodiment 2 of the present invention. As shown in the figure, the personal information management server (PIMS) 200 includes a control unit (CPU) 210, an input unit 220, an output unit 230, a communication unit 240, a storage unit 250, and a display unit 260. . The storage unit 250 includes at least one personal information electronic medical record, MRI diagram, blood pressure, body temperature, heart rate, electrocardiogram, X-ray diagram and other diagnostic information, electronic clinic plan, electronic care plan, medication information, etc.) Personal information associated with the location of the person to whom the personal information should belong (position information of latitude and longitude, address information, a conversion table for converting absolute position information of latitude and longitude and address information, etc.), and Stores location information PIL and permission range setting information PRS that defines whether access to personal information is permitted when the distance from the location of the patient or caregiver to the information terminal is less than one. In the present embodiment, the storage unit 250 further stores an access identifier AI and a user / access permission level table UAT. The control unit 210 includes an acquisition unit 211, an access permission unit 212, and an access provision unit 213.

  The personal information management server 200 is connected to the information terminal IT2 held by a care worker such as a caregiver or a medical worker such as a doctor D2 or a nurse, or a mobile phone held by a care recipient or patient P2 via the communication unit 240 and the network NET. Information can be exchanged by connecting to the terminal MT1. The output unit 230 can output information stored in the server or generated information to the printer PRN. The display unit 160 can also display information stored in the server and generated information. The input unit 120 receives an operation instruction or information input that is input via the mouse MUS or the keyboard KBD. It should be noted that unless otherwise indicated or mentioned, the processing and functions of the apparatus and each part in the second embodiment are the same as those in the actual situation 1.

  In this embodiment, the information terminal IT2 includes a USB terminal for connecting an external USB device, and a biological information acquisition unit BCPT1. In the present embodiment, an externally connected GPS device GPS1 is connected to the USB terminal of the information terminal IT2. The GPS device GPS1 includes a GPS unit that receives a plurality of GPS signals and measures a position, and an encryption unit that encrypts position information (for example, absolute coordinates based on latitude, longitude, and altitude on the earth). And a USB terminal for transmitting the encrypted “positioned position information” to the information terminal IT2. The acquisition unit 211 acquires, from the information terminal IT2, for example, a request for access to personal information including a patient number as a personal identifier, and position information measured and encrypted by the GPS device GPS1. As described above, if the information terminal IT2 is configured to acquire the position information that is measured outside the information terminal IT2 and is encrypted, the information terminal IT2 generates false position information. It is possible to prevent the personal information management server 200 from being deceived with false position information using a program or a unit, and obtaining permission to access the personal information.

  The obtained encrypted position information is decrypted by the decryption unit included in the control unit 210. When the location indicated by the location information of the information terminal IT2 acquired and decrypted by the acquisition unit 211 approaches the location of the person to which the patient personal information should belong, the access permission unit 212 ( When set in the permission range setting information PRS (for example, when the distance between the two becomes a predetermined distance or less), access to at least a part of the patient P2 as the personal information is permitted. The access providing unit 213 provides access to the personal information permitted to the information terminal IT2 based on the access request when the access is permitted by the access permission unit 212.

  In the present embodiment, the storage unit 250 includes at least one of medical and nursing personal information and an access identifier (preferably, a mobile phone number, Mobile terminal identifiers, etc.) are stored in association with each other. By using this access identifier and confirming the location of the owner of personal information such as a patient when an access request is received from the information terminal, it is possible to further enhance the safety of information retention. That is, before the access permission unit 212 determines access permission, the location information (location information measured by the GPS unit of the portable terminal) is obtained from the portable terminal of the person to whom the personal information belongs using the access identifier AI. The acquisition unit 211 is controlled to acquire the location information, and the location information of the mobile terminal MT2 acquired is replaced with the location of the person to which the personal information should belong, which is included in the PIL stored in the storage unit 250. The storage unit 250 is controlled. This makes it possible to determine permission to access personal information based on the current (latest) location information of the patient or care recipient.

  The storage unit 250 stores information in which the user of the information terminal is associated with the access permission level set for the user in the user / access permission level table UAT. The access permission unit 212 further controls the permission range of the personal information according to the security level set for the user of the information terminal (for example, all information can be read, updated, rewritten, or medication information Read / update / rewrite and allow other information to be read only).

  The personal information included in the PIL stored in the storage unit 250 includes biometric information (fingerprint, vein, iris, etc.) of the person to whom the personal information belongs, and the acquisition unit 211 receives information from the information terminal IT2 The biometric information of the person to which the personal information acquired by the biometric information acquisition unit BCPT1 (for example, a CCD camera capable of digital photography, a camera using a CMOS sensor, a vein sensor, an electrostatic fingerprint sensor, etc.) get. The location indicated by the location information of the information terminal acquired by the acquisition unit by the access permission unit 212 approaches the location of the person to which the personal information stored in the storage unit belongs, and is acquired by the acquisition unit. If the biometric information matches the biometric information stored in the storage unit (or if the similarity is higher than a predetermined threshold), access to at least a part of the personal information is permitted. In this way, the information terminal IT2 once acquires the biological information of the patient P2, and the information PIL includes the biological information, which is a weak point in terms of security. Therefore, the information terminal IT2 further includes an encryption / decryption unit, and transmits the encrypted biological information to the server 200 using the encryption / decryption unit, and stores the encrypted biological information in the information PIL. In addition, it may be determined whether or not the encrypted biometric information matches, and the access permission unit may use the result. Alternatively, a biological information acquisition unit BCPT2 is provided in the portable terminal MT2 of the patient P2, and the biological information acquired by the patient P2 itself is encrypted by the encryption unit and transmitted to the server 200, and the biological information is used as it is. The encrypted biometric information may be compared to determine whether or not they match, or it may be determined whether or not the biometric information matches with the biometric information decrypted by the decryption unit 214 of the server 200. May be. In the server 200, it is needless to say that the biometric information is stored in an encrypted state or compared and used more safely.

  In the embodiment described above, personal information including the patient's own biometric information is stored in the storage unit. However, the personal information provides at least one of medical and care services to the person to whom the personal information belongs. Biometric information of the service provider to be used (for example, a doctor's or caregiver's fingerprint, vein, iris, etc.) may be included. In that case, the acquisition unit further acquires, from the information terminal, the biological information of the service provider acquired by the biological information acquisition unit provided in the information terminal, and the access permission unit is acquired by the acquisition unit. The location indicated by the location information of the information terminal approaches the location of the person to which the personal information stored in the storage unit should belong, and the biological information acquired by the acquisition unit and the service provided in the storage unit It is preferable to configure to permit access to at least a part of the personal information when the person's biometric information matches (or when the similarity is higher than a predetermined threshold).

  FIG. 10 is a flowchart showing an example of processing executed by the personal information server shown in FIG. As shown in the figure, in step S31, the storage unit stores personal information and location in association with each other. In step S32, the acquisition unit acquires an access request and position information of the information terminal from the information terminal. In step S33, the current location information is acquired from the portable terminal of the patient using the access identifier before determining access permission. In step S34, the location information stored in the storage unit is replaced with the obtained location information of the mobile terminal. In step S35, the access permission unit determines whether or not the location indicated by the acquired position information is close to the location of the patient (or care recipient) stored in the storage unit (in this embodiment, The determination is made based on the permission range setting information PRS). If it is determined that the user is approaching, access to the personal information is permitted, and in step S36, the access providing unit provides access to the personal information permitted to the information terminal based on the access request ( Specifically, permitted actions (information read, write, update, etc. are allowed based on the permission range setting information). If not permitted, this is not an essential step, but in step S37, the access permission unit returns a message for refusing access to the information terminal. This makes it possible to determine permission to access personal information based on the current (latest) location information of the patient or care recipient. That is, when there is no patient or care recipient, it is possible to prevent inappropriate access to personal information at a normal location by an information terminal carried by a medical worker or caregiver.

  FIG. 11 is an explanatory diagram showing the relationship between the information terminal and the patient location. As shown in the figure, the information terminal IT2 carried by the doctor D2 is located at the position LL31. Then, the information terminal IT2 carried by the doctor D2 gradually approaches the “normal location (the patient is absent)” of the patient P2. When the information terminal IT2 enters the position LL32 in the permission area RA21 defined in the permission range setting information PRS, normally, the information terminal IT2 should be permitted to access the personal information of the patient P2. In this case, since the patient P2 carrying the portable terminal MT2 moves and is absent and the permission area RA21 is invalid, the information terminal IT2 is not permitted to access the personal information of the patient P2. Next, the information terminal IT2 carried by the doctor D2 gradually approaches the “current location (care facility where the patient is staying)” of the patient P2. When the information terminal IT2 enters the position LL33 in the permission area RA22, the information terminal IT2 is permitted to access the personal information of the patient P2. The range of personal information that is permitted to be accessed is limited by setting information such as a permitted action and permission items defined in the permission range setting information PRS. Thus, according to the present embodiment, even when the patient or the cared person moves, the situation should be known (that is, the situation where the patient or the care recipient is located at the place where the examination or care work is performed). In addition, it is possible to provide access to personal information within a necessary range to a person who needs information (Need-to-know Person), and information leakage can be effectively suppressed.

  FIG. 12 is a flowchart showing an example of processing executed by the personal information server shown in FIG. Steps S42-45 in FIG. 12 are the same as steps S32-35 in FIG. As shown in the figure, in step S41, it is preferable that the storage unit stores personal information and location in association with each other, and further sets biometric information (encrypted biometric information) of the patient and the cared person. .). After step S42-45, in step S46, the acquisition unit acquires biometric information acquired by the biometric acquisition unit of the information terminal or the portable terminal (preferably using encrypted biometric information). . In step S47, it is determined whether or not the acquired biometric information matches the biometric information stored in the storage unit. If they match, in step S48, the access providing unit provides access to the personal information permitted to the information terminal based on the access request (specifically, permitted based on the permitted range setting information). Conduct (reading information, writing, updating, etc.)). If not permitted, this is not an essential step, but in step S49, the access permission unit returns a message for refusing access to the information terminal. As a result, the access permission to the personal information is determined based on the current (latest) location information of the patient and the cared person, and the patient himself / herself is confirmed to be in a situation where the patient himself / herself is examined and treated. It becomes possible to confirm. In other words, when there is no patient or care recipient, the information terminal carried by the health care worker or caregiver prevents improper access to personal information at the normal location, even if the patient Even if a terminal exists, access to personal information can be prevented unless the patient himself performs an authentication operation for obtaining biometric information.

  FIG. 13 is an explanatory diagram showing the relationship between the information terminal and the patient location. As shown in the figure, the information terminal IT2 carried by the doctor D2 is located at a position LL42 in the hospital where the doctor works. The information terminal IT2 carried by the doctor D2 is almost stationary while being located there. On the other hand, the mobile terminal MT2 carried by the patient P2 is located at the position L141, but gradually approaches the “location (hospital)” of the doctor D2. As the mobile terminal MT2 moves, the information terminal IT2 relatively enters the permission area RA31 defined in the permission range setting information PRS, and the information terminal IT2 permits access to the personal information of the patient P2 by this server. Is done. The range of personal information that is permitted to be accessed is limited by setting information such as a permitted action and permission items defined in the permission range setting information PRS. In this way, according to this embodiment, even when a patient or a cared person moves and moves to a hospital or a care facility, a situation in which information should be known (ie, medical examination or care work is performed). It is possible to provide access to personal information within the necessary range to a person who needs information (Need-to-know Person) who is in a location) It is possible to effectively suppress information leakage while skillfully managing information. That is, in the present embodiment, the distance between the two is obtained by checking the position of the information terminal on the user side such as a doctor and the position of the portable terminal such as the patient in real time, periodically, or at the time of access request. The access permission can be given when the distance falls within the permission area.

<Embodiment 3>
FIG. 14 is a block diagram showing an outline of an information terminal including a personal information management server (medical care personal information access management device) according to Embodiment 3 of the present invention. As shown in the figure, in this embodiment, the information terminal IT3 includes the personal information management server (PIMS) 100 (or 200) of the actual aspect 1 or 2. The included personal information management server (PIMS) 100 (or 200) has the same functional unit as the actual state 1 (2) and can perform the same processing. However, since the information terminal IT3 includes the server 100 (200), the exchange of information between the information terminal and the server is internally exchanged within the information terminal IT3 without going through the network. The advantage of this embodiment is that even when personal information is stored in the information terminal, access to the personal information is permitted only when the doctor D3 approaches the portable terminal MT3 carried by the patient P3. It is. On the contrary, the same advantage can be enjoyed even if the portable personal information management server includes the information terminal and its function unit.

<Embodiment 4>
FIG. 15: is a block diagram which shows the outline | summary of the information terminal containing the personal information management server (medical care personal information access management apparatus) by Embodiment 4 of this invention. As shown in the figure, in this embodiment, the information terminal IT4 further includes an orientation sensor unit DSU1 and an acceleration sensor unit ASU1. In addition, the mobile terminal MT4 further includes an orientation sensor unit DSU2 and an acceleration sensor unit ASU2. The fourth embodiment has substantially the same configuration and processing as those of the third embodiment except that the acceleration sensor units ASU1 and ASU2, the azimuth sensor units DSU1 and DSU2 are added, and the processing associated therewith. In a room of an apartment house surrounded by a concrete wall, GPS signals from satellites, ground reference base stations, etc. are attenuated, and coordinate measurement (positioning) may not be possible depending on the indoor measurement position. Even in such a case, in this embodiment, the relative position measurement (accurate) in the room of the information terminal or the portable terminal is performed by measuring the moving distance and the moving direction using the acceleration sensor and the direction sensor. In this case, it is possible to continue the relative position estimation from the measurement position (reference point) by the GPS device, and the terminal position can be substantially measured (position measurement). For example, a relative position such as 45 m northwest of the reference point can be estimated from the measurement position (reference point) by the GPS unit of the GPS device and the measured values by the attitude sensor unit and the acceleration sensor unit. It is possible to obtain the position of the information terminal or portable terminal by converting into absolute coordinates on the earth (north latitude x degrees y minutes z, east longitude a degrees b minutes ccc). One or both of the acceleration sensor unit and the direction sensor unit can be incorporated into the GPS device.

<Embodiment 5>
FIG. 16: is a block diagram which shows the outline | summary of the information terminal containing the personal information management server (medical care personal information access management apparatus) by Embodiment 5 of this invention. As shown in the figure, in this embodiment, the information terminal IT5 further includes a navigation unit NVU. The mobile terminal MT5 is the same as the mobile terminal MT4 of the fourth embodiment. The fifth embodiment has substantially the same configuration and processing as those of the fourth embodiment except that the navigation unit NVU is mounted on the information terminal IT5 and the processing associated therewith. The navigation unit NVU displays the current location of its own terminal on the map, displays the building of the location of the nearby patient or cared person, and displays the location of the patient or cared person or the patient or cared person's location. When the current position of the portable terminal MT5 is set as a target, the mobile terminal MT5 has a function of performing route guidance (route guidance) to the target position. In this case, the distance of the information terminal to the patient (or mobile terminal) is reduced according to the guidance, and if the distance is within a predetermined distance range, access to personal information is permitted or the distance to the patient is increased. It is possible to perform the processing of the embodiment 1-3 so that the permitted personal information increases as it gets closer. In addition, the acceleration unit part (three-axis acceleration sensor), the direction sensor (the geomagnetic sensor such as the Hall element), the navigation part, and the like according to the fourth and fifth embodiments can be mounted on the information terminal or the portable terminal according to another embodiment. It is.

  Although the present invention has been described based on the drawings and examples, it should be noted that those skilled in the art can easily make various modifications and corrections based on the present disclosure. Therefore, it should be noted that these variations and modifications are included in the scope of the present invention. For example, the processes and functions included in each unit and each step can be rearranged so as not to be logically contradictory, and a plurality of means / units and steps can be combined or divided into one. Is possible. Alternatively, it should be noted that some components, functions, processes, steps, etc. of the apparatus, method, program, etc. according to the present invention can be located in a remote server or the like. Each actual aspect has been described with the settings of a doctor, a patient, and a hospital, but it should be noted that the configuration of the present invention can function in the same manner even with settings such as a care helper, a care recipient, and a care facility.

100 Personal Information Management Server (PIMS)
DESCRIPTION OF SYMBOLS 110 Control part 111 Acquisition part 112 Access permission part 113 Access provision part 120 Input part 130 Output part 140 Communication part 150 Storage part 160 Display part 200 Personal information management server (PIMS)
210 control unit 211 acquisition unit 212 access permission unit 213 access provision unit 214 decoding unit 220 input unit 230 output unit 240 communication unit 250 storage unit 260 display unit AI access identifier AR11 arrow BCPT1 biometric information acquisition unit BCPT2 biometric information acquisition unit D1 doctor D2 Doctor D3 Doctor DD11 Display screen DD12 Display screen DD21 Display screen DD22 Display screen DD23 Display screen DD24 Display screen GPS1 Device IT1 Information terminal IT2 Information terminal IT3 Information terminal KBD Keyboard LL1 Position LL11 Position LL12 Position LL12, 13, Position L21 Position L21 LL22 position LL23 position LL24 position LL31 position LL32 position LL33 position Ll41 position LL42 position MT1 mobile terminal MT2 mobile terminal MT3 mobile terminal MUS mouse N ET network P1 patient P2 patient P3 patient PA1 parking lot PHS home PRN printer PRS permission range setting information PRS1 permission range setting information RA1 permission area RA11 permission area RA12 permission area RA13 permission area RA21 permission area RA22 permission area RA31 permission area UAT user access Permission level table

Claims (9)

A personal information management server that provides an information terminal with access to personal information of at least one of medical and nursing care,
A storage unit for storing the personal information of at least one of the medical care and the care and the location of the person to whom the personal information belongs in association;
From the information terminal, an acquisition unit that acquires an access request to the personal information and location information of the information terminal;
When the location indicated by the location information of the information terminal acquired by the acquisition unit approaches the location of the person to which the personal information stored in the storage unit should belong, at least part of the personal information An access permission section for permitting access;
An access providing unit for providing access to the authorized personal information to the information terminal based on the access request, if permitted by the access permitting unit;
I have a,
The access permission unit
The range of personal information that is permitted to be accessed as the location indicated by the location information of the information terminal acquired by the previous acquisition unit becomes closer to the location of the person to which the personal information stored in the storage unit belongs And control to decrease the range of personal information that is allowed to be accessed as the distance from the location increases.
The access provision department in the previous term
If permitted by the access permission unit, based on the access request, providing access to personal information to the information terminal within a permission range controlled by the access permission unit;
A personal information management server characterized by that . In the personal information management server according to claim 1,
The acquisition unit
After the position information measured by the GPS device externally connected to the information terminal is encrypted, the information acquired by the information terminal is acquired as the position information measured by the information terminal.
A personal information management server characterized by that. In the personal information management server according to claim 1 or 2 ,
The storage unit
Storing the personal information of at least one of the medical care and nursing care in association with an access identifier for accessing the portable terminal of the person to whom the personal information should belong;
Before the access permission unit determines access permission,
Using the access identifier to control the acquisition unit to acquire location information from the mobile terminal of the person to whom personal information should belong,
Controlling the storage unit so as to replace the location of the person to which the personal information belongs, stored in the storage unit, with the acquired location information of the mobile terminal;
A personal information management server characterized by that. In the personal information management server according to any one of claims 1 to 3 ,
The storage unit
Further storing the user of the information terminal in association with the access permission level set for the user;
The access permission unit
Further controlling the permission range of personal information according to the access permission level set for the user of the information terminal,
A personal information management server characterized by that. In the personal information management server according to any one of claims 1 to 4 ,
Personal information of at least one of the medical care and care stored in the storage unit is
Including the biological information of the person to whom the personal information belongs,
The acquisition unit
From the information terminal, further acquiring the biometric information of the person to which the personal information acquired by the biometric information acquisition unit provided in the information terminal,
The access permission unit
The location indicated by the location information of the information terminal acquired by the acquisition unit approaches the location of the person to which the personal information stored in the storage unit belongs; and
If the biometric information acquired by the acquisition unit matches the biometric information stored in the storage unit, permit access to at least a part of the personal information;
A personal information management server characterized by that. In the personal information management server according to any one of claims 1 to 4 ,
Personal information of at least one of the medical care and care stored in the storage unit is
Including the biological information of the person to whom the personal information belongs,
The acquisition unit
From the mobile terminal, further acquiring the biometric information of the person to which the personal information acquired by the biometric information acquisition unit provided in the mobile terminal,
The access permission unit
The location indicated by the location information of the information terminal acquired by the acquisition unit approaches the location of the person to which the personal information stored in the storage unit belongs; and
If the biometric information acquired by the acquisition unit matches the biometric information stored in the storage unit, permit access to at least a part of the personal information;
A personal information management server characterized by that. In the personal information management server according to any one of claims 1 to 6 ,
Personal information of at least one of the medical care and care stored in the storage unit is
Against the person to be attributable to the personal information, including medical and nursing of at least one of the service the service provider of the biological information to provide,
The acquisition unit
From the information terminal, further obtain the biological information of the service provider acquired by the biological information acquisition unit provided in the information terminal,
The access permission unit
The location indicated by the location information of the information terminal acquired by the acquisition unit approaches the location of the person to which the personal information stored in the storage unit belongs; and
A biometric information acquired by the acquiring unit, wherein stored in the storage unit, the service provider of the biometric information and matching case, or a higher degree of similarity than a predetermined threshold value if, said individual information Allow access to at least some of the
A personal information management server characterized by that. A personal information management program for causing a computer to execute a method of providing an information terminal with access to personal information of at least one of medical care and nursing care,
A storage step of associating and storing in the storage unit the personal information of at least one of the medical care and care, and the location of the person to whom the personal information should belong;
An acquisition step of acquiring an access request to the personal information and the location information of the information terminal from the information terminal;
As the location indicated by the acquired location information of the information terminal is closer to the location of the person to whom the personal information is stored stored in the storage unit, the range of personal information permitted to access is increased, An access permission step for controlling to decrease the range of personal information permitted to be accessed as the distance from the location increases ;
An access providing step of providing access to personal information to the information terminal within the permission range controlled by the access permission step based on the access request when permitted in the access permission step ;
Personal information management program. A personal information management method for providing an information terminal with access to personal information of at least one of medical care and nursing care,
A storage step of associating and storing in the storage unit the personal information of at least one of the medical care and care, and the location of the person to whom the personal information should belong;
An acquisition step of acquiring an access request to the personal information and the location information of the information terminal from the information terminal;
As the location indicated by the acquired location information of the information terminal is closer to the location of the person to whom the personal information is stored stored in the storage unit, the range of personal information permitted to access is increased, An access permission step for controlling to decrease the range of personal information permitted to be accessed as the distance from the location increases ;
An access providing step of providing access to personal information to the information terminal within the permission range controlled by the access permission step based on the access request when permitted in the access permission step ;
A personal information management method.

Images