JP2005025674A - Information processing system, information processing method, and information processing program operated on computer - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a framework enabling a person to precisely control the access right to the own personal relevant information while permitting the access to the personal relevant information by a party involved other than the person. <P>SOLUTION: This system comprises a database for storing the personal relevant information of an object person in association with information for a person accessible to the personal relevant information; a user authentication means; a means for changing, when an authenticated user is the object person, the information for a person accessible to the personal relevant information of the user in reference to the database based on an input from the user; and a means for reading, based on an input from the authenticated user, the personal relevant information of the object person with which the user is associated as the accessible person in reference to the database, and outputting it to the user. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an information processing technique for managing personal information, and more particularly to an information processing technique that is useful when there is a high need for parties other than the person to access the personal information.

  In today's society where access to various types of information has become easier with the development of communication networks, it is particularly important to manage personal information accurately, such as establishing a privacy policy on the side of system operation. It has become.

Here, an information management system that handles personal information usually employs a framework that allows the person to manage his / her personal information after confirming his / her identity using a password or fingerprint. Many (see Patent Document 1).
JP2003-16187

  On the other hand, there is an information management system in a form in which the person cannot be involved in managing his / her personal information. For example, in an information management system that is operated in the field of medical care or nursing care, a person who performs medical care (such as a hospital) often manages personal related information (such as medical history and prescription). In such a system, the side receiving medical care (patients, care recipients, etc.) cannot easily access even their own information, while the hospital staff does not give personal information without the patient's permission. There is a fact that it can be accessed.

  Even in such a system, it is possible to consider a framework in which a person can manage his / her personal information by performing authentication processing based on, for example, a password or a fingerprint.

  However, for example, in a care information management system, since there is a high need for related parties (helpers, nurses, care managers, etc.) other than the person to access the personal information, only the person can access the personal information (only the person) Cannot know how to use it properly.

  In practice, in order to allow access from related parties other than the principal while remaining involved in the management of personal information by the principal, a framework such as sharing a password etc. between the principal and the relevant person is necessary. Become.

  However, situations where a person other than the person knows the password, etc., can easily lead to unintended leakage of the password, etc., and as a result, a person other than the person authorized to access the person may access personal information. However, there arises a problem that it is not always possible to accurately control access authority to personal information.

  Therefore, an object of the present invention is to provide a framework in which a person can accurately control his / her access authority to personal information while allowing access to personal information by parties other than the person.

  The information processing system according to the present invention includes a database for storing personally related information of a target person and information of a person who can access the personal related information, a user authentication unit, and an authenticated user as a target person. In this case, based on the input from the user, the database is referred to and the database is referred to based on the input from the authenticated user. And means for reading out the personal relevant information of the subject to whom the user is associated as an accessible person and outputting the information to the user.

  Preferably, the personal related information is personal related information about the target person collected and recorded by a third party for the purpose of contributing to the work of a person other than the target person (hereinafter referred to as “third party”). Features.

  Preferably, the target person is a care target person, and the personal related information includes at least one of physical condition information, family information, caregiver information, and care history information of the care target person.

  Also preferably, the database classifies the personal related information into a plurality of categories, and stores information of persons who can access each category in association with each other.

  Preferably, the database classifies accessible persons into a plurality of groups, and stores associations with individual related information for each group.

  Preferably, the user authentication means performs authentication based on fingerprint collation.

  The information processing method of the present invention includes a step of performing an authentication process on a user, and when the authenticated user is a target person, personal related information of the target person and information of a person who can access the personal related information A database that stores information related to the user based on the input from the user, and changes the information of the person who can access the personal related information of the user, and the database based on the input from the authenticated user. A step of reading out the personal related information of the subject to whom the user is associated as an accessible person and outputting the information to the user.

  The program of the present invention is characterized by causing each step of the information processing method of the present invention to be executed on a computer. The program of the present invention can be installed or loaded on a computer through various recording media such as a CD-ROM, a magnetic disk, and a semiconductor memory.

  In this specification, the term “means” does not simply mean a physical means, but also includes a case where the functions of the means are realized by software. Further, the function of one means may be realized by two or more physical means, or the functions of two or more means may be realized by one physical means.

  According to the present invention, it is possible to provide a framework in which a person can accurately control his / her access authority to personal information while allowing access to personal information by parties other than the person.

  Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram showing the configuration of the information processing system according to the first embodiment of the present invention. As shown in FIG. 1, the information processing system 1 includes a personal related information database 10, an IF unit 11, a control unit 12, and the like.

  Here, the information processing system according to the present invention may be either a physically dedicated system or a general-purpose information processing apparatus. For example, in an information processing apparatus having a general configuration that includes an arithmetic means, an input means, a storage means, and an output means, the information defining the present invention can be obtained by activating software that defines each process in the information processing method of the present invention. A processing system can be realized. The dedicated system or information processing apparatus may be configured by a single computer or may be configured by a plurality of computers distributed on a network.

  The personal related information database 10 stores the personal related information of the target person and the information of the person who can access the personal related information in association with each other, and is configured using a conventional database technology such as a relational database. be able to.

  Here, the target person refers to a person whose personal information is managed by the system 1, and the accessible person has an access right to the personal related information managed by the system 1. A person who can view or update personal information (including new registration, deletion, and editing) via the system 1.

  In addition, personal information refers to general information related to individuals, and is a concept that includes basic personal information such as name, gender, date of birth, and address, as well as information on persons other than the person such as family information. .

  In the present invention, it is possible to determine what individuals are targeted and what personal information is to be managed according to the design. A description will be given by taking a home care recipient as an example. In this case, the information processing system 1 is placed under the control of a third party (such as a hospital or a care service company that provides medical / nursing care technology) other than the care recipient, and the work of the third party (medical / care service) In order to contribute to), personal information related to the care recipient is collected and recorded.

  The personal related information database 10 includes, for example, a data table, an access table, and a group table. 2 and 3 show conceptual diagrams of the data structure of each table.

  The data table stores personal related information of the care recipient in association with the identification information of the care recipient (hereinafter referred to as “subject ID”), for example, in a state of being classified into a plurality of categories. (See FIG. 2).

  Categories include, for example, categories related to basic information such as name, gender, date of birth, and address, the level of care required of the person to be cared for, current disease name, recent medical history, past medical history, allergy, infection, ADL, normal Categories related to physical condition information such as body temperature, blood pressure, pulse rate, etc., categories related to caregiver information such as primary caregivers and those who can be cared for during the day, family name, occupation, relationship, presence of living, contact information Categories related to family information such as, physical condition, nursing content, categories related to history such as work diary can be considered. Note that what category is provided and what information is classified into each category can be determined according to the design. For example, a category may be provided from the viewpoint of privacy or the like.

  The access table stores access authority information related to the individual-related information of the care recipient for each category in association with the subject ID (see FIG. 3A).

  In this embodiment, as shown in the figure, the accessible person is classified into a plurality of groups (My Family, My Staff, Agent, etc.), and the access authority information set for each group is stored in the access table. Yes. The agent refers to a person who has been given authority equivalent to the care recipient from the care recipient.

  In the present embodiment, as shown in the figure, two types of access authority information “viewable” and “viewable and updatable” are set, but what kind of access authority is set? It can be determined freely according to the design. For example, a configuration that sets access authority information indicating that there is no authority such as “not viewable”, a configuration that sets browsing and update as independent access authority information such as “viewable” and “updatable”, and “viewable” Various configurations such as a configuration in which only “” is set can be considered.

  The group table stores identification information of accessible persons classified into each group in association with the target person ID (see FIG. 3B). The identification information of the accessible person in each group constitutes accessible person information together with the access authority information for each group stored in the access table. As will be described later, in principle, only the care recipient can determine (change) the contents of the group table, that is, who is registered as an accessible person in which group. Therefore, depending on the intention of the care recipient, for example, a person other than the actual family can be registered as my family, or an office staff who has few opportunities to directly contact the care recipient can be registered as my staff.

  In addition, the categories such as My Family and Agent can arbitrarily register accessible persons. For example, the number of accessible persons registered may be zero. It is desirable to register everyone. Therefore, about the my staff, it is good also as a structure which a care recipient does not determine and register but a third party determines and registers.

  Moreover, in this embodiment, since the care recipient has access authority for his / her personal information as a general rule, the access authority of the care recipient himself is omitted in the access table shown in FIG. . However, the access authority of the care recipient himself / herself may be stored in the access table as needed, such as when the access authority of the care recipient is changed depending on the category or the type of personal related information.

  As described above, in the personal related information database 10, the personal related information is classified into categories, and accessible tables are configured by classifying accessible persons into groups, thereby setting the access authority to the personal related information more flexibly. It becomes possible to do.

  Note that the table configurations and data structures shown in FIGS. 2 and 3 are examples, and other configurations and data structures may be employed. For example, each table has a data structure in which information is stored for each target person. Therefore, the information may be stored and stored in one table that can be searched using the target person ID as a key. Good.

  The IF unit 11 is configured to be able to input and output information to the information processing unit 100 via a communication network in addition to an input device such as a keyboard or an output device such as a display or a printer. A communication module such as an IP driver is provided. The communication network may be any of a LAN, the Internet, a dedicated line, a packet communication network, a combination thereof, and the like, and includes both wired and wireless.

  The information processing means 100 is a user who uses the information processing system 1 (care recipient, helper, nurse, care manager, care staff such as office staff, system administrator, etc .; hereinafter referred to as “user” collectively. .)) And can output information to the user. As the information processing means 100, a general personal computer or a portable terminal can be used. The information processing unit 100 may be configured as a part of the information processing system 1 or may be configured as an external information processing apparatus.

  The control means 12 controls the overall operation of the information processing system 1 and executes authentication processing, browsing / updating processing, access information changing processing, and the like. In FIG. 1, the above-described processes executed by the control unit 12 are illustrated as functional units. In addition to the above-described processing, the control unit 12 executes various processing included in a normal information management system such as user registration processing.

  Hereinafter, based on the flowchart shown in FIG. 4, a framework for managing personal information realized by the information processing system 1 will be described. Note that the steps can be executed in any order or in parallel as long as the processing contents do not contradict each other.

  The control means 12 first executes a login process (S100). The login process is a process (authentication process) for determining whether or not a person who requests use of the information processing system 1 is a user having a legitimate authority. For the authentication process, a well-known authentication technique (for example, an electronic authentication technique based on password verification, fingerprint verification, or the like) can be used. If only passwords are used, there is a possibility of unauthorized access due to password leaks, etc., so verification processing based on biometric information (biometric information) such as fingerprints that does not have such a possibility is used or combined. It is desirable.

  Next, the control means 12 determines whether the authenticated user is a care recipient (S101).

  When it is determined that the user is a care recipient, the control unit 12 outputs category / group selection screen information to the care recipient (S102). The care recipient can select a category or group based on the screen information.

  When the selection of the category is received from the care recipient (S103: category selection), the control means 12 executes a browsing / update process for the care recipient (S104 to S106).

  That is, the control unit 12 refers to the data table of the care recipient, reads out the personal related information belonging to the selected category, and outputs it to the care recipient (S104). As a result, the care recipient can view his / her personal related information, and can grasp what personal related information is managed.

  Next, when receiving an update request regarding personal-related information from a care recipient (S105: update request), the control means 12 prompts the care recipient to input update contents, and based on the input information, the control means 12 The personal related information belonging to the selected category is updated (S106).

  In addition, when the browsing termination request | requirement is received from the care recipient (S105: termination request | requirement), or when the update is completed in S106, it can be configured to return to S102, for example.

  On the other hand, the control means 12 performs an access information change process (S107-S109), when selection of the group is received from the care recipient (S103: group selection).

  That is, the control unit 12 refers to the access table and group table of the care recipient, and outputs a list of accessible persons belonging to the selected group and the access authority set for the group to the care recipient. (S107). As a result, the care recipient can acquire information on a person who can access his / her personal related information, and can grasp the distribution state of his / her personal related information.

  Next, when the control unit 12 receives a change request (including a request for new registration, deletion, and editing) from the care recipient (S108: change request), the control unit 12 sends the change content to the care recipient. An input is prompted, and the information about the selected group in the access table and group table is changed based on the input information (S109). As the change contents, for example, a change of access authority, a change of accessible persons belonging to the group, and the like can be considered.

  In this way, in this embodiment, since only the care target person can make changes to the access table and the group table, who the care target person shows to his / her personal related information Can be reliably controlled, and it is possible to prevent a situation in which a care-related person can access personal information without the knowledge of the person.

  In addition, when the completion request | requirement of the process regarding a group is received from the care target person (S108: completion | finish request | requirement), or when a change is complete | finished in S109, it can be comprised so that it may return to S102.

  Here, it is desirable that the control unit 12 performs an authentication process on the care recipient before changing information such as the access table. As described above, the information stored in the access table and the group table is important information that determines who is shown what personally related information, so authentication is performed not only at the time of login but also at the time of change, This is because it is desirable to make changes after confirming that the person is the person and that the person has accepted it. In this case, for example, the authentication process may be executed at a plurality of timings, such as a timing for accepting a change request, a timing for accepting an input of change content, and a timing for accepting confirmation of the content of change. In that case, in order to reduce the operation burden of the care recipient, care staff etc. will perform login processing by the person himself, change input of access table / group table, etc., and the care recipient will only perform final authentication processing Also good. With this configuration, it is possible to provide informed consent regarding access to personal-related information, and it is possible to realize a safer framework for the use of personal-related information.

  On the other hand, when it is determined in S101 that the user is a care recipient other than the care recipient, the control unit 12 executes a browsing / update process for the care recipient (S110 to S114).

  That is, the control unit 12 refers to the access table and the group table, extracts identification information of the care recipients who are registered as accessible persons, and creates a list of the care recipients. Output to the care-related person (S110). The caregiver can select an accessible care recipient based on the screen information.

  When the control means 12 accepts the selection of the care recipient from the care recipient, the control means 12 refers to the access table of the selected care recipient, and the access privilege “viewable” or “ A category for which “browsing and updating is possible” is acquired, and category selection screen information is output to the care-related person (S111). The care-related person can select a category accessible with respect to the selected care recipient based on the screen information.

  When the control unit 12 receives a category selection from a caregiver, the control unit 12 refers to the data table of the selected caregiver, reads out the personal related information belonging to the selected category, and outputs it to the caregiver (S112). Thereby, the caregiver and the related person can browse the personal related information belonging to the category for the selected care recipient.

  Next, when receiving an update request regarding personal-related information from a caregiver (S113: update request), the control means 12 is set with the access right “viewable and updatable” for the selected caregiver for the selected category. On the condition that the person concerned is prompted to input the update contents, and the personal related information belonging to the selected category of the selected care recipient is updated based on the input information ( S114). In this case as well, as in S106, a predetermined word or the like can be automatically converted and registered.

  Since the personal related information in this embodiment includes information that should be input by a caregiver such as a care history and a work diary, it is necessary for the care related person to be able to update the personal related information independently. In particular, accessible persons (helpers, nurses, etc.) registered with My Staff are obliged to write a work diary when performing services such as care services. Must be configured so that it can be updated. However, since there is some information such as basic information such as name that is not appropriate for granting update authority to caregivers, it may be configured so that “viewing and updating” cannot be set for such information. desirable.

  In addition, when the browsing termination request | requirement is received from the care worker (S113: termination request | requirement), or when the update is completed in S114, it can be configured to return to, for example, S110 or S111.

  According to this embodiment, since it is set as the structure which manages the information of the person who can access personal relevant information of a care target person using an access table and a group table, it is necessary for a nursing care person to access personal relevant information. In this case, it is only necessary to register care-related person information in the access table and the group table, and it is not necessary to teach the care-related person a password or the like, so that the conventional problem caused by sharing the password or the like can be avoided. As a result, it is possible to realize a framework in which the person can accurately control his / her access authority to the personal information while allowing access to the personal information by parties other than the person.

  In particular, in the medical / nursing care field, it is assumed that a third party other than the care recipient collects and records personal information of the care recipient for the purpose of contributing to the work of the third party. According to the above, even in such a case, the care target person can remotely control the access authority (so-called use authority) of his / her personal related information via, for example, a communication network.

(Other)
Note that the present invention is not limited to the above-described embodiment, and can be applied with various modifications.

  For example, in the above embodiment, the access authority is managed for each combination of category and group, but the present invention is not limited to such a configuration. For example, the access authority may be managed for each individual related information, for each accessible person, or for each combination, not for each category or group. In addition, for example, the access authority is managed depending on only the group regardless of the category (for example, “viewable” is always set for My Family and “viewable and updateable” is always set for My Staff). Or, for certain combinations and personal related information, predetermined access authority is automatically set regardless of the intention of the care recipient (for example, predetermined personal related information such as a predetermined category or business diary) "My account" is automatically set to "Readable / Updateable"; in this case, the work diary etc. is automatically "Readable" after registration in order to prevent it from being modified once registered It is also possible to adopt a configuration. Furthermore, the management unit varies depending on the type of access authority (for example, “browsing / updating” is managed depending on the group, and “browsing is possible” is managed for each combination, etc.). It is good also as a structure which can manage authority.

  Further, for example, in the above-described embodiment, when the contents of the access table or the group table are changed, the authentication process is performed on the care recipient, but not only in such a case, but also stored in the data table, for example. Even when the individual related information is updated, the authentication process may be executed on the care recipient or the accessible person.

  Further, for example, in the above embodiment, the update request related to the personal related information is received from the care recipient, that is, the care recipient himself can perform new registration, deletion, and editing of the personal related information. There may be a case where it is not appropriate to grant the update authority to the target person like the information described in the medical record. Therefore, in consideration of such a case, for example, an attribute indicating whether or not the target person can update is added to the personal related information, and it is possible to determine whether or not to accept an update request according to the attribute. Good. Alternatively, it may be configured to handle one that does not accept an update request as one category.

  Further, for example, in the above embodiment, the nursing care field is described as an example, but the present invention is not limited to such a field. For example, a relationship other than the person (parent or child) such as a babysitter or a tutor If there is a high need for a person to access personal information, the same can be applied.

  Depending on the field of application, from the viewpoint of the efficiency and safety of business practice, the subject may not control the access authority for all personal related information, but the framework of the present invention may be applied to a part of the personal related information to be managed. A form in which the framework of the present invention is applied can be conceived for a form in which the framework of the present invention is applied, or for a predetermined access authority (for example, only for “viewable”).

It is a block diagram which shows the structure of the information processing system which is embodiment of this invention. It is a figure for demonstrating the data structure in a personal relevant information database. It is a figure for demonstrating the data structure in a personal relevant information database. It is a flowchart for demonstrating the framework which manages individual relevant information.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Information processing system 10 Personal related information database 11 IF means 12 Control means 100 Information processing means

Claims (8)

A database that stores the personal related information of the target person and the information of the person who can access the personal related information in association with each other;
User authentication means;
If the authenticated user is a target person, based on the input from the user, referring to the database, the means for changing the information of the person who can access the personal related information of the user;
Means for reading out personal related information of a target person associated with the user as an accessible person with reference to the database based on an input from an authenticated user, and outputting the information to the user. Information processing system. The personal related information is personal related information about the target person collected and recorded by a third party for the purpose of contributing to the business of a person other than the target person (hereinafter referred to as “third party”). The information processing system according to claim 1. The target person is a medical / care target person, and the personal related information includes at least one of physical condition information, family information, medical / caregiver information, and medical / care history information of the medical / care target person The information processing system according to claim 1 or 2. 4. The database according to any one of claims 1 to 3, wherein the personal information is classified into a plurality of categories, and information on persons who can access each category is stored in association with each other. Information processing system. 5. The database according to claim 1, wherein the database classifies accessible persons into a plurality of groups, and stores associations with individual-related information for each of the groups. Information processing system. The information processing system according to claim 1, wherein the user authentication unit performs authentication based on biometric information collation. A process of authenticating the user;
When the authenticated user is the target person, the personal information related to the target person and the information of the person who can access the personal related information are referred to and stored in a database, based on the input from the user. Changing the information of those who have access to the user's personal information;
Reading the personal related information of the target person to which the user is associated as an accessible person with reference to the database based on the input from the authenticated user, and outputting the information to the user. Information processing method. An information processing program for causing a computer to execute the information processing method according to claim 7.

Images