KR20180076911A - A system of transferring medical records to the third part by using one-time password - Google Patents
A system of transferring medical records to the third part by using one-time password Download PDFInfo
- Publication number
- KR20180076911A KR20180076911A KR1020160181596A KR20160181596A KR20180076911A KR 20180076911 A KR20180076911 A KR 20180076911A KR 1020160181596 A KR1020160181596 A KR 1020160181596A KR 20160181596 A KR20160181596 A KR 20160181596A KR 20180076911 A KR20180076911 A KR 20180076911A
- Authority
- KR
- South Korea
- Prior art keywords
- medical information
- patient
- party
- medical
- address
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H10/00—ICT specially adapted for the handling or processing of patient-related medical or healthcare data
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H30/00—ICT specially adapted for the handling or processing of medical images
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
If a patient is being treated at a third-party medical facility and the patient requests to transmit his or her medical information via the mobile app, then a third-party medical facility that permits the third- (OTP) for authenticating a viewing address for accessing the emergency medical information of a patient and an access right, and transmits the generated browse address and disposable password to the third party contact information To a medical information server; A patient service app installed in a smart terminal of a patient, receiving a third party contact, a medical information providing agreement, and requesting the medical information server to provide medical information of a patient; And a third party terminal for accessing the browse address when the browse address and the disposable password are received by the third party contact and viewing the patient's medical information provided by the browse address if the OTP authentication is passed with the received disposable password .
According to the above system, when the patient agrees with the mobile application, the medical information of the patient is provided to the third-party medical institution, so that the patient's medical history can be quickly tracked and the accurate diagnosis can be performed. .
Description
The present invention relates to a disposable password-based authentication system for allowing a third party medical institution to view medical information of a patient when the patient is treated at a third-party medical institution and the patient requests to transmit his / And a third party's medical information browsing system.
In general, a medical information system introduced into a medical institution includes an electronic medical record (EMR), an order communication system (OCS), and a picture archiving communication system (PACS). These medical information systems have been introduced into computer systems at medical institutions such as hospitals, and medical records created and transmitted at medical institutions have been digitized. In other words, the medical records previously stored by hand by physicians such as doctors are digitized into electronic documents, recorded and permanently stored in the medical information system.
The electronic medical record (EMR) is a digitalization of a chart of a paper document in which physicians, such as physicians in the past, recorded the contents of the patient's manual, and the prescription delivery system (OCS) digitizes a prescription of a paper document It is. In addition, the medical image storage and transmission system (PACS) is a digitalization of image films taken by medical imaging equipment such as CT or MRI in the past. Therefore, the medical contents of these patients, doctor's prescriptions, and medical image data are digitized, stored in the medical information system in the medical institution, permanently preserved, and transmitted to the necessary places through the network.
Therefore, a doctor or a patient can easily access medical records of a patient by accessing a server of the medical institution whenever necessary at a computing terminal connected to the Internet such as a PC or a smart phone. For example, when the health checkup management server authenticates a terminal such as a patient (user), an agent, an administrator, a medical staff, an external institution (National Health Insurance Corporation, etc.) in cooperation with the EMR server, Technology has been proposed [
However, most of the above-mentioned medical information systems are installed in a single medical institution, such as a hospital, so they are incompatible with other medical institutions. Thus, standardization works are being actively carried out to smoothly transfer medical records between medical institutions.
In order to transfer medical data between the other medical institutions or exchange them with each other, intermediary servers, an integrated server, a shared server, and the like have been proposed to relay between the medical institutions [Patent Documents 4 and 5]. The above prior arts can be achieved by encrypting the medical data between the second medical institutions in the first medical institution and simply relaying the transmission of the medical data or receiving and storing the medical data from the respective medical institutions in the integrated server and the shared server, Technologies are proposed.
However, the prior art has a problem that the medical data is stored or managed by the third organization. In other words, since medical records generated by medical institutions such as hospitals are very important personal information, there is a great possibility that privacy will be seriously inflicted when the patient is disclosed to third parties in an unwanted manner. Thus, without explicit consent of the patient, the third party is prohibited from reading, or the place outside of the hospital is restricted, and the law is strictly protected. In other words, the patient's medical records can be taken out to other organizations or third parties only if they are subjected to complicated procedures such as strict identification, power of attorney, or submission of informational consent.
In particular, under the Medical Law, "medical records are prohibited to be read without the consent of the patient". However, the medical institution may allow the medical records to be read when the patient proves his or her consent or kinship. In addition, if the consciousness of the patient is unconscious or the patient can not receive consent because of an emergency, the medical record can be sent if requested by another medical institution.
However, there are many problems in emergency situations where urgent measures are needed, because rescue personnel or medical personnel take a long time to contact the frequently visited hospital and receive medical information. As a result of emergency medical treatment, the medical staff are exposed to tuberculosis as well as the medical staff themselves.
It is an object of the present invention to solve the above-mentioned problems, and it is an object of the present invention to provide a medical device, A third party medical information browsing system based on a disposable password which allows a third party medical institution to view the medical information.
In particular, an object of the present invention is to provide a method and apparatus for transmitting an access information and a disposable password (OTP) of a website for medical information inquiry of a patient to a terminal of a third party upon receiving an emergency medical information provision agreement from a mobile app, A third party's medical information browsing system based on a one-time password, which provides the medical information of the patient by authenticating the third party when accessed.
In order to achieve the above object, the present invention relates to a medical information browsing system for a third party based on a disposable password, and when receiving a medical information provision request of a patient together with a third party contact, A medical information server for generating a one-time password (OTP) for authenticating the address and the viewing right, and transmitting the generated browse address and disposable password to the third party contact; A patient service app installed in a smart terminal of a patient, receiving a third party contact, a medical information providing agreement, and requesting the medical information server to provide medical information of a patient; And a third party terminal for accessing the browse address when the browse address and the disposable password are received by the third party contact and viewing the patient's medical information provided by the browse address if the OTP authentication is passed with the received disposable password .
The present invention is also directed to a third party medical information browsing system based on a disposable password, wherein the third party contact is an email address or a mobile communication telephone number.
In addition, the present invention is characterized in that, in a medical information browsing system of a third party based on a disposable password, the service app performs authentication of a patient when receiving a medical information provision agreement.
Further, the present invention is characterized in that in the third party medical information browsing system based on a disposable password, the browsing address is a web site or a web page URL (uniform resource locator).
Further, the present invention is characterized in that in the third party medical information browsing system based on a disposable password, an expiration period is set for the disposable password, and even if the OTP authentication is requested after the expiration period has elapsed, the disposable password is revoked and is not authenticated.
Further, the present invention is characterized in that, in a medical information browsing system of a third party based on a disposable password, when a expiration period of the disposable password has elapsed, a web site or web page displaying emergency medical information based on the browse address disappears do.
According to another aspect of the present invention, there is provided a third-party medical information browsing system based on a disposable password, wherein the medical information server fetches emergency medical information of a patient from a resource server holding medical information of the patient and provides the information to the third- .
As described above, according to the disposable password-based third party medical information browsing system according to the present invention, when the patient agrees via the mobile app, the patient medical information is provided to the third party medical institution, So that an accurate diagnosis can be performed, and the effect that the most appropriate emergency measures can be taken can be obtained.
BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram of an entire system for implementing the present invention. FIG.
FIG. 2 is a flowchart illustrating a disposable password-based third party medical information browsing system according to an embodiment of the present invention; FIG.
FIG. 3 is an exemplary view of a screen for providing emergency medical information according to an embodiment of the present invention; FIG.
4 is an exemplary view of an e-mail received by a third-party terminal according to an embodiment of the present invention;
5 is an exemplary screen for receiving a disposable password according to an embodiment of the present invention.
FIG. 6 is an exemplary screen of an emergency medical information website according to an embodiment of the present invention; FIG.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the drawings.
In the description of the present invention, the same parts are denoted by the same reference numerals, and repetitive description thereof will be omitted.
First, a configuration of an overall system for carrying out the present invention will be described with reference to FIG.
As shown in FIG. 1, the overall system for implementing the present invention includes a
First, the patient
Next, the
The
That is, the
In addition, the
Next, the third-
A third party is a medical facility for emergency treatment of a patient, such as a doctor, a rescue staff, or a medical institution such as a hospital. The third-
The
Next, the
That is, when the
That is, a request for provision of emergency medical information from the
At this time, since OTP has set the expiration period, even if OTP is requested to access the website after the expiration period, OTP can not access the website and access the patient information because OTP has no effect.
In addition, the
Preferably, the URL of the web site that can inquire the patient's medical care information is not fixed, and if it is generated dynamically, it may be more advantageous for security. That is, when the expiration period of the OTP is set equal to the URL and the browse address, and the expiration period elapses, the medical information web page is destroyed.
In addition, the
Next, the
Meanwhile, the
In particular, the
Next, the
Next, a disposable password-based third party medical information browsing system according to an embodiment of the present invention will be described with reference to FIG.
As shown in FIG. 2, first, the
That is, an emergency occurs and the patient or the user receives emergency treatment at a third party or a third party medical institution. At this time, the patient or the user executes and connects the
At this time, the patient or the user performs user authentication in the
Next, the
That is, the
In addition, the
Specifically, the user or the patient agrees to provide the emergency medical information to the third party corresponding to the contact through the
Further, the
Then, the
Next, the
When the patient's emergency medical information providing consent request is transmitted to the
In addition, the
Next, the
That is, a URL of a website that allows the patient to view emergency medical information such as a patient's medical record summary (Clinical Summary) using an e-mail address or a cell phone number of a third party input by an app, Send one-time password (one-time password, OTP) to use. In this case, the third party receives e-mail in a form similar to FIG. This email may include a safety mark that is not a phishing site.
Next, the
A third party that the patient has agreed to view his or her medical information will receive an email or text and then click on the URL of the transmitted website to access the website. The third party then enters the one-time pass which is also e-mailed or textually received from the connected web site and is authenticated. An exemplary screen for inputting the disposable password is shown in Fig.
Next, the
That is, when the authentication is completed with a one-time password (one-time password), the third party can browse the medical information such as the clinical summary of the patient implemented on the web. Medical information such as the clinical summary may include basic patient information, illness, treatment history, and medical imaging. Preferably, the medical information is information recorded by summarizing the medical information to be referred to at the time of performing other situations, rather than recording all the medical information of the patient. An example screen of the emergency medical information is shown in Fig.
Although the present invention has been described in detail with reference to the above embodiments, it is needless to say that the present invention is not limited to the above-described embodiments, and various modifications may be made without departing from the spirit of the present invention.
10: Patient smart terminal 20: Patient service app
30: Third-party terminal 40: Medical information server
50: resource server 60:
80: Network
Claims (7)
Upon receipt of the patient's medical information provision request together with the third-party contact, a viewing address for viewing the patient's emergency medical information and a one-time password (OTP) for authenticating the viewing authorization are generated, A medical information server for transmitting the disposable password to the third party contact;
A patient service app installed in a smart terminal of a patient, receiving a third party contact, a medical information providing agreement, and requesting the medical information server to provide medical information of a patient; And
A third party terminal accessing the browse address when receiving the browse address and the disposable password as the third party contact and viewing the patient's medical information provided by the browse address when the OTP authentication is passed with the received disposable password A third party's medical information browsing system based on a disposable password.
Wherein the third party contact is an email address or a mobile communication telephone number.
And when the medical information providing consent is inputted, the patient is authenticated by himself / herself.
Wherein the expiration period is set for the disposable password, and when the expiration period has elapsed, even if the OTP authentication is requested, the validity is expired and the authentication is not performed, and the third party's medical information browsing system based on the disposable password.
Wherein the medical information server expires the web site or the web page displaying the emergency medical information by the browse address when the expiration period of the disposable password has elapsed.
Wherein the browse address is a website or a uniform resource locator (URL) of a web page.
Wherein the service application performs authentication of the patient when receiving the medical information provision agreement.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160181596A KR20180076911A (en) | 2016-12-28 | 2016-12-28 | A system of transferring medical records to the third part by using one-time password |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160181596A KR20180076911A (en) | 2016-12-28 | 2016-12-28 | A system of transferring medical records to the third part by using one-time password |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20180076911A true KR20180076911A (en) | 2018-07-06 |
Family
ID=62921191
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020160181596A KR20180076911A (en) | 2016-12-28 | 2016-12-28 | A system of transferring medical records to the third part by using one-time password |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20180076911A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20210041668A (en) * | 2019-10-07 | 2021-04-16 | 농협은행(주) | Apparatus and method for transmitting message |
KR102418542B1 (en) * | 2021-02-26 | 2022-07-08 | 주식회사 지지56코리아 | A test result verification management system by text message |
US11727145B1 (en) | 2022-06-10 | 2023-08-15 | Playback Health Inc. | Multi-party controlled transient user credentialing for interaction with patient health data |
KR102573773B1 (en) * | 2022-09-19 | 2023-09-04 | 주식회사 파이디지털헬스케어 | DIGITAL THERAPEUTICS PRESCRIPTION DATA EXCHANGE SYSTEM AND METHOD APPLYING DE-IDENTIFICATION of PERSONAL INFORMATION |
KR102636860B1 (en) * | 2023-02-20 | 2024-02-16 | 주식회사 파이디지털헬스케어 | Authentication and interlocking system and method of digital therapeutic app using one-time code |
-
2016
- 2016-12-28 KR KR1020160181596A patent/KR20180076911A/en unknown
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20210041668A (en) * | 2019-10-07 | 2021-04-16 | 농협은행(주) | Apparatus and method for transmitting message |
KR102418542B1 (en) * | 2021-02-26 | 2022-07-08 | 주식회사 지지56코리아 | A test result verification management system by text message |
US11727145B1 (en) | 2022-06-10 | 2023-08-15 | Playback Health Inc. | Multi-party controlled transient user credentialing for interaction with patient health data |
KR102573773B1 (en) * | 2022-09-19 | 2023-09-04 | 주식회사 파이디지털헬스케어 | DIGITAL THERAPEUTICS PRESCRIPTION DATA EXCHANGE SYSTEM AND METHOD APPLYING DE-IDENTIFICATION of PERSONAL INFORMATION |
KR102636860B1 (en) * | 2023-02-20 | 2024-02-16 | 주식회사 파이디지털헬스케어 | Authentication and interlocking system and method of digital therapeutic app using one-time code |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220172806A1 (en) | Electronic health record system | |
US20200168306A1 (en) | Method and system for sharing electronic medical and health records | |
US10535020B2 (en) | Mobile device-based system for automated, real time health record exchange | |
US8396801B1 (en) | Method for remote review of clinical data over a vulnerable system | |
KR20180076911A (en) | A system of transferring medical records to the third part by using one-time password | |
US10164950B2 (en) | Controlling access to clinical data analyzed by remote computing resources | |
Ruotsalainen | Privacy and security in teleradiology | |
JP4904109B2 (en) | Interpretation data management device and interpretation data management method | |
US20140039910A1 (en) | Controlled Communications System for Physician-Hospital System Integration | |
KR101708774B1 (en) | A third party central system of tranferring medical records using open authorization and the method thereof | |
TW201528023A (en) | System and method for facilitating federated user provisioning through a cloud-based system | |
JP2009521743A (en) | A method for securely transferring medical data to a mobile device or mobile device | |
KR20170135332A (en) | A medical records management and tranferring system by the trusted third party and the method thereof | |
US20200227150A1 (en) | Automatic generation of patient presence for health-related data management systems | |
KR20180076910A (en) | A method of transferring medical records to the third part in an emergency | |
US20190327311A1 (en) | Secure access to individual information | |
WO2018225746A1 (en) | System login method | |
JP5494020B2 (en) | Medical cooperation system | |
US20150254416A1 (en) | Method and system for providing medical advice | |
Ajagbe et al. | Design and development of an access control based electronic medical record (EMR) | |
WO2014201599A1 (en) | Method and system for information authentication authorization and secure use | |
Weaver et al. | Federated, secure trust networks for distributed healthcare it services | |
JP2000331101A (en) | System and method for managing information related to medical care | |
US20210005293A1 (en) | System and method for providing access of a user's health information to third parties | |
KR20090101561A (en) | Personal health record service method and system using mobile devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
N231 | Notification of change of applicant |