EP1738516A1 - Data transmission network with secret preservation - Google Patents

Data transmission network with secret preservation

Info

Publication number
EP1738516A1
EP1738516A1 EP04742498A EP04742498A EP1738516A1 EP 1738516 A1 EP1738516 A1 EP 1738516A1 EP 04742498 A EP04742498 A EP 04742498A EP 04742498 A EP04742498 A EP 04742498A EP 1738516 A1 EP1738516 A1 EP 1738516A1
Authority
EP
European Patent Office
Prior art keywords
file
data
tck
identification
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04742498A
Other languages
German (de)
French (fr)
Inventor
Daniel Makowski
Bernard Makowski
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP1738516A1 publication Critical patent/EP1738516A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • the present invention relates to data transmission networks and more particularly to those in which the data must be accessible in a differentiated manner according to the parties involved. It would be highly desirable to have a data transmission network available, in particular for the medical profession and health insurance establishments, in which the insured persons' medical data would be kept and kept permanently up to date so that they could be consulted by doctors and other health workers and, while maintaining medical confidentiality, by the manager,
  • the invention provides for this by a data transmission network which comprises a memory having an identification file with n sheets and a data file with n sheets, each sheet of the identification file being chained by an identification chaining code. data to a corresponding sheet in the data sheet file.
  • the n sheets correspond to the number n of patients who are treated by the network. It also includes m transmitter / receiver devices corresponding to the number of doctors using the network.
  • Each transmitter / receiver device is connected to the memory and has a reader of one of n smart cards, a means of writing among n codes and a means of checking the concordance of a x th written code and a x th smart card read, the control means sending, if there is a match, an authorization message to the identification file, which has means for then authorizing a write / read link between the x th ; sheet of the data file and the device that sent the authorization message.
  • each patient has their own smart card and code.
  • this memo also includes a biometric identification system.
  • the means of checking the concordance notes the concordance of the card and the code, it sends, preferably at the same time as an identification code specific to each transmitting / receiving device, an authorization message.
  • the identification file authorizes the doctor to consult the patient's file, i.e. the x th sheet of the data file, and the case appropriate to write new data there.
  • the network also includes a manager computer connected to the memory and having access to these two files, but not to the identification-data chaining code. The manager can thus manage the memory, establish statistics according to diseases, prescribed drugs and others, but he cannot attribute such medical act, or such disease, or any other data to a particular patient. Medical confidentiality is thus protected.
  • the memory has an archive file having m sheets, on which is recorded, for each device, the instants of start and end of connection between the device and the memory .
  • the manager has access to this file and this allows him to exercise a posteriori monitoring over the duration of the acts performed by the doctor holding the transmitting / receiving device.
  • a plurality of n reception terminals is provided, each terminal being connected to the authorization means of the authorization file and the latter, on receiving the y ee code authorizing only read the connection between the y th terminal and the y th layer of the data file.
  • Each patient can thus consult the sheet assigned to him • but without being able to modify it.
  • FIGS. 1 to 6 of the accompanying drawings illustrate a network according to the invention.
  • the network shown diagrammatically in the figures comprises a memory 1 having an identification file 2 with n sheets and a data file 3 with n sheets, each sheet of the identification file being chained by an identification chaining code given to a sheet Correspondent from data sheet file 3.
  • the memory further includes an archive file 4 and a write file 5.
  • the memory is accessed by a recognition system 6.
  • Each terminal is assigned to a patient, it being understood that certain patients may not have their own terminal and thus be unable to consult the memory.
  • Each TCK device is assigned to a doctor.
  • Each TCK device has a smart card reader L, a keyboard C making it possible to write a code and a control means M1 consisting of a memory which makes it possible to check the agreement of a code entered by the patient on the keyboard C and of the code appearing on the chip card that the patient has entered in the chip card reading L.
  • the two memories M1 and M2 send an ET P logic gate an authorization signal which is transmitted to the recognition system 6 by a line 8.
  • the recognition system 6 recognizes that the TCK in question is authorized to access the x th sheet of data file 3. It sends a signal corresponding to the identification file 2 which, by the given identification chaining code, and puts the TCK in question in communication link by a line 9 with the x th sheet of the data file 3. This communication via line 9 authorizes both a reading and a writing in the x th sheet of file 3.
  • Each TCK has a memory making it possible to store the data it receives so that it can then be read on a screen or directly on a screen and , in the same way, transmission means, both data in the form of alphanumeric characters and "images.
  • the instant of the start and end of the link between the TCK device and the identification file 2 or possibly the file 3 of data is recorded in the file 4 of filing and, at the same time also, the file 5 of writing records, classified according to the TCK devices, therefore in this case for the TCK device in question, the data which are entered in the data file 3 by the TCK device.
  • the manager computer G can be recognized by the recognition system 6 by sending a signal via a line 10 and this gives it access to all the files 2, 3, 4, 5 of the memory, but no to identification-data chaining code.
  • a terminal T is connected by a line 11 to the recognition system 6.
  • the latter by simple telephone call, but preferably after recognition of an identification code, authorizes the terminal T to read the sheet of the data file 3 allocated to it, and if necessary the sheet of the file 2 d identification assigned to him, but without being able to write on these sheets. His call is also recorded in file 4.
  • a computer A controller is connected to memory 1 by 12 in call and by 13 in response with the possibility of reading files 2 and 3 with their chaining but without the possibility of writing.
  • computer A cannot write medical data to file 3, but can write administrative data to it.
  • the specificity of this system resides in securing a simultaneous double entry in real time of the access codes without the possibility of falsification, all the information being stored indelibly.
  • the requester will always be identified through the matching of his telephone number and his identification number, the date, the time and the parameters consulted or entered, will be automatically recorded in the database. indelibly.
  • the insured is identified by his VITAL card or its equivalent and his personal call number. He must then indicate his secret code previously supplied by the manager / host.
  • the doctor or the medical or paramedical worker is recognized by his professional number.
  • the RSI thus recognizes the function of the IMP and allows it to access its reserved area.
  • the RSI data are accessible after this double identification carried out by means of a specific terminal called TCK.
  • the TCK is an autonomous unit composed of a user-friendly digital screen (internal memory) and alphanumeric keys allowing successive entry of identifications and codes.
  • the IMP After validation through the TCK. the IMP can open the patient file and, depending on their qualification, use the functionalities of the RSI.
  • the file architecture is simple.
  • the RSI database includes five groups of files.
  • the patient's coordinates and medical data files can only be connected after activation of a key generated by the addition of the Vitale card and the secret personal code.
  • the RSI is accessible at different levels by both the patient and the medical staff.
  • the patient is free to consult his file in the RSI without being able to modify the content.
  • the manager / host responsible for maintenance, non-medical updating of the system and statistical processing, accesses the area of his competence freely and remains under the control of an external authority.
  • Entries in the system are dated, stored and irreversibly identified.
  • the RSI file allows the compilation of statistics at all levels concerning health or demography.
  • This system integrates the writing of the medical prescription as well as its execution by a pharmacist and more generally any paramedical worker in his field of activity.
  • the workers are made up of patients (all resident in France), medical and paramedical workers and managers / hosts of the RSI base. Patient
  • Manager / host The manager is assigned a national telephone number.
  • the "patient contact details" file is disconnected from the other files in order to preserve medical confidentiality.
  • Pathologist He is the only one to intervene without the patient's agreement and at the "request of the prescriber whose contact details he must indicate in order to be able to validate his entry into the RSI. His field remains strictly limited to his specialty.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a data transmission network comprising a memory (1), with an identification file (2) and a data file (3), transceiver devices (TCK), connected to the memory and a management computer (6), connected to the memory (1), the arrangement being such that the devices (TCK) can perform read/write operations on a file sheet (3), after having provided a code and presented a chip card by means of a given identification chaining code, whilst the manager (G) does not have access to said chaining code.

Description

Réseau de transmission de données à préservation du secret Confidentiality data transmission network
La présente invention se rapporte aux réseaux de transmission de données et plus particulièrement à ceux dans lesquels les données doivent être accessibles de manière différentiée selon les intervenants. Il serait très souhaitable d'avoir un réseau de transmission de données disponible notamment pour le corps médical et les établissements d'assurance maladie, dans lequel les données médicales des assurés seraient conservées et tenues à jour en permanence en pouvant être consultées par les médecins et autres auxiliaires de santé et, tout en préservant le secret médical, par le gestionnaire,The present invention relates to data transmission networks and more particularly to those in which the data must be accessible in a differentiated manner according to the parties involved. It would be highly desirable to have a data transmission network available, in particular for the medical profession and health insurance establishments, in which the insured persons' medical data would be kept and kept permanently up to date so that they could be consulted by doctors and other health workers and, while maintaining medical confidentiality, by the manager,
L'invention y pourvoit par un réseau de transmission de données qui comprend une mémoire ayant un fichier d'identification à n feuillets et un fichier de données à n feuillets, chaque feuillet du fichier d'identification étant chaîné par un code de chaînage identification-données à un feuillet correspondant du fichier de feuillets de données. Les n feuillets correspondent au nombre n de patients qui sont traités par le réseau. Celui-ci comprend en outre m appareils émetteurs/récepteurs correspondant au nombre des médecins qui utilisent le réseau. Chaque appareil émetteur/récepteur est relié à la mémoire et a un lecteur d'une parmi n cartes à puces, un moyen d'écriture parmi n codes et un moyen de contrôle de la concordance d'un xeme code écrit et d'une xeme carte à puce lue, le moyen de contrôle envoyant, s'il y a concordance, un message d'autorisation au fichier d'identification, lequel a des moyens pour autoriser alors une liaison écriture/lecture entre le xe e ; feuillet du fichier de données et l'appareil ayant envoyé le message d'autorisation.The invention provides for this by a data transmission network which comprises a memory having an identification file with n sheets and a data file with n sheets, each sheet of the identification file being chained by an identification chaining code. data to a corresponding sheet in the data sheet file. The n sheets correspond to the number n of patients who are treated by the network. It also includes m transmitter / receiver devices corresponding to the number of doctors using the network. Each transmitter / receiver device is connected to the memory and has a reader of one of n smart cards, a means of writing among n codes and a means of checking the concordance of a x th written code and a x th smart card read, the control means sending, if there is a match, an authorization message to the identification file, which has means for then authorizing a write / read link between the x th ; sheet of the data file and the device that sent the authorization message.
Chaque patient a sa propre carte à puce et son propre code. Par carte à puce, on englobe dans le présent mémoire également un système d'identification biométrique. Lorsqu'il se présente chez l'un des médecins, il met sa carte à puce dans l'appareil émetteur/récepteur du médecin et écrit son code. Lorsque le moyen de contrôle de la concordance constate la concordance de la carte et du code, il envoie, de préférence en même temps qu'un code d'identification propre à chaque appareil émetteur/récepteur, un message d'autorisation. A réception de ce message, et le cas échéant, du code de l'appareil, le fichier d'identification autorise le médecin à consulter le dossier du patient, c'est-à-dire le xeme feuillet du fichier de données, et le cas échéant à y écrite des données nouvelles. Le réseau comprend aussi un ordinateur gestionnaire relié à la mémoire et ayant accès à ces deux fichiers, mais non au code de chaînage identification-données. Le gestionnaire peut ainsi gérer la mémoire, établir des statistiques suivant les maladies, les médicaments prescrits et autres, mais il ne peut pas attribuer tel acte médical, ou telle maladie, ou toute autre donnée à un patient particulier. Le secret médical est ainsi protégé.Each patient has their own smart card and code. By smart card, this memo also includes a biometric identification system. When he goes to one of the doctors, he puts his smart card in the doctor's transmitter / receiver and writes his code. When the means of checking the concordance notes the concordance of the card and the code, it sends, preferably at the same time as an identification code specific to each transmitting / receiving device, an authorization message. On receipt of this message, and if applicable, of the device code, the identification file authorizes the doctor to consult the patient's file, i.e. the x th sheet of the data file, and the case appropriate to write new data there. The network also includes a manager computer connected to the memory and having access to these two files, but not to the identification-data chaining code. The manager can thus manage the memory, establish statistics according to diseases, prescribed drugs and others, but he cannot attribute such medical act, or such disease, or any other data to a particular patient. Medical confidentiality is thus protected.
Suivant un mode de réalisation particulièrement utile pour obtenir une bonne gestion, la mémoire a un fichier d'archivage ayant m feuillets, sur lequel est enregistré, pour chaque appareil, les instants de début et de fin de liaison entre l'appareil et la mémoire. Le gestionnaire a accès à ce fichier et cela lui permet d'exercer une surveillance a posteriori sur la durée des actes effectués par le médecin titulaire de l'appareil émetteur/récepteur. Dans le même but, il est avantageux que la mémoire ait un fichier à m feuillets d'écriture sur lequel sont enregistrées, pour chaque appareil, les données qui sont entrées dans la mémoire par l'appareil. Le gestionnaire peut ainsi se rendre compte des actes prescrits par le médecin titulaire de l'appareil mais sans pouvoir les attribuer au patient.According to an embodiment particularly useful for obtaining good management, the memory has an archive file having m sheets, on which is recorded, for each device, the instants of start and end of connection between the device and the memory . The manager has access to this file and this allows him to exercise a posteriori monitoring over the duration of the acts performed by the doctor holding the transmitting / receiving device. For the same purpose, it is advantageous for the memory to have a file with m writing sheets on which are recorded, for each device, the data which are entered into the memory by the device. The manager can thus become aware of the acts prescribed by the doctor in charge of the device but without being able to attribute them to the patient.
Enfin, suivant un perfectionnement permettant aux malades de consulter le feuillet de données qui leur est propre, il est prévu une pluralité de n terminaux de réception, chaque terminal étant relié au moyen d'autorisation du fichier d'autorisation et celui-ci, sur réception du ye e code autorisant seulement en lecture la liaison entre le yeme terminal et le yeme feuillet du fichier de données. Chaque malade peut ainsi consulter le feuillet qui lui est attribué • mais sans pouvoir le modifier.Finally, according to an improvement allowing the patients to consult the data sheet which is specific to them, a plurality of n reception terminals is provided, each terminal being connected to the authorization means of the authorization file and the latter, on receiving the y ee code authorizing only read the connection between the y th terminal and the y th layer of the data file. Each patient can thus consult the sheet assigned to him • but without being able to modify it.
Les figures 1 à 6 des dessins annexés illustrent un réseau suivant l'invention.Figures 1 to 6 of the accompanying drawings illustrate a network according to the invention.
Le réseau schématisé aux figures comprend une mémoire 1 ayant un fichier 2 d'identification à n feuillets et un fichier 3 de données à n feuillets, chaque feuillet du fichier d'identification étant chaîné par un code de chaînage d'identification donné à un feuillet correspondant du fichier 3 de feuillet de données. La mémoire comprend en outre un fichier 4 d'archivage et un fichier 5 d'écriture.The network shown diagrammatically in the figures comprises a memory 1 having an identification file 2 with n sheets and a data file 3 with n sheets, each sheet of the identification file being chained by an identification chaining code given to a sheet Correspondent from data sheet file 3. The memory further includes an archive file 4 and a write file 5.
On accède à la mémoire par un système 6 de reconnaissance. A ce système de reconnaissance, sont reliés par des moyens de télécommunication un gestionnaire G, n terminaux T, un seul d'entre eux étant représenté au dessin et m appareils émetteurs/récepteurs TCK, un seul d'entre eux étant représenté au dessin. Chaque terminal est affecté à un patient, étant entendu que certains patients peuvent ne pas avoir leur propre terminal et ne pas être ainsi en mesure de consulter la mémoire. Chaque appareil TCK est affecté à un médecin. Chaque appareil TCK a un lecteur L de carte à puce, un clavier C permettant d'écrire un code et un moyen de contrôle M1 constitué d'une mémoire qui permet de contrôler la concordance d'un code frappé par le patient sur le clavier C et du code figurant sur la carte à puce que le patient a introduit dans le lecture L de carte à puce. Lorsque cette concordance est réalisée, et lorsque le médecin a frappé sur le clavier son propre code d'identification et que ce code a été contrôlé par les moyens de contrôle à l'aide d'une mémoire M2 de ce code, les deux mémoires M1 et M2 envoient à une porte logique ET P un signal d'autorisation qui est transmis au système de reconnaissance 6 par une ligne 8. A réception de ce signal, le système 6 de reconnaissance reconnaît que le TCK en question est autorisé à accéder au xeme feuillet du fichier 3 de données. Il envoie un signal correspondant au fichier 2 d'identification qui, par le code de chaînage identification donné, et met le TCK en question en liaison de communication par une ligne 9 avec le xeme feuillet du fichier 3 de données. Cette communication par la ligne 9 autorise tant une lecture qu'une écriture dans le xème feuillet du fichier 3. Chaque TCK a une mémoire permettant de mémoriser les données qu'il reçoit pour pouvoir les lire ensuite sur un écran ou directement un écran et, de la même façon, des moyens d'émission, tant de données se présentant sous la forme de caractères alphanumériques que " d'images.The memory is accessed by a recognition system 6. A manager G, n terminals T, one of them being connected to this recognition system, is telecommunication means. shown in the drawing and m TCK transceiver devices, only one of which is shown in the drawing. Each terminal is assigned to a patient, it being understood that certain patients may not have their own terminal and thus be unable to consult the memory. Each TCK device is assigned to a doctor. Each TCK device has a smart card reader L, a keyboard C making it possible to write a code and a control means M1 consisting of a memory which makes it possible to check the agreement of a code entered by the patient on the keyboard C and of the code appearing on the chip card that the patient has entered in the chip card reading L. When this concordance is achieved, and when the doctor has entered his own identification code on the keyboard and this code has been checked by the control means using a memory M2 of this code, the two memories M1 and M2 send an ET P logic gate an authorization signal which is transmitted to the recognition system 6 by a line 8. On receipt of this signal, the recognition system 6 recognizes that the TCK in question is authorized to access the x th sheet of data file 3. It sends a signal corresponding to the identification file 2 which, by the given identification chaining code, and puts the TCK in question in communication link by a line 9 with the x th sheet of the data file 3. This communication via line 9 authorizes both a reading and a writing in the x th sheet of file 3. Each TCK has a memory making it possible to store the data it receives so that it can then be read on a screen or directly on a screen and , in the same way, transmission means, both data in the form of alphanumeric characters and "images.
Dans le même temps, dès que la communication entre le TCK en question et le fichier 2 d'identification a été autorisée, l'instant du début et de fin de la liaison entre l'appareil TCK et le fichier 2 d'identification ou éventuellement le fichier 3 de données est enregistré dans le fichier 4 d'archivage et, dans le même temps aussi, le fichier 5 d'écriture enregistre, classé suivant les appareils TCK, donc en l'occurrence pour l'appareil TCK en question, les données qui sont entrées dans le fichier 3 de données par l'appareil TCK.At the same time, as soon as the communication between the TCK in question and the identification file 2 has been authorized, the instant of the start and end of the link between the TCK device and the identification file 2 or possibly the file 3 of data is recorded in the file 4 of filing and, at the same time also, the file 5 of writing records, classified according to the TCK devices, therefore in this case for the TCK device in question, the data which are entered in the data file 3 by the TCK device.
L'ordinateur gestionnaire G peut se faire reconnaître par le système 6 de reconnaissance par l'envoi d'un signal par une ligne 10 et celui- ci lui donne accès à tous les fichiers 2, 3, 4, 5 de la mémoire, mais non au code de chaînage d'identification-données.The manager computer G can be recognized by the recognition system 6 by sending a signal via a line 10 and this gives it access to all the files 2, 3, 4, 5 of the memory, but no to identification-data chaining code.
Enfin, un terminal T, est relié par une ligne 11 au système 6 de reconnaissance. Celui-ci, sur simple appel téléphonique, mais de préférence après reconnaissance d'un code d'identification, autorise le terminal T à lire le feuillet du fichier 3 de données qui lui est attribué, et le cas échéant le feuillet du fichier 2 d'identification qui lui est attribué, mais sans pouvoir écrire sur ces feuillets. Son appel est également enregistré dans le fichier 4.Finally, a terminal T, is connected by a line 11 to the recognition system 6. The latter, by simple telephone call, but preferably after recognition of an identification code, authorizes the terminal T to read the sheet of the data file 3 allocated to it, and if necessary the sheet of the file 2 d identification assigned to him, but without being able to write on these sheets. His call is also recorded in file 4.
Un ordinateur A contrôleur est relié à la mémoire 1 par 12 en appel et par 13 en réponse avec possibilité de lire les fichiers 2 et 3 avec leur chaînage mais sans possibilité d'écrire.A computer A controller is connected to memory 1 by 12 in call and by 13 in response with the possibility of reading files 2 and 3 with their chaining but without the possibility of writing.
Suivant une variante, l'ordinateur A ne peut pas écrire des données médicales dans le fichier 3, mais peut y écrire des données administratives.Alternatively, computer A cannot write medical data to file 3, but can write administrative data to it.
En résumé, la spécificité de ce système réside dans une sécurisation à double entrée simultanée en temps réel des codes d'accès sans possibilité de falsification, toutes les informations étant mémorisées de manière indélébile.In summary, the specificity of this system resides in securing a simultaneous double entry in real time of the access codes without the possibility of falsification, all the information being stored indelibly.
Quel que soit le moyen utilisé, le demandeur sera toujours identifié au travers de la concordance de son numéro de téléphone et son numéro d'identification , la date, l'heure et les paramètres consultés ou inscrits, seront automatiquement enregistrés dans la base de données de manière indélébile. •Whatever the means used, the requester will always be identified through the matching of his telephone number and his identification number, the date, the time and the parameters consulted or entered, will be automatically recorded in the database. indelibly. •
L'assuré est identifié au travers de sa carte VITALE ou de son équivalent et de son numéro personnel d'appel. Il doit ensuite indiquer son- code secret préalablement fourni par le gestionnaire/hébergeur.The insured is identified by his VITAL card or its equivalent and his personal call number. He must then indicate his secret code previously supplied by the manager / host.
Le médecin ou l'intervenant médical ou paramédical (IMP) est reconnu par son numéro professionnel. Le RSI reconnaît ainsi la fonction de l'IMP et lui permet d'accéder à son domaine réservé.The doctor or the medical or paramedical worker (IMP) is recognized by his professional number. The RSI thus recognizes the function of the IMP and allows it to access its reserved area.
Les données du RSI sont accessibles après cette double identification effectuée au moyen d'un terminal spécifique appelé TCK.The RSI data are accessible after this double identification carried out by means of a specific terminal called TCK.
Le TCK est un boîtier autonome composé d'un écran digital convivial ( mémoire interne) et de touches alphanumériques permettant une saisie successive des identifications et codes.The TCK is an autonomous unit composed of a user-friendly digital screen (internal memory) and alphanumeric keys allowing successive entry of identifications and codes.
Les différents cas de figure d'accès à la base se présentent de la manière suivante :The different access cases to the database are presented as follows:
1 - Patient seul ( figure 2 ) La consultation de son dossier personnel du RSI est effective à tout moment après introduction de son identification comprenant obligatoirement son code secret personnel. Aucune modification dans la base ne lui est permise. 2- Patient + IMP ( figure 3 )1 - Patient alone (figure 2) The consultation of his RSI personal file is effective at any time after entering his identification, which must include his personal secret code. No modification in the base is allowed. 2- Patient + IMP (figure 3)
Après validation par le biais du TCK. l'IMP peut ouvrir le dossier du patient, et, selon sa qualification utiliser les fonctionnalités du RSI.After validation through the TCK. the IMP can open the patient file and, depending on their qualification, use the functionalities of the RSI.
3- Patient incapables ( figure 4 )3- Incapable patient (figure 4)
En cas d'incapacité chronique ou accidentelle le code secret d'un patient identifié est remplacé par l'entrée dans le TCK du code de trois praticiens formant collège.In the event of chronic or accidental incapacity, the secret code of an identified patient is replaced by the entry in the TCK of the code of three practitioners forming a college.
4- Médecin conseil de l'assureur ( figure 5 )4- Insurer's medical adviser (Figure 5)
Il a la capacité de consulter le dossier de tout patient par l'intermédiaire d'un poste référencé et de son code personnel et d'écrire des données d'un premier type (administratif) mais non d'écrire des données d'un second type (médical).He has the capacity to consult the file of any patient via a referenced station and his personal code and to write data of a first type (administrative) but not to write data of a second type (medical).
5- Le Gestionnaire/hébergeur ( figure 6)5- The Manager / host (Figure 6)
Ne détenant pas le code de chaînage il accède soit au fichier des patients soit à celui des pathologies et des prescriptions DESCRIPTION DES FICHIERSNot holding the chaining code, it accesses either the patient file or that of the pathologies and prescriptions DESCRIPTION OF THE FILES
L'architecture des fichiers est simple. La base RSI comprend cinq groupes de fichiers.The file architecture is simple. The RSI database includes five groups of files.
Les fichiers coordonnées du patient et données médicales ne sont connectables qu'après activation d'une clef générée par l'adjonction de la- carte Vitale et du code personnel secret.The patient's coordinates and medical data files can only be connected after activation of a key generated by the addition of the Vitale card and the secret personal code.
1 Identification et coordonnées du patient1 Patient identification and contact details
2 Données Médicales2 Medical Data
- Antécédents médicaux significatifs et groupe sanguin- Significant medical history and blood group
- Allergies - Historique des événements médicaux comprenant toutes informations partitionées afin de permettre une connexion sélective : o médicaments prescrits, délivrés et administrés par intervenant paramédical. o Imageries médicales o Biologie médicale courante o Biologie médicale sécurisée o Compte rendu d'intervention o Compte rendu d'hospitalisation o Anatomopathologie o Dentaire - Zones libres- Allergies - History of medical events including all information partitioned in order to allow a selective connection: o drugs prescribed, dispensed and administered by paramedical worker. o Medical imaging o Current medical biology o Secure medical biology o Intervention report o Hospitalization report o Anatomopathology o Dental - Free areas
3 Suivi des connexions3 Connection monitoring
Les connexions sur le RSI font l'objet d'un enregistrement systématique comprenant notamment la date et les coordonnées de l'intervenant ainsi que du fichier consulté codé. - 4 Données externesConnections to the RSI are systematically recorded, including in particular the date and contact details of the contributor and the coded file consulted. - 4 External data
Médicaments Maladies ( Encyclopédie) Mannequin RSI 5 Praticiens et paramédicaux FONCTIONNEMENTMedicines Diseases (Encyclopedia) Manikin RSI 5 Practitioners and paramedics OPERATION
Le RSI est accessible à des niveaux différents aussi bien par le patient que par les intervenants médicaux.The RSI is accessible at different levels by both the patient and the medical staff.
L'intervention de l'intervenant est subordonné à l'accord du patient. En cas de force majeure, un collège de trois médecins est habilité à forcer l'accès au système.The intervention of the practitioner is subject to the patient's agreement. In the event of force majeure, a college of three doctors is empowered to force access to the system.
Le patient est libre d'accéder à la consultation de son dossier dans le RSI sans pouvoir en modifier le contenu.The patient is free to consult his file in the RSI without being able to modify the content.
Le gestionnaire/hébergeur, chargé de la maintenance , de la mise à jour non médicale du système et des traitements statistiques accède- au domaine de sa compétence librement et demeure sous le contrôle d'une autorité externe.The manager / host, responsible for maintenance, non-medical updating of the system and statistical processing, accesses the area of his competence freely and remains under the control of an external authority.
Les entrées dans le système sont datées, mémorisées et identifiées de manière irréversible.Entries in the system are dated, stored and irreversibly identified.
Le fichier RSI permet l'élaboration de statistiques à tous les niveaux intéressant la santé ou la démographie.The RSI file allows the compilation of statistics at all levels concerning health or demography.
Ce système intègre la rédaction de la prescription médicale ainsi que son exécution par un pharmacien et plus généralement tout intervenant paramédical dans son domaine d'activité.This system integrates the writing of the medical prescription as well as its execution by a pharmacist and more generally any paramedical worker in his field of activity.
Les intervenants sont constitués des patients (tous résident sur le territoire national), les intervenants médicaux et paramédicaux et les gestionnaire/hébergeurs de la base RSI. PatientThe workers are made up of patients (all resident in France), medical and paramedical workers and managers / hosts of the RSI base. Patient
Il accède au réseau à sa guise après reconnaissance de sa carte Vitale et d'un code secret qui lui est propre. Aucune modification dans la base ne lui est autorisée ; il ne fait que consulter. Intervenants Médicaux ( IMP)He can access the network as he pleases after recognition of his Vitale card and his own secret code. No modification to the database is authorized; he is only consulting. Medical Interveners (IMP)
Après identification par le patient (carte vitale+code) qui vaut autorisation, l'intervenant médical introduit son numéro d'identification professionnelle.After identification by the patient (vital card + code) which constitutes authorization, the medical worker enters his professional identification number.
N° d'identification professionnelle - MédecinsProfessional identification number - Doctors
- Pharmacien- Pharmacist
- Anatomopathologiste- Pathologist
- Chirurgien dentistes- Dentist surgeon
- Laboratoire - Paramédicaux (Kinésithérapeute, Infirmier, Orthoptiste, Opticien,- Laboratory - Paramedical (Physiotherapist, Nurse, Orthoptist, Optician,
Podologue, Orthophoniste, Opticien ) L'interface avec le système RSI est différent selon le consultantChiropodist, Speech therapist, Optician) The interface with the RSI system is different depending on the consultant
Gestionnaire/hébergeur Il est attribué au gestionnaire un numéro d'appel national Le fichier « coordonnées du patient » est déconnecté des autres fichiers de manière à préserver le secret médical.Manager / host The manager is assigned a national telephone number. The "patient contact details" file is disconnected from the other files in order to preserve medical confidentiality.
- Saisie et contrôle données techniques- Technical data entry and control
- Suivi des connexions- Connection monitoring
- Mise à jour des informations externes - Statistiques- Update of external information - Statistics
Le PatientThe patient
- Coordonnées personnelles- Personal details
- Chronologie des événements médicaux- Chronology of medical events
- Traitements en cours - Corrections en cours- Processing in progress - Corrections in progress
L'ASSUREUR Informations relatives au patient et à la chronologie des événements médicauxTHE INSURER Information relating to the patient and the chronology of medical events
Le Médecin - Coordonnées personnelles du patientThe Doctor - Personal details of the patient
- Antécédents médicaux significatifs et allergies - Chronologie des événements médicaux o médicaments prescrits, délivrés et/ou administrés par intervenant paramédical. o Imageries médicales o Anatomopathologie o Biologie médicale courante o Biologie médicale sécurisée o Compte rendu d'intervention et d'hospitalisation o Dentaire - Traitements en cours- Significant medical history and allergies - Chronology of medical events o drugs prescribed, dispensed and / or administered by paramedical worker. o Medical imaging o Anatomopathology o Current medical biology o Secure medical biology o Intervention and hospitalization report o Dental - Treatments in progress
- Corrections en cours et/ou prothèses- Corrections in progress and / or prostheses
- Mannequin RSI (Écorché humain sexué servant de guide d'accès à la pathologie)- RSI mannequin (Sexed human cutaway serving as a guide to pathology)
- CIN-10 lié à une encyclopédie médicale - VIDAL ou équivalent- CIN-10 linked to a medical encyclopedia - VIDAL or equivalent
- Nouvelle entrée- New entry
LaboratoireLaboratory
- Coordonnées personnelles du patient- Personal details of the patient
- Traitements en cours - Chronologie biologie médicale courante- Current treatments - Chronology of current medical biology
- Chronologie biologie médicale sécurisée ( double entrée du code)- Secure medical biology timeline (double entry of the code)
- Nouvelle entrée spécifique- New specific entry
Anatomopathologiste Il est le seul à intervenir sans l'accord du patient et à la " demande du prescripteur dont il doit indiquer les coordonnées afin de pouvoir valider son entrée dans le RSI. Son domaine reste strictement limité à sa spécialité.Pathologist He is the only one to intervene without the patient's agreement and at the "request of the prescriber whose contact details he must indicate in order to be able to validate his entry into the RSI. His field remains strictly limited to his specialty.
- Coordonnées personnelles du patient- Personal details of the patient
- Historique anatomopathologique - Compte rendu d'interventions chirurgicales- Histopathological history - Report of surgical interventions
- Nouvelle entrée spécifique- New specific entry
PharmacienPharmacist
- Coordonnées personnelles du patient- Personal details of the patient
- Allergies - Traitements en cours- Allergies - Treatments in progress
- Chronologie médicaments prescrits - Nouvelle entrée spécifique- Chronology of prescribed drugs - New specific entry
Chirurgien DentisteDentist
- Coordonnées personnelles du patient- Personal details of the patient
- Allergies - Mannequin RSI limité aux maxillaires- Allergies - RSI mannequin limited to the maxillae
- Chronologie dentaire- Dental chronology
- Nouvelle entrée spécifique- New specific entry
Paramédicauxparamedical
- Coordonnées personnelles du patient - Nouvelle entrée spécifique - Personal details of the patient - New specific entry

Claims

REVENDICATIONS 1. Réseau de transmission de données, qui comprend : .CLAIMS 1. Data transmission network, which includes:.
- une mémoire (1) ayant un fichier (2) d'identification à n feuillets et un fichier (3) de données à n feuillets, - m appareils (TCK) émetteurs/récepteurs reliés chacun à la mémoire, chaque appareil ayant un lecteur d'une parmi n cartes à puce, et un moyen (M-i) de contrôle de la concordance d'un xeme code et d'une xeme carte à puce lue, le moyen de contrôle envoyant, s'il y a concordance, un message d'autorisation au fichier (2) d'identification, lequel par des moyens (6) autorise alors une liaison de lecture entre le xeme feuillet du fichier (3) de données et l'appareil (TCK) ayant requis le message d'autorisation, caractérisé en ce que :- a memory (1) having an identification file (2) with n leaves and a data file (n) with n leaves, - m transmitting / receiving apparatuses (TCK) each connected to the memory, each apparatus having a reader one of n smart cards, and a means (Mi) for checking the concordance of an x th code and a x th smart card read, the control means sending, if there is a match, an authorization message to the identification file (2), which by means (6) then authorizes a read link between the x th sheet of the data file (3) and the device (TCK) having requested the message authorization, characterized in that:
- chaque feuillet du fichier d'identification est chaîné par un code de chaînage d'identification-données à un feuillet correspondant du fichier (3) de feuillets de données, - chaque appareil (TCK) a un moyen (C) d'écriture dans le fichier- each sheet of the identification file is chained by an identification-data chaining code to a corresponding sheet of the file (3) of data sheets, - each device (TCK) has a means (C) for writing to the file
(3), les moyens (6) autorisent une liaison aussi en écriture, et il est prévu,(3), the means (6) authorize a link also for writing, and provision is made,
- un ordinateur gestionnaire (G) relié à la mémoire (1) et ayant accès aux deux fichiers (2, 3) mais non aux codes de chaînage identification- donnée.- a management computer (G) connected to the memory (1) and having access to the two files (2, 3) but not to the identification-data chaining codes.
2. Réseau selon la revendication 1 , caractérisé en ce que chaque appareil (TCK) a son propre code d'identification et les moyens d'autorisation du fichier d'identification n'autorisent la liaison entre le xe e feuillet du fichier (3) de données et l'appareil (TCK) qu'après avoir reçu le code d'identification de l'appareil (TCK).2. Network according to claim 1, characterized in that each device (TCK) has its own identification code and the means for authorizing the identification file do not authorize the connection between the x th sheet of the file (3) device and device (TCK) only after receiving the device identification code (TCK).
3. Réseau selon la revendication 1 ou 2, caractérisé en ce que la mémoire a un fichier (4) d'archivage ayant m feuillets sur lequel est enregistré pour chaque appareil les instants de début et de fin des liaisons entre l'appareil (TCK) et la mémoire. 3. Network according to claim 1 or 2, characterized in that the memory has an archive file (4) having m sheets on which is recorded for each device the start and end times of the connections between the device (TCK ) and memory.
4. Réseau selon les revendications 1 à 3, caractérisé en ce qu'un fichier (5) d'écriture à m feuillets sur lequel sont enregistrées pour chaque appareil (TCK) les données qui sont entrées dans la mémoire par l'appareil (TCK). 4. Network according to claims 1 to 3, characterized in that a file (5) of m-sheet writing on which are recorded for each device (TCK) the data which are entered into the memory by the device (TCK ).
5. Réseau selon l'une des revendications 1 à 4, caractérisé par une pluralité de n terminaux (T) de réception, chaque terminal (T) étant relié aux moyens (6) d'autorisation du fichier d'autorisation et celui-ci, sur réception du yeme code, autorisant seulement en lecture la liaison entre le yeme terminal et le yeme feuillet du fichier (3) de données. 5. Network according to one of claims 1 to 4, characterized by a plurality of n reception terminals (T), each terminal (T) being connected to the means (6) for authorizing the authorization file and the latter , upon receipt of the y th code, authorizing only in reading the link between the y th terminal and the y th sheet of the data file (3).
6. Réseau selon l'une des revendications 1 à 5, caractérisé par un ordinateur (A) contrôleur relié en lecture à la mémoire (1) et ayant accès aux fichiers et aux codes de chaînage, mais non relié en écriture en tout ou partie.6. Network according to one of claims 1 to 5, characterized by a computer (A) controller connected in reading to memory (1) and having access to files and chaining codes, but not linked in writing in whole or in part .
7. Réseau selon la revendication 6, dans lequel les données du fichier (3) sont subdivisées en deux types, et l'ordinateur (A) contrôleur peut écrire dans le fichier (3) des données d'un premier type (administratif) mais non d'un second type (médical). 7. Network according to claim 6, in which the data of the file (3) is subdivided into two types, and the computer (A) controller can write in the file (3) data of a first type (administrative) but not of a second type (medical).
EP04742498A 2004-04-14 2004-04-14 Data transmission network with secret preservation Withdrawn EP1738516A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/FR2004/000915 WO2005112339A1 (en) 2004-04-14 2004-04-14 Data transmission network with secret preservation

Publications (1)

Publication Number Publication Date
EP1738516A1 true EP1738516A1 (en) 2007-01-03

Family

ID=34958056

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04742498A Withdrawn EP1738516A1 (en) 2004-04-14 2004-04-14 Data transmission network with secret preservation

Country Status (2)

Country Link
EP (1) EP1738516A1 (en)
WO (1) WO2005112339A1 (en)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5995965A (en) * 1996-11-18 1999-11-30 Humetrix, Inc. System and method for remotely accessing user data records
CZ2005209A3 (en) * 2002-09-10 2005-12-14 Ivi Smart Technologies, Inc. Safe biometric verification of identity

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2005112339A1 *

Also Published As

Publication number Publication date
WO2005112339A1 (en) 2005-11-24

Similar Documents

Publication Publication Date Title
US20180261307A1 (en) Secure monitoring of private encounters
US10169607B1 (en) Individual centric personal data management process and method
US7668734B2 (en) Internet medical information system (IMED)
RU2558617C2 (en) Secured personal data handling and management system
US9280685B2 (en) System and method for portable medical records
CN107169306A (en) Electronics or biological identification technology obtain the system and exchange method of medical information
US20130218599A1 (en) Dual-access security system for medical records
EP1544768A1 (en) Medical information management system
US6973449B2 (en) System, method of portable USB key interfaced to computer system for facilitating the recovery and/or identification of a missing person having person's unique identification, biological information
US20080126135A1 (en) Paperless medication prescription system
US20120209624A1 (en) Encrypted portable electronic medical record system
US20050076158A1 (en) Medical data providing system and medical data providing method
US20090319789A1 (en) Encrypted portable medical history system
JP2001325372A (en) System, method, and program for sharing health care data
CN109448811A (en) Checking prescription improved method, device, electronic equipment and storage medium
JP2003091456A (en) Personal electronic health file system protected by data destruction or illegal reading preventing countermeasures
US20110313928A1 (en) Method and system for health information exchange between sources of health information and personal health record systems
US11837341B1 (en) Secured messaging service with customized near real-time data integration
CN112133393A (en) Medical service system
US20130253955A1 (en) Network and method for data input, storage and retrieval
FR2730330A1 (en) Universal interactive computer system with multi-service smart card
US20130103727A1 (en) Accessible Information System
EP1738516A1 (en) Data transmission network with secret preservation
FR2731815A1 (en) Single data storage for medical data on patients
FR2850812A1 (en) Data transmission network for e.g. medical insurance establishment, has administrative computer that is connected to memory and accessed to identification and data files but not to data identification link code

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20061114

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20091109

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20121101