CN112768022A - System and method for medical data streaming - Google Patents

Abstract

The invention discloses a system and a method for transferring medical data streams, and belongs to the technical field of medical data management. The invention provides a system for transferring medical data streams, which comprises a data acquisition module, a data processing module, an auditing module, a checking module and a safety module, wherein the data acquisition module is used for acquiring medical data streams; all the modules are electrically connected in sequence; meanwhile, the invention provides a method for transferring medical data streams, which comprises the following steps: s1, the medical institution calls the relevant medical data according to the content of the application form; s2, classifying the relevant medical data in the step S1, and carrying out standardization and desensitization treatment; s3, auditing the data in the step S2 to ensure the data are consistent with the content of the application form; s4, authorizing relevant medical data by the patient and the medical institution; and S5, performing safety protection on the internal part of the medical institution and the network safety, and ensuring the data transmission safety. The invention ensures the privacy, safety and standard of medical data circulation and improves the value of medical data.

Description

System and method for medical data streaming

Technical Field

The invention relates to the technical field of medical data management, in particular to a system and a method for medical data stream transfer.

Background

Medical data is very important data in the medical field, and mainly comprises information generated in the hospitalizing process of patients, clinical medical research and laboratory data, health management brought by pharmaceutical enterprises, life sciences and intelligent wearable equipment, and the like, however, because different medical institutions have different standards for recording treatment data information of patients in different stages, the records of hospital information, instrument information, doctor diagnosis information, patient information, health information, clinical data and medicine data of each medical institution cannot be interconnected, intercommunicated, shared and fused, and the value of the medical data is greatly devalued.

Medical records and examination records of patients receiving services in different medical institutions at different stages are in independent states, and in the process of circulation, the data are transmitted due to too much data transmission or no processing, so that the privacy of the patients is easily exposed, and in addition, the data are easily stolen by a network means in the midway of circulation, so that a method capable of standardizing, stabilizing and safely circulating the medical data is urgently needed.

Disclosure of Invention

The present invention is directed to a system and method for medical data streaming, so as to solve the problems of the background art.

In order to solve the technical problems, the invention provides the following technical scheme: a system for transferring medical data stream comprises a data acquisition module, a data processing module, an auditing module, a checking module and a safety module;

the output end of the data acquisition module is electrically connected with the input end of the data processing module, the output end of the data processing module is electrically connected with the input end of the auditing module, the output end of the auditing module is electrically connected with the input end of the checking module, and the output end of the checking module is electrically connected with the input end of the safety module;

the data acquisition module is used for acquiring and calling the demand data; the data processing module is used for carrying out standardization and desensitization processing on data; the auditing module is used for verifying the range of the data content; the checking module is used for checking the data authorization and recording the checking process; the safety module is used for ensuring the safety of hardware and software in the medical institution and the safety of the Internet.

According to the technical scheme, the data acquisition module comprises an access unit and an acquisition unit;

the output end of the access unit is electrically connected with the input end of the acquisition unit;

the access unit is used for receiving a medical data request access request form sent by a requesting party mechanism; the acquisition unit is used for accessing the content of the application form according to the medical data request to call the medical data;

after the requesting mechanism sends a medical data request to access the application form, the data acquisition module reads and retains the application form, calls corresponding medical data from the database according to the content of the application form, and transmits the medical data to the data processing module for processing.

According to the technical scheme, the data processing module comprises a standardization processing unit and a desensitization processing unit;

the standardized processing unit is used for converting unstructured medical data written by doctors in medical institutions into standardized medical data; the desensitization processing unit is used for desensitizing sensitive information of the medical data;

after receiving the relevant medical data transmitted by the data acquisition module, desensitizing sensitive data in the medical data by using a desensitizing processing unit, wherein the sensitive data mainly comprises privacy data such as name, gender, birth date, mobile phone number, identification card number and the like, and the desensitized data are invisible, so that the privacy of a patient is ensured not to be exposed; the data after desensitization is subjected to standardized processing by using the standardized processing unit, and the medical entity information is mainly extracted and the professional term expression is carried out by contrasting the related data, so that the data form can be unified in the process of medical data circulation, each requesting organization can accurately recognize and understand the data conveniently, and the value of the medical data is improved.

According to the technical scheme, the auditing module comprises a data auditing unit and an agency auditing unit;

the data auditing unit is used for invoking the medical data to request to access the content of the application form and auditing the standardized medical data output by the data processing module, ensuring consistency and following the minimum principle of medical data outflow; the mechanism auditing unit is used for auditing the requester mechanism;

in the circulation process of medical data, the content extracted by a medical institution exceeds the content applied by the application form, so that data leakage is caused, therefore, in the auditing module, the data transmitted from the data processing module is compared with the similarity of the content characteristic vectors by using the data auditing unit, a similarity threshold value is set, all the characteristic vectors are not lower than the threshold value, and the data is judged to be in accordance with the content of the application form; and the authority auditing unit is used for carrying out key verification on the requesting authority so as to ensure the application qualification of the requesting authority.

According to the technical scheme, the checking module comprises a checking unit, an output unit and an information base;

the verification unit is used for verifying the requested medical data and confirming that the requested medical data passes the authorization of the patient and the medical institution; the output unit is used for outputting the verified medical data to the data open platform; the information base is used for storing authorized videos;

in the verification module, authorization equipment is used for authorization, each item of data can be circulated only after double authorization of the patient and the medical institution, otherwise, the data is early-warned and then discarded; if the patient can not be contacted in the authorization process, or the patient has serious illness or death and can not be normally authorized, the authorization treatment can be carried out according to the related authorization protocol signed in at the time of hospitalization.

The invention also provides a method for medical data stream transfer, which comprises the following steps:

s1, after the requesting side mechanism sends out a medical data request to access the application form, the medical mechanism calls the relevant medical data according to the content of the application form;

s2, classifying the relevant medical data in the step S1, identifying sensitive information and medical information, carrying out standardization and desensitization treatment, and identifying the screening number of the data as a unique identification code;

s3, auditing the data in the step S2 to ensure the data are consistent with the content of the application form, and simultaneously auditing a requesting organization to ensure the authenticity of the requesting organization;

s4, authorizing the relevant medical data by the patient and the medical institution, and outputting the authorized data to the data open platform after the authorization is successful;

and S5, performing safety protection on the internal part of the medical institution and the network safety, and ensuring the data transmission safety.

According to the above technical solution, in the steps S1-S2, the standardization and desensitization process of the relevant medical data includes the following steps:

s2-1, extracting sensitive information, wherein the sensitive information comprises name, gender, birth date, mobile phone number and identification card number, desensitizing the sensitive information by using a data generalization mode, and generating an identification code as identification;

s2-2, splitting the medical data into a plurality of bytes, extracting medical entity information and non-professional term expression, deleting other bytes, and performing professional term replacement on the non-professional term expression according to medical and medical data set standards issued by relevant departments to form new medical data;

and S2-3, extracting and evaluating the new medical data at different diseases and different time, wherein the evaluation result exceeds the evaluation threshold value, and the data is valid data.

In the evaluation process, the evaluation average value of all data is selected to be compared with the evaluation threshold value, so that the standardization degree of the whole data can be reflected, and the error range can be controlled.

According to the above technical solution, in step S3, the auditing of the new medical data and the content of the application form includes the following steps:

s3-1, extracting the content feature vector in the new medical data, and recording as X ═ X₁，x₂，x₃，…，x_n}；

S3-2, extracting content feature vectors in the standard medical data according to the corresponding diseases and the content of the application form, and recording the content feature vectors as Y ═ Y₁，y₂，y₃，…，y_nAnd comparing similarity according to a formula:

wherein p is_iSimilarity of each feature vector and a corresponding standard feature vector is obtained;

s3-3, when there is any p_iIf the content of the medical data is larger than the threshold value, the content of the medical data is judged to be more than the content of the application form, record examination is carried out, and the medical data is reprocessed.

In the auditing process, a cosine similarity method is utilized to process the similarity of each feature vector, so that the whole data is ensured to be consistent with the content of the application form, the medical data is prevented from being intentionally disclosed by someone, and the privacy of a patient is prevented from being exposed.

According to the above technical solution, in step S4, after the processing and the auditing of the relevant medical data, the authorizing of the relevant medical data by the patient and the medical institution includes:

s4-10, the medical institution can normally contact the patient, and the patient agrees to authorization, invites the patient to arrive at the medical institution, and the patient performs authorization processing, and then the medical institution performs authorization processing;

s4-20, the medical institution can normally contact the patient, but the patient does not agree with the authorization, and the medical data is marked and discarded;

s4-30, the medical institution can not contact the patient or the patient is seriously ill or dead, the authorization can not be completed normally, the medical institution can call the admission authorization protocol, and authorization processing is carried out according to the protocol;

in the authorization process, authorization is performed by using an authorization device, and the specific steps include:

s4-100, when the medical institution carries out authorization processing, the patient or the authorized personnel of the medical institution faces the authorization equipment, and the arm swings above the equipment;

s4-200, in step S4-100, a sensor and a camera are arranged in the authorization equipment, and when the sensor senses the change of the air flow above the authorization equipment;

and S4-300, when the air flow change exceeds a set threshold value, the authorization equipment starts a camera, starts authorization processing, shoots a video which is authorized by the patient or the authorized personnel of the medical institution, stores the video, and sets the file name as the unique identification code of the corresponding data.

In the authorization process, the camera is started by utilizing the flowing speed of the air, so that the situation that no other people interfere before the authorization equipment is ensured, the voluntary authorization of a patient is realized, the authorization time is recorded, the authorization of the patient is prevented from being maliciously replaced by someone, and the profit of the medical data sold is realized.

According to the above technical solution, in step S5, the safety protection of the interior of the medical institution includes:

opening a firewall ACL strategy by a minimum principle, communicating nodes listed on a white list only by adopting a white list mechanism, and communicating through a specified port;

when all network communication calls the interface, the protection is carried out by the Web application protection system;

all hosts open iptables or edr for micro-isolation, audio is opened for full audit, and logs are sent to independent log audit equipment;

the highest authority of all the equipment and the host is managed by the fort machine, the three authorities are separated, and the safety is guaranteed back to back;

file external transmission is not allowed, full flow audit is conducted at an inlet and an outlet of a network, and whether data stolen by a malicious program and data externally transmitted by a malicious user exist or not is monitored by matching with user behavior analysis, namely, data security risk is conducted by manually bypassing a security policy;

the network security protection comprises network access port authentication and KMS key service;

the network access port authentication is positioned on an internet link and is executed by a data open platform; the medical institution, the requester institution and the individual user do not directly access, all communication between the medical institution and the requester institution and between the medical institution and the individual user must be checked and handed over through the data opening platform, and the data opening platform only receives access of the authenticated port;

the KMS key service comprises the following steps:

s10-1, when a requester mechanism needs data, asymmetric secret keys PK and SK are generated, a request is initiated to a digital security cooperation platform to take PK, and after service logic verification, the request is sent to a medical mechanism;

s10-2, after receiving the request, the medical institution initiates a request for the symmetric encryption KEY to the KMS, and the KMS issues a symmetric KEY KEY to the medical institution;

s10-3, the medical institution encrypts data through the symmetric KEY KEY, encrypts the KEY through the PK sent by the requesting party institution, and sends the KEY-encrypted data and the PK-encrypted KEY to the requesting party institution;

s10-4, after receiving the data, the requesting mechanism decrypts PK encrypted KEY through SK, and then decrypts the PK encrypted KEY to obtain original data;

s10-5, when tracing the data, the KEY symmetrically encrypted at that time can be called from the KMS, and the original data is obtained by decryption.

Compared with the prior art, the invention has the following beneficial effects:

according to the invention, the data processing module is used for carrying out standardization and desensitization processing on the medical data, so that the privacy of a patient is not stolen in the circulation process of the medical data, the data can be accurately identified by each requester mechanism, the utilization value is improved, the patient can be better served, and the medical level is enhanced; the auditing module is used for auditing the contents and the data of the application form, and the cosine similarity comparison of the content characteristic vectors accurately ensures that no redundant data is leaked and conforms to the 'minimization principle', thereby improving the protection degree of the data; the authorization of the medical data is verified by using the verification module, the voluntary authorization and the real authorization of a patient are guaranteed, the image data is provided as a certificate, the application qualification of a requesting organization is further checked, and the data is guaranteed not to be lost; the security module is used for providing authentication of the network port and KMS key service, so that the medical institution, the requester institution and the individual user are ensured not to directly access, all communication must be accessed by the authenticated port, and data tracing can be performed.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:

FIG. 1 is a schematic diagram of a medical data streaming system according to the present invention;

FIG. 2 is a schematic representation of the steps of a method of medical data streaming according to the present invention;

FIG. 3 is a flow chart illustrating a method of medical data streaming according to the present invention;

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, the present invention provides a technical solution: a system for transferring medical data stream comprises a data acquisition module, a data processing module, an auditing module, a checking module and a safety module;

the output end of the data acquisition module is electrically connected with the input end of the data processing module, the output end of the data processing module is electrically connected with the input end of the auditing module, the output end of the auditing module is electrically connected with the input end of the checking module, and the output end of the checking module is electrically connected with the input end of the safety module;

the data acquisition module is used for acquiring and calling the demand data; the data processing module is used for carrying out standardization and desensitization processing on data; the auditing module is used for verifying the range of the data content; the checking module is used for checking the data authorization and recording the checking process; the safety module is used for ensuring the safety of hardware and software in the medical institution and the safety of the Internet.

The data acquisition module comprises an access unit and an acquisition unit;

the output end of the access unit is electrically connected with the input end of the acquisition unit;

the access unit is used for receiving a medical data request access request form sent by a requesting party mechanism; the acquisition unit is used for accessing the content of the application form according to the medical data request to call the medical data;

after the requesting mechanism sends a medical data request to access the application form, the data acquisition module reads and retains the application form, calls corresponding medical data from the database according to the content of the application form, and transmits the medical data to the data processing module for processing.

The data processing module comprises a standardized processing unit and a desensitized processing unit;

the standardized processing unit is used for converting unstructured medical data written by doctors in medical institutions into standardized medical data; the desensitization processing unit is used for desensitizing sensitive information of the medical data;

the auditing module comprises a data auditing unit and an organization auditing unit;

the data auditing unit is used for invoking the medical data to request to access the content of the application form and auditing the standardized medical data output by the data processing module, ensuring consistency and following the minimum principle of medical data outflow; the mechanism auditing unit is used for auditing the requester mechanism;

in the circulation process of medical data, the content extracted by a medical institution exceeds the content applied by the application form, so that data leakage is caused, therefore, in the auditing module, the data transmitted from the data processing module is compared with the similarity of the content characteristic vectors by using the data auditing unit, a similarity threshold value is set, all the characteristic vectors are not lower than the threshold value, and the data is judged to be in accordance with the content of the application form; and the authority auditing unit is used for carrying out key verification on the requesting authority so as to ensure the application qualification of the requesting authority.

According to the technical scheme, the checking module comprises a checking unit, an output unit and an information base;

the verification unit is used for verifying the requested medical data and confirming that the requested medical data passes the authorization of the patient and the medical institution; the output unit is used for outputting the verified medical data to the data open platform; the information base is used for storing authorized videos;

in the verification module, authorization equipment is used for authorization, each item of data can be circulated only after double authorization of the patient and the medical institution, otherwise, the data is early-warned and then discarded; if the patient can not be contacted in the authorization process, or the patient has serious illness or death and can not be normally authorized, the authorization treatment can be carried out according to the related authorization protocol signed in at the time of hospitalization.

In fig. 2-3, the present invention provides a method of medical data streaming, the method comprising the steps of:

s1, after the requesting side mechanism sends out a medical data request to access the application form, the medical mechanism calls the relevant medical data according to the content of the application form;

s2, classifying the relevant medical data in the step S1, identifying sensitive information and medical information, carrying out standardization and desensitization treatment, and identifying the screening number of the data as a unique identification code;

s3, auditing the data in the step S2 to ensure the data are consistent with the content of the application form, and simultaneously auditing a requesting organization to ensure the authenticity of the requesting organization;

s4, authorizing the relevant medical data by the patient and the medical institution, and outputting the authorized data to the data open platform after the authorization is successful;

and S5, performing safety protection on the internal part of the medical institution and the network safety, and ensuring the data transmission safety.

According to the above technical solution, in the steps S1-S2, the standardization and desensitization process of the relevant medical data includes the following steps:

s2-1, extracting sensitive information, wherein the sensitive information comprises name, gender, birth date, mobile phone number and identification card number, desensitizing the sensitive information by using a data generalization mode, and generating an identification code as identification;

s2-2, splitting the medical data into a plurality of bytes, extracting medical entity information and non-professional term expression, deleting other bytes, and performing professional term replacement on the non-professional term expression according to medical and medical data set standards issued by relevant departments to form new medical data;

and S2-3, extracting and evaluating the new medical data at different diseases and different time, wherein the evaluation result exceeds the evaluation threshold value, and the data is valid data.

In this embodiment, the content of the application form is set as cardiovascular disease, and the required items are set as name, gender, age, identification number, mobile phone number, medical record chief complaint, doctor diagnosis, treatment content and treatment result; the data acquisition module is used for calling related medical data according to the application form information;

after receiving the transmitted relevant medical data, desensitizing by using a desensitizing processing unit, and taking a reserved surname for the name, wherein the name is replaced by a star; the mobile phone number and the ID card number are reserved by four digits from head to tail, and the others are replaced by others;

for example, data "zhang san, man, age 42, 13626101404, 220333197808256666" desensitized to "zhang xi, man, age 42, 136 x 1404, 2203 x 6666";

standardizing the medical record data, for example, extracting information of abdominal distension and two days in medical record complaints, and generating new medical data of 'two days of abdominal distension'; and (3) evaluating and extracting after processing related medical data, setting an evaluation threshold value to be 99%, extracting ten thousand pieces of data for evaluation, obtaining an evaluation result of 99.7%, and judging that the data is valid when the evaluation threshold value is greater than the evaluation threshold value.

In the evaluation process, the evaluation average value of all data is selected to be compared with the evaluation threshold value, so that the standardization degree of the whole data can be reflected, and the error range can be controlled.

According to the above technical solution, in step S3, the auditing of the new medical data and the content of the application form includes the following steps:

s3-1, extracting the content feature vector in the new medical data, and recording as X ═ X₁，x₂，x₃，…，x_n}；

S3-2, extracting content feature vectors in the standard medical data according to the corresponding diseases and the content of the application form, and recording the content feature vectors as Y ═ Y₁，y₂，y₃，…，y_nAnd comparing similarity according to a formula:

wherein p is_iSimilarity of each feature vector and a corresponding standard feature vector is obtained;

s3-3, when there is any p_iIf the content of the medical data is larger than the threshold value, the content of the medical data is judged to be more than the content of the application form, record examination is carried out, and the medical data is reprocessed.

According to "technical solution for construction of regional health information platform based on health archives" (trial), the office of health department, 2009

Basic data set standards for health services related to health files (trial implementation), health department, 2009

Basic architecture and data standards (trial) of electronic medical record, Ministry of health, 2009

Basic architecture and data standards of electronic medical record (survey draft), office of Ministry of health, 2009

Book of national health data dictionary and metadata (trial), department of health, 2009

Ministry of public health service of the State, Ministry of health, 2013

Extracting standard characteristic vector, calculating similarity to obtain p_iThe threshold value is set to be 85%, and all results are larger than 85% after verification, so that the data is judged not to exceed the content of the application form and can be normally output;

in the auditing process, a cosine similarity method is utilized to process the similarity of each feature vector, so that the whole data is ensured to be consistent with the content of the application form, the medical data is prevented from being intentionally disclosed by someone, and the privacy of a patient is prevented from being exposed.

In step S4, after the processing and the auditing of the relevant medical data, the authorizing of the relevant medical data by the patient and the medical institution includes:

s4-10, the medical institution can normally contact the patient, and the patient agrees to authorization, invites the patient to arrive at the medical institution, and the patient performs authorization processing, and then the medical institution performs authorization processing;

s4-20, the medical institution can normally contact the patient, but the patient does not agree with the authorization, and the medical data is marked and discarded;

s4-30, the medical institution can not contact the patient or the patient is seriously ill or dead, the authorization can not be completed normally, the medical institution can call the admission authorization protocol, and authorization processing is carried out according to the protocol;

in the authorization process, authorization is performed by using an authorization device, and the specific steps include:

s4-100, when the medical institution carries out authorization processing, the patient or the authorized personnel of the medical institution faces the authorization equipment, and the arm swings above the equipment;

s4-200, in step S4-100, a sensor and a camera are arranged in the authorization equipment, and when the sensor senses the change of the air flow above the authorization equipment;

and S4-300, when the air flow change exceeds a set threshold value, the authorization equipment starts a camera, starts authorization processing, shoots a video which is authorized by the patient or the authorized personnel of the medical institution, stores the video, and sets the file name as the unique identification code of the corresponding data.

In the authorization process of the embodiment, the patient Zhang III waves above the equipment by using an arm, the sensor acquires that the air flow change exceeds the set threshold value, the camera is started, the authorization is started, and no other person participates in the video, so that the authorization is judged to be reliable;

in the authorization process, the camera is started by utilizing the flowing speed of the air, so that the situation that no other people interfere before the authorization equipment is ensured, the voluntary authorization of a patient is realized, the authorization time is recorded, the authorization of the patient is prevented from being maliciously replaced by someone, and the profit of the medical data sold is realized.

In step S5, the safety protection of the interior of the medical institution includes:

opening a firewall ACL strategy by a minimum principle, communicating nodes listed on a white list only by adopting a white list mechanism, and communicating through a specified port;

when all network communication calls the interface, the protection is carried out by the Web application protection system;

all hosts open iptables or edr for micro-isolation, audio is opened for full audit, and logs are sent to independent log audit equipment;

the highest authority of all the equipment and the host is managed by the fort machine, the three authorities are separated, and the safety is guaranteed back to back;

file external transmission is not allowed, full flow audit is conducted at an inlet and an outlet of a network, and whether data stolen by a malicious program and data externally transmitted by a malicious user exist or not is monitored by matching with user behavior analysis, namely, data security risk is conducted by manually bypassing a security policy;

the network security protection comprises network access port authentication and KMS key service;

the network access port authentication is positioned on an internet link and is executed by a data open platform; the medical institution, the requester institution and the individual user do not directly access, all communication between the medical institution and the requester institution and between the medical institution and the individual user must be checked and handed over through the data opening platform, and the data opening platform only receives access of the authenticated port;

the KMS key service comprises the following steps:

s10-1, when a requester mechanism needs data, asymmetric secret keys PK and SK are generated, a request is initiated to a digital security cooperation platform to take PK, and after service logic verification, the request is sent to a medical mechanism;

s10-2, after receiving the request, the medical institution initiates a request for the symmetric encryption KEY to the KMS, and the KMS issues a symmetric KEY KEY to the medical institution;

s10-3, the medical institution encrypts data through the symmetric KEY KEY, encrypts the KEY through the PK sent by the requesting party institution, and sends the KEY-encrypted data and the PK-encrypted KEY to the requesting party institution;

s10-4, after receiving the data, the requesting mechanism decrypts PK encrypted KEY through SK, and then decrypts the PK encrypted KEY to obtain original data;

s10-5, when tracing the data, the KEY symmetrically encrypted at that time can be called from the KMS, and the original data is obtained by decryption.

The working principle of the invention is as follows: the invention utilizes the data acquisition module to receive the medical data access request form of the requesting mechanism and call the relevant medical data; the data processing module is used for carrying out standardization and desensitization processing on the medical data, so that the privacy of a patient can be prevented from being stolen in the circulation process of the medical data, and the data can be accurately identified by each requester mechanism; the auditing module is used for auditing the contents and data of the application form, so that the condition that no redundant data is leaked is accurately ensured, the minimization principle is followed, and the protection degree of the data is improved; the authorization of the medical data is verified by using the verification module, the voluntary authorization and the real authorization of the patient are guaranteed, the image data is provided as a certificate, and the application qualification of the requesting organization is further verified; the security module is used for providing authentication of the network port and KMS key service, so that the medical institution, the requester institution and the individual user are ensured not to directly access, all communication must be accessed by the authenticated port, and data tracing can be performed.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.

Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A system for medical data streaming, comprising: the system comprises a data acquisition module, a data processing module, an auditing module, a checking module and a safety module;

the output end of the data acquisition module is electrically connected with the input end of the data processing module, the output end of the data processing module is electrically connected with the input end of the auditing module, the output end of the auditing module is electrically connected with the input end of the checking module, and the output end of the checking module is electrically connected with the input end of the safety module;

the data acquisition module is used for acquiring and calling the demand data; the data processing module is used for carrying out standardization and desensitization processing on data; the auditing module is used for verifying the range of the data content; the checking module is used for checking the data authorization and recording the checking process; the safety module is used for ensuring the safety of hardware and software in the medical institution and the safety of the Internet.

2. The system for medical data streaming according to claim 1, wherein: the data acquisition module comprises an access unit and an acquisition unit;

the output end of the access unit is electrically connected with the input end of the acquisition unit;

the access unit is used for receiving a medical data request access request form sent by a requesting party mechanism; the acquisition unit is used for accessing the content of the application form according to the medical data request to call the medical data.

3. The system for medical data streaming according to claim 1, wherein: the data processing module comprises a standardized processing unit and a desensitized processing unit;

the standardized processing unit is used for converting unstructured medical data written by doctors in medical institutions into standardized medical data; the desensitization processing unit is used for desensitizing sensitive information of the medical data.

4. The system for medical data streaming according to claim 1, wherein: the auditing module comprises a data auditing unit and an organization auditing unit;

the data auditing unit is used for invoking the medical data to request to access the content of the application form and auditing the standardized medical data output by the data processing module, ensuring consistency and following the minimum principle of medical data outflow; the mechanism auditing unit is used for auditing the requesting mechanism.

5. The system for medical data streaming according to claim 1, wherein: the checking module comprises a checking unit, an output unit and an information base;

the verification unit is used for verifying the requested medical data and confirming that the requested medical data passes the authorization of the patient and the medical institution; the output unit is used for outputting the verified medical data to the data open platform; the information base is used for storing the authorized videos.

6. A method of medical data streaming, characterized by: the method comprises the following steps:

s1, after the requesting side mechanism sends out a medical data request to access the application form, the medical mechanism calls the relevant medical data according to the content of the application form;

s2, classifying the relevant medical data in the step S1, identifying sensitive information and medical information, carrying out standardization and desensitization treatment, and identifying the screening number of the data as a unique identification code;

s3, auditing the data in the step S2 to ensure the data are consistent with the content of the application form, and simultaneously auditing a requesting organization to ensure the authenticity of the requesting organization;

s4, authorizing the relevant medical data by the patient and the medical institution, and outputting the authorized data to the data open platform after the authorization is successful;

and S5, performing safety protection on the internal part of the medical institution and the network safety, and ensuring the data transmission safety.

7. The method of claim 6, wherein the method further comprises: in steps S1-S2, the normalization and desensitization processing of the relevant medical data includes the steps of:

s2-1, extracting sensitive information, wherein the sensitive information comprises name, gender, birth date, mobile phone number and identification card number, desensitizing the sensitive information by using a data generalization mode, and generating an identification code as identification;

s2-2, splitting the medical data into a plurality of bytes, extracting medical entity information and non-professional term expression, deleting other bytes, and performing professional term replacement on the non-professional term expression according to medical and medical data set standards issued by relevant departments to form new medical data;

and S2-3, extracting and evaluating the new medical data at different diseases and different time, wherein the evaluation result exceeds the evaluation threshold value, and the data is valid data.

8. The method of claim 6, wherein the method further comprises: in step S3, the auditing the new medical data and the content of the application form includes the following steps:

s3-1, extracting the content feature vector in the new medical data, and recording as X ═ X₁，x₂，x₃，…，x_n}；

S3-2, extracting content feature vectors in the standard medical data according to the corresponding diseases and the content of the application form, and recording the content feature vectors as Y ═ Y₁，y₂，y₃，…，y_nAnd comparing similarity according to a formula:

wherein p is_iSimilarity of each feature vector and a corresponding standard feature vector is obtained;

s3-3, when there is any p_iIf the content is less than the threshold value, the content of the medical data is judged to be more than that of the application form, record examination is carried out, and the medical data is reprocessed.

9. The method of claim 6, wherein the method further comprises: in step S4, after the processing and the auditing of the relevant medical data, the authorizing of the relevant medical data by the patient and the medical institution includes:

s4-10, the medical institution can normally contact the patient, and the patient agrees to authorization, invites the patient to arrive at the medical institution, and the patient performs authorization processing, and then the medical institution performs authorization processing;

s4-20, the medical institution can normally contact the patient, but the patient does not agree with the authorization, and the medical data is marked and discarded;

s4-30, the medical institution can not contact the patient or the patient is seriously ill or dead, the authorization can not be completed normally, the medical institution can call the admission authorization protocol, and authorization processing is carried out according to the protocol;

in the authorization process, authorization is performed by using an authorization device, and the specific steps include:

s4-100, when the medical institution carries out authorization processing, the patient or the authorized personnel of the medical institution faces the authorization equipment, and the arm swings above the equipment;

s4-200, in step S4-100, a sensor and a camera are arranged in the authorization equipment, and when the sensor senses the change of the air flow above the authorization equipment;

and S4-300, when the air flow change exceeds a set threshold value, the authorization equipment starts a camera, starts authorization processing, shoots a video which is authorized by the patient or the authorized personnel of the medical institution, stores the video, and sets the file name as the unique identification code of the corresponding data.

10. The method of claim 6, wherein the method further comprises: in step S5, the safety protection of the interior of the medical institution includes:

opening a firewall ACL strategy by a minimum principle, communicating nodes listed on a white list only by adopting a white list mechanism, and communicating through a specified port;

when all network communication calls the interface, the protection is carried out by the Web application protection system;

all hosts open iptables or edr for micro-isolation, audio is opened for full audit, and logs are sent to independent log audit equipment;

the highest authority of all the equipment and the host is managed by the fort machine, the three authorities are separated, and the safety is guaranteed back to back;

file external transmission is not allowed, full flow audit is conducted at an inlet and an outlet of a network, and whether data stolen by a malicious program and data externally transmitted by a malicious user exist or not is monitored by matching with user behavior analysis, namely, data security risk is conducted by manually bypassing a security policy;

the network security protection comprises network access port authentication and KMS key service;

the network access port authentication is positioned on an internet link and is executed by a data open platform; the medical institution, the requester institution and the individual user do not directly access, all communication between the medical institution and the requester institution and between the medical institution and the individual user must be checked and handed over through the data opening platform, and the data opening platform only receives access of the authenticated port;

the KMS key service comprises the following steps:

s10-1, when a requester mechanism needs data, asymmetric secret keys PK and SK are generated, a request is initiated to a digital security cooperation platform to take PK, and after service logic verification, the request is sent to a medical mechanism;

s10-2, after receiving the request, the medical institution initiates a request for the symmetric encryption KEY to the KMS, and the KMS issues a symmetric KEY KEY to the medical institution;

s10-3, the medical institution encrypts data through the symmetric KEY KEY, encrypts the KEY through the PK sent by the requesting party institution, and sends the KEY-encrypted data and the PK-encrypted KEY to the requesting party institution;

s10-4, after receiving the data, the requesting mechanism decrypts PK encrypted KEY through SK, and then decrypts the PK encrypted KEY to obtain original data;

s10-5, when tracing the data, the KEY symmetrically encrypted at that time can be called from the KMS, and the original data is obtained by decryption.

Images