EP2754104A2 - Procede d'acces et de partage d'un dossier medical - Google Patents
Procede d'acces et de partage d'un dossier medicalInfo
- Publication number
- EP2754104A2 EP2754104A2 EP12778946.9A EP12778946A EP2754104A2 EP 2754104 A2 EP2754104 A2 EP 2754104A2 EP 12778946 A EP12778946 A EP 12778946A EP 2754104 A2 EP2754104 A2 EP 2754104A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- patient
- server
- file
- medical
- anonymous
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H10/00—ICT specially adapted for the handling or processing of patient-related medical or healthcare data
- G16H10/60—ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H10/00—ICT specially adapted for the handling or processing of patient-related medical or healthcare data
- G16H10/60—ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
- G16H10/65—ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records stored on portable record carriers, e.g. on smartcards, RFID tags or CD
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
Definitions
- the present invention relates to information systems, and in particular to a method for accessing and sharing a medical computer file.
- Patent Application No. 08368018.1 of September 19, 2008 Publication EP2166484
- Publication EP2166484 entitled "Method of Access to Personal Data, Such as a Personalized Medical Record, from a Local Generation Agent” and whose Applicants The present application is at the origin, describes a first technique to dematerialize the medical file of a patient coming to consult a group of therapists. For this purpose, specific procedures are implemented to ensure anonymous storage on a so-called DMA (Anonymous Medical File) server, which storage serves, during a consultation of the patient with a practitioner, to build, within the cabinet of the practitioner, an instance of the Nominative Medical Record - or personalized - of the patient, while preserving the confidential nature of the highly sensitive information contained in this medical file.
- DMA onymous Medical File
- the present invention aims to respond to this problem by providing therapeutic practitioners and their patients, a medical record perfectly portable that can be accessed anywhere in optimal security conditions.
- the invention makes it possible to safely offer a panoply of new services to the liberal professionals and their patients.
- this is not the least of the problems, it is important to increase the readability of the patient's reading of the medical file and to provide the community with new statistical collection tools in order to strengthen the patient's health. impact of Public Health policies.
- the present invention aims to provide liberal professionals with a new tool to pave the way for new services for their customers, while preserving the confidential nature of their relationship with this same clientele.
- Another object of the present invention is to provide liberal professionals with a new tool making it possible to increase the comfort of the exercise of their profession, to increase the impact of their consultation with their patients by allowing them to to extend the consultation, which has its source in the secret of their practice, and which is extended at a distance, through personalized resources accessible remotely, carefully selected by the professional to the attention of his client.
- the present invention aims to provide the liberal professions and professional bodies with statistical monitoring tools to monitor real-time consultations.
- It is a fourth object of the present invention to provide the medical professions with a modern tool for constituting a computer solution for sharing medical, paramedical and social information respecting the confidentiality of nominative information.
- the present invention aims to provide liberal professionals with a new tool to pave the way for a new mode of consultation, including distance, for their patient, while preserving the confidential nature of their relationship with this same clientele and by coming to enrich a personalized medical file.
- Another object of the present invention is to provide liberal professionals with a new tool making it possible to systematize the constitution of a personalized medical file, containing nominative or non-personal data, and enabling the patient to benefit from the advantages of such a searchable file. everywhere and can be widely portable between different practitioners.
- the invention solves these problems by means of a method of accessing and sharing a personalized computer file managed by a service provider for the benefit of a client, said file comprising data of a technical nature, including data medical data, and highly confidential personal data within an architecture that includes:
- DMA a first server comprising anonymous information excluding any personal information in relation to said anonymous identifier (IDA);
- At least one second server comprising attachments contained in said personalized folder and general and personalized resources indexed via said anonymous identifier (IDA);
- a first system for the service provider and allowing access to the first and second server audits said first system comprising in its memory a DMN agent for generating a personalized computer file and at least one encryption / decryption file comprising an encryption key and a link mapping table (PLT) between a patient's nominative data and an anonymous identifier (IDA),
- PKT link mapping table
- a second system 1000 for the patient and allowing access to the first and second systems; the process comprising the following steps:
- the method further comprises the following steps:
- connection identifier from the encryption key (s) and the IDA identifier to an administrator server and / or audits of the first and at least second servers;
- the first and second systems are a computer, a laptop, a communicating tablet, a portable terminal (smartphone) or a telephone.
- the transmission to the second system of the connection identifier, the encryption key or keys and the identifier IDA are carried out via an external storage medium, such as a biometric USB key, or via a wireless communication link between two communicating devices or by electronic mail.
- an external storage medium such as a biometric USB key
- the method comprises, after the generation of the connection identifier and the encryption keys of said second system, the creation of a certificate / certificate to confirm the creation of access to said second system.
- the exchanges between said first system (or second system) and said first and at least second servers (300, 500, 700-800) are encrypted using public / private encryption keys of the first system. (or second system).
- the method is applied to the sharing of an anonymous medical file stored on the first server, to which the second system assigned to the client / patient can access by benefiting from generic and personalized resources prepared by a therapist.
- the method further comprises a statistical data collection and information server for monitoring the accesses to said first server as well as the downloading of said generic and personal resources for the purpose of producing statistical information, in particular on diagnostics, processing and the use of generic and custom resources.
- the invention also provides a method for accessing and sharing a personalized medical file managed by a service provider for the benefit of a patient, said file comprising medical data and nominative data highly confidential, within a architecture comprising:
- the support may be a smart card, a key
- USB even see a mobile terminal such as a smartphone (smartphone in the English literature).
- the practitioner's verification includes a test on the professional health card (CPS) presented by the latter.
- CPS professional health card
- the anonymous medical data transmitted by said server causes the display of the anonymous medical file in relation to separate interfaces for medical professionals and the patient himself, the interfaces having different access rights.
- access to the DMA from the patient's home includes a password test to ascertain the identity of the patient and allow him, in good conscience, to extend the access rights for the patient. a practitioner already intervened on his file.
- the patient has his own interface (PATIENT) comprising access to general and personal resources specifically created by the practitioners who worked on his file. More specifically, the PATIENT interface comprises a search engine exploiting the data of the Medical File Anonymous stored on said server.
- PATIENT his own interface
- the PATIENT interface comprises a search engine exploiting the data of the Medical File Anonymous stored on said server.
- the method of access to the anonymous medical file includes a location test to determine whether the territory on which the patient consults is an exposed or secure territory, the updating data of the DMA being exclusively stored on the patient card in the case of an exposed territory. More specifically, a synchronization phase can be implemented as soon as the patient returns to a presumed secure territory in order to update the medical data of the DMA.
- the IP address used to access the file is tested, or, alternatively, the method uses a geolocation using a GPS receiver (Global Positioning System).
- GPS receiver Global Positioning System
- the invention provides a method of updating medical data between a first origin server and a second server located in different countries, so as to avoid cross-border transmission.
- the method comprises the steps:
- the external support comprising an external support identifier (ID card) and a country of origin identifier as well as means for identification and encryption / decryption corresponding to the patient;
- ID card external support identifier
- country of origin identifier means for identification and encryption / decryption corresponding to the patient
- the external support is a mobile phone, a laptop, a touch pad or a USB key with its own processing means.
- the medical data is anonymous medical data.
- the invention also allows the realization of a method of access and sharing to a computer medical file stored on a server and accessible from a first system associated with an external medium comprising a first means of identifying a patient, and that means encryption / decryption for communication with the server.
- the method comprises the steps:
- the external medium comprises executable code on said first system for executing a viewer of X-ray images stored on a medium present in the first system.
- the executable code allows in particular the taking of control of the first system by the second system in order to make a selection of one or more images extracted from the radiological support, the conversion of these images into digital files which can then be directly integrated within the shared medical record and simultaneously accessed via both systems.
- FIG. 1 illustrates a first embodiment of a general architecture for carrying out the method of the invention.
- FIG. 2 illustrates a second embodiment of an architecture that can be used to implement the method according to the invention.
- FIG. 3 illustrates an embodiment of a method for creating and registering a generic resource within servers 700 and 800 of FIGS. 1 and 2, respectively.
- FIG. 4 illustrates one embodiment of the method of consulting and accessing the Nominative Medical File from the practitioner's computer.
- Figure 5 illustrates one embodiment of creating the patient's login credentials for the DMA online consultation.
- FIG. 6 illustrates one embodiment of the on-line access method to the DMA from the connection identifier created by the practitioner.
- FIG. 7 illustrates an embodiment of a method of updating the PLT table in the event of a succession of therapists not belonging to the same professional group.
- FIG. 8 illustrates an embodiment of a diagnostic aid assistant used during step 408 of updating the Nominal Medical File.
- Figure 9 illustrates the consultation of a practitioner n ° 3 in a secure environment (CPS) (1st visit)
- CPS secure environment
- Figure 10 illustrates a method implemented allowing access to practitioner No. 3 after the first visit.
- FIG. 1a is an embodiment of a method implemented when the patient comes to consult a practitioner No. 4 located in a country exposed to a risk of fraud
- FIG. 1b is an embodiment of a method of synchronizing the PATIENT card with the servers 200-500 when its holder returns to the secure zone.
- Figure 12 illustrates an embodiment of a patient card in the form of a smart card with a USB connector.
- Figure 13 illustrates the situation of cross-border medical data exchange.
- FIG. 14 illustrates an embodiment of a method for updating a medical file in the server 300 -B.
- Fig. 15 illustrates the block diagram of a remote consultation according to an embodiment of the present invention.
- Fig. 16 illustrates an embodiment of a method according to the present invention. Description of the embodiments
- the invention can be used regardless of the mode of exercise of the professionals considered.
- Employees of complex organizations (clinics, professional associations, etc.) will be able to use the tools and processes described below in the performance of their duties.
- FIG. 1 a plurality of practitioners, practicing individually or, as described in the aforementioned patent application, within the same group of professionals and having any computer system is considered. .
- the figure shows a set of n computers 1-1 to 1-n (it is assumed that the group considered comprises n systems), each equipped with a processor 6, storage means including a RAM 7 in which is loaded an operating system 11 (such as WINDOWS (registered trademark) or LINUX for example), an application software 12, a user interface module 13 and DMN agent 14 for carrying out the procedures described hereinafter.
- an operating system 11 such as WINDOWS (registered trademark) or LINUX for example
- an application software 12 a user interface module 13
- DMN agent 14 for carrying out the procedures described hereinafter.
- the system 1-1 is furthermore equipped with conventional input / output means enabling the connection to a screen 2, a keyboard 3, a pointing device such as a mouse 4, as well as specific ports for connecting the peripherals.
- suitable for example a serial device type USB (Universal Serial Bus) or IEEE1394 (firewire) ...
- USB key 20 which may, in one embodiment, include a file 21 storing a PLT table and encryption / decryption keys 22 described below.
- Each system 1-1 to 1-n also has means of communication, in particular with the Internet network 100 so as to be able to access, for example via the http protocol ⁇ Hyper Text Transfer Protocol) or any equivalent protocol, to external servers, and in particular to an Administrator server 200, a so-called DMA server 300 for storing anonymous medical data, a TSB server 400 for storing temporary personal data, a GED 500 server for Document Management, a server 600 for the collection and analysis of statistical data and a server RG & P 700 for storing Generic and Custom Resources that will be made available to patients.
- the servers 200 and 600 may also communicate with the DMA server 300 by means of TCP / IP type communications according to a client-server communication architecture well known to a person skilled in the art that he is not no need to develop more.
- the patient also has a computer 1000, such as a laptop but more generally any information processing device, with means of communication such as a telephone, a pocket terminal ("smartphone” according to the Anglo-Saxon literature), a PDA (Personal Document Assistant), a communicating graphics tablet, etc., allowing the patient to access, in complete confidentiality through the procedures that will be described below, to his own personalized medical record.
- the computer 1000 may be equipped with the same devices as those present in the practice of the practitioner, including a USB port, an external storage disk, or even a smart card reader 30 for reading a personal health card (for example, the so-called VITAL card in France).
- the USB port of the computer 1000 is used to connect a PATIENT card comprising means for identifying, encrypting and storing an executable program for carrying out the procedures described herein. -after.
- FIG. 1 illustrates a first embodiment comprising two separate servers, respectively 500 and 700 for the storage of the electronic documents specific to the patients' medical files (GED server 500) and the storage of the Generic and Custom Resources (RG & P 700 server) of which the Access will be allowed later to these same patients following the procedures below.
- GED server 500 the storage of the electronic documents specific to the patients' medical files
- RG & P 700 server the storage of the Generic and Custom Resources
- FIG. 2 illustrates the case of a single practitioner (only one 1-1 computer being illustrated) practicing alone in the secrecy of his office, the others numerical references unchanged with respect to FIG. 1, referring to the same elements.
- This DMN agent can take many forms. It may be a signed executable code stored in an external memory, a program stored directly on the computer 1-1 of the practitioner, or even a Java Applet type program executed within a software program browser like "Internet Explorer" from US publisher MICROSOFT Corp. (trademark). In addition to the previously recalled procedures, the DMN Agent will be designed to further integrate the new features that will be described below. b) General Definitions
- Nominal Medical Data this is referred to as the patient's complete file, comprising as well administrative and especially nominative information (name, age, sex, particularities, address, phone ...) as medical information (pathologies, diagnostics, treatments, etc.).
- nominative information name, age, sex, particularities, address, phone ...) as medical information (pathologies, diagnostics, treatments, etc.).
- DMN the Nominal Medical File namely the structure of data specifically created at a given moment and integrating the nominative medical data.
- the DMN data is never stored on the servers 200-800. In the context of the aforementioned patent application, these data are generated, only at the request of the practitioner, directly locally on his system 1-1 by means of the storage device 20.
- Medical Data Anonymous (DMA - 300). This category covers only medical information, excluding any personal information, such as name, address, telephone number, etc.
- this term DMA will also be understood as denoting the Medical Anonymous File, namely the data structure comprising the information of the same name.
- This DMA file containing the anonymous medical data, less sensitive than the complete DMN data, is stored on the DMA server 300 indexed by a non-nominative identifier, designated by IDA. It should be noted that the information stored on the server 300 in particular is of great use for the public authorities and organizations representing the professionals concerned because it provides statistical data of great interest for the implementation of a policy. of Public Health.
- the downloads of the information stored on the DMA servers 300 are protected by encryption keys known only to the practitioners / patients of in order to preserve the confidentiality of the exchanges between the servers and the practitioners (but also, as will be seen later, the patients).
- Temporary Storage Base (TSB - 400). This database contains information enabling management of the updates of the storage devices used within the professional group considered, as is more specifically described in the aforementioned patent application.
- Document Storage Base (GED - 500): This database contains files corresponding to various electronic documents, such as PDF documents or JPG images specific to the patient's medical file.
- Link Table This table serves as a pivot for the exchanges between the different servers as will appear below. Indeed, is found in this table, and only in it, the correspondence of the nominative information with the IDA index used in particular by the DMA server 300.
- the architecture may furthermore comprise a server 600 serving to collect the anonymous data stored in the DNM server 300 and the requests exchanged between it and the other servers in order to constitute a database, perfectly anonymous. but which can be used for statistical analysis purposes for the implementation of public health policies.
- Customized Generic and Individual Resources Database (RG & P 700) This database is used to store Generic and Custom Resources that can be created by therapists but also professional therapeutic organizations, and constitute a reservoir of electronic documents and multimedia files (audio -video-text) specially made available for the benefit of the patient according to the procedures that will be described below, and in particular a so-called PATIENT interface specifically dedicated to the DMA holder when he accesses the DMA from his home.
- This base 700 or 800 is intended to allow the storage of two types of resources:
- the first type of resources are generic resources that can be used multiple times, for a large number of patients, and that can serve as model resources to extend multiple consultations given by practitioners.
- such resources can be gathered in clinics, in which many professionals and therapists practice and who can find great interest to come to draw on this reservoir of generic resources.
- these resources may come from specialized training institutions and institutions and even from Universities and Faculties of Medicine.
- the invention therefore aims to develop a huge pool of professional resources, carefully selected and designed to provide patients with additional information with high added value.
- the second type of resources consists of personalized or individual resources, generated as needed, during a given consultation, and allowing the practitioner to add to the generic resources that he plans to offer to his patient in order to extend the consultation that takes place in his office.
- PATIENT CARD The aim is under this name an external support intended to be retained by the patient.
- the PATIENT card is an individual card issued by the Network Administrator to the patient who requests it, or optionally delivered to the Patient during a first consultation with a Therapist regularly registered with the Administrator of the network.
- This patient card consists of a hardware support on which is stored an executable program for the implementation of the functionalities described below, the memory, and the identification and encryption elements (private / public keys) required for the application. access to the servers described previously.
- PATIENT Access to the programs and data stored on the card can be performed by means of a card reader 30 as illustrated in FIGS. 1 and 2.
- a card reader 30 as illustrated in FIGS. 1 and 2.
- PATIENT is a smart card 90 (called SMARTCARD), having a form factor ID-1 format of dimension 85.60 x 53.98 mm, and having a chip 93 incorporated according to IS07816 standardization incorporating secure identification data.
- the PATIENT card comprises a USB port 92 for serial communication with the computer 1000, and storage means 95 for storing an executable code for implementing the functionalities described below, and in particular secure access to the various servers 300-400 and 500 of the architecture of Figure 1.
- the PATIENT card includes a viewer of medical imaging files for the selection of specific images and their conversion into portable files JPG type for example, and a functional code for remote control, under certain conditions, the patient's computer.
- the active electronic circuits of the card 90 may be disposed within a surface 94 incorporating the various electronic components, including the chip 93 embedded in the material constituting the card.
- a cap 91 located at an angle of the card 90 covers the USB port when it is not used.
- the PATIENT card may take the form of any electronic device, comprising the above identification elements, communications means and an executable code.
- the PATIENT card may take the form of any electronic device, comprising the above identification elements, communications means and an executable code.
- the present invention allows the portability of the component data.
- the DMA anonymous medical file, or its DMN version in order to allow access not only to the patient, to his referring generalist, but also to a whole series of specialists, therapists and practitioners paramedics and even, to a certain extent, to non-therapist professionals such as certain "coaches" of high level athletes for whom there is great interest in introducing physical preparation and training into the DMA. All this information is naturally intended to be collected within the Medical File, so as to allow the dematerialization and to make it accessible, everywhere, for the greatest interest of its holder.
- each participant who is likely to access the DMA has a dedicated interface, allowing access to certain layers or layers of the file, to certain categories of information to the exclusion of others depending on the profile of the speaker.
- a first interface called EMERGENCY allows access to a first level of DMA data corresponding to critical data that can be used in case of accident, especially when the patient is in a state of unconsciousness.
- the nature of the blood group, indications for allergies etc. clearly belong to this first level of data and will be accessible from the PATIENT card, even if the unconscious patient is not able to enter his word of pass for the use of the card.
- the data of the EMERGENCY interface may even be saved on the card or the PATIENT USB key (in particular in the storage area 95) delivered by the network administrator 200 to the user. holder of the DMA.
- a second interface PRACTITIONER is the one specifically reserved for practitioners to whom comes to consult the patient. This interface more broadly allows access to anonymous medical data in relation to the field of expertise of the given practitioner while allowing management of access rights.
- the MEDECIN interface may be more particularly adapted depending on the quality of the practitioner (GENERALIST, SPECIALIST), his field of specialty, or even the nature (usual / occasional) of the patient's consultation. .
- An interface specific to a given specialty will, in particular, display on the computer of the specialist tools likely to come generate general and individual resources specific to the given specialty, as will be illustrated in Figures 3 and 4.
- the MEDECIN interface is associated with a number of access rights governing access to different data layers, within the DMA data stored on the servers.
- the patient can modify during his life, and by using his own interface PATIENT (which will be described later) the scope of the rights granted to the various practitioners managing his health.
- a third interface known as PARAMEDICAL makes it possible to make certain layers of the Anonymous Medical Record accessible to paramedical professions, in the respect of the professional secrecy.
- a fourth interface called NON MEDICAL makes it possible to make certain layers of the Medical Anonymous file accessible to certain professionals not belonging specifically to the medical community, in particular sports coaches and certain service providers (nutritionists, etc.) having to intervene on the DMA. , especially when the patient is a top athlete. Obviously, access, if necessary, to certain DMA data is done only in the strict respect of the professional secrecy and, in particular, with the agreement of the patient.
- a fifth interface is the PATIENT interface which is reserved specifically for the user, the holder of the anonymous medical file.
- This interface is particularly important because it has a function to fulfill two distinct roles:
- the invention ensures a better readability of this information and data generated during the various consultations, analyzes, observations, diagnostic and treatment elements etc. that the patient is likely to have to know.
- the PATIENT interface is endowed with a search engine specific to the medical field, like the search engines existing in the commercial environment (the GOOGLE engine by example well known on the Internet), to bring to the patient a source of additional information.
- the patient can enter keywords into the search engine of the PATIENT interface in order to initiate a search to identify resources available on the Internet (accessible via the Uniform Resources Locators link or URL) that can to provide him with additional information to understand his pathologies and useful to manage the treatment.
- the search engine available within the PATIENT interface has access to non-nominal DMA data to guide a contextual search that will only be more relevant with respect to observations, diagnostic elements , the specific treatment of the DMA holder.
- This direct link between the search engine of the PATIENT interface and the coded data present in the DMA will make the searches significantly more relevant and, therefore, more useful to the patient. Thanks to the invention, and particularly fine classifications (especially those based on the international classification ICD-10) used within the DMA, the search engine can perform a high quality complementary search in order to complete the information. "brute" present in his anonymous medical file, and resulting observations, analyzes and diagnostic elements generated by the chain of practitioners and therapeutics that may have intervened on the file.
- search engine can also, like any conventional search engine, take advantage of the history of requests submitted by the patient or links already consulted by him to refine a search and provide complementary information ever richer and relevant .
- the invention makes it possible, by the quality of the information that is made available to it, to more effectively manage the pathologies of which it suffers, the knowledge and the follow-up of these last ones, and more simply the fact of " to live "with his illnesses.
- the PATIENT interface makes it possible to make available to the holder of the DMA, as will be seen in connection with the description of FIGS. a major interest for him since it will be general and personal resources (stored in the server RG & P 700 of Figure 1) specifically selected and / or generated by his own therapists.
- the invention allows the development of a medical file rich in multiple information collected by or for a patient during its existence, perfectly anonymous since it does not include any personal data concerning it, while offering great portability for both the patient and the therapies that will be involved and work on the file.
- the anonymous medical record naturally has the vocation of serving the usual general practitioner (commonly referred to by the referring physician) whom the patient comes to consult in the first place for any affection concerning him.
- the therapist has, according to one aspect of the invention, a dedicated interface with access rights, and including specific tools that can allow selection / creation generic and / or personalized resources for the patient.
- FIG. 3 illustrates a method for creating and storing a generic resource created either by a given practitioner or directly within the administrator server 200 for storage in the library of generic or model resources (within the servers 700 or 800).
- the method starts with a step 301.
- the administrator or, as the case may be, the practitioner introduces his identifier (logiri), which is the subject of a test. If the test fails, the process ends with step 309. On the contrary, if the test of the identifier (logiri) proves positive, then the process continues with a step 303 which is the download of a list of pathologies and / or parts of the body (localizations). For this purpose, any appropriate classification of pathologies and / or localization according to a tree structure may be used.
- the method performs the creation of the Generic Resource, by generating a file, generally comprising a multimedia document (audio / video) detailed associated with the pathology and / or location.
- a multimedia document audio / video
- any speech file - generated from the practitioner's computer system - or any video file created from the combination of the microphone integrated with the computer and a camera connected to the computer can be considered. system, and specifically the webcam, following an Anglo-Saxon terminology.
- the method continues with a step 306 which is the possible compression (by any compression algorithm such as the well-known MPEG-1, MPEG-2 or MPEG-4 algorithms developed by the Movie Picture Expert Group) and the encryption of the file. to ensure its security during the transmission to the server 700 or 800.
- any compression algorithm such as the well-known MPEG-1, MPEG-2 or MPEG-4 algorithms developed by the Movie Picture Expert Group
- the encryption we can consider any symmetric encryption / decryption algorithm or not ...
- the method proceeds to the registration in the DMA database 300 of the identifier (id) of the newly created Resource, which Resource is finally stored, in a step 308, within the server 700 (of Figure 1) or 800 (of Figure 2).
- FIG. 4 illustrates the method implemented by the DNM agent of the computer 1-1 to 1-n of the practitioner.
- the process starts with a step 401.
- a step 402 the method performs a login test of the practitioner, which, if it fails, leads to completion of the method by a step 413.
- step 403 a request is transmitted from the computer 1-1 of the practitioner to the server DMA 300 to request the list of identifiers IDA that correspond to it.
- the DMA server 300 responds by encrypting, by means of the practitioner's public key, the list of IDAs corresponding to it and the DNM agent of the computer 1-1 then proceeds to a step 404 during which the list of IDA is decrypted (using the decryption files present, for example, on the USB key20); compared and completed with the nominative elements presented on the PLT table located on the USB key 20, so as to generate the list of patients of this practitioner.
- a step 405 a particular patient (which will correspond to the patient whose consultation is in progress) is selected or, failing this, the process ends with step 413.
- a request is prepared and sent to the agent DMA 300 to access the Medical Record Anonymous (DMA) of the same patient.
- DMA Medical Record Anonymous
- the request is transmitted in encrypted form to the server 300 which returns the DMA file encrypted itself by means of the public key of the practitioner, which can then decrypted by to his private key.
- the DNM agent builds the Nominative Medical File by completing the downloaded DMA with the nominative information present within the PLT table present on the USB key or on its system 1-1. If necessary, if the practitioner feels the need to consult an attachment to the file, the agent will download it from the GED 500 server using the IDA ID.
- the practitioner unfolds his consultation and during this consultation comprising the clinical examination, the observation, the interrogation, etc.
- the practitioner disposes of its interface PRACTITIONER with a real "assistant" via a graphical interface on the computer 1-1 illustrated in Figure 8, which can diagnose a particular pathology and lead a detailed prescription.
- the assistant uses for this purpose a set of drop-down menus and guides based on the coding from the ICD10 classification (CIM10) assigning a code to each pathology so as to allow a statistical calculation as well as multilinguistic translations.
- the DNM agent Since the consultation is "assisted" by the PRATICIEN interface consultation wizard, the DNM agent updates the DNM file by adding, modifying or deleting personal data. and / or medical, which will correspondingly modify the Anonymous Medical Record which will be stored again on the DMA server 300 or even the PLT table. If the pathology is discovered and discussed first, the DNM agent, under the control of the practitioner, will record the pathology in the DMN folder, which will affect its "anonymous" DMA version stored on the server 300.
- the DNM agent proceeds, during a step 409, downloading from the server 300 of a list of contextual identifiers, namely generic resource identifiers associated with the pathology and / or localization, encrypted to again by means of the public key of the practitioner and deciphered by the latter thanks to his private key.
- a list of contextual identifiers namely generic resource identifiers associated with the pathology and / or localization
- the DNM agent then proceeds, during a step 410, to the display for their selection, the list of generic resources downloaded.
- the DNM agent has a suitable Graphical User Interface (GUI) allowing it to scroll down the classification tree made during the constitution of the resource library, in order to compose a selection list.
- GUI Graphical User Interface
- the DNM agent adds individual, personalized resources.
- the agent can take control of the audio-video sensors of the computer 1-1, including an available camera (webcam), to allow the capture of a short audio message or a short video allowing the practitioner to summarize the key points of the consultation.
- This specific resource leads to the creation of a compressed, encrypted audio-video file that will be stored on 700-800 resource servers. The particular identifier of this specific resource will be stored on the DMA, itself stored on the server 300.
- the DNM agent can proceed to the generation of any other multimedia file or even any electronic document useful to the patient, such as for example describing a specific exercise recommended by the practitioner.
- the DNM agent proceeds to the definitive registration of the nominative medical file, updating, as necessary the PLT, but especially the medical file enriched by the selection list of resource identifiers. (generic and individual) associated with the pathology / location considered, and which will ultimately be stored again on the anonymous server 300, and to which the patient will be able to access from his home via his own PATIENT interface.
- step 413 which may be the end of the consultation within the practitioner's office.
- the patient receives personalized access, not only to his medical file, but also to a particular selection of resources. Generic and Individual to which it will have access during a session, secured, through a registration procedure that is now described in connection with Figure 5.
- the process starts with a step 501.
- step 502 The test of the identifier (login) of the practitioner then intervenes during a step 502 which, in case of failure, ends with step 510.
- step 503 similar to the preceding steps 403-404, during which the DNM agent proceeds to download the list of identifiers IDA then, after decryption, comparison with the PLT, to display a list of patients.
- a patient is selected or, failing this, the process ends with step 510.
- the method proceeds with a step 505 in which the DNM agent generates an identifier of connection that will be used by the patient during his future connection to the server DMA 300. For this purpose, the method generates a random key (public / private).
- the IDA of the patient is also encrypted with the public key stored on the DMA and the set consisting of the encrypted IDA and the private key is then stored in a personal file, which will be delivered to the patient via his PATIENT card which, as has been exposed, takes the form of a removable medium, a USB key or even a smart card (SMARDCARD) as shown in Figure 12, which will be used both to decrypt files received different servers but also the signing of requests for access to different servers, including the DMA server 300.
- the DNM agent also transmits IDA at the same time.
- the PATIENT card can retrieve the nominative information found on the practitioner's PLT file in order to allow another practitioner to update his own PLT file.
- personal information may be stored in a particularly protected memory area present on the smart card (SMARTCARD) of the PATIENT card.
- SMARTCARD smart card
- the successor practitioner will have the opportunity, thanks to this file given by the patient to update the patient's DMP.
- the file will deduce his IDA after decryption (private key).
- the agent proceeds to the generation of an electronic certificate (patient signature) enabling the patient to confirm the procedure for validating access to the anonymous medical file.
- connection and encryption / decryption information can be done via another channel than that of the PATIENT card, including any other USB media.
- connection identifier and the encryption / decryption keys can be transferred by email or via the mobile phone, the mobile terminal (smartphone), the PDA present by the patient during the consultation. In general, many possibilities are possible and depend only on the needs considered.
- the DNM agent continues with a step 507 which is the transmission to the administrator 200 of a message advising the latter of the creation of the access personalized patient.
- the DMA 300 and 700-800 servers are informed of the login ID, IDA ID and public key of the patient that will have to be used for Anonymous Medical File encryption but also to verify the patient's signature. .
- it may be envisaged that it is the administrator 200 who will inform the DMA servers 300 and 700-800.
- step 510 the process ends with step 510. 2.
- the patient can now, thanks to the access he has received via his PATIENT card or by various means (USB sticks, mobile phone , e-mail etc.) to benefit from an extension the consultation with his practitioner by going to connect, once returned home, on the server DMA 300.
- various means USB sticks, mobile phone , e-mail etc.
- a specific agent is implemented on the computer 1000 of the patient, which agent can take the form of an executable code directly from the operating system of the computer 1000 and previously stored on the PATIENT card or the computer.
- USB stick received during the consultation with the practitioner, or by any other means, electronic mail and even a JAVA applet running within a browser software.
- the method starts with a step 601, during which, for example, the patient introduces his PATIENT card into the card reader 30 connected to his computer 1000.
- a step 602 the method continues with an automatic connection step on the DMA server 300 by means of the connection identifier generated by the practitioner's DNM agent during step 506 of FIG. a particular embodiment, a password test is implemented to prevent illicit access to the anonymous medical file.
- This connection request is tested by the server 300 which has been previously informed of the patient's identifier and its public key.
- step 610 In case of connection failure, the process ends with step 610.
- the method decrypts the identifier and retrieves the identifier IDA during a step 603.
- the specific agent transmits the IDA identifier and proceeds to download the Anonymous Medical Record (DMA) stored on the DMA server 300, and enriched by the resource selection list prepared by the practitioner.
- DMA Anonymous Medical Record
- the information encrypted by means of the public key of the patient can then be decrypted by the latter with his private key.
- the specific agent proceeds to display the anonymous medical file downloaded according to a graphical interface called PATIENT.
- PATIENT a graphical interface
- the specific agent uses an auxiliary means, for example the information contained in a secure smart card (VITALE card for example) or stored on a secure medium such as the card illustrated in FIG. come to combine the anonymous information downloaded from the server 300 with nominative information extracted from this card / support and then offer the patient a medical file really nominative, like the one he saw in the office of his practitioner.
- the patient can select, through its specific user interface (PATIENT interface), a particular pathology or a particular location contained in its DMA.
- the specific agent then proceeds, in a step 607, to the downloading of the Generic and / or Specific resources from the servers 700-800 which will proceed to the transmission of the corresponding files, suitably encrypted by means of the public key which will have been communicated to them by the administrator 200 in step 505 of FIG.
- the specific agent can then decrypt them using the patient's private key and display the general and / or personal resources in a step 608, which the patient can then consult as needed.
- the patient thus has access not only to his anonymous medical file, but also to a set of detailed generic and personal resources for each of the pathologies he suffers from. In this way, he is offered the possibility of an easier reading of this medical file which, quite often, remains quite hidden for the general public.
- the patient will be able to take advantage of the search engine present within the PATIENT interface, which will rely on non-nominative data present in the DMA to supplement, as needed, the selected general and personal resources. by the practitioner.
- the codification resulting from the ICD10 classification (CIM10) will be of a large interest in the search engine of the PATIENT interface, which will use the key words useful for conducting the documentary research to be carried out.
- the patient has a kind of "grid of reading" of his medical file, including not only the objective elements that constitute it (exams, radios, balance sheets), but also many elements complementary of great interest to him, especially those directly selected and / or generated by his usual practitioners. This is a big step forward in the medical transparency that is allowed for the patient.
- step 610 When the patient has completed the consultation of his medical file - anonymous or not - the process ends with step 610. 3) the consultation by the patient of a new practitioner No. 2, regularly registered with the administrator service 200 .
- the process starts with a step 701.
- the identification test (login) of the practitioner No. 2 then occurs during a step 702 which, in case of failure, ends with step 710. On the contrary, if the identification test (login) succeeds, the method continues with a step 703 during which the DNM agent of the USB card 20 of the practitioner No. 2 accesses the storage medium presented by his patient and in particular to his PATIENT card, and receives communication of the IDA identifier by decrypting the identifier file.
- the DNM agent transmits the card of the practitioner No. 2 sends a request to the DMA server 300 using his own signature (private key) to inform him of his intervention in the patient's file.
- a similar request may also be transmitted to the administrator server 200.
- the DMA 300 then proceeds to update the list of folders assigned to practitioner # 2, which list is used in step 503 of FIG.
- the DNM agent proceeds to download the patient's DMA file, encrypted by the public key of the practitioner No. 2.
- the DNM agent updates the PLT located in the system 1-1, which can be done either by direct entry of the patient's personal information, or by extracting the same information from the PATIENT card or the patient's card. storage medium presented by the patient. Two embodiments may be considered ... In a first mode, the practitioner intervenes punctually on the DMA and, in this case, it is not necessary to update the PLT. In a second mode, the PLT is updated with the agreement of the patient following a secure procedure, for example validated by password.
- a step 707 the usual consultation can then take place and the DNM agent updates the anonymous medical file to be stored again on the anonymous server 300.
- the patient can later access his file again thanks to the login and encryption / decryption keys he was issued during his visit to the first practitioner, and that he no need to change. But the invention provides more flexibility, since it is possible for the patient to consult other therapists even though, as we will see now, these other therapists were not regularly registered with the administrator server 200.
- the DMA designed according to the present invention has a remarkable portability since it is thus allowed the patient to enrich his record as his travels.
- the DMA is particularly secure by allowing access and possible updating that following particularly severe conditions, which will however be lightened when the patient moves in a relatively secure environment.
- the criterion corresponding to this category of environment will depend on the given application and the protection level chosen.
- a step 902 the patient introduces his PATIENT card (or USB key handed over by the administrator / practitioner No. 1) into the card reader 30 of the system 1000 of FIG. 2 (for example), which is then detected by the system 1000.
- this card PATIENT includes the program of an executable agent to implement the procedures described hereafter, but especially the identifier of the patient (IDA) - possibly encrypted - as well as the private key of the patient which will be able to be used for the decryption of the different elements composing the Personalized Medical File, which will be transmitted by the various servers.
- the method comprises reading the patient's identifier and, where appropriate, decryption by means of the private key associated with this patient.
- This identifier corresponds to the non-nominal identifier IDA, used in the database of the administrator.
- the method initiates a connection to the server of the administrator 200.
- a step 905 the method carries out a test to know if the identifier IDA is recognized as being present in the base. In case of failure, the method goes to step 913.
- step 906 is the launching of a second task for verifying the identification of the therapeutics. During this task, it is necessary to check that the practitioner n ° 3 has indeed a professional card of health (CPS).
- CPS professional card of health
- the method continues with a step 907 during which a test is performed to determine the presence of a professional health card.
- the method may use the regulatory standardization elements in use in a given country, on the one hand, to validate the presence of a CPS card and, on the other hand, to extract the identification elements. Practitioner No. 3, who holds the card.
- step 908 If a CPS card is present, the method goes to a step 908 and, if not, proceeds with step 913.
- the method when it detects the presence of a CPS card, it proceeds to read the national identifier of the practitioner n ° 3 on the CPS during a step 908.
- the method transmits to the administrator server 200 a temporary registration request.
- the method transmits identification elements (email address, telephone number, etc.) in order to receive a confirmation of registration.
- the agent receives - possibly through the information transmitted in 309 - an identifier and a password, which can be immediately used for access to the anonymous medical file, following a PRACTITIONER interface or, according to a particular embodiment, a reduced-rights interface called WEB-PATIENT in a step 911.
- step 907 the method proceeds with a step 913 in which the method prompts practitioner # 3 to enter the national practitioner identification number.
- the number is received by the administrator server which can then implement a verification procedure of the identification number and / or registration.
- the method will perform an automatic check within databases, and in particular for the generation of a likelihood indicator of the authenticity of the practitioner No. 3 seeking provisional registration.
- Step 915 is a test of this likelihood indicator to determine whether it is appropriate to assign a provisional registration.
- step 915 If the test in step 915 fails, then the process continues with step 913 and stops.
- step 911 is the display of the anonymous medical file according to the minimum interface called EMERGENCY.
- This interface called EMERGENCY allows the practitioner to access a critical part of the DMA from the single card PATIENT, even if the patient is unconscious.
- EMERGENCY This interface called EMERGENCY that allows the practitioner to give first aid to the patient when it lies unconscious after a car accident for example.
- the process enters a phase of effective updating of the medical file as the consultation with the practitioner n ° 3 takes place.
- the steps 1001-1006 respectively correspond to the steps 901-905 described above, namely the PATIENT card is successively inserted in the reader 30 of the practitioner's system. No. 3, then detected (step 1002), which causes the reading and decryption of the identifier IDA (step 1003).
- the connection to the administrator server 200 (step 1004) then leads to the validity test of the identifier IDA during step 1005. If the test of step 1005 is positive, then the process goes to a step 1006. in the course of which practitioner # 3 is prompted to enter his identifier and password (which he received in step 910 of Figure 9).
- step 1007 the method tests the password and, in case of failure, the process ends with step 1010.
- the method proceeds, during a step 1008 to read the opening rights attributed to the given practitioner.
- the practitioner was given minimum rights associated with the interface PRACTITIONER.
- the method proceeds to read the rights attributed to practitioner No. 3 (and may have been extended by the patient during a consultation at home for example) to define a PRATICIEN interface possibly with more extensive rights, and can go beyond the interface called EMERGENCY.
- EMERGENCY EMERGENCY
- the DMA server 300 and / or the administrator server 200 together with the executable agent present on the PATIENT card, perform the construction of the specific access interface corresponding to the rights granted to the user. practitioner.
- step 1009 makes it possible to ensure the construction of a perfectly coherent interface as a function of the quality of the practitioner No. 3 consulted by the patient.
- this rights management which is permitted by the described method, makes it possible to discriminate between emergency situations (in which an immediate response to the concerns of a doctor providing emergency first aid must be provided) and more conventional consultation situations that may occur over the life of the patient.
- emergency situations in which an immediate response to the concerns of a doctor providing emergency first aid must be provided
- more conventional consultation situations that may occur over the life of the patient.
- the method of Figure 9 does not require a password from the patient, there is nevertheless a very effective protection of non-nominal data included in the DMA since only a small part information extracted from this file - corresponding to the EMERGENCY interface - will be accessible and only to the practitioners who have been subjected to the verification tests of steps 909 and 914.
- the DMA file is updated according to the progress of the consultation, the observations made by the practitioner No. 3 and the diagnosis that these observations lead him to formulate. It should be noted that this update of the file is based on the transmission of medical information concerning the patient, in relation to the anonymous identifier IDA, properly encrypted by means of the private key of the patient. In no way is there an exchange, during the steps 1008 and 1009 of nominative information. The construction of the medical file within the DMA server is carried out without requiring the exchange of nominative information.
- the method provides great flexibility since, even if the rights of a practitioner are likely to evolve over time, the DMA anonymous medical file will be continuously enriched by the consultation. successive.
- the method provides additional security.
- the patient who is regularly registered with the administrator service 200, comes to consult a practitioner abroad, and presents him with his patient card or the corresponding USB key.
- the software reads the encrypted anonymous identifier (IDA), the decryption key, and proceeds to decrypt this IDA ID by means of the key. Then, during a step 1104, the method initiates a connection to the server 200 (or 300 as the case may be) and verifies the registration of the IDA ID of the patient.
- IDA anonymous identifier
- Step 1105 corresponds to the test of this identifier IDA and, in case of failure, the process ends with step 1111.
- the method proceeds, in a step 1106, the launch of a control application.
- the method transmits to the server 200 a request for temporary registration, if necessary by specifying e-mail and / or telephone coordinates for receiving confirmation messages and / or SMS messages. control.
- the registration request of step 1107 involves receiving a control SMS, including a control password, on a mobile phone previously registered with the administrator server 200 .
- step 1108 the method tests the identifier and the password entered by the practitioner (and which he will have received optionally in step 1107) and, in the event of failure, the method finish with step 1111.
- step 1109 the servers 200-300 transmit the constituent elements of the medical file of the patient, with the interface URGENCE (SAFETY PATIENT).
- SAFETY PATIENT the interface URGENCE
- the process proceeds to update the medical file at the same time as the consultation takes place.
- the update performed under less secure conditions is simply stored on the memory storage of the patient's card or USB key presented by the patient.
- FIG. 11b illustrates a particular embodiment in which the patient can, during a synchronization phase that can be implemented at his home or at the professional practice of his referring physician
- Steps 1121 to 1125 correspond to steps 1101-1105 of Figure 11a.
- the method performs a location test to verify that the synchronization can be performed in a secure context.
- the method tests the local IP (Internet Protocol) used for access to the Internet and in particular to servers 200-300.
- IP Internet Protocol
- This IP address can serve as an indicator to determine, for example, if the patient has returned to his country, in a more secure environment.
- GPS Global Positioning System
- Step 1127 illustrates the test of the IP address to test the IP address, to determine the location of the patient and if the test reveals that the patient consults the record from an exposed territory, then the process goes to step 1 130. If the test of step 1127 succeeds, then the method proceeds with a step 1128 in which synchronization of the data stored locally on the PATIENT card (or where appropriate on the USB key) is implemented and the data of the DMAs stored on 300-500 servers.
- the method synchronizes the information present on the patient's card with the information present on the server 300.
- the method initiates a connection to the server 300 and presents a synchronization request, properly codified, with the information collected during the consultation which took place outside the secure environment.
- a step 1129 the process proceeds with - optionally - with the update of the URGENCE interface, stored locally on the PATIENT card, in order to possibly integrate new data of observations, critical diagnostics that could to be critical of a patient's next trip abroad.
- the sensitive information contained in the DMA remains particularly protected since no updating of the anonymous medical data will be permitted until the patient returns to a presumed secure territory.
- the invention offers therapists maximum comfort of use, in order to save time and efficiency in their medical practice.
- the solution presented is simple to implement, practical, complete and modular to meet the diversity of modes of use (full time or part time, single firm or professional groups) to combine a continuous use of therapists.
- the statistical and collective analysis server 600 can access the servers DMA 300, GED 500 and the generic and collective resource servers 700 to continuously monitor the pathologies, the recommended therapies and also the effective use of generic and personal resources by the great diversity of patients. This provides a software tool of great interest that allows unlimited statistical exploitation and above all transparent, that is to say without overwork or loss of time for practitioners and their partners. patients.
- the invention thus contributes significantly to the development of intelligent tools for assisting the diagnosis, prescribing and rationalization of the cost / benefit ratio of the supply of care.
- the use of the proposed solutions makes it possible to integrate the patient in the information sharing via a totally secure web access to prolong the consultation, to follow it remotely and to give him useful advice in term of health (appropriate care, surveillance of relevant medical criteria, advice and nutrition, sports and health advice ).
- the different servers illustrated in Figure 1 may be conveniently arranged in various locations according to the specific needs of a given application. Depending on the costs, it will even be possible to concentrate the functionalities of the different servers within a small group of physical servers, but at the risk of reducing the security of the entire system.
- the servers 500 and 700 can merge into a single server 800 of Document Management and Resources.
- the method is illustrated more particularly with reference to FIG. 14, describing how, thanks to the external support (PATIENT card) presented by the patient, it is possible to take advantage of two or more national servers, while avoiding any transfer. cross-border data between these same servers.
- the PATIENT card more specifically comprises a card identifier, and an identifier of the country of origin.
- the method starts with a step 1401, in which the practitioner's system 1300 is made to interact and communicate with the patient's external support.
- a portable electronic device such as a laptop, mobile phone, smartphone, touch tablet etc. serving external support.
- the communication is detected and in particular the connection of the PATIENT card as a USB device in the example considered in FIG. 12.
- the PATIENT card is brought to include additional information, including the URL of the national servers, a card ID (ID Card), and an identifier of the country of origin of the patient (Uniform Resource Locator in the English literature).
- the method comprises reading the identifier of the card as well as the country of origin of the patient and proceeds, in a step 1404, to verification, to the server 300'-B of the country visited if the card has been previously registered, which corresponds to the presence or absence of a medical record associated with the patient considered.
- Step 1405 is a test performed on the response received by the server 300'-B, to determine if a medical file is listed within the latter and corresponds to the identifier of the card (ID-Card)
- step 1406 the method downloads the date of update of the medical file within the server 300-B and then transmits a request to the origin server 300'-A so as to determine its own update date.
- This update date is downloaded in a step 1407.
- step 1408 which is a test that makes it possible to compare the two dates of update of the servers 300'-A and 300'B.
- the process then proceeds directly with a step 1413. Otherwise, the system 1000 - and more specifically the external support of the patient when it is a smartphone - transmits an update request to the server 300'-B.
- step 1405 when the server 300 -B does not have a medical file assigned to the card identifier, the method proceeds with a step 1410 during which a request is transmitted to the origin server 300 '- AT . Then, the method continues with a step 1411 in which is performed a download of the encrypted medical record by means of the public key of the external support of the patient.
- the medical file can then be decrypted by the processing means present on this external medium, and in step 1412, a duplicate is created and stored within the server 300'-B.
- the consultation which takes place within the practice of the practitioner belonging to the group of national professionals of country B is stored within the server 300'-B.
- This update can also be stored on the external support, in waiting for the patient to return to his country of origin for the purpose of potential synchronization.
- the synchronizations conducted between the different servers are therefore not automatic, occultly performed without the knowledge of the patient. And it is, on the contrary, the patient who, each time, is at the origin of the synchronization of the medical file at the server in the country where he stays, thus avoiding having to resort to a cross-border transmission of medical data that would be perfectly illegal.
- the present invention aims to address this problem, largely facilitating a quality consultation, preserving the confidentiality of the relationship between the practitioner and his patient, and allowing the constant enrichment of the medical record of the latter.
- the invention achieves these goals by means of a method of access and sharing to a computer medical file stored on a server and accessible from a first system associated with an external medium comprising a first means of identifying a patient, as well as encryption / decryption means for communication with the server.
- the method comprises the steps:
- This procedure makes it possible to organize a meeting between a practitioner and a patient, with the aim of conducting a remote clinical consultation, possibly combined with the examination of biological examination results and / or radiological images, while allowing a enriching the medical file with information from the patient, and validated by the practitioner.
- the meeting is particularly secure because of the double verification performed successively on both systems, thus allowing a particularly strong authentication.
- the external medium comprises executable code on said first system for executing a viewer of X-ray images stored on a medium present in the first system.
- the executable code allows in particular the taking of control of the first system by the second system in order to make a selection of one or more images extracted from the radiological support, the conversion of these images into digital files which can then be directly integrated within the shared medical record and simultaneously accessed via both systems.
- said external support of the patient is a smart card or a USB key comprising an executable code executing as soon as the card or the key is inserted.
- the patient's external support is a mobile phone, a touch pad, or a personal assistant (PDA).
- PDA personal assistant
- the viewer is a DICOM type viewer, for example, for extracting and converting images in JPG format, which are integrated into the medical file.
- the invention also allows the realization of a method for accessing a computer medical file stored on a server and accessible from a first system associated with a support external device comprising a first means for identifying a patient, as well as encryption / decryption means for communication with said server.
- the method comprises the steps:
- the practitioner's system 1020 is furthermore associated with an authentication device, of the card reader type 1021, intended to receive an authentication card making it possible to authenticate the requests sent by the system 1020.
- an authentication device of the card reader type 1021, intended to receive an authentication card making it possible to authenticate the requests sent by the system 1020.
- CPS Card of Health Professional
- the patient has, for its part, a second information processing system 1020, represented for example by a laptop, and also having access to the Internet network 100.
- a second information processing system 1020 represented for example by a laptop, and also having access to the Internet network 100.
- the patient has an external support 90 for its own authentication and further comprising executable program elements, including encryption / decryption for the implementation of the procedures described below and secure exchanges with the DM 1050 server.
- the external support is in the form of a so-called PATIENT card which can be slid into a card reader 101 1 as shown in FIG. 15, or which is equipped with a USB connector corresponding to the generally most common connection mode.
- the patient's external support will be in accordance with the map illustrated in FIG. 12, and described above, which clearly shows that the recommended solution can be used in various situations as needed.
- the PATIENT card has a USB connector allowing a direct connection, without the need for a reader, to a USB port of the 1010 system.
- This system has the advantage of corresponding to the most common connection mode.
- the external support may take a form distinct from that of a card or a USB key.
- an autonomous system such as a telephone without wire, a smartphone (in the English terminology), a portable personal assistant (PDA), a touch pad etc. and communicating via own communication means with the system 1010, or even having their own access to the Internet 100 to access the DM 1050 server.
- FIG. 15 also shows an optional administrator server 1060 responsible for administering and managing medical records, including enrollment and billing.
- the systems 1010 and 1020 are equipped with means of notification, of the electronic mail type, as well as a browser, such as Internet Explorer of the publisher MICROSOFT Corp. for example, allowing simple access via the HTTP protocol (Hyper Text Transfer Protocol) to the DM 1050 server.
- HTTP protocol Hyper Text Transfer Protocol
- Such means are well known to a person skilled in the art and do not require additional development.
- the use of more specific software and programs for the implementation of the notifications and procedures described below may also be considered.
- the notifications transmitted via one of the systems 1010, or 1020 result from a notification transmitted via an external server.
- the system 1010 detects the presence of the PATIENT card (or more generally of the external support), and launches an executable code which, in general, is stored on this card.
- the PATIENT card is a USB key whose executable code starts automatically upon detection of the key, resulting in no other formality the start of the program implementing the method described below .
- a request is transmitted by the system 1010 to the DM server
- the identification elements of the patient are transmitted to the server, suitably encrypted, for example by means of the public key of the server DM 1050 stored on the external medium 90 and, where appropriate, properly authenticated by a digital signature present on the external support.
- This procedure leads to a first verification related to the 1010 system.
- the server DM1050 responds to this request by transmitting a properly formatted HTML page including, in addition to access links to its file, a list of the usual doctors of the patient, including their contact details and in particular their email address.
- This embodiment is useful if it is not desired to store on the support 90 the references of the usual treating physicians and allows user-friendly access to the patient.
- this embodiment also allows the direct transmission, from the server 1050 and to the system 1020, a programming notification of a remote electronic consultation.
- the executable code on the site 1010 selects a consulting physician and sends to his e-mail address an electronic notification comprising, in addition to the consultation request notice, a password One Time Password (OTP) previously calculated to allow this doctor to access the patient's medical file with, if necessary, identification elements of the DM 1050 server as well as encryption / decryption keys for secure exchange with the latter.
- OTP One Time Password
- the identification elements may consist of a specific URL allowing direct access to the server via a conventional browser.
- the OTP single use password also has a limited validity in time.
- step 330 can be transmitted via the email, possibly encrypted, according to conventional procedures. This is only here a particular example and we can consider the notification of password by any other means, including telephone, SMS etc. ..
- the notification transmitted by the system 1010 is received within the system 1020 and the practitioner is then informed of the consultation request, which can then accept or reject it.
- the system 1020 then transmits in a step 340, a request to the server DM 1050 using the identification and encryption / decryption elements received from the 1010 system.
- the server proceeds to verify the presence of the authentication means of the practitioner.
- the presence of the Professional Health Card (CPS) is tested in order to confirm to the DM 1050 server the presence of the authorized practitioner.
- CPS Professional Health Card
- access to the server ends in a step 360.
- the DM 1050 server initiates a second session with the system 1020 in a step 370.
- the two sessions opened respectively with the system 1010 and 1020 can thus take place simultaneously, allowing a remote consultation, during a step 380, between the practitioner and his patient who both have access to the medical file stored on the server 1050.
- the shared access to the patient's personal medical file can be achieved at the same time that the multimedia functions of the two systems 1010 and 1020 are activated, so as to allow a visual and audio exchange between the two parts.
- the practitioner comes to add, within the personalized medical file, a set of links (including URL - Uniform Resources Locators) to general or personalized resources to enrich the medical record of the patient and to enlighten him on certain aspects of his or her pathologies.
- the server DM uses a specific interface, of the URGENCY type, as described previously with reference to FIG. 10, so as to limit the rights of access to the doctor.
- the patient support server can conveniently accommodate temporary storage of medical data during a visit by a practitioner located abroad. pending the return of the patient to his country of origin.
- the patient support can also be used to update different national servers located in various countries between which there are regulatory restrictions on the cross-border exchange of nominative medical information.
- the patient is able, during the course of this remote consultation, to present various documents, results of analyzes, questionnaires etc. in the form of an electronic file, in particular PDF format (according to the format of the software publisher ADOBE (TM) which can thus be the subject of an immediate examination by the practitioner and can thus provide a validation of these documents, an interrogation etc .. which This validation will be particularly useful for the management of the medical file because it ensures that a particular document has been examined by a professional eye. confirming certain medical diagnostic hypotheses, for example, it is common for a patient to complete a form and declare allergies that ultimately e are not timely ..
- the solution that is proposed makes it possible to systematically codify the examination of the documents submitted to the practitioner (s), for the greater benefit of the patient.
- the external support 90 of the patient comprises a universal reader DICOM type for reading electronic medical imaging files.
- the universal reader has a simplified functionality, allowing the selection of one or more images within a file containing several hundred images, and the conversion of these images in the form of independent digital files, for example JPG type.
- JPG type JPG type.
- the DICOM file corresponding to radiological imaging is only an example of a file that the second system can access.
- other files in other standards: HL7 or equivalent may be relevant to all specialties of medicine.
- the executable code present on the PATIENT card comprises a remote control capability, by the computer 1020 having received the notification of the consultation request step 330, to enable the implementation of the DICOM file viewer and the control of the CD / DVD reader, and thus allow the practitioner to select one or more images deemed appropriate and relevant, and insert them into the patient's medical file.
- the physical medium 90 and in particular the PATIENT card 90, which makes it possible to combine all the elements necessary for setting up a simultaneous double session between, on the one hand, the server 1050 and, on the other hand, the two systems 1010 and 1020, and which allows the conduct of the consultation and the sharing of the medical file.
- the proposed solution it becomes possible, thanks to the proposed solution, to proceed within the practitioner's office to a selection of images extracted from the DICOM held at the clinic.
- the remote control program completes its progress, which allows the patient to recover the hand on his system 1010. It should be noted that the method ensures the most useful functionality, while maintaining a high degree of safety for the patient.
- the remote control by the system 1020 relates only to the single viewer DICOM, which clearly prohibits any other operation, including moving or copying files and, secondly, the remote control ends with the end of the use of the viewer.
- the process then continues with the storage of the new information resulting from the consultation, during a step 390 and, if necessary, ends the two sessions initiated with the two systems, in a step 400.
- the patient will be able to find, later, if he / she wishes, the elements this consultation by making individual access to his medical file, which is allowed by the storage medium.
- the practitioner on the other hand, will be able to freely access the medical file according to the access rights granted to him by "his" patient and, where appropriate, by an application for registration previously submitted to the administrator server 1060.
- the external support 90 of the patient is also used during a conventional consultation, during a patient's move to the practitioner's office, even in this access situation. a server storing nominative data.
- the identification and encryption / decryption elements present on the patient's card notably make it possible to access the personalized medical file, instead of the practitioner's office, from the DM 1050 server, regardless of whether the patient belongs to the patient.
- practitioner to a group of professionals duly registered with the medical data server.
- the storage medium can be used very opportunely even during a very conventional consultation, including within the practice of a practitioner not registered with the administrator site of the server 1050, to grant the practitioner, for the consultation time, access and rights associated with the personalized medical record.
- the patient transmits his PATIENT card, for example the USB key containing his identifiers and the different means of authentication and encryption / decryption, which can be used then to consult the medical file as would the patient at his home.
- the method performed on the practitioner's system comprises the following steps: detection of the presence of the external support of the patient within a second system;
- the patient card that is proposed according to the various embodiments opens up many new combinations and different applications.
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Medical Informatics (AREA)
- Business, Economics & Management (AREA)
- Public Health (AREA)
- Primary Health Care (AREA)
- Bioethics (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- Strategic Management (AREA)
- Epidemiology (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Tourism & Hospitality (AREA)
- Computer Security & Cryptography (AREA)
- Operations Research (AREA)
- General Business, Economics & Management (AREA)
- Marketing (AREA)
- Economics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Medical Treatment And Welfare Office Work (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1102726A FR2980019B1 (fr) | 2011-09-08 | 2011-09-08 | Procede d'acces et de partage d'un dossier informatique enrichi par des ressources multimedias personnalisees |
FR1200907A FR2980020B1 (fr) | 2011-09-08 | 2012-03-27 | Procede d'acces et de partage d'un dossier medical |
PCT/EP2012/003790 WO2013034310A2 (fr) | 2011-09-08 | 2012-09-10 | Procede d'acces et de partage d'un dossier medical |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2754104A2 true EP2754104A2 (fr) | 2014-07-16 |
Family
ID=46197361
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP12778946.9A Ceased EP2754104A2 (fr) | 2011-09-08 | 2012-09-10 | Procede d'acces et de partage d'un dossier medical |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP2754104A2 (fr) |
FR (2) | FR2980019B1 (fr) |
WO (1) | WO2013034310A2 (fr) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3004827B1 (fr) * | 2013-04-19 | 2018-10-12 | Hopi | Procede pour l'utilisation a distance d'un lecteur usb de carte a puce associe a une carte professionnelle de sante ou a une carte patient dite carte vitale et systeme associe. |
CA2951632A1 (fr) * | 2014-06-09 | 2015-12-17 | Anthony Wright | Notification de l'etat d'un patient |
EP3190530A1 (fr) | 2016-01-07 | 2017-07-12 | Patrick Coudert | Carte médicale duale de gestion administrative et de dossier médical et procédés associés |
EP3451341A1 (fr) | 2017-08-31 | 2019-03-06 | Siemens Healthcare GmbH | Téléchargement d'un dossier de données vers un référentiel cloud |
CN108040056B (zh) * | 2017-12-15 | 2020-11-27 | 福州大学 | 基于物联网的安全医疗大数据系统 |
CN113393925B (zh) * | 2021-05-11 | 2022-08-16 | 福建升腾资讯有限公司 | 一种医疗卡信息统一化系统 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010019587A1 (en) * | 2000-03-03 | 2001-09-06 | Ddi Corporation | Image transmission system, viewing system for received images, and image transmission viewing system with TV conference function |
US20040059603A1 (en) * | 2002-04-15 | 2004-03-25 | Brown Jacob Theodore | System and method for virtual health services |
EP2166484A1 (fr) * | 2008-09-19 | 2010-03-24 | SCP Asclépios | Procédé d'accès à des données nominatives, tel qu'un dossier médical personnalisé, à partir d'un agent local de génération |
US20100076789A1 (en) * | 2004-03-17 | 2010-03-25 | William Pan | Method for remote consultation via mobile communication apparatus and system thereof |
US20110106557A1 (en) * | 2009-10-30 | 2011-05-05 | iHAS INC | Novel one integrated system for real-time virtual face-to-face encounters |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6874085B1 (en) * | 2000-05-15 | 2005-03-29 | Imedica Corp. | Medical records data security system |
US20050071189A1 (en) * | 2003-09-25 | 2005-03-31 | Blake Richard A. | System, method, and business method for storage, search and retrieval of clinical information |
AU2004201058B1 (en) * | 2004-03-15 | 2004-09-09 | Lockstep Consulting Pty Ltd | Means and method of issuing Anonymous Public Key Certificates for indexing electronic record systems |
US20050236474A1 (en) * | 2004-03-26 | 2005-10-27 | Convergence Ct, Inc. | System and method for controlling access and use of patient medical data records |
FR2881248A1 (fr) * | 2005-01-26 | 2006-07-28 | France Telecom | Systeme et procede d'anonymisation de donnees personnelles sensibles et procede d'obtention de telles donnees |
US20090265316A1 (en) * | 2008-04-21 | 2009-10-22 | John Poulin | System And Method For Facilitating Access To De-Identified Electronic Medical Records Data |
-
2011
- 2011-09-08 FR FR1102726A patent/FR2980019B1/fr not_active Expired - Fee Related
-
2012
- 2012-03-27 FR FR1200907A patent/FR2980020B1/fr not_active Expired - Fee Related
- 2012-09-10 EP EP12778946.9A patent/EP2754104A2/fr not_active Ceased
- 2012-09-10 WO PCT/EP2012/003790 patent/WO2013034310A2/fr active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010019587A1 (en) * | 2000-03-03 | 2001-09-06 | Ddi Corporation | Image transmission system, viewing system for received images, and image transmission viewing system with TV conference function |
US20040059603A1 (en) * | 2002-04-15 | 2004-03-25 | Brown Jacob Theodore | System and method for virtual health services |
US20100076789A1 (en) * | 2004-03-17 | 2010-03-25 | William Pan | Method for remote consultation via mobile communication apparatus and system thereof |
EP2166484A1 (fr) * | 2008-09-19 | 2010-03-24 | SCP Asclépios | Procédé d'accès à des données nominatives, tel qu'un dossier médical personnalisé, à partir d'un agent local de génération |
US20110106557A1 (en) * | 2009-10-30 | 2011-05-05 | iHAS INC | Novel one integrated system for real-time virtual face-to-face encounters |
Non-Patent Citations (1)
Title |
---|
See also references of WO2013034310A2 * |
Also Published As
Publication number | Publication date |
---|---|
FR2980020B1 (fr) | 2016-01-22 |
WO2013034310A3 (fr) | 2013-08-29 |
WO2013034310A2 (fr) | 2013-03-14 |
FR2980019B1 (fr) | 2013-10-18 |
FR2980020A1 (fr) | 2013-03-15 |
FR2980019A1 (fr) | 2013-03-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2932431B1 (fr) | Procede d'acces securise a des donnees medicales confidentielles, et support de stockage pour ledit procede | |
US7865735B2 (en) | Method and apparatus for managing personal medical information in a secure manner | |
Zhuang et al. | Applying blockchain technology to enhance clinical trial recruitment | |
US8909660B2 (en) | System and method for secured health record account registration | |
EP2754104A2 (fr) | Procede d'acces et de partage d'un dossier medical | |
EP1544768A1 (fr) | Syst me de gestion d'information m dicale | |
FR2902553A1 (fr) | Systemes et procedes pour identifier et/ou evaluer des risques potentiels d'intolerance associes a une therapie medicale. | |
CA2736360A1 (fr) | Procede d'acces a des donnees nominatives, tel qu'un dossier medical personnalise, a partir d'un agent local de generation | |
US8805702B1 (en) | Interactive medical card and method of processing medical information stored thereon | |
US20190304574A1 (en) | Systems and methods for managing server-based patient centric medical data | |
WO2015015321A1 (fr) | Système d'informations numérique et informatisé pour accéder à un contact et à des données d'antécédents médicaux d'individus dans une situation d'urgence | |
Díaz-Palacios et al. | Biometric access control for e-health records in pre-hospital care | |
WO2021067141A1 (fr) | Système et procédé pour fournir à des tierces parties un accès à des informations de santé d'un utilisateur | |
WO2021062310A1 (fr) | Utilisation de données de santé d'un utilisateur stockées sur un réseau de soins de santé pour la prévention de maladies | |
JP7062249B1 (ja) | 情報処理装置、情報処理方法、およびプログラム | |
FR2995431A1 (fr) | Procede d'acces et de partage d'un dossier medical | |
Scelsi | Care and Feeding of Privacy Policies and Keeping the Big Data Monster at Bay: Legal Concerns in Healthcare in the Age of the Internet of Things | |
US20080059235A1 (en) | Medical Information Storage and Access Device, and Method of Using the Same | |
EP3190530A1 (fr) | Carte médicale duale de gestion administrative et de dossier médical et procédés associés | |
Mitchell et al. | Making sense of meaningful use stage 2: second wave or tsunami? | |
Alhaddadin | Privacy-aware cloud-based architecture for sharing healthcare information | |
JP7262826B2 (ja) | 情報処理装置、情報処理方法、およびプログラム | |
Seputra et al. | A Middleware Applications Design for Health Information Sharing | |
Scelsi | Care And Feeding Of Privacy Policies And Keeping The Big Data Monster At Bay: Legal Concerns In Healthcare In The Age Of The Internet Of Things | |
US20210005299A1 (en) | System and method for improving treatment of a chronic disease of a patient |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20140329 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
PUAG | Search results despatched under rule 164(2) epc together with communication from examining division |
Free format text: ORIGINAL CODE: 0009017 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20180918 |
|
B565 | Issuance of search results under rule 164(2) epc |
Effective date: 20180918 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06F 21/62 20130101ALI20180913BHEP Ipc: G06Q 10/10 20120101AFI20180913BHEP Ipc: G06Q 50/22 20120101ALI20180913BHEP |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20211004 |