CN101114977A - Open type medical information service system - Google Patents
Open type medical information service system Download PDFInfo
- Publication number
- CN101114977A CN101114977A CNA200710070584XA CN200710070584A CN101114977A CN 101114977 A CN101114977 A CN 101114977A CN A200710070584X A CNA200710070584X A CN A200710070584XA CN 200710070584 A CN200710070584 A CN 200710070584A CN 101114977 A CN101114977 A CN 101114977A
- Authority
- CN
- China
- Prior art keywords
- medical
- information
- service
- data
- medical information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an open medical information service system, which comprises a medical business information access service component, a medical data information access service component, a multi-dimension information service authority control component, as well as a medical information safety and audit component. The open information service system established by the invention and facing medical information, realizes the supply of standardized medical business information access service which can be accessed openly, and medical data information access service which accords with the RIM term model in HL7 V3 for the upper level application inside or outside a medical institution in a heterogeneous environment; furthermore, the multi-dimension authority control mechanism, and the functions of data filtering and mark reservation are realized by the medical information safety and audit component.
Description
Technical field
The present invention relates to a kind of open type medical information service system, particularly a kind ofly contained medical data information and medical profession information, have the various dimensions control of authority and had data filter and open type medical information service system that vestige keeps.
Background technology
Along with the continuous development of informatization, domestic many medical institutions have all set up corresponding electronic medical record system.Yet, when these systems have solved hospital internal " information island " phenomenon to a certain extent, owing to realizing that interconnecting between the hospital makes hospital self become the individuality of closure.On the one hand, these systems adopt to be shared or the mode of intermediate database at hospital internal mostly, thereby often have only hospital in that the information of overlapped part has realized exchange and shared between each subsystem, and most information still only in each subsystem as seen; On the other hand, these systems are usually based on the closed technical system framework of routine, thereby in the information exchange of striding hospital with share and often have problems such as isomery, performance and fail safe.
Aspect the medical profession information service, yet there are no corresponding open solution at present both at home and abroad; Aspect the medical data information service, ripe method is not yet arranged, adopt usually based on various standard codes and carry out medical data exchange and share service, as LOINC (Logical ObservationIdentifiers Names and Codes) etc.RIM (Reference Information Model) model has been proposed among the HL7 of latest edition (the Health Level Seven) V3, wherein Ding Yi term model is expected to be used widely in open medical data service system for the exchange and the share service of medical data information provide a kind of brand-new coding standard.
HL7 V3 is that HL7 organizes the new edition standard of proving at last, and wherein the RIM model is the key point of whole standard.The normal structure set that the RIM model is created as supporting health care its objective is the exchange that is used for health care information and shares.The term model definition that the RIM model is comprised one group of standard terminology and support dictionary, these terms have the name of support standard and share the ability of these structurized standard codes, and have the ability that can come extended model by structurized encryption description.
PKI (Public Key Infrastructure) framework is for solving a cover total solution of safety problem under informationization, networked environment, be based on the security system that the public-key cryptography theory and technology is set up, provide the security infrastructure with universality of information security service.The interface of this structure system by standard provides necessary authentication, information privacy, secret protection, non-repudiation, can not distort and safety guarantee service reliably such as data integrity sex service for open service such as network applications.
Web Service is a kind of software service that provides by SOAP (Simple Object AccessProtocol) on Web, this service uses WSDL (Web Services DescriptionLanguage) file to describe, and registers and issue by UDDI (Universal Description, Discoveryand Integration).The series of standards and the agreement that support this service all are based on open technology such as HTTP and XML, be applicable in all kinds of isomerous environments make up cross-platform, stride the Language Application system.
The VPD of Oracle (Virtual Private Database) is also referred to as the fine granularity access control, it provides capable level security function, its method of work is by changing requests for data pellucidly, thereby the partial view of table is provided to the user based on a series of predefined standards.The FGA of Oracle (FineGrainedAuditing) is also referred to as the fine granularity audit, and it allows all behavior databases are carried out security audit.
Summary of the invention
The objective of the invention is to utilize Web Service technology, provide a kind of and contain medical data information and medical profession information, have the various dimensions control of authority and have data filter and open type medical information service system that vestige keeps.
A kind of open type medical information service system, its part comprises:
Medical data information access services assembly, by setting up the mapping relations of RIM term model and central database among the HL7 V3, utilize open Web Service technology that application service based on the medical data information visit of RIM term model in the HL7 V3 standard is provided;
Medical profession message reference serviced component, by defining a whole set of normalization information service interface, be used to support the application service of the whole medical profession flow process that comprises public information, patient management, outpatient service business, the business of being in hospital, nursing business and clinical business;
Various dimensions information service control of authority assembly provides the medical information Service Privileges control of integrated user role, user class, patient's identity, doctor-patient relationship, a plurality of dimensions of time range and locus;
Medical information safety and audit component based on VPD and the FGA function of Oracle, provide based on the medical information data of user right control and filter and the vestige reservation.
Described various dimensions information service control of authority assembly also includes user capture authentication assembly, and this assembly realizes based on the PKI security architecture, and with the serve as a mark carrier of digital certificate of user identity of USB Key.
The invention has the beneficial effects as follows:
At first, the open information service interface of medical data information is provided, can make based on standard terminology stride the clinical department, stride hospital medical data information exchange and share more convenient quick, also make simultaneously at the deep excavation of magnanimity medical data information and again analytical work can access better and carry out;
Secondly, the open information service interface of medical profession information is provided, can make between each clinical department information system of hospital internal and and hospital information system between coupling greatly reduce, and the degree of integration of hospital internal operation flow is highly improved, and can provide a kind of new approach for the medical profession and the tele-medicine business of striding hospital simultaneously;
Once more, various dimensions information service control of authority assembly, based on the authentication assembly of PKI framework and medical information data is filtered and the vestige reservation function can satisfy the security requirement of medical information to open service, can guarantee that the user exchanges, shares and the property related and the non repudiation of visit medical information.
At last, adopt technology such as Web Service and PKI framework to make it possess significant open characteristics to the realization of medical information service system, be supported in cross-platform, stride under the various isomerous environments such as language visit to the medical information service.
Description of drawings
Fig. 1 is a general structure schematic diagram of the present invention
Fig. 2 is that normalized medical profession information service interface constitutes exemplary plot
Fig. 3 is a various dimensions information service control of authority assembly framework map
Fig. 4 is the user safety authentication flow chart
Fig. 5 is data filter and vestige reservation scheme schematic diagram
Embodiment
As shown in Figure 1, a kind of open type medical information service system comprises medical profession message reference serviced component, medical data information access services assembly, access rights control assembly, PKI certified component and data filtering component and vestige retention component.
Medical profession message reference serviced component is by a whole set of normalized interface of definition, be used to support the application service of the whole medical profession flow process that comprises public information, patient management, outpatient service business, the business of being in hospital, nursing business, clinical business, incident management, electronic health record, integrated information, this service adopts Web Service mode that service externally is provided, the medical profession demand of hospital internal be not only can support, hospital, trans-regional medical profession requirements for access also can be supported to stride.Figure 2 shows that the standardization interface pie graph of medical profession message reference serviced component, mainly comprise following components:
(1) public information: definition is to the access interface of user management, configuration management, dictionary management, doctor's management, system strategy.User management mainly realizes the access services to user profile, operating environment, Authority Verification and signature authentication; Configuration management mainly realizes the access services to information for hospital configuration and system information configuration; Dictionary management is mainly realized the access services to the data dictionary; The doctor manages the access services of main realization to information about doctor and grouping information; System strategy is mainly realized the access services to the system strategy configuration.
(2) patient management: definition to patient information, go into out the access interface of transfering the letter breath, statistical information and cost information.Patient information is mainly realized the access services to the patient's essential information that comprises patient's master index, outpatient service diagnosis information and hospitalization information; Go into out the access services that the transfering the letter breath is mainly realized patient admission, left hospital, transfers from one hospital to another; Statistical information mainly realizes the access services to patient's state of an illness situation statistics; Cost information is mainly realized patient's outpatient service, the access services of be in hospital valuation and expense detail.
(3) outpatient service business: the access interface that definition is handled wait to see the doctor formation and diagnosis and treatment.The formation of waiting to see the doctor mainly realizes the queuing of the formation of waiting to see the doctor and the access services of state information; The main access services that realizes diagnosis information, diagnostic message, outpatient service prescription and outpatient service disposal is handled in diagnosis and treatment.
(4) professional in hospital: definition is to the access interface of medical record management and diagnosis and treatment information.Medical record management realizes that mainly retrieval, the renewal to medical record submitted to and the access services of state-maintenance; The diagnosis and treatment information spinner will be realized the access services to diagnostic message, diagnostic classification information and diagnosis contrast information.
(5) nursing is professional: the access interface that definition is handled bed management, nursing processing and doctor's advice.Bed management is mainly realized additions and deletions, berth information management and berth to berth and the access services of patient's relation; The main access services that realizes inquiry, typing, preservation and the deletion of nursing information is handled in nursing; Doctor's advice is handled main the realization inquiry, check and correction, the commentaries on classics of doctor's doctor's advice is copied, carried out and the access services of the project of valuating.
(6) clinical business: the access interface that definition inspection was handled, checked processing, surgical procedure, medicine processing, doctor's advice valuation and handles with blood.Check and handle the main access services that realizes checking inquiry, application, reservation, preservation and template thereof; The main access services that realizes check inquiry, application, preservation and template thereof is handled in check; Surgical procedure mainly realizes the access services to operation inquiry, application, reservation, preservation and operation report; Medicine is handled the main access services that realizes drug stock, medicine dictionary, medicine information and application drug putting; The main access services that realizes inquiry, renewal, preservation and the deletion of medicine valuation of doctor's advice valuation; Handle main realization to the access services of inquiring about, apply for, preserving with blood and blood transfusion being write down with blood.
Medical data information access services assembly is associated together the RIM term model of HL7 and the relational database at medical data center by RIM term mapping model, thereby provides access services based on the medical data information of RIM term for application layer.
The access rights control assembly as shown in Figure 3, its control of authority has comprised role, rank, time range, locus, patient's identity and six dimensions of doctor-patient relationship.
Be the relation of one-to-many between user and the role, unique user allows to have a plurality of roles simultaneously; Be man-to-man relation between role and the rank, each role of user only allows corresponding rank; Role and rank are united definite one group of authority set, but whether this authority set effectively also is subjected to the constraint of time range, locus, patient's identity and doctor-patient relationship four dimensions.
Section effective time that time range defines the competence and collects; Whether the locus defines the competence to collect according to the user region comes into force.
Doctor-patient relationship is indicated the relation between doctor and the patient, comprise directly under, at the same level directly under, subordinate directly under and do not have directly under etc. relation.Different doctor-patient relationships determine whether user's authority comes into force to the patient of correspondence.Common, secret, secret and top-secret four grades that patient's identity mainly is divided into, different patient's grades determines whether the authority of user under the different doctor-patient relationships comes into force to the patient.
The PKI certified component is realized authentification of user and the server authentication function based on the CA safety control system, thereby guarantees the authenticity of the application service identity of user in the Business Processing process and visit thereof.The authentification of user flow process of PKI certified component as shown in Figure 4, this flow process is divided into two parts, and first is whether application service layer (comprising medical profession message reference serviced component and medical data information access services assembly) is legal to determine client by the enciphered data of CA safety control system checking client; Second portion is whether client is legal with checking application service layer and CA safety control system by the enciphered data of application service layer checking CA safety control system.Idiographic flow is as follows:
(1) client uses the certificate in the USBKey equipment that random number is signed by the PKI certified component, generates signed data, and signed data is passed to application service layer;
(2) application service layer sends signed data by CA safety control system client to CA safety control system service end;
(3) generate verification msg and identifying code after the CA safety control system service end certifying signature data, and return to application service layer by CA safety control system client;
(4) after application service layer obtains identifying code, it is together preserved in company with client-access IP, and verification msg is returned to client by the PKI certified component;
(5) client is decrypted using service layer's next verification msg of transmission with the certificate in the USBKey equipment, generates the identifying code of client, and returns to application service layer by the PKI certified component;
(6) application service layer at first extracts the identifying code of preserving in advance according to this client ip, catches the identifying code that comes together with client then and is sent to CA safety control system service end by CA safety control system client;
(7) CA safety control system service end compares two identifying codes, and comparative result is returned to application service layer;
(8) application service layer determines one's identity according to comparative result and is proved to be successful or fails.
Data filtering component is realized based on the audit function of Oracle, promptly by introduce filter function after Oracle analyzes SQL statement and before carrying out SQL statement, is implemented in the new data constraint condition of adding in the SQL statement, thereby reaches the purpose of data filter.
In the data filtering component, client-side information (comprise user ID and computer numbering) is transferred to database layer by access service interface in the mode of client sign.To be clue with patient's master index table carry out relatedly with the form that needs filtering data the data filter function in the database, and according to client-side information data filtered.The strategy of data filter is mainly as follows:
(1) if it is closed condition that the system strategy confidential data filters switch, then do not do the filtration of any confidential data;
(2) if it is opening that the system strategy confidential data filters switch, and the active client computer can not confidential data, then filters all confidential datas, and client can only conduct interviews to general data;
(3) if it is opening that the system strategy confidential data filters switch, and the active client computer can confidential data, then except allowing the visit general data, also allow the visit active user directly under secret patient data;
(4) if section office or lesion data filter switch are closed condition, then the user can visit the medical data of full institute;
(5) if section office or lesion data filter switch are opening, then the user can only these section office of access or the medical data of this lesion.
Vestige keep to be realized the record to user's operating process, comprises patient's object of processing, the medical profession of execution, the data access service of calling, final medical data base statement and time of implementation and positional information.Keep by vestige, administrative staff can not only clearly grasp the operation flow that the user carries out on service layer, also can grasp the change track of user to the data database data from the database aspect.Wherein, the medical profession of user's execution is selected to import into by upper layer application; Patient's object of handling can directly be imported into by upper layer application, also can directly determine at application service layer; Other mark information is then directly determined at application service layer fully.The Implementation of Vestige Reservation sequence chart is as shown in Figure 5:
(1) after process of user login finishes, obtain new session number from database, this numbering is used to constitute unique client identification;
(2) if upper layer application has clear and definite medical profession, then with medical profession ID, optionally patient's object ID and increase progressively after transaction number pass to application service layer by the SOAP head of Web Service;
Application service layer generates client identification (client identification is made of 4 user ID, 10 bit machines numbering, 8 dates, 5 session numbers and 5 transaction sequence numbers) according to session number, transaction number, and should sign keep as vestige with user ID, time, Computer I D and medical profession;
Call the application layer access service interface after the upper layer application, application service layer keeps client identification, patient's object ID, time and interface function numbering together as vestige, and carries out related by client identification with the vestige that keeps previously;
After the all-access service interface of finishing this medical profession correspondence called, this medical profession of upper layer application notice application service layer finished, and transaction number remains unchanged in this process;
(3) if upper layer application does not have clear and definite medical profession, then upper layer application is directly called access service interface, and the transaction number after will increasing progressively transmits by the SOAP head, application service layer keeps client identification, patient's object ID, time and interface function numbering together as vestige, each access service interface is called all transaction number is increased progressively in this process;
(4) final medical data base statement is that audit function by Oracle carries out the vestige record, and its vestige content comprises client identification, database table name, statement type, statement text and time of implementation.Wherein, the medical profession vestige with front user operation is to realize related by client identification.
Claims (5)
1. an open type medical information service system is set up based on standardized Web Service technology and PKI security architecture, it is characterized in that part comprises:
Medical data information access services assembly by setting up the mapping relations of RIM term model and central database among the HL7 V3, utilizes open Web Service technology that the medical data information access services is provided;
Medical profession message reference serviced component by defining a whole set of normalization information service interface, is used to support the application service of whole medical profession flow process;
Various dimensions information service control of authority assembly provides the medical information Service Privileges control of integrated user role, user class, patient's identity, doctor-patient relationship, a plurality of dimensions of time range and locus;
Medical information safety and audit component based on VPD and the FGA function of Oracle, provide medical information data to filter and the vestige reservation.
2. open type medical information service system as claimed in claim 1 is characterized in that: the medical data information access services that provides described in the medical data information access services assembly meets RIM term model in the HL7V3 standard.
3. open type medical information service system as claimed in claim 1 is characterized in that: the application service of the whole medical profession flow process described in the medical profession message reference serviced component comprises public information, patient management, outpatient service business, the business of being in hospital, nursing is professional and clinical business service.
4. open type medical information service system as claimed in claim 1, it is characterized in that: various dimensions information service control of authority assembly sea comprises user capture authentication assembly, user capture authentication assembly realizes based on the PKI security architecture, and with the serve as a mark carrier of digital certificate of user identity of USB Key.
5. open type medical information service system as claimed in claim 1 is characterized in that: the described medical information data filtering function of medical information safety and audit component is based on user right.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200710070584XA CN101114977A (en) | 2007-08-29 | 2007-08-29 | Open type medical information service system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200710070584XA CN101114977A (en) | 2007-08-29 | 2007-08-29 | Open type medical information service system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101114977A true CN101114977A (en) | 2008-01-30 |
Family
ID=39023107
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA200710070584XA Pending CN101114977A (en) | 2007-08-29 | 2007-08-29 | Open type medical information service system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101114977A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101902492A (en) * | 2009-05-27 | 2010-12-01 | 阿里巴巴集团控股有限公司 | Web Service server, website constructing method and information exchange method |
| CN102487492A (en) * | 2010-12-01 | 2012-06-06 | 中国移动通信集团贵州有限公司 | Rural medical information system and wireless information terminal management system |
| CN102043931B (en) * | 2010-01-19 | 2013-02-13 | 中国人民解放军第二军医大学东方肝胆外科医院 | Private data access control method based on role permission dynamic conversion |
| CN103034682A (en) * | 2012-11-23 | 2013-04-10 | 佘焱生 | Method for monitoring and surveying hospital statistic behavior for commercial purpose and giving alarm by database |
| CN105574103A (en) * | 2015-12-11 | 2016-05-11 | 浙江大学 | Method and system for automatically establishing medical term mapping relationship based on word segmentation and coding |
| CN105704221A (en) * | 2016-01-25 | 2016-06-22 | 山东蓝创网络技术有限公司 | Unified adaption and communication system for hospital heterogeneous system, and implementation method for unified adaption and communication system |
| CN106447565A (en) * | 2015-08-07 | 2017-02-22 | 张瀚博 | Doctor-patient sharing network medical service system |
| CN108650020A (en) * | 2018-05-20 | 2018-10-12 | 北京天链测控技术有限公司 | A kind of business space flight measurement and control service management system and method based on cloud service |
| CN108665980A (en) * | 2018-04-12 | 2018-10-16 | 苏州科技城医院 | Doctors and patients' interactive system based on APP platforms |
| CN109830274A (en) * | 2019-02-02 | 2019-05-31 | 四川爱华立康智能科技有限公司 | A kind of electronic prescription shared system and sharing method |
| CN110827981A (en) * | 2019-11-12 | 2020-02-21 | 重庆亚德科技股份有限公司 | Supervised clinical decision support analysis system |
-
2007
- 2007-08-29 CN CNA200710070584XA patent/CN101114977A/en active Pending
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101902492A (en) * | 2009-05-27 | 2010-12-01 | 阿里巴巴集团控股有限公司 | Web Service server, website constructing method and information exchange method |
| CN102043931B (en) * | 2010-01-19 | 2013-02-13 | 中国人民解放军第二军医大学东方肝胆外科医院 | Private data access control method based on role permission dynamic conversion |
| CN102487492A (en) * | 2010-12-01 | 2012-06-06 | 中国移动通信集团贵州有限公司 | Rural medical information system and wireless information terminal management system |
| CN103034682A (en) * | 2012-11-23 | 2013-04-10 | 佘焱生 | Method for monitoring and surveying hospital statistic behavior for commercial purpose and giving alarm by database |
| CN106447565A (en) * | 2015-08-07 | 2017-02-22 | 张瀚博 | Doctor-patient sharing network medical service system |
| CN105574103A (en) * | 2015-12-11 | 2016-05-11 | 浙江大学 | Method and system for automatically establishing medical term mapping relationship based on word segmentation and coding |
| CN105704221A (en) * | 2016-01-25 | 2016-06-22 | 山东蓝创网络技术有限公司 | Unified adaption and communication system for hospital heterogeneous system, and implementation method for unified adaption and communication system |
| CN108665980A (en) * | 2018-04-12 | 2018-10-16 | 苏州科技城医院 | Doctors and patients' interactive system based on APP platforms |
| CN108650020A (en) * | 2018-05-20 | 2018-10-12 | 北京天链测控技术有限公司 | A kind of business space flight measurement and control service management system and method based on cloud service |
| CN108650020B (en) * | 2018-05-20 | 2020-11-03 | 北京天链测控技术有限公司 | Commercial aerospace measurement and control service management system and method based on cloud service |
| CN109830274A (en) * | 2019-02-02 | 2019-05-31 | 四川爱华立康智能科技有限公司 | A kind of electronic prescription shared system and sharing method |
| CN110827981A (en) * | 2019-11-12 | 2020-02-21 | 重庆亚德科技股份有限公司 | Supervised clinical decision support analysis system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101114977A (en) | Open type medical information service system | |
| US20240055086A1 (en) | Systems and methods for securely storing patient information and providing access thereto | |
| EP1994484B1 (en) | Platform for interoperable healthcare data exchange | |
| US8275632B2 (en) | Privacy compliant consent and data access management system and methods | |
| US20030037054A1 (en) | Method for controlling access to medical information | |
| US20110191245A1 (en) | Method, system and computer product for securing patient identity | |
| US20060184455A1 (en) | System and method for privacy management | |
| US20040143594A1 (en) | Method for generating medical intelligence from patient-specific data | |
| CA2585678A1 (en) | Systems and methods for patient re-identification | |
| CN102073817B (en) | Dynamic access control improvement method on basis of RBAC (Role-Based policies Access Control) model | |
| CN110084071A (en) | Physical examination secure storage method of data based on block chain | |
| US20090106823A1 (en) | System and method for remote access data security and integrity | |
| CN110209894A (en) | Case search method and system based on block chain technology | |
| Rai et al. | Security and privacy issues in healthcare information system | |
| Yu et al. | Blockchain-based multi-role healthcare data sharing system | |
| RU2664406C2 (en) | Method and system for making multisite performance indicator anonymous and for controlling actions and re- identification of anonymous data | |
| US20060026039A1 (en) | Method and system for provision of secure medical information to remote locations | |
| Neuhaus et al. | Survey on healthcare IT systems: standards, regulations and security | |
| Blobel | Clinical record systems in oncology. experiences and developments on cancer registers in eastern germany | |
| Diaz et al. | Scalable management architecture for electronic health records based on blockchain | |
| Appavu | Analysis of unique patient identifier options | |
| Schiza et al. | Data protection issues of integrated electronic health records (EHR) | |
| Deborah et al. | Blockchain: a possible alternative to achieving health information exchange (hie) | |
| Chen et al. | Identity management to support access control in e-health systems | |
| Yue et al. | Blockchain Enabled Privacy Security Module for Sharing Electronic Health Records (EHRs) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20080130 |