JP2006048670A - Medical information processing system, storage medium for medical information processing, and reader for medical information processing - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a processing technology of medical information capable of providing high-grade service in peace using a storage medium such as an IC card without once sending personal information to a system. <P>SOLUTION: A medical information processing system comprises a network computer 4 capable of reading and writing the IC card 500, a server 2 for supplying a program and data to the network computer 4, and a public database 3 that can be accessed from the server and stores user interface information, medical information, or the like. The network computer 4 anonymizes biologic information sent from the IC card 500 after the required authentication. The anonymized biologic information is transmitted and received among various places (5, 6, 7, 8 and 9) such as facilities only while the IC card is authenticated, and can be associated with the medical information on the database. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  TECHNICAL FIELD The present invention relates to a medical information processing technique for safely performing medical information communication that requires continuous information management, such as health management, to be performed when receiving a medical information service repeatedly. The present invention relates to a technology capable of transmitting and receiving medical information of a user himself / herself without providing information for identifying an individual.

  Various medical information, such as measurement data such as user's blood pressure, body temperature, heart rate waveform, etc., treatment history data such as treatment and medication (medical chart data), etc. are digitized and networked for the purpose of protecting personal information There are strict regulations for this. However, since the right to access medical information is granted not only to the user himself / herself, but also to a doctor who is associated with the medical information, a large amount of personal information is managed for each medical institution such as a hospital. When a user intends to use data about his / her medical information, it is necessary to visit each medical institution that manages the data. In addition, when the same user visits multiple medical institutions, biometric information and treatment / medication information measured in the past at each medical institution is managed by an incompatible system. The same inspection may be performed every time.

On the other hand, information management is performed so that individual users can be identified by terminal devices in the facility so that the system in the medical institution can be used safely. That is, by inputting a predetermined ID and password, the individual user is authenticated and can access the system, and the user is given a serial number for the biometric information in the system that has been previously anonymized and stored. By inputting anonymization information such as, reading and writing are performed. In recent years, with the advent of IC cards, information systems for transmitting information by individuals while ensuring security are being developed. For example, in Patent Document 1, personal information such as biometric information stored in an IC card is read by a reader and temporarily stored in an external terminal, and necessary written personal information is stored in the IC card. An information system for erasing all personal information from an external terminal after storage is disclosed.
JP 2004-62856 A

  However, medical facilities that have systems that can identify individual users may leak personal information due to hackers or system failures. In addition, there is a possibility that information is leaked during communication with the network or from the system side while the IC card is connected to the system. As the personal information, the biological information that should not be leaked most includes genetic information such as SNP (single nucleotide polymorphism).

  An object of the present invention is to provide a medical information processing technology that can solve the above-mentioned conventional problems and can provide a high level of service by using a new security technology that can be relieved using a network computer and an IC card. There is to do.

  The present invention provides a medical information processing technique that uses a network computer and an IC card, for example, and can provide advanced services with a simple configuration.

A medical information processing system according to an aspect of the present invention includes a reversibly connectable storage medium in which at least user identification information and biometric information about a user are stored, a read / write of the storage medium, and a user A computer capable of accessing a database in which medical information useful for the patient is stored, and the computer has at least a function of performing authentication based on biometric identification information through an attached storage medium and reading and anonymizing the biometric information. The anonymized biological information is associated with the medical information in the database only during the period in which the storage medium is mounted.
Note that the present invention is not limited to a system, and may be realized as a method and program invention. The present invention can also be realized as an invention of a storage medium applied to the above-described system and an invention of a reading device for the storage medium.

  According to the present invention, since it is configured so that no information that can identify an individual user is taken out from the IC card while utilizing the anonymization function, security for access to the medical information of the user can be ensured. . In addition, since individual test data that can be used in common by a plurality of medical institutions can be managed by the user, cooperation with various medical institutions is facilitated, and high-quality medical care can be expected for each individual.

Embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram showing the configuration of the medical information processing system of the present invention. A plurality of network computers 4 (hereinafter referred to as “NC”) and a server 2 are connected to a public communication network 1 such as the Internet or ISDN, and each NC 4 is, for example, a group 5 installed in a personal facility, A group 6 installed as a home device in each user's individual residence, a group 7 installed in a portable terminal such as a mobile phone on the go of each user, and sharing the system with each personal facility Each group 8 is installed in a high-level medical institution such as a hospital or clinic that has such a partnership agreement.

  For example, the server 2 installed in the medical information service company includes a database 3 and can be accessed from the NC 4 via the communication network 1. The server 2 determines whether or not the user identification information (ID) input from the NC is valid. If it is valid, the user interface information of the user is read from the database 3 and the application required by the NC 4 Supply programs and data. It also enables access to the medical information of the corresponding user.

  The database 3 can be searched from the server 2 and stores user interface information about users, medical information about users, information about medical institutions, and the like.

  FIG. 2 is a block diagram showing a system for connecting the NC 4 and other devices in cooperation with the IC card. The NC 4 is connected to a communication network line such as ISDN or LAN, and includes a wearable IC card driver (reader / writer) 11. The IC card has a shape that can be attached to the IC card driver 11, and is dedicated to the server in the identification information (ID) of the user, the address information of the server to be connected, that is, the Internet / intranet address or ISDN / communication network. The telephone number of the access point is stored. Further, the IC card stores the user's own biometric information and the inspection history related to the user himself / herself. The IC card may store user interface information, personal treatment history, medication information, or the like as necessary.

  The NC 4 includes, for example, a touch panel device 10 as a data input device. The touch panel device 10 is configured to be integrated with a screen of a television 14 that is a display device, for example, and sends a coordinate signal such as an RS-232C signal when a user touches the screen with a finger or a pen. is there.

  For example, NC installed in a user's house or hospital includes a biological information detection device 13 as a data input device. This biological information detection device 13 measures a blood pressure, a body temperature, a heart rate, etc. by simply wrapping a band containing a sensor around an arm or the like, and converts it into, for example, an RS-232C signal and outputs it, for example. Equipment. In recent years, there are a large number of simple and painless biopsy apparatuses, and it is preferable to provide a sufficient number and types of inspection apparatuses as a system in a personal inspection facility so as to meet various purposes. In some cases, a sequencing device for examining a part or all of the genome related information may be provided in the same facility separately from the system.

  For example, the NC 4 installed in the hospital preferably includes a scanner 15 as a data input device. The scanner 15 may be configured such that a doctor or the like reads a handwritten medical chart and converts the text using OCR software or entrusts data input to an agent such as an information service company. As a data output device, a general television is used so that an individual user can enjoy a TV program, but a dedicated display device using a CRT or a liquid crystal may be used. Moreover, you may equip a printer as needed.

  FIG. 3 is a block diagram showing a schematic configuration of the NC 4. The NC 4 is configured to download a program from the network and execute it. Accordingly, the hard disk device for storing the normal program is unnecessary, and the minimum program for connecting to the server and executing the downloaded program is stored in the ROM 22 based on the server information read from the IC card. (Details will be described later). Other circuits such as CPU 20, RAM 21, video control circuit 23, TA (terminal adapter) / MODEM (modem) 24, IC card driver 11 and driver control circuit 25, serial port circuits 26 and 27 such as RS-232C, bus 28 Is the same as a device such as a normal personal computer. However, the IC card driver 11 has a function of turning on the main power supply of the NC 4 when detecting that the IC card is inserted.

  FIG. 4A is a flowchart showing the contents of the program stored in the ROM 22 of the NC4. The program is activated by inserting a personal IC card owned by the user into the card reader and mounted so as to be connectable to the system. In S1, the access to the system by the IC card 12 is confirmed. The user identification information (for example, member ID) for identifying the user himself / herself stored in the IC card is anonymized into anonymized identification information such as a serial number. The anonymized identification information created here is preferably stored in the storage area of the IC card 12 in association with the user identification number together with the date and time of access to the system. The anonymized identification number created here is newly set every time the system is accessed, or anonymized identification information that differs depending on the communication destination is created, so that even the access history other than the IC card 12 is generated. It is preferable to enhance security so that it is not understood. Further, it is preferable to perform authentication for confirming whether the system user using the IC card 12 is the owner of the card. Further, it is preferable that the storage area of the IC card 12 stores the Internet / intranet address or the telephone number of the access point dedicated to the server in the ISDN / telephone network so that it can be read out. In S2, the NC 4 connects to the designated server read out appropriately through the line of the connected communication network. When the connection is completed, in S3, biometric information is transmitted and received between the NC 4 for each group that the user has accessed the system and the server 2 in the public information facility. That is, the NC 4 integrates the anonymized identification information already created in S 1 with the biological information read from another area of the IC card 12 and transfers it to the server. Here, the biological information includes daily data that has been measured in advance by a desired testing device, and SNP information that represents only the genetic type of the user's genomic information. Further, the biometric information may include pre-input information (for example, family history, lifestyle habits, health promotion activity contents, etc.) that can be sent out as necessary. The server 2 stores or collates the received biological information in various databases (DB) 3 according to information. Thus, the IC card 12 does not send out any information that can identify the user in the card. Further, the NC 4 connected to the IC card 12 can update a huge amount of data stored in each DB 3 and obtain public data rational to the user by collation.

  The anonymization identification information sent from the NC4 preferably includes NC4 ID information for authenticating the NC4 installed at a plurality of locations. The NC4 ID information is checked by the server and is a valid communication route. After being authenticated, it is preferable to move to the next step. In θ3, the server 2 further transmits effective information such as diagnosis and treatment that matches the biometric information sent from each DB 3 before or after the above-described update of the data through the same communication route as the reception of the IC card 12. Is transferred to the connected NC4. At this time, it is preferable that the program and user-specific user interface information are transferred from the server. In S4, the later-described analysis processing unit installed in NC4 performs accurate data interpretation (explanation of fluctuation status of daily data) regarding the user's ecological information, and preferably evaluates (about the interpreted fluctuation status) The determination result is returned to the user's IC card 12. In S5, based on the received program and user interface information, information such as an (initial) menu is displayed on the screen of the television 14, the information flow is monitored, and variation data relating to biological information is returned to the IC card 12. Displayed before or simultaneously with return. Therefore, even when using an NC at an arbitrary location, a screen set specifically for the user who has inserted the IC card is displayed. The personal facility group 5 and the partner medical facility group 8 can transmit and receive biometric information that is anonymized by an advanced authentication mechanism, like the relationship between each group and the public information facility described above. May be preferred. By doing in this way, a user who uses daily biological information in a personal facility can receive a high level medical practice in the affiliated medical facility via the IC card 12. When the IC card 12 is connected to the NC 4 in the affiliated medical facility using the IC card 12, the system is designed so as to conform to a specific user interface adopted for each medical facility.

  In S6, it is determined whether or not data is input from the touch panel device 10, the biological information detection device 13, or the scanner 15. If the result is affirmative, the process proceeds to S8. If the result is negative, the process proceeds to S7. . In S7, it is determined whether or not the IC card 12 is pulled out from the driver 11. If the result is negative, the process returns to S6, but if the result is positive, the process ends.

  If the determination result in S6 is affirmative, the process proceeds to S8, and (anonymization) biometric information is transmitted and received. In S9, it is determined whether or not a program or data has been transmitted from the server. If the result is affirmative, the process proceeds to S10 to update the program or data, and the process returns to S5.

  FIG. 4B is a flowchart showing the contents of general processing in the server 2. The program in the server is activated by access from NC4. In S20, ID information is received from the NC, and in S21, it is determined whether or not the ID information is valid. If it is determined to be valid in S21, the process proceeds to S22, and a program to be executed initially and user interface information specific to the user are transmitted to the NC.

  In S23, it is determined whether or not biometric information has been input from the NC. If there is an input, the process proceeds to S24, where the input data is analyzed and necessary processing is performed. In S25, it is determined whether or not a program transfer is necessary for the result of the process in S24. If necessary, a necessary program is transferred in S26. In S27, it is determined whether or not data transfer is necessary for the result of the processing in S24. If necessary, necessary data is transferred in S29. In the above example, in S25-29, blood pressure and body temperature graph data are transferred to the NC together with the graph display program. In S29, it is determined whether or not there is an end notification from the NC. If not, the process returns to S23.

Next, the biological information remote evaluation service executed mainly in S26 of FIG. 4B will be described.
In the remote evaluation service, a user measures blood pressure, body temperature, heart rate, and the like for a certain period by the biological information detection device 13 connected to the NC 4 at home, for example, and transfers the measurement data to the server 2 in an anonymized state. The server 2 stores the received data in the database 3 together with time information. Furthermore, a statistical process is performed, and graph data is generated, etc., and personal evaluation about the fluctuation | variation state of biological information is performed. Preferably, it is compared with a predetermined abnormality determination threshold value to determine whether or not there is a change to be noted. If the determination result is abnormal, a warning or the like is notified to the user himself / herself, It is possible to call attention so that troubles that should be done (such as complications, sudden symptoms such as collapse and dyspnea) do not occur. This notification is also given to pre-selected doctors in charge, the nearest emergency hospital, relatives, acquaintances, etc., so that evaluation results and / or judgment results are attached according to the degree of urgency. To be able to respond quickly in an emergency.
As a notification method, if the NC is connected, a message may be sent to the NC, and if the NC is not connected, the notification may be switched to automatic notification by FAX, telephone or the like. After storing the evaluation result and notification information in the IC card, the user terminates the transmission / reception of all information by canceling the authentication by the IC card (for example, removing the card from the card reader).

  In addition, this invention is not limited to said embodiment, The following modifications are possible. The NC4 generally refers to a computer that operates by reading user identification information from an IC card or the like and downloading a program and user interface information from a specific server. It suffices if it has a function, and it may have other functions that a normal personal computer or the like has. Therefore, an NC OS that executes a program downloaded from a server by adding an IC card driver to a personal computer may be executed.

  The data input device for the NC 4 may be a simple keyboard or a remote control device including the keyboard, and may further include a full keyboard. The user identification information storage medium may be a magnetic card, but it is difficult to ensure security because it is easy to duplicate or modify, and an IC card is more appropriate. Note that an IC card that can be used by anyone may be inserted into the NC, and an ID and password may be entered to provide a function that enables the system to be used without a personal IC card.

  As the above embodiment, an example in which only the user identification information and the server address information are stored in the IC card has been disclosed. However, the user's address, name, contact information (phone number), Medical record data, medication data, normal blood pressure, biological information such as body temperature, precautions such as allergies, etc. may be stored. Although the example which uses the device which measures blood pressure, body temperature, a pulse, etc. automatically as a living body information detection device was disclosed, the measurement item is not restricted to this, it is in-vivo component values, such as blood sugar level and urine component analysis value, It may be a motor activity value such as the number of steps or vital capacity. In addition, the measurement method using various measuring devices may be an automatic input / output by automatic measurement, or may be a method in which measurement is performed manually and a read measurement value is input from a touch panel or the like.

FIG. 5 is a diagram showing a medical information processing system for biometric information using an IC card.
Further, in FIG. 5, an IC card 500 that can be attached and detached is used in order to safely acquire and analyze biometric information related to the user. The IC card 500 is common to a card reader having a structure common to all of the testing device 110, the portable device 350, the home device 360, and the user terminal 130, which are means by which a user may transmit and receive biometric information. It is a shared device that can be attached to and detached from the device. Information that has continuity anytime, anywhere, while receiving advanced authentication and protection of personal information by using the system while the user installs and removes the same IC card 500 according to the location where the user wants to use the system. Processing can be performed. Information processing with continuity here means that the history of transmission and reception of biological information performed at different dates and places is completely continuous. When a plurality of IC cards 500 are used or information processing that does not use the IC card 500 is mixed, biometric information is transmitted and received separately, which may impair the continuity of history. When biometric information transmission / reception is discontinuous, information is likely to be partially lost or duplicated, which is not preferable because an erroneous conclusion may be derived even temporarily.

  One of the features in FIG. 5 is that when the data processing unit 140 performs analysis processing (interpretation or evaluation) on the biological information stored in the IC card 500, the data storage / reproduction unit 160 does not pass through the network. The point is that the information is reciprocated to and from the analysis processing unit 144 without going through the process. The analysis processing unit 144 is a means for sending back a status report that only summarizes information in a report format, and the information only passes along a predetermined report route, so no information is stored in the facility. . Moreover, in order to access the analysis processing unit 144, the IC card 500 is always directly attached to the user terminal 130 installed in the personal facility 100, so that information leakage inside and outside the system is completely prevented. I can stop. When the IC card 500 mounted on the card reader 400 of the user terminal 130 is authenticated, an instruction from the user terminal 130 becomes possible, and analysis processing is performed by the user inputting desired analysis contents through terminal operation. Command information is sent to the unit 144. Further, even when using information stored in the data storage / reproduction unit 160 provided in the personal facility 100, the analysis is performed through the analysis processing unit 144. Therefore, any analysis processing can be performed on the IC card 500. However, it has a mechanism that only records history. Note that during communication between the user terminal 130 and the analysis processing unit 144, it is preferable to disconnect the network from the outside of the facility or switch to a system separated from the network.

  Another feature is that the biological information converted into the data that can be analyzed through the measurement processing unit 142 always circulates on the network inside and outside the facility through the anonymization filter 146. Only anonymized biological information can be stored or used externally. That is, the biometric information created through the various testing devices 110, the home device 360, and the portable device 350 is at least processed by the anonymization filter 146 installed in the card reader 400 or the IC card 500 as shown in FIG. The information is sent to the measurement processing unit 142 as anonymized information that cannot identify the user. The anonymization information sent from the measurement processing unit 142 is organized for each anonymization identification information and stored in the data storage / reproduction unit 160 as necessary.

  Next, a case will be described in which anonymized biological information is transmitted toward the public medical database 300. Anonymized biological information is information that does not adversely affect individual users and can contribute to the development of public medical information. An evolutionary medical information database that has evolved into a higher quality database by anonymized information from a large number of users is sent to various advanced medical institutions or individual users through a search database 230 in the public information facility 200. It will provide optimal medical information.

  FIG. 6 is a diagram showing a configuration of the card reader 400 corresponding to the wearable IC card 500. On the card reader 400 side, an anonymized identification information storage unit 440 (first storage unit) that stores user identification information that identifies the user himself / herself in anonymized identification information by the anonymization filter 146; Anonymized biometric information storage unit 450 that stores type information (for example, gene information consisting of only one or more SNP sequences corresponding to specific disease associations in genomic information) excluding a part capable of identifying an individual in biometric information. (Second storage unit). In the transmission / reception from the card reader 400 to the system main body, information from each of the storage units 440 and 450 after anonymization is transmitted and received. The card 500 also has an authentication mechanism for authenticating that the card user is the user. In particular, since the system of the present invention stores the biometric information of the user, a physical identity authentication mechanism based on biometrics technology is suitable. In this figure, a personal authentication mechanism (fingerprint detection unit 510) using a fingerprint is provided in the handle portion of the card, and the card cannot be used when it does not match the fingerprint of the user (biometrics authentication unit). The program is installed in the CPU 530 in the card so that it cannot be tampered with. Other biometric techniques for recognizing a person's physical characteristics can be applied as well. In some cases, only this biometrics mechanism may be a dedicated device separate from the card to prevent forgery authentication due to theft of the card or electrical shock to the card. As a device different from a card having a biometrics mechanism linked with an authentication program in the card, a body wearing member that can be worn by the user, for example, a bracelet, a necklace, an ankle, an abdominal belt, a head Headbands, gloves, shoes, socks, ties and dentures may be used. By controlling the use of the IC card in cooperation with the biometrics device worn on the body, a perfect information processing system that can be used only by the person or his / her companion (family, relatives, etc.) can be realized. The biometrics mechanism may further add a function for permitting reading of information outside the allowable range sent from the IC card from the system side according to the communication destination. This is because it may be preferable to disclose as much information as possible only during a period in which the card is in a connected state, particularly when receiving medical advice or health advice on a common display while facing one-on-one.

FIG. 7 is a diagram showing a configuration of the card reader 400 corresponding to the non-contact type IC card 500. 7, the same parts as those in FIG. 6 are denoted by the same reference numerals. The IC card 500 and the card reader 400 in FIG. 7 have almost the same configuration as that in FIG. 6, except that the anonymization filter 146 is on the card side, not on the reader side.
This is because, in the case of a non-contact type storage medium, biological information is transmitted / received to / from the card reader 400 by wireless means (radio waves, infrared rays, ultrasonic waves, etc.), and there is a possibility of information at the time of transmission / reception. In order to completely prevent spills, especially leaks on unauthorized networks, it is effective to send and receive data after anonymizing the card. Thus, only the anonymized biometric information is sent from the IC card 500, so that the card reader 400 side is stored as it is in the first storage unit and the second storage unit, and is transmitted to and received from the system main body. .

As for the present invention described above, important matters for understanding the features of the present invention will be described.
(1) About the entire system
・ Background: Only the information of the sick person is continuously stored in the medical system of the medical institution. In the medical system of the medical examination center, information on sick and healthy people is randomly and regularly accumulated. As a personal medical system, there is a system that continuously communicates (or at home) with an inspection device dedicated to a specific item. However, there is no system that collectively processes various types of biological information by various types of inspection equipment corresponding to the necessary and sufficient number of items that differ from person to person. Moreover, there is no communication system that anyone can use easily and continuously. Note that “communication” means not only a network but all system elements that are systematically connected to a storage medium for personal authentication.
-Since the system according to the present invention uses a plurality of inspection devices by a plurality of users (members), there is a possibility that the user information and the inspection device information may be mixed due to crosstalk or the like. In order to cope with this, a storage medium (for example, an IC card) capable of reversible electrical connection and having an advanced authentication function is used, and the external of the storage medium after anonymizing biometric information In other words, by combining the points that enabled communication within the medical system, it was possible to achieve both authentication and personal information protection for all users without the need for control by a third party. On the other hand, in the case of a conventional system that accumulates medical information exclusively with personal health equipment, it is erroneous because a third party uses the equipment without permission or communication within the system is mixed. Biometric information may be stored. Moreover, if only the authentication function is used, it is the same type as fitness equipment, and advanced medical information cannot be used. Furthermore, in a system that manages personal information and biometric information by a third party, there is a risk of information leakage due to human error and theft of management data.
-The final goal of the present invention is, for example, individual diagnosis based on individual characteristics, optimal treatment based on individual characteristics, secondary prevention of lifestyle-related diseases (cause serious complications from various lifestyle-related diseases) It is to provide a useful medical system that contributes to the
-It has the function of presenting biometric information in a format that is easy to use for each medical institution to doctors and laboratory technicians who are facility staff of medical institutions (facility members) such as affiliated hospitals.
The function unique to the present invention may be in any one of the IC card 500, the personal facility, and the partner medical institution.
(2) About the IC card 500 (storage medium) The reversibly connectable storage medium of the present invention includes all means capable of transmitting and receiving information related to users necessary for using the system. Can do. Since the IC card includes all forms having an IC chip, any device other than the card shape, such as a rod shape, a sheet shape, a spherical shape, a pen shape, and a syringe shape (for example, glasses, a hat, clothes, ear pads, a name tag) , Keys, medals, reattachments, paper notebooks, business cards, writing pens, etc.), and any portable electronic device (for example, telephone, hearing aid, camera, watch, etc.) that has an adapter part or antenna part incorporating an IC chip. Electronic notebook, electronic calculator, personal computer, etc.).
-It is preferable that the staff in various medical facilities and personal (inspection) facilities also attach and detach the IC card 500. However, it is preferable that the function of the card is not a simple authentication but the same role as the user's card or a subordinate role. In particular, the staff IC card needs to have a configuration that excludes or prohibits a leading function such as storing or reading out any information from the user.
(3) About the analysis processing unit 144-Only the user's genetic type and test data (biological information) are temporarily received and medical information is interpreted, and no information is stored. The gene information handled here is not information specifying individuals, but only SNP information (that is, type information) of SNP regions that can be associated with test items. Therefore, a large amount of genomic information including sequence information that can specify individuals is used. Most are not sent from the IC card. Therefore, even if there is unauthorized access from outside during data processing in the analysis processing unit 144, there is a possibility that only type information in a very small part of the SNP area may leak out as biological information. There is no possibility of leaking genome information that can identify individuals.
-As a daily function, it reports on the fluctuation status of biological information measured at many different dates and sends it back to each user. Thereby, since the continuous evaluation according to individual fluctuation | variation can be browsed at a glance, it is suitable for the continuous use over a lifetime.
・ As an important sudden countermeasure function, a warning is given when the variation of biological information is abnormally large. The warning method is preferably in various forms according to the degree of urgency, and can be appropriately combined with visual expression on a display screen or printing paper, and auditory expression such as a buzzer sound or a warning message using an audio device.
・ One of the advantages of users is that, regardless of their genetic type, they can easily and easily monitor changes in their biological information for a long period of time.
(4) As personal information, there is the following biological related information to be input in addition to examination data.
(1) Family history
(2) Lifestyle
(3) Health promotion measures (physical exercise, supplements, herbal medicine, health supplements)
(5) Database (DB)
The public DB is composed of a standard information group in which an unspecified number of gene information is associated with various medical information, and the details include, for example, the following specific DB.
(1) Genomic electronic medical record DB (genetic information source by disease collected from many unspecified hospitals)
(2) Disease related information DB (information source indicating correlation between SNP and disease)
(3) Food pharmacokinetics DB (information source indicating changes in food or drug metabolism due to SNP)
(4) Latest medical DB (the source of medical information (e.g., diagnosis, treatment) that is currently the best evaluation)
(6) About the analysis (or search) engine-When it is installed in a personal facility, it is a personal search engine specialized for individual members (users). Create health promotion information (anonymization). In this case, a DB for storing health promotion information for each member may be provided in the facility.
・ When provided on the public DB side, the third information provider updates the public DB comprehensively and patterns (standardizes) health promotion information for each type corresponding to each SNP type. It is a public search engine that can be created and registered in the server terminal and stored.
-The personal analysis engine and the public analysis engine may function cooperatively. Here, when functioning cooperatively for individual health promotion information, the best information such as disease-related information, optimal food information, and the best possible medical technique that are most applicable to each user. It is possible to obtain personal health promotion information collected only as search results. In addition, when cooperating for health promotion information that contributes to the benefit of the public (the masses), the anonymized biometric information that is provided by consent from a large number of users is made public. By increasing the amount of information provided to the medical DB, and searching and updating the information in the public DB with a public analysis engine, the public medical database can be modified or evolved to a better one. .
(7) Possibility of widespread use of the system of the present invention
The system of the present invention has the feature that authentication for each user and use of the system are possible without distributing any information for identifying an individual during use of the system. Therefore, medical information can always be safely used by any user of both young and old. Therefore, there is also an effect that it is possible to strongly support home medicine and systematization of various health support businesses that are expected to increase in the future.
・ As mentioned above, users can always provide their own biometric information necessary for advanced medical care to different facilities, improving the overall quality of medical care and eliminating the need for repeated tests. There is also an advantage that medical expenses as a national expense can be greatly reduced.
Furthermore, since type information that does not include personal information and anonymized biological information can be safely provided to a public database, there is a possibility that information collection in a public-type medical database will be remarkably active. As a result, the quality of public medical information grows and evolves at high speed, and the quality of advanced medical care such as evaluation and diagnosis / treatment of medical information suitable for each individual is further improved.

  The present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the invention at the stage of implementation. Further, the above embodiments include inventions at various stages, and various inventions can be extracted by appropriately combining a plurality of disclosed constituent elements.

  In addition, for example, even if some structural requirements are deleted from all the structural requirements shown in each embodiment, the problem described in the column of the problem to be solved by the invention can be solved, and the effect described in the effect of the invention Can be obtained as an invention.

It is a block diagram which shows the structure of the medical information processing system which concerns on one embodiment of this invention. It is a block diagram which shows connection with NC4 and another apparatus. It is a block diagram which shows the structure of NC4. It is a flowchart which shows the processing content in NC and a server. 1 is a diagram showing a medical information processing system for biometric information using an IC card 500. FIG. 2 is a diagram showing a configuration of a card reader 400 corresponding to the wearable IC card 500. FIG. It is a figure which shows the structure of the card reader 400 corresponding to the non-contact-type IC card 500. FIG.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Communication network, 2 ... Server, 3 ... Database, 4 ... Network computer, 10 ... Touch panel apparatus, 11 ... IC card driver, 12 ... IC card, 13 ... Biometric information detection apparatus, 14 ... Television, 15 ... Scanner, 20 ... CPU, 22 ... ROM, 23 ... Video control circuit, 24 ... MODEM, 25 ... Driver control circuit, 26, 27 ... Serial port circuit, 28 ... Bus.

Claims (20)

A reversibly connectable storage medium in which at least user identification information and biometric information about the user are stored, and a database in which medical information useful for the user and stored in the storage medium can be read and written. An accessible computer,
The computer has at least a function of performing authentication based on biometric identification information through an attached storage medium and anonymizing and reading the biometric information, and anonymized biometric information is stored only during a period in which the storage medium is attached. A medical information processing system characterized by being associated with medical information in a database. The medical information processing system according to claim 1, wherein the computer has a function of transferring anonymized biometric information to the database, and prompts an update of medical information on the database. The medical information processing system according to claim 1, wherein the computer further includes an analysis processing unit, and analyzes the biological information of the user based on medical information in a database. The medical information processing system according to any one of claims 1 to 3, wherein the computer further includes a display device, and displays the biometric information of the user and the medical information in the database in a comparable manner. The computer has a function of transferring anonymized identification information for identifying anonymized biological information to the storage medium, and calls the biological information sent from the recording medium to the computer with the anonymized identification information The medical information processing system according to any one of claims 1 to 3. A reversibly connectable storage medium storing at least user identification information and biometric information about the user;
A computer having a storage unit capable of reading and writing the storage medium and storing information after reading and writing;
The computer has at least a function of performing authentication based on biometric identification information through an attached storage medium and anonymizing and reading the biometric information, and anonymized biometric information is stored only during a period in which the storage medium is attached. A medical information processing system that stores and reads out data from the storage unit. A first storage unit for storing user identification information;
A second storage unit for storing biological information about the user;
An information output unit for outputting the information stored in the first and second storage units to the outside;
An anonymization processing unit that anonymizes user identification information and generates anonymized identification information,
An anonymized biometric information obtained by integrating the biometric information with anonymized identification information is output to the outside. The medical information recording medium according to claim 7, further comprising a third storage unit that stores the anonymized biometric information, and transmitting information from the third storage unit to the information output unit. . The medical information recording medium according to claim 7, further comprising an authentication function for enabling transmission and reception of information stored in the medium. A first storage unit for storing user identification information;
A second storage unit for storing biometric information including personal biometric information that can identify the individual user;
An information output unit for outputting the information stored in the first and second storage units to the outside;
A concealment processing unit configured to conceal the personal biometric information in biometric information in an unspecified manner and generate concealed biometric information,
A medical information recording medium, wherein the concealed biological information is output to the outside. The medical information recording medium according to claim 10, further comprising a third storage unit that stores the concealed biometric information, and transmitting information from the third storage unit to the information output unit. . In a reading device for reading stored information of a reversibly connectable storage medium in which at least user identification information and biometric information about the user are stored,
When reading the user identification information, the anonymization processing unit for anonymizing the user identification information and generating anonymized identification information is provided,
A medical information reading apparatus that outputs information obtained by integrating the biological information with anonymized identification information as a reading result. The medical information reading apparatus according to claim 12, further comprising a storage unit that stores information in which the biological information is integrated with anonymized identification information, and transmitting and receiving the biological information through the storage unit. In a reading device that reads storage information of a reversibly connectable storage medium in which biometric information including at least user identification information and personal biometric information that can identify an individual user is stored.
When reading the user identification information, a concealment processing unit that generates concealed biometric information by concealing the personal biometric information in biometric information in an unspecified manner,
A medical information reading apparatus that outputs the concealed biometric information as a reading result. The medical information reading apparatus according to claim 14, further comprising a storage unit that stores the concealed biometric information, wherein the biometric information is transmitted and received through the storage unit. The medical information recording medium according to claim 10, further comprising an authentication function for enabling transmission and reception of information stored in the medium. 15. The medical information reading apparatus according to claim 12, further comprising an authentication function for enabling transmission / reception of information stored in a medium. The medical information processing system according to claim 4, wherein the computer has a network function capable of accessing an external database, reads user interface information from the database, and displays the user interface information on the display device. 19. The medical information includes history information related to biological information, and the treatment history information can be browsed from any network computer electrically connected to the storage medium. Medical information processing system. Data of various service organizations is stored in the database, and the server searches for various service organizations in the database using location information and access time information of the accessed network computer. The medical information processing system according to claim 18.

Images