CN110957025A

CN110957025A - Medical health information safety management system

Info

Publication number: CN110957025A
Application number: CN201911213548.3A
Authority: CN
Inventors: 季科; 刘震; 杨文武; 张建贞; 黄元森; 钟新莉
Original assignee: CHONGQING YADE TECHNOLOGY CO LTD
Current assignee: CHONGQING YADE TECHNOLOGY CO LTD
Priority date: 2019-12-02
Filing date: 2019-12-02
Publication date: 2020-04-03

Abstract

The invention provides a medical health information safety management system, which comprises an encryption module, a permission module, a privacy protection module, an anonymization module and an instruction permission module, wherein the encryption module comprises: the encryption module is used for ensuring the file sharing and simultaneously realizing the protection of the privacy of residents by setting the access authority and the safety means of data encryption; the authority module is used for providing single sign-on, authorization, authentication, role-based access, high-level security of a database and application process control to realize the setting of access authority; the privacy protection module is used for judging whether the user is authorized to access the file information of the patient or not on the basis of whether the patient agrees or not; the anonymization module is used for hiding the private information when the file of the patient is used; and the instruction permission module is used for verifying whether the access of the patient file is legal or not when the patient file is accessed. According to the invention, stratum data, sampling data, standard penetration data and dynamic exploration data corresponding to the core are obtained through the core picture, and are uploaded to the server, so that the efficiency and quality of exploration drilling logging data acquisition can be greatly improved, the links of manual participation are reduced, and the data accuracy is greatly improved.

Description

Medical health information safety management system

Technical Field

The invention relates to the technical field of information security, in particular to a medical health information security management system.

Background

With the continuous popularization and expansion of the application range of a medical information system (HMIS), a plurality of hospitals in China establish a hospital information network management decision mechanism taking a hospital chief as a center, all departments such as outpatient service management, hospitalization management, medical technology management, functional department management and the like are organically integrated together through a computer network, and the hospital information management system covers all the departments of the hospitals through a network and covers all links of the patients coming to the hospital. However, compared with developed countries, the information-based construction of hospitals in China is still in a primary stage, the IT investment of hospitals in China is low, the status of IT departments is low, the knowledge and investment of information security are indifferent, heavy investment is easy to protect, the safety problem of an information system is frequently urgent, and the normal operation of the hospitals is seriously influenced. As for the current hospitals in China, the whole information management application system comprises systems of clinics, pacs, clinical laboratories, auxiliary clinical interfaces, external interfaces, financial management, personnel management, economic accounting, administrative offices and the like. These systems support the daily operational production of hospitals and the need for external service management tasks, the importance of which directly affects the economic efficiency of hospitals. Hospital Information Systems (HIS) have been primarily scaled as an important driving force for the informatization of the medical industry. The hospital information management system provides guarantee for normal operation and scientific management of the hospital, and plays an important role in improving working efficiency, acquiring and storing medical information and improving medical service quality. The establishment and implementation of safety protection measures of the hospital information system are beneficial for ensuring the stability, reliability, safety and usability of the hospital information system. However, the hospital information management system is still a short board for medical information construction in terms of information security, and the informatization process is seriously influenced or limited.

Disclosure of Invention

Aiming at the defects of the prior art, the invention provides a medical health information safety management system, which is used for solving the problems in the prior art.

According to one aspect of the invention, a medical health information security management system is provided, which comprises an encryption module, a permission module, a privacy protection module, an anonymization module and an instruction permission module:

the encryption module is used for ensuring the file sharing and protecting the privacy of residents by setting access authority and a safety means of data encryption;

the authority module is used for providing single sign-on, authorization, authentication, role-based access, high-level security of a database and application process control to realize the setting of access authority;

the privacy protection module is used for judging whether the user is authorized to access the file information of the patient or not on the basis of whether the patient agrees or not;

the anonymization module is used for hiding private information when using the file of the patient;

the instruction permission module is used for verifying whether the access of the patient file is legal or not when the patient file is accessed.

Further, the security means of data encryption includes SSL, digital certificate, PKI.

Further, the authorization employs a two-level mode: the platform administrator uniformly authorizes the system level and then each system determines the corresponding secondary system function authority.

Further, the two-level mode is adopted, the platform administrator uniformly authorizes the system level, and each system determines the corresponding two-level system function authority by itself, which means that:

1) unified identity authentication management, decentralized system authorization:

and performing unified planning and management of authentication and authorization, wherein the functions comprise:

carrying out unified planning of authentication and authorization management, and making a working plan;

making and maintaining authentication and authorization related business processes;

unifying user coding rules, and making and maintaining authentication voucher policies;

determining a data source and a data stream of user identity information, and performing data quality management;

authentication and authorization delegation of authority management;

the current status of authentication and authorization is subjected to periodic audit and tracking;

2) and a unified information security service platform is proposed, and unified identity authentication and subsystem authorization management service is provided:

carrying out identity authentication and standardization of access management information, and establishing relevant interface standards and specifications;

providing uniform management of user identity information to the key applications step by step;

providing multi-factor authentication and gradually providing unified authentication management service for key applications;

a unified portal management for critical applications is provided step by step.

Furthermore, the instruction permission module adopts a verification mode of a dynamic mobile phone verification code and a health card to verify whether the access of the patient file is legal or not at present when the patient file is accessed.

Further, the system also comprises a data quality management module;

the data quality management module carries out data quality comprehensive scoring on five dimensions of data set integrity, field saturation, logic relevance, data accuracy and uploading efficiency of the file so as to manage the data quality of the file.

Further, the system also comprises a data transmission management module;

the data transmission management module is used for deploying network monitoring service at the upper level, configuring monitoring points and monitoring servers, applications, services and databases of platforms such as an upper-level platform, a lower-level platform, a hospital and the like through a private health network.

Further, the data transmission management module is used for deploying network monitoring service at a higher level, configuring monitoring points, and monitoring servers, applications, services and databases of platforms such as a higher level platform, a lower level platform and a hospital through a private health network, and means that:

during monitoring, a superior network monitoring service actively initiates a monitoring request, and initiates different requests according to different monitoring targets;

further, when monitoring, the superior network monitoring service actively initiates a monitoring request, and initiates different requests according to different monitoring targets, including:

performing ping operation on the server state monitoring to obtain the state of the server;

corresponding heartbeat requests are carried out on the application and the service monitor to the states of the application and the service monitor;

obtaining the state of the database through a short connection request of special sql;

the network monitoring service writes the monitoring result into the log, and the monitoring result is regularly counted as a data monitoring structure through the data monitoring service to form readable monitoring data which is displayed by the monitoring system.

Furthermore, when monitoring, the superior network monitoring service actively initiates a monitoring request, and initiates different requests according to different monitoring targets, and the network monitoring service directly pushes real-time data to a real-time monitoring page of the monitoring system through a Socket protocol, so as to realize real-time monitoring.

Compared with the prior art, the invention has the beneficial effects that:

1. according to the invention, stratum data, sampling data, standard penetration data and dynamic exploration data corresponding to the core are obtained through the core picture, and are uploaded to the server, so that the efficiency and quality of exploration drilling record data acquisition can be greatly improved, the links of manual participation are reduced, the data accuracy is greatly improved, furthermore, the data are uploaded immediately, and internal workers and field workers can cooperatively work to improve the overall working efficiency;

2. and cutting the core photo by the rotation angle to obtain an image of a target area, and specifically analyzing specific conditions to obtain more accurate local data.

Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.

Drawings

The foregoing and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:

fig. 1 is a block diagram schematically illustrating a medical health information security management system according to an embodiment of the present invention.

Detailed Description

In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention.

In some of the flows described in the present specification and claims and in the above figures, a number of operations are included that occur in a particular order, but it should be clearly understood that these operations may be performed out of order or in parallel as they occur herein, with the order of the operations being indicated as 101, 102, etc. merely to distinguish between the various operations, and the order of the operations by themselves does not represent any order of performance. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different.

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and are not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.

Examples

As shown in fig. 1, a medical health information security management system according to an embodiment of the present invention is provided, and includes an encryption module a101, a permission module a102, a privacy protection module a103, an anonymization module a104, and an instruction permission module a 105:

the encryption module A101 is used for ensuring the file sharing and protecting the privacy of residents by setting access authority and a safety means of data encryption;

security means for data encryption include SSL, digital certificates, PKI.

1、SSL(Secure Sockets Layer)

SSL operates between the application and transport layers, being a platform and application independent. It uses the following basic functions to implement secure transactions:

mutual authentication establishing trust with an intended recipient

Data encryption privacy and confidentiality

Data integrity guarantees that nobody can intentionally or unintentionally compromise data transmission

Compliance with the encryption standard slows down the access to information. To overcome this problem, the use of SSL accelerators and hardware that can reduce processing time may prevent the user from feeling that the system is slowed down.

2. Digital certificate

Digital certificates have considerable advantages and are therefore popular in the near future and are increasingly being reused. The user may be authenticated by means of a certificate. The certificate can be used independently or in combination with a user password, thereby providing strong and flexible security for user authentication.

3、PKI(Public Key Infrastructure)

Certificate revocation is a key factor in all PKI strategies, as the authentication mechanism no longer authenticates a failed certificate. It is important that the security software must support CRL processing for all major PKI providers. Most PKI functions involve looking up CRLs in a directory and searching CRLs to determine that the current certificate has not been revoked. For example, since the hosting supports CRL distribution sites, the security software extracts the CRL distribution site location from the certificate to evaluate to check the validity of the certificate.

The security means for data encryption may also include digital signatures, i.e., some data appended to the data unit or cryptographic transformations performed on the data unit. Such data or transformations allow the recipient of the data unit to verify the source of the data unit and the integrity of the data unit and to protect the data against counterfeiting by a person (e.g., the recipient).

The main functions of the digital signature are: the integrity of information transmission and the identity authentication of a sender are ensured, and the denial in the transaction is prevented.

The construction of a population health information platform relates to the transmission, filing and retrieval of electronic health files in the whole city range, in order to ensure the safety and non-repudiation of an electronic health file system, through a regional health data center platform, doctors in a hospital can upload electronic medical records to a health data center for sharing by calling identity authentication (can adopt a digital certificate or a fingerprint mode), digital signatures, data encryption and other services, the health data center can set and manage the mechanism of sharing the electronic medical record information resources, other doctors in the hospital can call the identity authentication (can adopt the digital certificate or the fingerprint mode), access control, data decryption and other services to retrieve the electronic medical records, patients can also call the identity authentication (can adopt a mobile phone dynamic password mode), access control, data decryption and other services to remotely inquire the electronic medical records of the patients, therefore, the safe sharing and access of the data information in the region are realized, and a technical foundation is laid for the legalization of the electronic medical record.

The authority module A102 is used for providing single sign-on, authorization, authentication, role-based access, high-level security of a database and application process control to realize the setting of access authority;

authorization takes a two-level mode: the platform administrator uniformly authorizes the system level and then each system determines the corresponding secondary system function authority.

The two-stage mode is adopted, the platform administrator uniformly authorizes the system level, and then each system determines the corresponding two-stage system function authority by self, which means that:

authentication and authorization delegation of authority management;

a unified portal management for critical applications is provided step by step.

The data rights of the user are as in table 1:

TABLE 1 data authority table

The role authority of the user is divided as shown in table 2:

account name	Account type	Authority
			Leader of branch pipe	Super manager	● Access ● deletion ● modification ● Add
Operation and maintenance management	Administrator	● Access ● deletion ● modification ● Add
			Medical institution	User' s	● Access
Data vendor	User' s	● Access
			Demonstration of	User' s	● Access

TABLE 2 role Authority partitioning

The privacy protection module A103 is used for judging whether the user is authorized to access the file information of the patient on the basis of whether the patient agrees;

the user information is basic information of the whole system and can be used by various upper-layer applications, and the applications have different requirements on the description of the user information, so that the user information management function is required to be very flexible and easy to expand, and rich maintenance and query interfaces are provided. If the number of users is large, a good query performance is also required.

The user information includes basic information such as: name, gender, ethnicity, academic calendar, address, telephone, email address, etc., and additionally provides flexible expansion of user information. The combination of user information and organization management authority management can realize personnel hierarchical management, and a sub-manager can only maintain the system users which can be managed by the sub-manager and authorize the users, and the like.

For a system with the user quantity within one hundred thousand levels, the user information quantity does not bring much influence on the storage capacity of the database, so that all the user information is stored in the database from the consideration of the association of convenience and other information, and corresponding management service is provided. And may synchronize modifications to the user information to the LDAP server. In addition, user information can be extended to support the need to add specific attributes when implemented in different projects.

The unified authorization management component is mainly responsible for internally providing a system authority configuration function, externally providing an authority verification interface, supporting role-based access control and autonomous access control standards, and realizing four-level protection mechanisms of a personal level, a file category level, a file level and a citizen self-defined protection level according to levels. The method supports authorization of resources with different granularities such as functions, menus, page elements, data and the like, and resources in different application systems can be accessed and managed in a unified mode. It supports hierarchical authorization, where an administrator may have the authority to manage (give it to others) certain rights, but not to use those rights.

In the system operation process, a security administrator can choose to authorize a certain role/person/organization/post, and then choose the type of resources to be authorized, and different types of resources have different operations. The security administrator can specify which resources a certain role can have certain operation authority, and can also perform hierarchical authorization and the like. These authorized policy information are stored centrally and provide an access interface to the outside.

The security support platform supports the classification of the administrator's privileges. A low level administrator has no authority to modify the authority of an administrator (including the hierarchy) higher than its level, nor does it have authority to assign users to an administrator (including the hierarchy) higher than its level. The system has a super administrator as a default, has the highest authority level, has the right to add any administrator at different levels lower than the level of the super administrator, and assigns users to the administrators.

The administrator at the high level can give the authorized part of the authority to the administrator at the low level, and can also give the authorized authority to the final user. The administrator of the system, whether a super administrator or other administrator of each level, has only the right to be granted, and does not have the right to exercise various operations specified by the right. It is the final user who really performs the business operation with the authority. Of course, a user may have both the role of an administrator and the role of business logic.

The external application system may use the access control interface provided by the unified rights management to determine whether a user can perform an operation on a resource/resources. In order to facilitate application development, a page component for interface layer access control is also provided.

The invention realizes the role-based access control mechanism, and predefines the roles of a system administrator, a security administrator and a security auditor according to the principle of responsibility separation and minimum authority in the security principle.

And (3) separating duties: different people controlling the system are assigned different tasks, and no one has the control ability of the system to safely complete. Traditionally many computer system administrators are responsible for overall system management and security management of the system, which is not allowed in security systems because security tasks and functions should not be automatically assigned to system administrators. In a highly secure computer system, three separate roles are required: a System Administrator (System Administrator), a Security Administrator (Security Administrator), and a Security auditor.

Minimum rights: users of the system can only be given the minimum rights, privileges and minimum time periods required to perform their work. The most effective security method after the separation of duties is the least rights.

Under the control of the safety support platform, a system administrator can perform management of users, management of the system and other works, but like other common users, the system administrator cannot access unauthorized resources. This prevents the system administrator from having too much authority and possible system loss due to mishandling, and hackers will not be able to access sensitive data in the system even if they steal the system administrator's identity and authority. A security administrator may authorize, formulate security policies, etc. for a certain role, but may not manage users. The security auditor can check and audit the access records of the user, and find out the abnormity and process the abnormity. The three roles are restricted with each other, and the operation of any one person can be supervised by other people to jointly complete the safety management function.

The administrative division management supports the management of an administrative division tree, manages the administrative region in a parent-child node mode, and vividly and objectively displays an administrative division structure. The definition of the administrative division is based on the national standard, and simultaneously considers the compatibility of the adjustment of the administrative division, and the versions are divided at the time point, so that the full coverage of the new and old administrative division standards is achieved.

The standard formed by administrative division management can be used as a platform standard dictionary and provided for a shared platform for use.

The organizational structure management supports the management of organizational structure trees of a single department and also supports the management of business relationships of organizational nodes among a plurality of organizational structure trees, thereby forming an intricate organizational structure network. According to a certain type of service, the virtual organization mechanism is defined on the basis of the administrative organization mechanism, so that the relationship among various organizations related to the certain type of service can be clearly embodied.

The organization management mainly includes group management and organization management. The group management manages the group to which the user belongs, and comprises registering a new group, adding the new user to the group, and dynamically maintaining the group. The organization management includes organization type management, organization relation type management and organization tree management, and is a series of management and maintenance aiming at the organization.

The operation log mainly records basic information of an operator, including a user name, a user ID, an IP address and the like; the operation actions of the operator comprise logging time, an operation module, operation time, behavior actions, data modification and other records;

and providing an operation log management interface, and performing condition query and deletion operation on the operation log. The recording conditions such as the level of the operation log and the storage time of the log can be configured, and the system can record the log automatically according to the requirements of the user.

The comprehensive audit of the information system logs is realized by intensively collecting various information such as system security events, user access records, system operation logs, system operation states and the like in an information system, carrying out treatment such as standardization, filtration, merging, alarm analysis and the like, then carrying out centralized storage and management in a log form with a uniform format, and combining rich log statistics and summarization and correlation analysis functions.

Providing a log audit management interface, wherein through log audit, an administrator can know the running condition of the whole IT system at any time and find out system abnormal events in time; on the other hand, through post analysis and abundant log reports, the administrator can conveniently and efficiently perform targeted security audit on the information system. When special safety events and system faults occur, the log auditing system can help an administrator to quickly locate the faults and provide objective basis for tracing and recovering.

The interface management platform provides an external interface of a unified interface management platform, and has the main functions of interface registration management, interface user management, external release of an interface, interface supervision record and the like. The platform formulates an interface specification, and an interface which needs to meet the interface specification can be registered in the interface management; the interface can be issued only after being audited and can be called by an external system; the external system must register in the interface management, and can call the platform interface after the verification is passed; in the interface calling process, the system records the interface calling log, and an administrator can monitor the interface state and the calling log and can close the interface at any time. The interface can realize automatic release and invalidation by configuring the effective period and the effective time.

The data authority management is divided into data access condition management and data attribute access condition management, and meanwhile, configured data authority can be associated with user roles, so that data authority control during user access is guaranteed.

When the data is accessed, the data is filtered in the background according to the access condition limit, and the controlled data cannot be displayed and intercepted in the foreground. According to the data attribute access conditions, data replacement or encryption processing is carried out on the background, controlled data attributes are specially displayed on the interface, the fact that the controlled data attributes cannot be displayed and intercepted on the foreground is guaranteed, meanwhile, a user is clearly informed that the controlled attributes cannot be viewed on the interface, and the interface is friendly and visual.

The portal integration solves the problems of data sharing, single sign-on, data exchange and the like among the systems, can effectively support the business data exchange requirements among the platforms or the systems, solves the problems of uploading and issuing of information, data integration and unified user management, and creates an enterprise data exchange and information resource management platform. The portal integration mainly comprises the functions of identity authentication integration, application management integration, application portal and the like.

Portal integration provides a unified application management function for managing all software components associated with the portal system. Meanwhile, a single integrated software platform is provided for a user to independently expand and integrate other application systems and platforms. And a unified login interface is provided, so that single-point login, automatic skip and the like of other application systems and platform users are realized. Portals are provided for presentation of platform main announcements, messages, news, reports, etc. and other jump entries.

The group management is divided into custom group management and dynamic group management. Where custom group management is an administrator managing a group and specifying which users belong to the group. The administrator can make adjustments to the users within the group. Dynamic group management provides convenience for grouping users with large data volume, and users meeting conditions are automatically filtered out through combination of specific conditions (such as departments, positions, sexes, ages and the like) to form a group.

The organization management includes organization type management, organization relation type management and organization tree management.

The organization relationship type management is mainly used for managing the types of the relationships among organizations, for example, the organizations can be in a top-bottom relationship, a guidance relationship, an administrative relationship and the like. When you need to add new organization relations or delete existing organization relations, organization relation type management can be used.

The organization tree management is to manage the organization in a tree form, so that the situation that the organization relation is complex is convenient.

The combination of the organization tree management and the unified authority management can realize the hierarchical management, and a super administrator can manage all organization mechanisms to add, delete and modify the relevant organization, such as: name, organization code, telephone, address, zip code, fax, organization picture, sub-administrator of subordinate organization, etc. The sub-organization administrator can manage the organization assigned by the upper-level administrator and perform the related maintenance work. A sub-organization administrator can only manage the system users of its own organization.

The organization trees can be organized and sequenced, personnel in the organization can also be sequenced, and the migration and copying of the organization can be carried out among a plurality of organization trees in an interface dragging mode.

Configuration management unifies configuration and management of behavioral parameters of individual portions of the platform, and configuration information includes operational parameters of components of the platform, parameters exchanged between the components, and maintenance of dictionary data used in the business system except for terminology.

The data for managing and maintaining the dictionary data comprises dictionary classification and dictionary items, and version control and multi-level dictionary maintenance are supported. The dictionary data management operation comprises entering, stopping, merging, splitting and the like.

The platform management system is a support system of an integrated exchange sharing platform and comprises functions of monitoring management, log management, authentication management, data maintenance and the like.

Monitoring management

The system monitoring comprises the function of remote management of the adapter, and the remote management of the adapter, the data bus, the data exchange, the data conversion and other modules in the exchange platform is realized by sending a control instruction.

Log management

And performing unified management on the log records generated by each module of the system. Log management provides a standard log interface function for applications and archives the logs, checking log records through a query interface.

Authentication service

The authentication management is used for verifying whether the user identity of the integrated exchange platform is legal or not. Each system independent of the integrated switching platform needs to tell its own identity information to the integrated switching platform when it needs to access the integrated switching platform, and the authentication management module performs identity verification on an external application system or a user by calling an interface of an authentication center.

Data maintenance

And (4) making data cleaning, backup and recovery strategies, cleaning the garbage data of the integrated exchange platform to ensure the data quality, and performing data recovery when necessary.

Executing information standards, referenced national standards and ministerial standards on industries adopted by the shared data center; and managing the corresponding relation with the service system data dictionary and tracking the change condition.

The information standard management module manages three code tables: 1) reference standard code table, 2) execution standard code table, 3) resource pool code table.

And managing and tracking data objects and data models in the shared data center by adopting a metadata management idea. The main functions include: shared data model management, application system data structure management.

The global service model management is the basis of realizing an application framework of an SOA (service oriented architecture), the global service components are managed through a componentization and objectification construction idea, all the global service components are packaged into standard Web services, and a global service model is formed after the components are assembled according to business requirements.

The main goals of the data maintenance tool are: and through a configured management tool, a maintenance interface and an application for the database table are quickly generated. The main functions include: maintaining a target table definition; maintaining a target table field definition; maintaining a target table data range definition; maintaining a target table rule definition; a target table permission definition is maintained.

1.1.1.1.1.1 report statistics tool

The reporting tool has the following characteristics:

complete report platform: and the complete report life cycle is supported, and the report management from production to release and continuity is realized.

Flexible, extensible reporting: flexibly compose required reports and can be easily integrated into any environment orIn the solution.

Simple and easy to use: the Web-mode report form definition and management interface and the graphical report form template definition interface enable the development and management of the report forms to be very simple, reduce the complexity of the system and improve the response efficiency and accuracy of the demand.

And (4) statistical report classification management: and carrying out classification management on the displayed report according to the service.

Managing a statistical report list: and defining a statistical form, and realizing the functions of adding, modifying and deleting the statistical form.

Managing the metadata of the statistical report: managing the fields of the statistical form according to the thought of metadata management, and the main functions comprise: adding report fields, setting column group numbers of the column fields, modifying the report fields, deleting the report fields, browsing the report fields and generating SQL for display.

And (3) browsing the statistical form: and displaying the classification of the statistical report, the statistical report list, the statistical time of the statistical report and the URL of the statistical report by using a tree structure.

And (3) data engine management: and managing according to the statistical report, the line group number and the column group number, and determining a sub-report by the line group number and the column group number. The functions provided mainly include addition, modification, deletion, completeness check, etc.

And (3) generating statistical data: completing the data of a statistical table.

And (3) statistical data generation scheduling: and (3) supporting: scheduled, immediate execution

Inputting statistical data: adding, modifying and inquiring single table according to statistical report metadata

And (3) displaying and designing a statistical form: design for statistical report presentation format by adopting visual studio

And (3) displaying a statistical report: and displaying the statistical report by using reporting service.

1.1.1.1.1.1.1 technical architecture

The report framework is explained from four application dimensions of user definition, report data extraction, report design and report front end.

1.1.1.1.1.1.2 report tool features

1. Complete report platform: and the complete report life cycle is supported, and the report management from production to release and continuity is realized.

2. Flexible, extensible reporting: the flexibility is to compose the required report and to be easily integrated into any environment or solution.

3. Simple and easy to use: the Web-mode report form definition and management interface and the graphical report form template definition interface enable the development and management of the report forms to be very simple, reduce the complexity of the system and improve the response efficiency and accuracy of the demand.

4. And (4) statistical report classification management: and carrying out classification management on the displayed report according to the service.

5. Managing a statistical report list: and defining a statistical form, and realizing the functions of adding, modifying and deleting the statistical form.

6. Managing the metadata of the statistical report: managing the fields of the statistical form according to the thought of metadata management, and the main functions comprise: adding report fields, setting column group numbers of the column fields, modifying the report fields, deleting the report fields, browsing the report fields and generating SQL for display.

7. And (3) browsing the statistical form: and displaying the classification of the statistical report, the statistical report list, the statistical time of the statistical report and the URL of the statistical report by using a tree structure.

8. And (3) data engine management: and managing according to the statistical report, the line group number and the column group number, and determining a sub-report by the line group number and the column group number. The functions provided mainly include addition, modification, deletion, completeness check, etc.

9. And (3) generating statistical data: completing the data of a statistical table.

10. And (3) statistical data generation scheduling: and (3) supporting: scheduled, immediate execution

11. Inputting statistical data: adding, modifying and inquiring single table according to statistical report metadata

12. And (3) displaying and designing a statistical form: design for statistical report presentation format by adopting visual studio

13. And (3) displaying a statistical report: and displaying the statistical report by using reporting service.

The main goals of the import-export tool are: the rapid and convenient importing and exporting tool is provided, a user can rapidly import external data into the database according to needs, and simultaneously, the data in the database can be rapidly exported into various types of external data.

The main characteristics include:

the method supports the import of source data in various formats: including excel, dbf, etc.;

data export is supported in multiple formats: including excel, dbf, pdf, html, etc.;

in order to ensure the sharing of the electronic health information and simultaneously realize the protection of the privacy of residents, the platform provides an authority management mechanism for the electronic health information. The authority management of the electronic health information carries out authority management according to different roles of doctors, managers, citizens and the like, and the authority management realizes four-level protection mechanisms of personal level, file type level, file level and citizen self-defined protection level according to levels.

According to privacy requirements imposed by legislation, policy and personal specific licensing directives. Allowing information platform users to manage patient/resident specific permission indications, such as blocking and blocking access to health profiles by certain healthcare providers or opening health profiles directly without permission in case of emergency treatment, as required and allowed by legal regulations.

An anonymization module A104 for hiding the private information when using the patient's file;

protecting the privacy and security of the patient, ensuring that patient data used in the information platform and in the delivery outside of providing normal medical services (e.g., medical insurance, administration, and some form of research) does not reveal the identity of the patient to unauthorized users.

And the instruction permission module A105 is used for verifying whether the access is legal when the patient file is accessed.

The instruction permission module A105 adopts the verification mode of dynamic mobile phone verification codes and health cards to verify whether the access is legal or not when accessing the patient file.

The method is used for verifying whether the access is legal or not when accessing the resident health information, and currently, modes such as a dynamic mobile phone verification code and a health card are adopted. When accessing, the user can access the mobile phone only by virtue of the terminal access password and the dynamic mobile phone verification code, so that the safety protection of the health information of the user is ensured to the maximum extent.

In other embodiments, a system for medical health information security management further comprises a data quality management module;

The weights are as follows:

TABLE 3

And counting the data set uploading amount of the region and subordinate institutions by analyzing the data set amount of the data uploaded by each region and each medical institution. For example:

basic medical institution: 20 health record data sets and 53 electronic medical record data sets; public hospital: 53 electronic medical record data sets. The health file shared document data set conforms to the standardization condition of the ' regional health information interconnection and intercommunication standardization maturity assessment index system (prefecture level) ' 2.2 shared document standardization condition (15 points) '.

The field saturation calculation formula: (total number of fields uploaded in the month-number of missing fields)/total number of fields uploaded in the month.

The logic relevance puts requirements on the work of a data manufacturer, the uploading of a relevant data table is realized, and the business application on data retrieval can be met only when the data is completely displayed.

And the data accuracy is comprehensively calculated from two dimensions of the completeness of the mandatory field and the accuracy of the mandatory field. The data accuracy is the core content for judging the quality of medical institutions medical records and is also a key link for the quality of platform data.

The uploading efficiency is a continuous index for measuring the uploading of the medical institution data by the data manufacturer. It reflects the action efficiency of medical institutions and data manufacturers in executing medical informatization, interconnection and intercommunication, and 'the notification of the Yuwei office information issuing (2015)11 on accelerating the information access work of medical institution regional platforms', and the like.

Through the uploading efficiency, the control and management of the medical institution on the self data uploading link (data manufacturer) can be improved.

In other embodiments, a medical health information security management system further comprises a data transmission management module;

The data transmission management module is used for deploying network monitoring service at the higher level, configuring monitoring points, and monitoring servers, applications, services and databases of platforms such as a higher level platform, a lower level platform, a hospital and the like through a private health network, and means that:

during monitoring, a superior network monitoring service actively initiates a monitoring request, and initiates different requests according to different monitoring targets, wherein the method comprises the following steps:

When monitoring, the superior network monitoring service actively initiates a monitoring request, and initiates different requests according to different monitoring targets, and meanwhile, the network monitoring service directly pushes real-time data to a real-time monitoring page of a monitoring system through a Socket protocol, so that real-time monitoring is realized.

In other embodiments, a health care information security management system further includes a network manager: testing the network connection quantity through an Internet packet explorer PING (packet Internet groper), and monitoring parameters: and (5) connecting and disconnecting. And providing a log query, the log comprising: host name, IP address, network disconnect time, duration, recovery time.

Data transmission arrangement

Network monitoring: configuring a monitoring range: county and its subordinate medical institutions.

Service monitoring: configuring a monitoring range

Application monitoring: configuring a monitoring range

Data quality configuration

Data set integrity configuration: and configuring data set uploading requirements of each district and county and medical institution.

And (3) data accuracy configuration: 1. configuring the necessary field range of the health file and the electronic medical record; 2. and judging the field correctness.

TABLE 4

Notification sending configuration

And (4) notification is sent, so that a management mechanism or a service main body can know the service condition in time, and timely response and emergency treatment are realized. The following table

TABLE 5

Testing the network connection quantity through an Internet packet explorer PING (packet Internet groper), and monitoring parameters: and (5) connecting and disconnecting. And providing a log query, the log comprising: host name, IP address, network disconnect time, duration, recovery time.

In actual use, the following treatment is generally carried out in consideration of various ideas:

ensuring that all entities (users and systems) accessing the urban population health comprehensive management platform adopt unique identity identifications, and uniformly managing the entity identities:

defining and marking digital identities of various entity information of the urban population health comprehensive management platform;

the method has the advantages that the digital identity flow management is realized, the whole life cycle of the digital identity is controlled, and the management operations of identity information application, approval, change, revocation and the like are supported;

ensuring that each user must have a unique identity and unique authentication information;

if mutual authentication between the user and the system is performed, the system must also have unique authentication information;

ensuring that the user and system authentication information must be non-counterfeitable;

providing self-service functions (such as identity registration application, modification, password resetting, etc.).

2. Providing a special authentication module to identify the user and the system accessing the platform system, and protecting the confidentiality and integrity of the identification data, wherein two or more combinations of the following identification mechanisms are selected for identification authentication:

a digital certificate authentication mode based on a PKI/CA system comprises the following steps: the digital certificate needs to be stored in a hardware certificate carrier USB Key and PIN password protection is carried out, and a private Key and a PIN code are generated in the USB Key;

user name/password authentication mode: password setting must have certain complexity, password setting regular replacement requirements, password character input should not display original characters, password information needs to be encrypted and protected by adopting password technology in the transmission and storage processes, and an administrator has authority to reset the password;

an authentication mode based on human body biological feature identification;

other authentication modes with corresponding security strengths.

3. The login failure processing function is supported, measures such as session ending, illegal login frequency limitation, automatic quitting and the like can be taken:

setting an account locking threshold time, wherein when the number of failed user identity authentication attempts reaches a specified value, the session between the user and the system must be terminated;

when the user logs in the account for multiple times and is wrong, the account is automatically locked, and the administrator has the authority to unlock the account;

an audit trail must be made for the authentication failure event.

The single sign-on system function is supported, and the user can access different service systems only through one-time identity authentication.

Entity authorization

1. And (3) carrying out user classification management according to different use properties of the user on the urban population health comprehensive management platform system:

dividing users into two categories of service users and management users, and refining user classification according to user responsibilities;

and creating user roles and working groups, dividing users with the same attribute or characteristic into one group according to a certain rule, and managing user groups.

2. The system supports standardized management of users, roles, resources and authorities, and implements authority management and authority distribution:

an authorization strategy is made based on an authorization model of 'user-role/user group application resource';

providing functions of adding, modifying, deleting and inquiring user authority;

the function of creating and modifying data access rules and automatically and temporarily authorizing the user according to the business rules (such as limiting access time or accessing data range, etc.);

hierarchical authorization is supported, so that the complexity of centralized authorization is avoided, and the accuracy of authorization is improved;

the service authority and the management authority are strictly separated, and a service user does not have the management authority;

all authorized activities must be audit-tracked.

Entity access control

An access control function is started, access of a user to the platform system is controlled according to a security policy, and the following functional requirements are met:

1. and the process of identifying and authenticating the system user meets the requirement of entity authentication.

2. The role is divided, so that the entity authorization requirement is met;

3. the access of a user to objects such as files, database tables and the like is controlled according to the security policy within the control range of the security policy, and the coverage range of the access control includes the objects and the subjects related to resource access and the operations among the objects:

the granularity of the access control subject is user level, and the granularity of the object is file or database table level. The access operation comprises creation, reading, writing, modification, deletion and the like of an object;

establishing an autonomous access control list based on an authorization policy;

determining whether to allow or deny the user to access the resource of the controlled system according to an allowed access rule between the user and the system, wherein the control granularity is a single user;

non-repudiation

1. When the system executes key business operation, the digital signature function is added when the participant/operator acts (such as initial entry, modification or data transmission).

The method is suitable for realizing digital signature and visual display of key information or operation by combining the electronic signature technology and the digital signature technology.

2. The system digitally signs the transmission data during transmission of sensitive information to ensure that the sender or recipient of the message cannot later repudiate the message as sent or received.

A function of providing data originality evidence for a data originator or a data recipient;

and providing the data originator or the data receiver with the data receiving evidence.

3. The digital signature information is supported to be stamped, and the timestamp is required to be used for guaranteeing time service and time keeping monitoring by a national law timing source.

Secure transfer of data

1. The effective identity authentication of both parties of the data exchange is carried out, and the function of entity authentication is conformed

2. And data integrity protection is carried out on the exchanged data, and the data integrity is ensured by adopting digital abstract and digital signature technologies.

3. The whole message or session sensitive information field in the communication process is encrypted, and the system supports a standard-based encryption mechanism, and is preferably realized by adopting a PKI (public key infrastructure) encryption technology or other security mechanisms with quite high security.

4. The authenticity and non-repudiation of the exchanged data should be guaranteed.

Implementation of information security and privacy protection

Unified identity authentication

CA authentication

Unified authentication, i.e. the digital Certificate Authority (CA) is mainly responsible for generating, distributing and managing the authentication digital certificates required by all the individuals participating in the online transaction, each digital Certificate is associated with a digital signature of the previous stage, and finally, the unified authentication is traced back to a known and widely regarded as safe, authoritative and sufficiently trusted Authority through a security chain. All parties of electronic transaction must possess legal identities, namely digital certificates issued by a CA center, and all parties of transaction need to check the validity of the digital certificates of the other parties in all links of transaction, so that the trust problem of users is solved. In the construction of the system, the identity identification infrastructure of the qualified CA authentication center can be directly utilized. Through the sanitary data center platform, various application systems call various middleware, and unified identity management and authorization management of the regional sanitary network system are conveniently realized.

In the CA certification hierarchy, a digital certificate is a file containing public key owner information and a public key digitally signed by a Certificate Authority (CA). A Certificate Authority (CA), acting as an authoritative, trustworthy, fair third party authority, is specifically responsible for providing digital certificate services for various certification needs.

The data certificate authentication center is a key link of the safety of the whole clinical information system, and generates, distributes and manages the identity authentication digital certificates of all businesses. The digital security certificate mainly has the following four functions:

confidentiality of information;

certainty of operator identity;

non-repudiation: the digital security certificate issued by the CA center ensures the undeniability of each link of the system operation process, so that the benefits of both doctors and patients are not damaged;

non-modifiable modification: the information generated by the system is not modifiable. The digital security certificate issued by the CA center also ensures the irreparable modification of the electronic medical record file so as to ensure the seriousness and justice of the medical record file.

CA certification hierarchy planning

The population health information platform mainly faces potential safety hazards such as identity authentication, data confidentiality, data integrity, behavior denial resistance and the like. Aiming at the requirements related to identity authentication, the CA authentication technology based on the PKI/CA technology is adopted to solve the problems on the premise of meeting the electronic signature method of the people's republic of China.

And a local RA is established for a population health information platform so as to realize services such as certificate registration and management and the like which are more timely and efficient for users of the platform.

And (3) issuing digital certificates by each mechanism related to the platform respectively, reporting data after logging in the platform by adopting the digital certificates, and carrying out electronic signature on the reported data.

The personnel of the health council adopts the digital certificate to log in the platform, can conveniently check and verify the submission data, and carry on the electronic signature.

All levels of related functional departments can handle related functions by adopting the certificate login system.

In summary, in the population health information platform, the CA authentication technology is adopted, and the electronic signature trust service of the CA is used, so that the user identity verification in the system can be comprehensively, efficiently and accurately realized, and the operation authority of the user in the system is strictly controlled. The SSL encryption transmission channel is established between the digital certificate and the website server of the platform, so that the data transmission safety is ensured.

Certificate management flow

Certificate management includes functions of certificate application, certificate production, certificate revocation, certificate updating and the like.

Applying for a certificate: a certificate administrator logs in an RA system by using an administrator certificate, fills in various information of a certificate applicant through a Web page, and generates a certificate KEY pair in a USB KEY of a user to initiate a certificate application;

certificate production: after receiving the certificate application, the CA background generates a digital certificate according to the user information and the public KEY, returns the certificate to the RA, automatically stores the certificate in the USB KEY, and sets the private KEY as undeexportable;

certificate revoking: the certificate revoking is initiated by a platform administrator through an RA page, and the administrator submits a certificate revoking success message to the platform system through a Web page after completing the user certificate revoking;

and (3) certificate updating: and when detecting that the user certificate is about to expire, prompting the user to enter a customized certificate updating interface for certificate updating. Certificate updates may also be made by an administrator through the RA interface.

Certificate secure login process

When a user accesses a platform system, a digital certificate is selected, a secure login is clicked, a client PTA control calls the selected certificate to digitally sign a random number generated by a server, the random number is submitted to a server, the server calls an SVM module to verify the signature, a user certificate is extracted, a CVM module is called to verify the validity of the user certificate (whether the user certificate is issued by an appointed CA, is revoked or not and is overdue or not), and if the user certificate is invalid, the user login is prohibited; if the user certificate is valid, the theme of the user certificate is analyzed, user information (such as name, identity card number and the like) is extracted, then a user access control list is inquired, the access authority of the user is obtained, and safe login and access control are achieved.

In order to ensure the security and the effectiveness of platform system data, a user with a submitting qualification must use a digital certificate to safely log in, the user who uses the digital certificate to log in only has the authority of submitting (signing), and for the user who does not have the authority of submitting, the user can continuously use a user name plus a password to log in the system to perform operations such as entering, saving, consulting and the like, if the data needs to be submitted, the superior personnel uses the digital certificate to submit the data.

Signature and verification process

When a user performs operations such as reporting and the like, the user uses a certificate private key to digitally sign submitted WEB form single domain declaration data or file attachments and other original data needing to be uploaded through a PTA signature control to generate a signature result (5-6K character string), the signature result is submitted to a background server end, the background server uses an SVM signature verification module to verify the original data and the signature result of the user, and if the verification fails, the user is prompted to submit again; if the verification is passed, the data original text and the signature result are stored in a system database or a file system, and the data original text and the signature result which are subjected to digital signature are electronic evidences with legal effectiveness and have resistance to repudiation.

Using PKI encryption

The PKI encryption technology is one of the main security measures taken in e-government affairs, and is the most common security measure, and important data is changed into a scrambled code (encrypted) to be transmitted by using a technical measure, and is restored (decrypted) by using the same or different measures after arriving at a destination.

The population health information platform adopts a PKI encryption technology to protect the transmission of sensitive information of patients in an area and ensure the safety in information transmission. In the encryption system, after information is encrypted by using an encryption key, an obtained ciphertext is transmitted to a receiving party, and the receiving party decrypts the ciphertext by using a decryption key to obtain an original text. The encryption technique includes two elements: an algorithm and a key. The algorithm is a step of combining ordinary text (or understandable information) with a running number (key), which is an algorithm used to encode and decode data, to generate an unintelligible ciphertext. In security, the information communication security of the network can be ensured through proper key encryption technology and management mechanism. The cryptosystem of the key encryption technology is divided into a symmetric key system and an asymmetric key system. Accordingly, techniques for encrypting data fall into two categories, namely symmetric encryption (private key encryption) and asymmetric encryption (public key encryption). Symmetric encryption is typically represented by a Data Encryption Standard (DES) algorithm, and asymmetric encryption is typically represented by an RSA (Rivest Shamir Ad1eman) algorithm. Symmetric encryption has the same encryption key and decryption key, while asymmetric encryption has different encryption key and decryption key, the encryption key can be public and the decryption key needs to be secret.

Application of digital signature

A digital signature is some data appended to a data unit or a cryptographic transformation performed on a data unit. Such data or transformations allow the recipient of the data unit to verify the source of the data unit and the integrity of the data unit and to protect the data against counterfeiting by a person (e.g., the recipient).

Privacy and rights management

Unified rights management

Standard authorization model

The use of Web technology in large-scale, high-complexity systems has seen explosive growth in recent years. Although most Web applications provide general information over the public internet, intranets and extranets, an increasing business need is for Web applications to be able to support critical business functions. As the use of the Web moves into a mature stage, successfully managing and protecting the Web resources of the system has become an increasingly complex challenge. User security and management issues specific to these different situations must be considered for those requiring their employees to remotely access an intranet through the internet.

In the standard authorization model, there is a policy enforcer between the visitor and the target, which is a difference from the traditional model where the visitor's request is directed to the target and all authorization management is done at the target.

All requests (such as HTTP requests) of the visitor to access the target are intercepted by the policy executor, and after the policy executor intercepts the requests of the visitor, whether the requests of the visitor meet the rules or not is judged according to the rules defined in the policy manager. If the security rules are met, the policy executor forwards the request for access to the target and forwards the result of the target's processing to the visitor, which then acts as a proxy server. By judgment, if the request of the visitor to the target does not accord with the security rule, the policy executor directly rejects the request of the visitor and does not forward the request of the visitor to the target.

In the standard authorization model, all visitor-to-target requests are intercepted by the policy executor, and these requests do not reach the target directly, but are forwarded by the policy executor.

In the standard authorization model, the target no longer makes a decision as to the authorization of the user, all of which are done by the policy enforcer and the policy manager.

All security policy definitions are accomplished through the policy manager, which is separate from the target, or which is relatively independent and separate from the development of the application.

In the overall structure of the unified authority management system, a strategy executor is equivalent to a reverse proxy server, and for a client, the strategy executor is equivalent to a Web server; for the application server of the back end, it is equivalent to a client. It will make a determination of access rights for HTTP/HTTPs requests from the client and forward requests that comply with the security policy. Resources on all application servers of the backend can be protected by the policy enforcer.

1. Centralized subscriber management

For the management of the users, an LDAP server may be used to manage all the users collectively, for example: creation of a user, change of user status, deletion of a user, etc.

In order to conform to the personnel structure and management hierarchy of an enterprise, the unified rights management system can realize hierarchical management of users, such as: an administrator of the population health information platform can manage user information in a whole city range; the administrator of each zone is responsible for the user information in the zone.

2. Centralized security policy management

In conventional applications, security management (including user libraries, user authentication and authorization, user login and access logging and auditing, etc.) may vary from application to application, as may the security policies implemented by different applications. Therefore, there is no unified security policy management within the company, but only some decentralized security policies management, which may greatly increase the security risk and the management complexity caused thereby.

Our goal is to establish an overall security management policy. All operations of customizing, modifying, deleting and the like of the security policies are completed through a unified platform, so that the goal of uniformly managing the security policies in the enterprise is achieved.

3. Centralized Web resource management

A wide variety of Web resources present in an enterprise Web environment can be managed by a unified rights management system, such as:

static pages (HTML) on Web servers;

dynamic pages on Web servers (CGI, JSP, ASP, etc.);

resources (servlets, EJBs) on a Web application server (Websphere/Weblogic);

resources on Web portal servers (portlets, Pages, Place, etc.);

4. centralized authorization management

Access policy management is key to implementing a Web-based access platform. The most important issue when the identity of a user is determined is which things the user can do and which information can be seen.

After one user completes identity authentication, the authorization service of the unified authority management system allows the user to access only the information which the user has the right to access. The policy executor creates a logical Web space that associates access control information with the resource. The authorization service maintains authorization policies in a central repository that lists all resources in the protected intranet and policy templates (access control lists) associated with each resource. The policy template specifies conditions that must be met when a user accesses and manipulates resources. Each time a user attempts to access a resource, the user's credentials are checked against the authorization policy for that resource. This model allows for centralized maintenance of authorization policy information rather than transmitting such information onto the user's desktop.

The unified rights management system authorization service may provide access policy inheritance, group member authorization, and role-based access control functions. To achieve high availability, the authorization service may be replicated.

Policy enforcers allow an organization to build the repository of authorization information based on a logical hierarchy of its own choosing. With this structure, the unified rights management system uses a pattern for all resources called inheritance. Unless a policy template is explicitly set for a resource, the policy template for the object directly above itself in the tree structure is automatically inherited. This means that the policy template need only be used if the access policy changes.

Inheritance eliminates the need to explicitly define a policy template for each object, reduces the memory requirements for authorization, and relieves the administrative burden.

5. Logging and auditing of user access

The ability to log and audit all access attempts is very important for protecting the internal applications of the demographic information platform. Monitoring access attempts by all users enables an administrator to detect security risks. The unified rights management system records all access attempts using a standard format and generates a legible report. The records can be securely transmitted to a third party database system from which the user's usage patterns can be analyzed.

6. Single sign-on in a Web environment

Policy enforcers may also provide powerful single sign-on (SSO) functionality for applications of the demographic health information platform. In a conventional environment, there may be multiple applications inside an enterprise, each having its own mechanism for user authentication and access authorization determination, and when an end user uses these applications, he needs to log in for each application once, which will certainly bring much inconvenience to the user.

The unified rights management system may help users solve such problems. The solution of this problem usually requires a rights management system to be placed in front of all applications inside the enterprise, through which all users access background Web resources, and integrate with all background applications, establish a connection with the background applications, and transfer the user's login information to the applications, while still maintaining transparency to the users. When using the unified rights management system, the user only needs to log in once, after which the user can access all Web-based resources and applications that the user has access to.

In the embodiments provided in the present application, it should be understood that the disclosed systems, modules and/or units may be implemented in other ways. For example, the above-described method embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed. The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims

1. The medical health information security management system is characterized by comprising an encryption module, a permission module, a privacy protection module, an anonymization module and an instruction permission module:

2. The system of claim 1, wherein the security means for data encryption comprises SSL, digital certificate, PKI.

3. The system of claim 1, wherein the authorization is in a two-level mode: the platform administrator uniformly authorizes the system level and then each system determines the corresponding secondary system function authority.

4. The system of claim 3, wherein the two-level mode is adopted, the platform administrator performs authorization at a system level uniformly, and each system determines the corresponding second-level system function authority by itself, which means that:

authentication and authorization delegation of authority management;

a unified portal management for critical applications is provided step by step.

5. The system of claim 1, wherein the command permission module uses a dynamic cell phone verification code, a health card verification method to verify whether the access is legal when accessing the patient file, and the like.

6. The system of claim 1, further comprising a data quality management module;

7. The system of claim 1, further comprising a data transmission management module;

8. The system of claim 7, wherein the data transmission management module is configured to deploy network monitoring services at an upper level, configure monitoring points, and implement monitoring of servers, applications, services, and databases of platforms such as an upper-level platform, a lower-level platform, and a hospital through a private health network, and refers to:

during monitoring, a monitoring request is actively initiated by a superior network monitoring service, and different requests are initiated according to different monitoring targets.

9. The system of claim 8, wherein the monitoring request is initiated actively by a superior network monitoring service during the monitoring, and different requests are initiated according to different monitoring targets, including:

10. The system of claim 8, wherein a higher-level network monitoring service actively initiates a monitoring request during monitoring, and initiates different requests according to different monitoring targets, and the network monitoring service directly pushes real-time data to a real-time monitoring page of the monitoring system through a Socket protocol, thereby realizing real-time monitoring.