EP3785159A1 - Procédé de fusion de données partielles différentes - Google Patents

Procédé de fusion de données partielles différentes

Info

Publication number
EP3785159A1
EP3785159A1 EP19726567.1A EP19726567A EP3785159A1 EP 3785159 A1 EP3785159 A1 EP 3785159A1 EP 19726567 A EP19726567 A EP 19726567A EP 3785159 A1 EP3785159 A1 EP 3785159A1
Authority
EP
European Patent Office
Prior art keywords
partial data
data
unit
connection
connection unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP19726567.1A
Other languages
German (de)
English (en)
Inventor
Johannes Gregori
Sigurd RANDOLL
Stefan Hoffmann
Matthias Günther
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mediri GmbH
Original Assignee
Mediri GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mediri GmbH filed Critical Mediri GmbH
Publication of EP3785159A1 publication Critical patent/EP3785159A1/fr
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption

Definitions

  • the invention relates to a method for merging different partial data, in particular in the form of evaluation data and personal data as first and second partial data stored in different networks, wherein the different partial data can be assigned to each other by means of assignment information.
  • the invention further relates to a connection unit for handling data.
  • the invention further relates to a method for handling data on a connection unit.
  • the invention further relates to an evaluation unit for carrying out a method for handling data.
  • the invention further relates to a client unit for carrying out a method for handling data.
  • the invention further relates to a system for merging different partial data, in particular in the form of evaluation data and personal data as partial data, which are stored in different networks, wherein the different partial data can be assigned to each other by means of assignment information.
  • the invention further relates to a computer-readable medium for storing instructions for performing a method for merging different partial data on a computer.
  • the invention further relates to a computer readable medium for storing Instructions for carrying out a method for handling data on a computer.
  • the external service provider then transmits the evaluated data back to the clinic or practice, the evaluated data is then made available to a doctor, for example.
  • DE 10 2013 211 45 A1 has disclosed a device, a method and a product for transferring safety-critical medical data records via a public network.
  • a pseudonymization function is adaptively applied to the data records.
  • the pseudonymization function is calculated dynamically depending on a read processing context that takes into account the planned user role, the intended use of the data processing and an application context.
  • the disadvantage here is the high cost and the complicated implementation.
  • Another object of the present invention is a simple, inexpensive and secure implementation, especially in practices or clinics.
  • the invention provides a method for merging different partial data, in particular in the form of evaluation data and personal data as first and second partial data, comprising the steps
  • connection unit in a first network Providing a secure connection between a connection unit in a first network and an evaluation unit in a second network
  • the invention provides a data handling unit for performing a method according to any one of claims 1-18, configured to perform the steps Providing a secure connection to an evaluation unit in a second network,
  • the invention provides a method of handling data on a connection unit according to claim 19, comprising the steps
  • the invention provides an evaluation unit for carrying out a method according to one of claims 1-18, configured for carrying out the steps
  • the invention provides a client unit for carrying out with a method according to one of claims 1-18, designed to, in particular merged, third and second partial data from the connection unit via a second secure connection to the connection unit based on first and second Request partial data, such that the second partial data associated with the third partial data is transmitted from the connection unit via the evaluation unit to the client unit, preferably wherein the client unit merges the third and second partial data.
  • the invention provides a system for merging different partial data, in particular in the form of evaluation data and personal data as partial data, which are stored in different networks, wherein the different partial data can be assigned to one another by means of assignment information, comprising at least one connection unit according to claim 19 in a first network and an evaluation unit according to claim 21 in a second network.
  • the invention provides a computer readable medium for storing instructions for performing a method according to any of claims 1-18 on a computer.
  • the invention provides a computer readable medium for storing instructions for performing a method according to claim 20 on a computer.
  • client unit connection unit
  • prseudonymization unit and “evaluation unit” are to be understood in the broadest sense and refer in particular in the claims, preferably in the description in each case to a device, a device, an entity, a machine, a
  • a resource or the like configured to provide computer functions, such as a personal computer, a tablet, a cell phone, a server, or the like, having one or more processors with one or more cores and having memory for storing one or more Applications is connectable and which is adapted to perform corresponding steps of one or more embodiments of the present invention.
  • Any application can be software-based and / or hardware-based and be stored or installed in the memory with which the processor or processors work.
  • the devices, entities, units or the like can be designed so that they perform the appropriate steps in an optimal manner. For example, different steps may be performed in parallel on a single processor on different cores.
  • the client unit and the connection unit can be realized in a single computer or device.
  • the device or devices, entities, devices or the like may also be instantiated as virtual machines on a single physical computing unit or resource. Different devices may be provided accordingly on the same physical computer unit or resource.
  • the device or devices entities, units or the like may include one or more interfaces for communicating with the environment, such as for communication with other devices, persons or the like.
  • computer-readable medium is to be understood in the broadest sense, and more particularly in the claims, preferably in the specification, to any type of medium that may be used in conjunction with a computer or computer and on which information may be stored may be data of any kind that may be loaded into memory from a computer or computer, for example, said information may be computer programs for execution on a computer include.
  • Examples of computer-readable media are tapes, CD-ROMs, DVD-ROMs, DVD-RAMs, DVD-RWs, Blu-Rays, DAT, Mini Discs, Solid State Disks (SSD), floppy disks, SD Cards, CF cards, memory sticks (Memory Stick), USB sticks, EPROM, EEPROM or the like.
  • partial data is to be understood in the broadest sense and, in particular in the claims, preferably in the description, refers to any type of data, information or the like which is part of a data set.
  • secure connection is to be understood in the broadest sense and refers in particular in the claims, preferably in the description of any type of connection between two devices, units, computer units or the like, the minimum security against attacks on the means of Compound transmitted data.
  • registration information is to be understood in the broadest sense and refers in particular in the claims, preferably in the description to any type of information, data or the like, for registration, legitimization, recording, access or the like to a device, an application on the device or components of the device.
  • request is to be understood in the broadest sense and refers in particular to a data packet, message, information packet or the like which contains specific data, information, instructions, a reaction or the like from a device, in particular in the description Application on a device or components of a device.
  • session information is to be understood in the broadest sense and refers in particular in the claims, preferably in the description of a data packet, message, information packet or the like, which certain data or information about an existing connection between two Includes devices, devices or entities.
  • certificate is to be understood in the broadest sense and refers in particular in the claims, preferably in the description, to digitally available data, information or a data record which confirms particular properties of persons, devices or objects in general, so that the latter / whose authenticity and integrity can be checked or verified, preferably by cryptographic methods, in particular, a certificate containing the data required for its verification.
  • collision-free refers to providing different output data when inputting different input data, in other words, one Collision occurs when the same hash value is assigned as the default value for different input values.
  • One of the advantages achieved with this is that a clear and reliable evaluation by an external provider is made possible. At the same time, the mapping information created by the connection unit avoids mapping errors. Another advantage is the high security, because although data is transmitted from the connection unit via the evaluation unit for the client unit, but these are encrypted and so unreadable by the evaluation. A further advantage is that the first partial data, in particular the evaluated data and the second partial data, in particular in the form of personal data, are only locally combined in the network of client unit and connection unit and thus can be provided uniformly and user-friendly in the local network. In addition to the above-mentioned high level of security, a high level of flexibility is also made possible because a transfer of data is possible independently of the provider of a local data management infrastructure. In addition, different evaluation modules can be implemented on the evaluation unit in a flexible manner. Further features, advantages and further embodiments of the invention are described below or will become apparent.
  • unequivocal session information is generated by means of the connection unit, in particular valid for a limited time, which is checked for up-to-dateness and / or authenticity before a transmission of data between the connection unit and the evaluation unit, wherein the data exchange does not take place in the case of a negative verification result. This significantly increases the security of data transmission.
  • the session information for a connection to the data exchange between a client unit and the connection unit is generated.
  • the security is further increased, since in particular only temporary meetings between client and connection unit are possible.
  • connection unit for receiving data at least the evaluation unit provides a public key of an asymmetric encryption method. In this way, a secure connection between the evaluation unit and connection unit can be provided.
  • the authenticity of the evaluation unit is checked on the basis of a security certificate.
  • the authenticity of the evaluation unit for example, by the connection unit or by a client unit can be checked in a simple and secure manner.
  • the secure connection is provided on the basis of the TLS or SSL protocol. This allows easy implementation and reliable transmission of data over the secure connection.
  • a client unit requests in particular merged third and second partial data from the Connection unit via a second secure connection between the client unit and connection unit on the basis of first and second partial data, such that the connection unit redirects the request to the evaluation via the secure connection, first partial data and pseudonymized second partial data transmits thereto, third partial data and pseudonymized second Receives partial data and the client unit provides and wherein the third partial data associated second partial data are requested by the evaluation unit by the connection unit and transmitted to the client unit, wherein the merging of the third and second partial data on the client unit or the connection unit.
  • One of the advantages achieved with this is that, for example, a request for the evaluation of data can take place via a unit connected to the connection unit, without the evaluation unit of this unit having to be known.
  • the second secure connection is provided by encryption of the data in the form of a symmetric encryption key. This enables encryption of the connection between the client unit and the connection unit in a particularly simple and fast manner.
  • the different partial data are provided in such a way that the original data are shared by at least one predetermined rule in at least two partial data by the connection unit.
  • the pseudonymization of the second partial data takes place by means of a collision-free hash method. This increases safety even further.
  • the pseudonymization of the second partial data takes place on the basis of local information of the connection unit, in particular comprising a static local key.
  • pseudonymized data of a patient or the like can be uniquely provided for each individual connection unit.
  • transmitted data is checked for completeness and correctness, in particular by means of a hash value of the transmitted data.
  • the security can be further increased.
  • the third partial data are provided with a watermark.
  • This watermark can be inserted, for example, visibly or invisibly into the evaluated data.
  • the merging of the third partial data is performed by the connection unit or a client unit connected to the connection unit.
  • the advantage of merging on the connection unit is a central provision of merged partial data for several client units.
  • the advantage of merging on the client device is that the security is further increased because the data is merged only locally.
  • the client unit is provided as a web browser on the connection unit.
  • the advantage of this is a simple and secure implementation.
  • the pseudonymization unit is provided on the connection unit or outside the first network.
  • a fast and reliable pseudonymization can thus be provided, whereas in the second case a uniform pseudonymization can be performed centrally by the pseudonymization unit for a plurality of different client units and their partial data, which results in a simple implementation and high security for several users, for example as part of a Registry study, possible.
  • credentials are transmitted from the connection unit to the evaluation unit for accessing them by means of the secure connection, and after a successful verification of the credentials by the evaluation unit, the first partial data, the pseudonymized second partial data and the assignment information are transmitted. This ensures that data is uploaded to the evaluation unit only when the connection unit has legitimized itself based on the credentials.
  • connection-specific information in particular session information, between the connection unit and a client unit is added to the login information. This further enhances security, since this session information can also be checked by the evaluation unit.
  • FIG. 1 steps of a method according to an embodiment of the present invention.
  • Figure 1 shows steps of a method according to an embodiment of the present invention in a schematic form.
  • Figure 1 shows a client unit in the form of a browser 1, which is connected to a connection unit 3 via an interface or the like.
  • the browser 2 can access an online platform 4, for example a cloud server or the like.
  • the connection unit 3 and the browser 2 are located in a local network of a practice or clinic, whereas the online platform 4 is connected to the connection unit 3 via an Internet connection.
  • Connection unit 3 and online platform 4 communicate via a secure connection.
  • connection unit 3 can be a hardware, a central processor, a memory, and communication interfaces, in particular in the form of a WLAN /
  • the latter also provides a local server application or application, comprising a DICOM node for receiving image data in the local network and for importing result data, a configuration mask here in the form of a web-based user interface - user interface Ul - to configure the internal network address - IP address -, proxy settings, and possibly other functions, a local database PID-DB, on which the identifying patient data, eg name, date of birth, etc. and the assignment to a pseudonym - Patient Identifier, PID - a pseudonymization unit for processing the patient data, a service for the generation and management of session tokens, a service for establishing a connection and the communication with the online platform and in particular a backup Service.
  • the online platform 4 provides a user administration, an administration of the image data, as well as an image processing, in particular a preprocessing and a quality analysis.
  • the online platform 4 may also provide a collaboration platform that facilitates "inviting" other users for a case, e.g. allows other doctors or patients and / or commenting on a case using chat or query. There may also be provided access for patients.
  • a central pseudonymization service may also be provided on a multi-center pseudonymization unit, e.g. be provided in the context of a register study or the like.
  • the pseudonymization unit can then be located outside the local network, for example on the Internet.
  • the pseudonymization unit returns corresponding pseudonymized data, in particular on receipt of plain data.
  • the pseudonymization unit is designed as a local service of the connection unit 3 and is not designated with a separate reference number.
  • a user group is set up and managed on the online platform 4 for each practice or clinic using the connection unit 3.
  • Each user receives personalized access data.
  • the online platform 4 provides a closed area for the user group that is accessible via the Internet.
  • Image data and result data accessible, but non-identifying patient data stored.
  • the identifying patient data such as name and year of birth, may be displayed in the same window of the browser 2 together with the image data when the connection to the online platform 4 is established from the internal practice or clinic network 101.
  • the process is shown in Figure 1.
  • connection unit 3 is preferably assigned to exactly one user group, has a unique identification and a private key pair with a private and a public key.
  • the respective public key is also stored on the online platform 4 in the network 100.
  • the connection unit 3 is connected in the local network 101 and, in particular, offers a service on a configurable IP address, which generates a unique session token with a time-limited validity when called using the web browser 2.
  • connection unit 3 redirects the connection of the web browser 2 to the online platform 4.
  • the connection between connection unit 3 and online platform 4 is protected by means of an SSL certificate, which ensures the authenticity of the online platform 4 and encrypts the further communication.
  • the generated session token is transmitted to the online platform 4 where it is linked to the user's online platform session.
  • Internet browser 2 the user now logs on with his personal access data to the online platform 4.
  • the connection unit 3 of the associated user group establishes a connection to the online platform 4. In this and every other requested data exchange between online platform 4 and connection unit 3 in the same session, it is checked whether the connection unit 3 has issued the session token / session symbol, and whether the session / session is still current. If this is the case, data exchange is allowed.
  • connection unit 3 The public key of the connection unit 3 is sent to the browser 2. Locally in the browser 2, a further, "internal key" for a symmetric encryption is generated, in particular at random, in order to protect the identifying data in the communication between connection unit 3 and browser 2. This is done with the help of public Key of the connection unit 3 encrypted and transmitted via the online platform 4 to the connection unit 3.
  • This message can be read on the connection unit 3 using the associated private key.
  • the internal key for the symmetric encryption is known only to the browser 2 and the connection unit 3. All subsequent requests concerning identifiable patient information are backed up with this key, the internal key.
  • a user If a user now requests identifying patient data in a view, they are encrypted with the internal key on the connection unit 3, sent via the online platform 4 to the browser 2 using the SSL-secured connection, and decrypted there in the local browser 2 again.
  • Result data and medical data e.g. Image data managed on the online platform 4 can be sent directly from the online platform 4 to the browser 2.
  • the information is displayed there in the same browser window, backed up with a valid online platform 4 certificate, and without the online platform 4 having access to the identifying patient data.
  • the browser 2 makes a request for merging data, it is transmitted from the browser 2 to the connection unit 3 in a first step S1.
  • the connection unit 3 generates and stores a session key.
  • connection unit 3 forwards the request via the browser 2 and, in a further step S3, to forward it to the online platform 4 together with the session sign via a secure connection.
  • both image data are stored and a public key of the connection unit 3, which is stored there in a step A1.
  • the online platform 4 now provides the corresponding image data together with the public key of the connection unit 3 to the browser 2 in a further step S4.
  • step B1 the public key of the connection unit 3 is stored in the local network 101.
  • this request is forwarded in a step S6 from the online platform 4 to the connection unit 3. This verifies the session sign in a step V2.
  • the private key of the connection unit 3 decrypts the internal key.
  • the identifying patient data are encrypted with the internal key of the connection unit 3 and sent to the online platform 4 in a step S7.
  • this encrypted identifying patient data is transmitted to the browser 2, which decrypts the identifying patient data using the internal key in a step B2.
  • the image data can be displayed to a user together with the identifying patient data.
  • the invention provides a method for merging different partial data, in particular in the form of evaluation data and personal data as first and second partial data stored in different networks 100, 101, wherein the different partial data can be assigned to one another by means of assignment information,
  • connection unit 3 adds connection-specific information to the connection information between the client unit 2 and connection unit 3 to the credentials, after successful verification of the registration information by the evaluation unit 4, transfer of first partial data stored on the evaluation unit 4, from the evaluation unit 4 to the client unit 2 together with first encryption information of the connection unit 3 for communication with the evaluation unit 4,
  • This further embodiment is based, for example, on the embodiment of FIG. 1.
  • FIG. 2 shows steps of a method according to an embodiment of the present invention.
  • FIG. 2 shows steps of a method for requesting a quantitative image data evaluation by a doctor to be examined.
  • a patient is examined in a magnetic resonance tomograph.
  • the resulting image data is saved in the format - "DICOM" - on the device and / or the local PACS system. It also conceivable any other form or type of examination as well as any other type of data, such as audio data or the like.
  • DICOM Digital Imaging and Communications in Medicine
  • PACS Picture Archiving and Communication System
  • the DICOM receiving node of the connection unit 3 receives the DICOMs data and temporarily stores them in an input memory.
  • the files of an examination eg of a study, can be summarized as a dataset.
  • a defined interface is used to check whether the data of a patient are already stored in the local database PID-DB for the assignment of identifying patient data and pseudonyms PID-DB. This comparison is based on several identifying features of the patient, such as patient name, birthday and / or gender. If the adjustment is negative, a new pseudonym is automatically generated by applying a maximum collision-free hash algorithm to the identifying features and storing the name in the local database with PID-DB. If so, the associated pseudonym is read from the local database PID-DB.
  • a static local key can be used which is uniquely assigned to each connection unit 3.
  • the patient identification information PID of a patient is unique for each connection unit 3.
  • the database PID-DB can be located in an external device in the internal or a virtual private network, so that all connection units 3 can access the same database PID-DB.
  • the database PID-DB is located on an external server on the Internet, but does not return any clear data.
  • multiple clinics / practices may receive the same patient identification information PID for a patient, which may be e.g. may be required in registry studies.
  • the DICOM data are pseudonymized by the connection unit 3.
  • the patient name is replaced by a pseudonym and all personal data is deleted from the DICOM tags.
  • patient names etc. that are present in the image can be identified and removed with the aid of text recognition software, and / or features that identify image analysis software, for example facial features, are automatically removed from head images.
  • image analysis software for example facial features
  • the data on the connection unit 3 is compressed to achieve faster transmission on low bandwidth Internet connections.
  • the connection unit 3 opens an encrypted connection to the online platform 4 on the Internet and checks the authenticity of the remote station, ie the online platform 4, based on the SSL certificate used.
  • the connection unit 3 authenticates itself to the online platform 4 based a certificate.
  • the de-identified image data is transmitted, for example, by means of the HTTPS protocol.
  • the successful transfer is checked by examining an MD5 hash of the files.
  • the temporarily stored data in the input memory of the connection unit 3 are deleted.
  • the time of transmission can be configured so that an immediate transmission or a daily transmission eg at night, with otherwise low utilization of the Internet connection or the like is possible.
  • a sixth step T6 the data in the database system of the online platform 4 of the user group of the connection unit 3 are assigned and stored.
  • each connection unit 3 is assigned to exactly one user group.
  • the data is automatically checked for content. In doing so, e.g. DICOM metadata, recorded.
  • the analysis of the data can take place by means of a computer unit 4a on the online platform 4.
  • the analysis results are stored in the database on the online platform 4.
  • the online platform 4 determines by comparison with an application database which evaluation modules can be used with the image data. In another embodiment, it may be configured to automatically perform a particular evaluation after a successful check, e.g. the volume determination of the brain.
  • a user or user accesses the service provided by the connection unit 3 via a web browser 2 in the internal network 101 and is forwarded to the web interface of the online platform 4 via a secure connection to the online platform 4 as described above ,
  • the user can log in with a user account.
  • Connection unit 3 and online platform 4 establish a secure SSL connection and link the pseudonymized image data and analysis results stored on the online platform 4 with the clear data stored and encrypted on the connection unit 3. Both data, ie pseudonymized image data together with analysis results and clear data, are presented to the user together in the same browser window. This link and the decryption of the plain data takes place exclusively locally in the browser 2.
  • an eighth step T8 the user selects the data record for which he wants to start an evaluation.
  • the user interface U1 can indicate to the user which evaluations can be carried out. The user then selects an evaluation. If further user interactions are required, in this case a user can make inputs in a further step T9 and, for example, draw areas on displayed images that are to be explicitly taken into account by the application or excluded from the evaluation.
  • the online platform 4 carries out the evaluation automatically.
  • the evaluation application is preferably executed within a closed analysis network, the pseudonymized image data does not leave this protected network.
  • the result data are stored in the database of the online platform 4.
  • the results data may contain derived image data in DICOM format or textual data, tables and reports. In the configuration of the application, it can be specified whether this result data should be transferred back into the PACS of the practice or clinic.
  • connection unit 3 then requests result data in an eleventh step T11 from the online platform 4. If the result data are in DICOM format and are to be transferred back into the PACS the practice or clinic, they will, as soon as they are present, retrieved from the connection unit 3 and stored there in an input memory.
  • the connection unit 3 reads from the database PID-DB the patient name matching the patient identification information PID. The PID is replaced with the patient name and further defined identifying data is added so that it is automatically reassigned to the same patient in the PACS.
  • the connection unit 3 sends the DICOM data to the local PACS and clears the data in the input memory.
  • the patient identification information PID can also be replaced by the clear data of the patient.
  • reports can provided with clear names held locally on the connection unit 3 and managed via the user interface.
  • the user can view the result data directly in the PACS.
  • the user can locally access the data as well as the intermediate results and the progress of the entire evaluation process in the user interface U1, which is in particular browser-based.
  • the user can access the data as well as the intermediate results and the progress of the entire evaluation process without patient names after login on the online platform 4 on the Internet e.g. via browser or via app.
  • the user can make inputs in the user interface with which the evaluation can be optimized and redone. So he can e.g. Draw areas on displayed images that should be explicitly considered by the application or excluded from the evaluation.
  • the result data may be watermarked, which will not be removed until the user accepts the results.
  • the user can view, manage and print automatically generated areas or the like in a private area of the user interface.
  • the user may release individual visits or data from patients so that a patient himself or another physician may access them.
  • At least one of the embodiments of the invention has at least one of the following advantages:
  • At least one of the embodiments of the invention shows a method and a system that enables medical patient data to be automatically and unidentifiable transferred, managed and there from the internal network of a practice or clinic to a software platform on the Internet to carry out available evaluation modules to support diagnostics.
  • the transfer is possible regardless of the provider of the local data management infrastructure, as established cutting standard can be used.
  • Evaluation modules can be placed on the online platform by third parties and the results of the evaluations can be automatically transferred back to the internal network.
  • the patient names can then be assigned to the result data.
  • a user interface can represent the assignment of patient data and medical data in the internal network.
  • the identifiable patient data are administered exclusively locally.
  • the medical data are preferably medical image data, e.g.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de fusion de différentes données partielles, en particulier sous forme de données d'évaluation et de données personnelles comme première et deuxième données partielles, comprenant les étapes consistant à : - assurer une liaison sécurisée entre une unité de connexion (3) dans un premier réseau (101) et une unité d'évaluation (4) dans un deuxième réseau (100), - séparer les données originales en au moins deux données partielles, les différentes données partielles pouvant être associées entre elles au moyen d'informations d'affectation, - pseudonymiser les secondes données partielles à l'aide d'une unité de répartition, - transmettre des premières données partielles et des deuxièmes données partielles pseudonymisées et des informations d'affectation de l'unité de connexion (3) à l'unité d'évaluation (4), - mémoriser les deuxièmes données partielles sur l'unité de connexion (3), - fournir des troisièmes données partielles sur l'unité d'évaluation (4) basées sur les premières données partielles, en particulier les troisièmes données partielles étant fournies sous forme de premières données partielles évaluées, - transmettre les troisièmes données partielles et les deuxièmes données partielles pseudonymisées ainsi que les informations d'affectation à l'unité de connexion (3) via la liaison sécurisée par l'unité d'évaluation (4), et - fusionner les troisièmes données partielles et des deuxièmes données partielles sur la base des informations d'affectation.
EP19726567.1A 2018-04-27 2019-04-26 Procédé de fusion de données partielles différentes Pending EP3785159A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102018206616.7A DE102018206616A1 (de) 2018-04-27 2018-04-27 Verfahren zum Zusammenführen von unterschiedlichen Teildaten
PCT/DE2019/200034 WO2019206384A1 (fr) 2018-04-27 2019-04-26 Procédé de fusion de données partielles différentes

Publications (1)

Publication Number Publication Date
EP3785159A1 true EP3785159A1 (fr) 2021-03-03

Family

ID=66655108

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19726567.1A Pending EP3785159A1 (fr) 2018-04-27 2019-04-26 Procédé de fusion de données partielles différentes

Country Status (4)

Country Link
US (1) US11341273B2 (fr)
EP (1) EP3785159A1 (fr)
DE (1) DE102018206616A1 (fr)
WO (1) WO2019206384A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11374767B2 (en) * 2019-01-14 2022-06-28 EMC IP Holding Company LLC Key-based authentication for backup service
US20210349988A1 (en) * 2020-05-08 2021-11-11 Jpmorgan Chase Bank, N.A. Systems and methods for decentralized recovery of identity attributes

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5956400A (en) * 1996-07-19 1999-09-21 Digicash Incorporated Partitioned information storage systems with controlled retrieval
US20110110568A1 (en) * 2005-04-08 2011-05-12 Gregory Vesper Web enabled medical image repository
AT12796U1 (de) * 2010-10-29 2012-11-15 Res Ind Systems Engineering Rise Gmbh Verfahren und vorrichtung zur pseudonymisierten datenverarbeitung
US20130324035A1 (en) 2012-06-01 2013-12-05 Nvidia Corporation Methodology for using smartphone in desktop or mobile compute environment
DE102013202825A1 (de) * 2013-02-21 2014-08-21 Siemens Aktiengesellschaft Verfahren und System zur Darstellung medizinischer Inhalte
US9782075B2 (en) * 2013-03-15 2017-10-10 I2Dx, Inc. Electronic delivery of information in personalized medicine
DE102014106112A1 (de) * 2014-04-30 2015-11-05 Clinerion Ltd. Patientenrekrutierungssystem und Patientenrekrutierungsverfahren
EP3046044A1 (fr) * 2015-01-14 2016-07-20 Reinhard Kohleick Système et procédé d'enregistrement de données relatives à des personnes
EP3156932A1 (fr) * 2015-10-16 2017-04-19 Deutsche Telekom AG Procede et systeme de protection de donnees electroniques confidentielles

Also Published As

Publication number Publication date
US11341273B2 (en) 2022-05-24
US20210049301A1 (en) 2021-02-18
DE102018206616A1 (de) 2019-10-31
WO2019206384A1 (fr) 2019-10-31

Similar Documents

Publication Publication Date Title
EP3033855B1 (fr) Assistance à un déchiffrement de données chiffrées
EP2766863A1 (fr) Procédé de traitement d'enregistrements de données relatifs à des patients
EP2795569B1 (fr) Système pour l'authentication des appareils mobiles pour l'échange des données medicales
EP2409255B1 (fr) Procédé de production de paires de clefs cryptographiques asymétriques
EP2759957B1 (fr) Moyen de transmission pour contenus médicaux d'images à la sécurité critique
WO2015024763A1 (fr) Assistance pour l'utilisation d'une clé secrète
EP3672142B1 (fr) Procédé et système de transmission sécurisée d'un ensemble de données
DE112020007364T5 (de) Verfahren und verteiltes Ledger-System zur Unterstützung der gemeinsamen Nutzung digitaler Gesundheitsdaten von Reisenden in einer Reiseumgebung
DE102020212187A1 (de) Medizinisches Datenverwaltungssystem
DE102013202825A1 (de) Verfahren und System zur Darstellung medizinischer Inhalte
WO2019206384A1 (fr) Procédé de fusion de données partielles différentes
WO1999063420A1 (fr) Procede d'acces securise a des donnees dans un reseau
DE102011003784B3 (de) Sichern von Zugriffen auf verteilte Daten in einem unsicheren Datennetz
EP1653701A1 (fr) Méthode, appareils et logiciel pour la vérification des signatures de fichiers signées et pour la conversion de fichiers non signées
WO2003044637A1 (fr) Procede et systeme de memorisation et d'extraction securisee de donnees utiles
WO2016012040A1 (fr) Procédé et système de traitement de données pour la collecte de données pour étude clinique
DE112017004464T5 (de) Healthcare-überwachungsmethode und system zur sicherheit kommunikation von patientendaten
DE10209780B4 (de) Datenverarbeitungssystem für Patientendaten
EP2110980B1 (fr) Stockage sûr basé sur un serveur et validation de données
EP2693352A1 (fr) Système de transmission de données personnelles et non personnelles (Data Split)
EP3373546A1 (fr) Système informatique et procédé avec client, proxy-serveur et serveur
WO2016020202A1 (fr) Procédé servant à télécharger de manière ascendante et descendante au moins un fichier contenant des données à protéger portant sur l'état de santé d'un patient dans un système informatique en réseau
DE102004052934B4 (de) Verfahren zur Eingabe einer Datei in ein Netzwerk
EP3792925A1 (fr) Procédé et dispositif de communication technique des données dans un réseau
DE102017006762A1 (de) Verfahren für die datenschutzkonforme Verwendung von Big Data

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20201026

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20230330

RAP3 Party data changed (applicant data changed or rights of an application transferred)

Owner name: MEDIRI GMBH