JP2006202009A - Medical equipment and access control program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide medical equipment and an access control program for controlling access authority to each application or various functions according to the role information of an operator. <P>SOLUTION: The medical equipment 1 is provided with an operator role information storing part 10 for storing operator role information in which a role is associated with the identification information of an operator, an authority information storing part 6 for storing authority information in which accessible functions are described for each role, an operator role information acquiring part 11 for acquiring operator role information corresponding to the identification information of the operator who tries to log in, or who has logged in from the operator role information storing part 10, an authority information acquiring part 7 for acquiring authority information corresponding to the role included in the acquired operator role information from the authority information storing part 6, an authority deciding part 12 for deciding the accessible functions of the operator who tries to log in or who has logged in by referring to the acquired operator role information and authority information and a screen preparing part 13 for controlling accessible functions by controlling a screen to be displayed by a display device 3 based on the decision result. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a medical device and an access control program capable of controlling access to each application and various functions according to operator role (ROLE) information.

  Conventionally, security management of various types of information has been performed in various systems such as an operating system (OS). For example, an owner or a group to which the owner belongs is specified for a resource such as a file / directory or a device, and the specified owner or group is read (read), written (write), or executed (execute). ) And an OS that can be given authority such as deletion (see, for example, Non-Patent Document 1).

  There is also an OS provided with a security mechanism that specifies whether a user, group, service, or computer can execute a process or operation on a specific object such as a computer, file, printer, registry key, or directory service object. It's being used. Specifically, in this security mechanism, a user who can access an object and an access method are defined. Then, access is permitted according to the rules associated with the object. That is, the access permission is granted to the user by the owner of the object, or the grant of access permission is denied.

  In this OS, for example, a user account called an administrator is prepared. In addition, an administrator is defined as the person responsible for setting up and managing domain controllers or local computers, setting up and managing user and group accounts on those computers, assigning passwords and permissions, and user support for the network. Yes. The administrator belongs to the Administrators group and can completely control the domain or the computer.

Furthermore, security management is also performed in systems in the medical field. For example, a medical information management system that secures security between different department systems and supports the creation of a versatile security policy has been proposed (see, for example, Patent Document 1).
JP 2003-150705 A CHMOD, [online], www.linux.or.jp Management Group (Webmasters) Information on Linux in Japan, [Search January 6, 2005], Internet <URL: http://www.linux.or.jp/ JM / html / gnumaniak / man1 / chmod.1.html>

  Conventional security management technology is a method that grants the authority to read, write, delete, execute, etc. for a file, directory or device to a user or a group to which the user belongs, so an application that exists as an executable file By determining whether or not the application can be activated, it is possible to statically control the availability of the application.

  However, when performing access control in a medical image diagnostic apparatus such as an X-ray CT (Computed tomography) apparatus, it is difficult to perform sufficient management with the conventional security management technology. Software running on a medical diagnostic imaging apparatus is usually composed of a plurality of applications, and these applications must have the same security behavior. Furthermore, in the case of a medical image diagnostic apparatus, since various business support is provided in one application, not only the execution authority of the application itself but also the execution authority for more detailed functions can be controlled. Is important.

  In other words, although it is possible to give the authority on the OS necessary for executing the necessary business to the application itself, it is also possible to control the authority for various functions in the application according to the user. Required as a business. However, this business does not have entities such as files, printers, registry keys, and directory service objects that are subject to authority management in the above-described conventional OS, and the business content is restricted by a user account called an administrator (Administrator). It's not something you can do.

  In addition, security management in medical image diagnostic equipment depends on the operation of each medical institution. For example, operations such as limiting the reference function of past examinations or limiting the reference function of examinations other than the patient are assumed. For this reason, it is also important to realize authority control that can achieve the purpose flexibly according to the operation of each medical institution even in the same application. For that purpose, it is necessary to be able to change authority according to the operation of each medical institution.

  Such a situation applies not only to a medical image diagnostic apparatus but also to a medical system such as a hospital information system (HIS).

  The present invention has been made to cope with such a conventional situation, and provides a medical device and an access control program capable of controlling the access authority to each application and various functions according to the role information of the operator. The purpose is to do.

  In order to achieve the above-described object, the medical device according to the present invention has the role of the operator in the identification information of the operator in the medical device including the input device and the display device. An operator role information storage unit for storing the associated operator role information, an authority information storage unit for storing authority information describing functions of the medical device accessible for each of the operator roles, and the medical device An operator role information acquisition unit that acquires the operator role information corresponding to identification information of an operator who is logging in or logged in from the operator role information storage unit, and the operator role information acquisition unit An authority information acquisition unit that acquires the authority information corresponding to the role of the operator included in the operator role information acquired by the authority information storage unit, and the operator role information acquisition. By referring to the operator role information acquired by the unit and the authority information acquired by the authority information acquisition unit, the medical device that is about to log in or is accessible by the operator who is logged in The operation to be logged in or to be logged in by controlling the screen to be displayed on the display device based on the determination result of the function by the authority determination unit and the function determination unit by the authority determination unit And a screen creation unit for controlling functions of the medical device accessible by the person.

  In order to achieve the above-mentioned object, the access control program according to the present invention provides, as described in claim 8, a computer, operator role information in which the operator's role is associated with operator identification information. An operator role information storage unit that stores information, an authority information storage unit that stores authority information that describes functions of the medical device that can be accessed for each of the operator roles, or is logging in to the medical device The operator role information acquisition unit that acquires the operator role information corresponding to the identification information of the operating operator from the operator role information storage unit, and the operator role information acquired by the operator role information acquisition unit The authority information acquisition unit that acquires the authority information corresponding to the role of the operator included in the authority information storage unit, acquired by the operator role information acquisition unit By referring to the operator role information and the authority information acquired by the authority information acquisition unit, the function of the medical device that is about to be logged in or accessible by the operator who is logging in is determined. And the operator who is logging in or accessible by controlling the screen to be displayed on the display device based on the determination result of the function by the authority determining unit. It is made to function as a screen creation part which controls the function of the said medical device.

  In the medical device and the access control program according to the present invention, the access authority to each application and various functions can be controlled in accordance with the role (ROLE) information of the operator.

  Embodiments of a medical device and an access control program according to the present invention will be described with reference to the accompanying drawings.

  FIG. 1 is a configuration diagram showing an embodiment of a medical image diagnostic apparatus which is an example of a medical device according to the present invention.

  The medical image diagnostic apparatus 1 includes an input device 2, a display device 3, and an access control system 4. In the medical image diagnostic apparatus 1 shown in FIG. 1, only the minimum configuration of the access control system 4 is illustrated and data The illustration of the configuration for performing other processing such as collection, visualization of the collected data, and clinical application measurement and description of the operation will be omitted.

  The access control system 4 can be constructed by reading an access control program into a computer, but all or part of the access control system 4 may be configured by a circuit. The access control system 4 may be an independent system in addition to being mounted on the medical image diagnostic apparatus 1.

  The medical image diagnostic apparatus 1 can be an arbitrary apparatus such as an MRI (Magnetic Resonance Imaging) apparatus, an X-ray CT apparatus, an ultrasonic diagnostic apparatus, a PET (Positron emission computed tomography) apparatus, or an X-ray diagnostic apparatus. It does not matter whether it is single or plural. Further, as examples of medical devices, in addition to these medical image diagnostic apparatuses 1, medical devices such as HIS, radiology information management system (RIS), medical image storage and communication system (PACS), etc. System.

  The access control system 4 includes an authority information creation unit 5, an authority information storage unit 6, an authority information acquisition unit 7, an operator authentication unit 8, an operator role information creation unit 9, an operator role information storage unit 10, and an operator role information. It has the acquisition part 11, the authority determination part 12, and the screen creation part 13. Each component other than the authority information storage unit 6 and the operator role information storage unit 10 can be individually constructed as a subsystem by software, but can also be constructed as a single system. Further, the authority information storage unit 6 and the operator role information storage unit 10 may be separately configured using a recording medium such as a database, or may be physically configured as one recording medium. .

  The authority information creation unit 5 has a function of creating authority information in accordance with information from the input device 2 and a function of writing the created authority information in the authority information storage unit 6. Here, the authority information includes operator role information indicating the role (ROLL) and attributes (GROUP) of the operator (user), a function ID for identifying each function in the application that can be activated by the medical image diagnostic apparatus 1, and the like. The function identification information and the access authority for each function of the operator are associated with each other. For this reason, the authority information created by the authority information creating unit 5 is stored in the authority information storage unit 6.

  When receiving an authority information acquisition request from the authority determining unit 12, the authority information acquiring unit 7 reads the operator role information and appropriate authority information corresponding to the state of the medical image diagnostic apparatus 1 from the authority information storage unit 6. And a function of giving the acquired authority information to the authority determining unit 12.

  When receiving an operator authentication request from the authority determining unit 12, the operator authenticating unit 8 has a function of performing authentication and notifying the authority determining unit 12 of the authentication result.

  The operator role information creation unit 9 has a function of creating operator role information according to information from the input device 2 and a function of writing the created operator role information in the operator role information storage unit 10. Therefore, the operator role information storage unit 10 stores the operator role information created by the operator role information creation unit 9.

  The operator role information acquisition unit 11 responds to the operator identification information from the operator role information storage unit 10 when receiving an operator role information acquisition request with the operator identification information from the authority determination unit 12. A function to read and acquire the operator role information to be obtained, and a function to give the acquired operator role information to the authority determination unit 12.

  The authority determination unit 12 gives an acquisition request for authority information and operator role information to the authority information acquisition unit 7 and the operator role information acquisition unit 11 according to an instruction from the input device 2, respectively, while the authority information acquisition unit 7 and the operator role information acquisition unit 11 A function for determining whether or not the operator has authority to use each function of the application by receiving and referring to the authority information and the operator role information requested from the role information acquisition unit 11, respectively, and the determination result And a function to be given to the screen creation unit 13.

  At this time, the authority determination unit 12 detects the state of the medical image diagnostic apparatus 1 and performs an operation corresponding to the operator role information received from the operator role information acquisition unit 11 in the detected state. It is configured to request the authority information acquisition unit 7 to acquire authority information about various functions of the application that can be used or instructed by the user. Then, the authority determining unit 12 determines whether or not the operator has the authority to use the function identified by the function ID from the function ID and the operator role information included in the authority information received from the authority information acquiring unit 7. Judgment is made.

  Further, when receiving a login request from the input device 2 with information such as a user ID and a password, the authority determination unit 12 gives an authentication request to the operator authentication unit 8, while authenticating from the operator authentication unit 8. A function to receive the result is provided.

  The screen creation unit 13 refers to the determination result of the authority to use each function received by the operator from the authority determination unit 12, and changes the layout and display format of the screen displayed on the display device 3 based on the determination result. Thus, it has a function of setting the availability of the operation component on the screen of the display device 3. Therefore, the screen creation unit 13 has a function of creating an image signal for displaying a screen with an appropriate layout on the display device 3 and a function of giving the created image signal to the display device 3 for display.

  Next, the operation and action of the medical image diagnostic apparatus 1 will be described.

  FIG. 2 is a flowchart showing the flow when the operator's access control is performed by the medical image diagnostic apparatus 1 shown in FIG. 1, and the reference numerals with numerals in the figure indicate the steps of the flowchart.

  First, in step S <b> 1, when an operator operates the input device 2 of the medical image diagnostic apparatus 1 and makes a login request by inputting information such as a user ID and a password, the login request is given to the authority determination unit 12. Upon receiving a login request from the input device 2, the authority determination unit 12 gives an authentication request to the operator authentication unit 8.

  Next, in step S <b> 2, the operator authentication unit 8 authenticates the operator and notifies the authority determination unit 12 of the authentication result.

  Next, in step S3, when the authentication result is a result indicating that the authentication is successful, the authority determining unit 12 obtains an operator role information acquisition request including the operator identification information. Part 11 is given. For this reason, the operator role information acquisition unit 11 reads and acquires the operator role information corresponding to the identification information of the operator from the operator role information storage unit 10, and sends the acquired operator role information to the authority determination unit 12. give.

  FIG. 3 is a diagram illustrating an example of the operator role information stored in the operator role information storage unit 10 illustrated in FIG.

  As shown in FIG. 3, operator role information is obtained by associating the name and affiliation of the operator, which is an example of operator identification information, the medical team that is treating the patient, and the roles of the operators classified into categories. Is configured. The affiliation includes affiliations such as internal medicine, surgery, pediatrics, and ophthalmology, and the medical team includes identification information such as staff A, staff B, and staff C. For example, general users, advanced users, administrators, emergency operators, and service personnel are set as categories. When the user A logs in, it can be confirmed that the role of the user A is a general user belonging to the medical team of the internal medicine staff A.

  This operator role information can be created by the operator role information creating unit 9 by operating the input device 2, but if the operator role information is managed as having parameters as shown in FIG. The role of the operator can be easily changed according to each operation.

  FIG. 4 is a conceptual diagram showing an example of a change work of the operator role information shown in FIG.

  As shown in FIG. 4, when it is desired to add a new operator “user F” who belongs to the medical team staff D of the obstetrics and gynecology department and has general user authority, the user operates the input device 2 (user F, maternity). The operator role information creating unit 9 can create operator role information such as department, staff D, general user) and register it in the operator role information storage unit 10. If the operator “user D” category is to be an administrator, the operator role information (user D, ophthalmology, staff B, advanced user) is changed to (user D, ophthalmology, staff B, administrator). That's fine. Furthermore, when the operator role information about the operator “user B” is no longer needed, the operator role information (user B, surgery, staff B, general user) is deleted from the operator role information storage unit 10. do it.

  When the authentication of the operator and the acquisition of the operator role information are completed, the medical image diagnostic apparatus 1 is ready for inspection.

  When the medical image diagnostic apparatus 1 is an X-ray CT apparatus or an X-ray diagnostic apparatus, the examination is usually executed in the order of patient registration reservation → imaging → observation (image analysis → measurement) → file operation (report). The For this reason, the medical image diagnostic apparatus 1 makes a state transition so that the completion units of a part of the examination and the states of the workflow loop relatively simply along the examination procedure. In particular, when the medical image diagnostic apparatus 1 is an ultrasonic diagnostic apparatus, a user operation that can be interrupted and restarted even during image acquisition can occur.

  In general, the medical image diagnostic apparatus 1 can use a single application or a plurality of applications, and the state of the medical image diagnostic apparatus 1 changes as needed in each state of examination. The functions that can be dynamically used in each application change according to the state transition of the medical image diagnostic apparatus 1.

  Therefore, prior to access control, function identification information for identifying functions that can be used in each application is created in advance. Here, a case where the medical image diagnostic apparatus 1 is an X-ray CT apparatus will be described as an example.

  FIG. 5 is a diagram showing an example of function identification information for identifying various functions of the medical image diagnostic apparatus 1 shown in FIG.

  As shown in FIG. 5, the function identification information can be created by assigning a function number as a function ID to a function name. For example, FIG. 5 shows that the medical image diagnostic apparatus 1 has a “patient registration” function, and a function number FID00001 is assigned as identification ID information of the “patient registration” function.

  Such function identification information can be created as a component when the authority information creating unit 5 creates authority information. That is, by operating the input device 2, a function possessed by a single or a plurality of medical image diagnostic apparatuses 1 for which a security function is to be implemented can be created by combining a function name and a function number.

  If the function identification information is generated by associating various functions of the medical image diagnostic apparatus 1 with the function numbers and parameterizing the functions, the function identification information can be easily managed or updated separately. For this reason, even if the function of the application continuously increases, it can be easily handled.

  FIG. 6 is a conceptual diagram showing an example of the function identification information changing operation shown in FIG.

  As shown in FIG. 6, for example, when a “patient search” function is newly added to the medical image diagnostic apparatus 1, information is given to the authority information creation unit 5 by an operation of the input apparatus 2 and an instruction is given. The function number FID00011 may be assigned with the name “patient search”. Further, the granularity of the function that is a constituent unit of the function identification information may be freely adjusted. For example, to further subdivide and manage the function of the function name “image filming”, the function name “manual filming” and the function name “auto filming” are individually assigned with function numbers, respectively. Can manage functions.

  As described above, usable functions among the various functions of the application identified and managed by the function number change depending on the state of the medical image diagnostic apparatus 1 as described above.

  FIG. 7 is a diagram showing the relationship between various functions that can be used in each state of the medical image diagnostic apparatus 1 shown in FIG.

  In FIG. 7, circles indicate that various functions classified in the column direction can be used in the state of the medical image diagnostic apparatus 1 classified in the row direction. As shown in the example of the circle in FIG. 7, various functions that can be used in the medical image diagnostic apparatus 1 vary depending on the state of the medical image diagnostic apparatus 1.

  For example, when the medical image diagnostic apparatus 1 is in a patient registration reservation state, the functions of “patient registration”, “patient reservation”, “patient information reference”, and “apparatus state information” can be used. It can also be seen that the “patient registration” function can be used even when the medical image diagnostic apparatus 1 is in a file operation state.

  Since the state of the medical image diagnostic apparatus 1 can be changed in any state during the examination, the functions usable in the application also change following the change of the state of the medical image diagnostic apparatus 1. It becomes.

  Further, the authority information creation unit 5 associates each function identification information with the operator role information indicating the role and attribute of the operator and the access authority for each function of the operator prior to the access control. Created. The created authority information is written and saved in the authority information storage unit 6.

  FIG. 8 is a diagram showing an example of authority information stored in the authority information storage unit 6 shown in FIG.

  As shown in FIG. 8, operator role information is configured as table information by combining operator role information such as emergency operators and general users, function identification information such as FID00001 (patient registration), FID00002 (examination reservation), and access authority. can do.

  In FIG. 8, each of a circle mark, a triangle mark, and a cross mark represents an access authority. A circle indicates that, when an operator corresponds to each piece of operator role information classified in the row direction, access authority for various functions classified by the function identification information in the column direction is permitted. In addition, a triangle indicates that, when the operator corresponds to each operator role information classified in the row direction, a partial access right to various functions classified by the function identification information in the column direction is limitedly permitted. The cross mark indicates that the access authority for the functions classified by the function identification information in the column direction is not permitted when the operator corresponds to each operator role information classified in the row direction. .

  For example, when the operator is an emergency operator, access authority for using the imaging function is permitted, but access authority for using the patient registration function is limited, and access authority for using the account management function is permitted. It has not been shown. Further, it is shown that an advanced user is permitted to have an access right to use the shooting function, while a general user has a limited access right to use the shooting function.

  When such authority information is created and saved in the authority information storage unit 6, the operator's access control can be performed.

  Next, in step S4, the authority determination unit 12 detects the state of the medical image diagnostic apparatus 1 when the inspection state is reached, and obtains function information in the application that may be used in the detected state. refer. The function information in the application that can be used for each state is defined as shown in FIG. 7 and can be stored in the authority determination unit 12 in advance.

  The authority determination unit 12 then authority about various functions of the application that can be used or instructed by the operator corresponding to the operator role information received from the operator role information acquisition unit 11 in the current state of the medical image diagnostic apparatus 1. The authority information acquisition unit 7 is requested to acquire information.

  For this reason, the authority information acquisition unit 7 reads and acquires authority information corresponding to the request received from the authority determination unit 12 from the authority information storage unit 6, and gives the acquired authority information to the authority determination unit 12. As a result, the authority determining unit 12 can obtain authority information related to an operator having a role determined by the operator role information in the current state of the medical image diagnostic apparatus 1.

  Next, in step S <b> 5, the authority determination unit 12 determines whether or not the use authority for each function exists in the role of the logged-in operator based on the acquired operator role information and authority information. . That is, for each function of each application that can be used according to the examination state of the medical image diagnostic apparatus 1, the authority as to whether or not the currently logged-in operator (login user) is permitted to use these functions. Management is performed by the authority determination unit 12.

  FIG. 9 is a conceptual diagram illustrating an operator's authority management method for various functions by the authority determining unit 12 shown in FIG.

  As illustrated in FIG. 9, the authority determination unit 12 performs authority management by combining operator role information and function identification information included in the authority information. That is, operator role information that associates the current operator with the role of the operator is acquired as login user information by management of the logged-in operator (logged-in user). Further, in a business application group including a desktop application, user access authority to various functions prepared as menus and buttons in the display device 3 is managed by GUI (Graphical User Interface) technology. With this user authority management, functions for which access authority is permitted according to the role of the operator are managed.

  For this reason, for example, when the logged-in operator is the user A, the role of the user A is an advanced user, a general user, an emergency operator, an administrator, a serviceman, etc. by referring to the operator role information of the user A It is possible to determine which role among the roles. Furthermore, when the role of the user A is an advanced user, for example, whether access authority is permitted for functions such as the patient registration function and the examination reservation function by referring to the function identification information included in the authority information It can be determined whether or not.

  Next, in step S6, the determination result of the access authority with respect to the function is given to the screen creation unit 13, and the screen creation unit 13 displays based on the determination result of the access authority so that the function without the access authority cannot be used. A layout of a screen displayed on the device 3 is created. For example, a default layout is prepared, and the layout is changed according to the access authority determination result. Specifically, the screen creation unit 13 sets whether or not to use operation parts such as menus and buttons displayed on the screen of the display device 3 and display availability.

  The processes in steps S4, S5, and S6 are sequentially repeated for each function until the determination of the presence or absence of access authority for all functions is completed in step S7 and the creation of the screen layout is completed. .

  If it is determined in step S7 that the screen layout has been created, the screen creation unit 13 creates an image signal for displaying the screen in the set layout in step S8, and the created image signal is displayed. This is given to the display device 3 to be displayed. As a result, the display device 3 displays a screen that reflects the determination result of the access authority for each function.

  For example, when the examination state of the medical image diagnostic apparatus 1 transitions to another state in step S9, authority information about the application corresponding to the new state is acquired again in step S4, and similar access management is performed. Done.

  Next, an example of a specific access authority determination flow (scenario) in each examination state of the medical image diagnostic apparatus 1 will be described.

  FIG. 10 is a flowchart showing a flow of access authority determination for the patient information input function when the medical image diagnostic apparatus 1 shown in FIG. 1 is in the patient registration reservation state. FIG. 11 is a flowchart showing the medical image diagnostic apparatus 1 shown in FIG. FIG. 12 is a flowchart showing a flow of access authority determination for the patient information import function when in the patient registration reservation state. FIG. 12 is an access to the patient information display function when the medical image diagnostic apparatus 1 shown in FIG. 1 is in the patient registration reservation state. It is a flowchart which shows the flow of authority determination, and the code | symbol which attached | subjected the number to S in each figure shows each step of a flowchart.

  For example, when it is assumed that the “patient information input” function, the “patient information import” function, and the “patient information display” function can be used when the medical image diagnostic apparatus 1 transitions to the patient registration reservation state, It is determined whether or not the role of the logged-in operator has access authority for each function.

  That is, when a display request for the patient registration screen is input from the input device 2 in step S10 of FIG. 10, in step S11, the authority determining unit 12 displays the authority information about the access authority for the patient information input function. Request to 7 and get. Then, the authority determining unit 12 determines whether or not the access authority for the patient information input function is permitted from the authority information and the operator role information, and the screen creation unit uses the determination result as an access authority permission / non-permission flag. 13

  For example, when an operator having the role of a general user inputs a patient registration screen display request to the input device 2, it is determined whether or not the general user has access authority to the patient information input function. Similarly, whether or not the emergency operator or administrator has the authority to access the patient information input function even when an operator having the role of an emergency operator inputs a display request for the patient registration screen to the input device 2. Is determined.

  If the screen creation unit 13 determines in step S12 that access authority is permitted, the screen creation unit 13 creates a layout so that the patient registration screen is displayed in step S13, while the access authority is not permitted. If it is determined, a layout is created in step S14 so that the patient information input field on the patient registration screen is shaded so that it cannot be input or the input field is hidden. For example, a patient registration screen having a new layout can be created by changing the default layout of the patient registration screen.

  Similarly, when a patient registration screen display request is input from the input device 2 in steps S20 and S30 of FIGS. 11 and 12, in steps S21 and S31, the authority determination unit 12 performs the patient information import function, respectively. And the authority information about the access authority for the patient information display function is requested and acquired from the authority information acquiring unit 7. Then, the authority determination unit 12 determines whether or not the access authority for the patient information import function and the patient information display function is permitted from the authority information and the operator role information, and determines each access result for permission / inhibition of the access authority. Each is given to the screen creation unit 13 as a non-permission flag. At this time, for example, the presence / absence of access authority to the patient information display function is determined by examining whether or not the operator is the owner patient from the relationship between the data attribute of the patient information to be displayed and the operator role information. be able to.

  When the screen creation unit 13 determines in step S22 that the access right to the patient information import function is permitted, the screen creation unit 13 creates a layout so that the patient information import button is displayed in a usable manner in step S23. If it is determined that the access authority is not permitted, the layout is created so that the patient information import button is shaded in FIG.

  If the screen creation unit 13 determines in step S32 that the access right to the patient information display function is permitted, the screen creation unit 13 creates a layout so that the patient information is displayed in step S33, while the access right is permitted. If it is determined that the patient information is not displayed, a layout is created in step S34 so that the patient information is not displayed or the patient information cannot be selected from the list.

  13 is a diagram showing an example of a layout of a patient registration reservation screen created when the role of the operator in the medical image diagnostic apparatus 1 shown in FIG. 1 is an administrator, and FIG. 14 is a medical image diagnosis shown in FIG. FIG. 15 is a diagram showing an example of a layout of a patient registration reservation screen created when the role of the operator in the apparatus 1 is a general user. FIG. 15 shows the emergency operator in the medical image diagnostic apparatus 1 shown in FIG. It is a figure which shows an example of the layout of the patient registration reservation screen produced when it is.

  As shown in FIG. 13, when the role of the operator is an administrator, the patient registration reservation screen is not displayed because the access authority to the patient registration reservation function is not permitted, and the reservation registration screen is displayed. Each button including a reservation button for making a request is also shaded and controlled so that it cannot be selected. However, a management button and an end button for requesting display of the management screen can be selected.

  For this reason, when the role of the operator is an administrator, the patient reservation registration function cannot be used, and the presence of each detailed function and data at the time of patient reservation registration is hidden.

  Further, as shown in FIG. 14, when the role of the operator is a general user, access authority to the patient registration reservation function is permitted, and therefore, when the input button is selected, a predetermined position on the patient registration reservation screen is displayed. In addition, a patient information input field, patient information, and function buttons such as a registration button and an import button for executing detailed functions such as registration of the input patient information and import of the patient information from the server are displayed. However, the management buttons are shaded and controlled so that they cannot be selected.

  For this reason, when the role of the operator is a general user, the patient reservation registration function can be used while referring to the patient information.

  In addition, as shown in FIG. 15, when the role of the operator is an emergency operator, access authority to the patient registration reservation function is limitedly permitted. Therefore, when the input button is selected, the patient registration reservation screen is displayed. A patient information input field and patient information are displayed at predetermined positions. In addition, function buttons such as registration buttons and import buttons for executing detailed functions such as registration of patient information entered and importing of patient information from the server are displayed, but some function buttons are shaded. It is controlled so that it cannot be selected. The management buttons are also shaded and controlled so that they cannot be selected.

  For this reason, when the role of the operator is an emergency operator, functions such as import, update, and deletion of patient information cannot be used, but some functions such as registration of patient information can be used in a limited manner. . In addition, the presence of other functions can be confirmed while referring to patient information.

  As described above, as an example of restricting a part of the access authority, a screen for executing the corresponding function is displayed on the display device 3, but all or a part of the buttons on the screen are selected. There is a case where a restriction is made so that a specific processing instruction cannot be performed. Further, when the access authority is not permitted, it is possible to control the display device 3 so as not to display the screen for executing the corresponding function.

  FIG. 16 is a flowchart showing a flow of access authority determination for the imaging information reference function when the medical image diagnostic apparatus 1 shown in FIG. 1 is in the imaging state, and FIG. 17 is an imaging state of the medical image diagnostic apparatus 1 shown in FIG. 10 is a flowchart showing a flow of access authority determination for the reference function of the master file in the case of

  In the following, since the flow of access authority determination is the same as that in FIG. 10, the S code is omitted and the detailed description is also omitted.

  When the medical image diagnostic apparatus 1 is in an imaging state, for example, it is possible to determine access authority to an imaging information reference function for displaying past captured images and a master file reference function for setting an imaging plan. . When access authority to the shooting information reference function is permitted, a layout is created so that the past image reference button is displayed and a past shot image is displayed when selected. When the access authority for the reference function is not permitted, the layout is created so that the past image reference button is shaded or hidden.

  Similarly, if access authority to the reference function of the master file is permitted, a layout is created so that the shooting plan setting button is displayed and the shooting plan setting screen is displayed when selected. If the access authority for the reference function of the master file is not permitted, the layout is created so that the shooting plan setting button is shaded or hidden.

  18 is a diagram showing an example of a layout of a shooting screen created when the role of the operator in the medical image diagnostic apparatus 1 shown in FIG. 1 is a general user, and FIG. 19 is a diagram of the medical image diagnostic apparatus shown in FIG. FIG. 20 is a diagram showing an example of a layout of a shooting screen created when the role of the operator in FIG. 1 is an emergency operator, and FIG. 20 is a case where the role of the operator in the medical image diagnostic apparatus 1 shown in FIG. It is a figure which shows an example of the layout of the imaging | photography screen created at the same time.

  As shown in FIG. 18, when the role of the operator is a general user, the past image reference button can be selected to display a past captured image, but the shooting plan setting button is shaded and displayed. It is restricted so that settings such as deletion, addition, and change of the shooting plan that affect the shooting quality of the camera cannot be performed.

  Also, as shown in FIG. 19, when the role of the operator is an emergency operator, it is sufficient that only the current image can be displayed. Therefore, both the past image reference button and the shooting plan setting button are shaded and displayed. It is restricted so that not only the plan setting but also the past photographed image cannot be displayed.

  Further, as shown in FIG. 20, when the role of the operator is an advanced user, both the past image reference button and the shooting plan setting button can be selected, and the past image display and shooting plan setting are performed. Can do.

  21 is a flowchart showing a flow of access authority determination for the study display function when the medical image diagnostic apparatus 1 shown in FIG. 1 is in the observation state. FIG. 22 is a flowchart showing the medical image diagnostic apparatus 1 shown in FIG. FIG. 23 shows a flow of access authority determination for the study selection function when the medical image diagnostic apparatus 1 shown in FIG. 1 is in an observation state. It is a flowchart.

  As shown in FIG. 21, a request for displaying a study that makes a category on the observation screen is made, and it is determined whether or not there is an access authority for the study display. For example, the relationship between the operator role information and the owner of each data included in the study is compared, and display of data in the study is permitted if there is a predetermined relationship. The data in the study for which the access authority is permitted is displayed, while the data in the study for which the access authority is not permitted is not displayed.

  Also, as shown in FIGS. 22 and 23, when a study selection screen display request is made on the observation screen, it is determined whether or not there is an access authority for the selection function of the file utility and the selection function of the study. When the access right is permitted, the file utility is displayed and the study can be selected. When the access right is not permitted, the selection of the file utility and the study is invalidated.

  24 is a diagram showing an example of the layout of the observation screen created when the role of the operator in the medical image diagnostic apparatus 1 shown in FIG. 1 is a general user, and FIG. 25 is the medical image diagnostic apparatus shown in FIG. It is a figure which shows an example of the layout of the observation screen produced when the operator's role in 1 is an emergency operator.

  As shown in FIGS. 24 and 25, when the role of the operator is a general user, data can be displayed by selecting a study, and a past image reference button for referring to a past image, Import button can be used. On the other hand, when the role of the operator is an emergency operator, the study cannot be selected and the past image reference button and the import button cannot be used. Also, data that is not the owner group is hidden.

  FIG. 26 is a flowchart showing a flow of access authority determination for the image file deletion function when the medical image diagnostic apparatus 1 shown in FIG. 1 is in a file operation state, and FIG. 27 is a flowchart of the medical image diagnostic apparatus 1 shown in FIG. FIG. 28 is a flowchart showing the flow of access authority determination for the image file selection function in the file operation state. FIG. 28 shows the image file network transfer function in the case where the medical image diagnostic apparatus 1 shown in FIG. 1 is in the file operation state. FIG. 29 is a flowchart showing the flow of access authority determination for the image file media transfer function when the medical image diagnostic apparatus 1 shown in FIG. 1 is in the file operation state.

  As shown in FIGS. 26, 27, 28, and 29, when a file operation screen display request is made in the file operation state, an image file deletion function, an image file selection function, an image file network transfer function, When it is determined whether or not the access authority to the function such as the media transfer function of the image file is granted and the access authority to each function is permitted, each button for executing each function is displayed and can be selected. In the case of non-permission, each button is shaded or hidden.

  30 is a diagram showing an example of a layout of a file operation screen created when the role of the operator in the medical image diagnostic apparatus 1 shown in FIG. 1 is a general user, and FIG. 31 is a medical image diagnosis shown in FIG. It is a figure which shows an example of the layout of the file operation screen produced when the role of the operator in the apparatus is an emergency operator.

  As shown in FIG. 30 and FIG. 31, the general user can display, select, delete, network transfer and media transfer of the image file to be stored, whereas the emergency operator can select a part or all of the image file. Cannot be displayed or selected, and image file deletion, network transfer, and media transfer cannot be performed by the shaded display of buttons.

  FIG. 32 is a flowchart showing the flow of access authority determination for the display function of the account management screen when the medical image diagnostic apparatus 1 shown in FIG. 1 is in the account management state, and FIG. 33 is the medical image diagnostic apparatus 1 shown in FIG. 5 is a flowchart showing a flow of access authority determination for an audit log display function when is in an account management state.

  As shown in FIGS. 32 and 33, when a request for displaying an account management screen or a request for displaying an audit log is made in order to change to the account management state or in the account management state, an account management screen display function or audit is performed. It is determined whether or not access authority is determined for the log display function.

  If the access authority for the display function of the account management screen is permitted, the account management screen is displayed and the account management state is changed. On the other hand, if the access authority is not permitted, the account management screen is not displayed. Alternatively, the display request button on the account management screen is shaded and cannot be selected. In addition, when the access authority to the audit log display function is permitted, the event log can be displayed using the event log viewer. On the other hand, when the access authority is not permitted, the event log viewer Cannot be used, or the event log is not displayed when the event log viewer is started.

  FIG. 34 is a diagram showing an example of the layout of the account management screen created when the role of the operator in the medical image diagnostic apparatus 1 shown in FIG. 1 is an administrator.

  As shown in FIG. 34, an account is displayed on the account management screen based on information such as name, ID, physician in charge, etc., and functions such as account registration, update, and deletion can be used, and an event log viewer can be started. A layout is created so that the event log can be referenced.

  As described above, according to the role of the operator, in addition to controlling functions on a single screen, it is also possible to control whether or not to display a screen by state transition.

  FIG. 35 is a diagram illustrating an example in which each screen displayed in accordance with the state transition of the medical image diagnostic apparatus 1 illustrated in FIG. 1 is compared for each role of the operator.

  As shown in FIG. 35, the state in which the medical image diagnostic apparatus 1 can transition and the screen that can be displayed can be controlled according to the role of the operator. For example, an administrator can display a management screen, but a general user cannot display a management screen. In this way, if the access authority for the application function in each state is set according to the role of the operator, the screen to be displayed can be controlled.

  According to the medical image diagnostic apparatus 1 as described above, it is possible to perform access control for functions possessed by the medical image diagnostic apparatus 1 in more detail and dynamically. Specifically, the access authority to each function is controlled at a more detailed level according to the role of the operator even within one application, assuming the security authority provided by the OS. Can do. Then, it is possible to provide a natural operation screen in which functions that cannot be used in a single application can be known in advance. For example, it is possible to avoid a situation in which an error message indicating that the corresponding function cannot be used is displayed after the button for executing the function is pressed.

  In addition, since it is possible to describe what functions the application provides and what authority the operator has, even if the function of the application is expected to increase continuously, It is possible to cope with such changes.

  Note that the state of the apparatus and the role of the operator are not limited to the state and role described above. Further, some functions of the access control system 4 may be omitted. For example, only the routine of the screen that can be displayed by the access control may be controlled, or conversely, the availability of the function on the displayed screen may be controlled without controlling the screen that can be displayed. .

The block diagram which shows embodiment of the medical image diagnostic apparatus which is an example of the medical device which concerns on this invention. The flowchart which shows the flow at the time of performing access control of an operator by the medical image diagnostic apparatus shown in FIG. The figure which shows an example of the operator role information preserve | saved in the operator role information storage part 10 shown in FIG. The conceptual diagram which shows the example of the change operation | work of operator role information shown in FIG. The figure which shows an example of the function identification information for identifying the various functions of the medical image diagnostic apparatus shown in FIG. The conceptual diagram which shows the example of the change operation | work of the function identification information shown in FIG. The figure which shows the relationship of the various functions which can be used in each state of the medical image diagnostic apparatus shown in FIG. The figure which shows an example of the authority information preserve | saved at the authority information storage part 6 shown in FIG. The conceptual diagram explaining the operator's authority management method with respect to various functions by the authority determination part 12 shown in FIG. The flowchart which shows the flow of access authority determination with respect to a patient information input function in case the medical image diagnostic apparatus shown in FIG. 1 is a patient registration reservation state. The flowchart which shows the flow of access authority determination with respect to a patient information import function in case the medical image diagnostic apparatus shown in FIG. 1 is a patient registration reservation state. The flowchart which shows the flow of access authority determination with respect to a patient information display function in case the medical image diagnostic apparatus shown in FIG. 1 is a patient registration reservation state. The figure which shows an example of the layout of the patient registration reservation screen produced when the role of the operator in the medical image diagnostic apparatus shown in FIG. 1 is an administrator. The figure which shows an example of the layout of the patient registration reservation screen produced when the role of the operator in the medical image diagnostic apparatus shown in FIG. 1 is a general user. The figure which shows an example of the layout of the patient registration reservation screen produced when the role of the operator in the medical image diagnostic apparatus shown in FIG. 1 is an emergency operator. 6 is a flowchart showing a flow of access authority determination for the imaging information reference function when the medical image diagnostic apparatus shown in FIG. 1 is in an imaging state. 3 is a flowchart showing a flow of access authority determination for a master file reference function when the medical image diagnostic apparatus shown in FIG. 1 is in a photographing state. The figure which shows an example of the layout of the imaging | photography screen produced when the role of the operator in the medical image diagnostic apparatus shown in FIG. 1 is a general user. The figure which shows an example of the layout of the imaging | photography screen produced when the role of the operator in the medical image diagnostic apparatus shown in FIG. 1 is an emergency operator. The figure which shows an example of the layout of the imaging | photography screen produced when the role of the operator in the medical image diagnostic apparatus shown in FIG. The flowchart which shows the flow of access authority determination with respect to the study display function when the medical image diagnostic apparatus shown in FIG. 1 is in an observation state. The flowchart which shows the flow of access authority determination with respect to the selection function of a file utility in case the medical image diagnostic apparatus shown in FIG. 1 is in an observation state. The flowchart which shows the flow of access authority determination with respect to the selection function of study in case the medical image diagnostic apparatus shown in FIG. 1 is in an observation state. The figure which shows an example of the layout of the observation screen produced when the role of the operator in the medical image diagnostic apparatus shown in FIG. 1 is a general user. The figure which shows an example of the layout of the observation screen produced when the operator's role in the medical image diagnostic apparatus shown in FIG. 1 is an emergency operator. 7 is a flowchart showing a flow of access authority determination for an image file deletion function when the medical image diagnostic apparatus shown in FIG. 1 is in a file operation state. The flowchart which shows the flow of access authority determination with respect to the selection function of an image file in case the medical image diagnostic apparatus shown in FIG. 1 is a file operation state. 2 is a flowchart showing a flow of access authority determination for the network transfer function of an image file when the medical image diagnostic apparatus shown in FIG. 1 is in a file operation state. 2 is a flowchart showing a flow of access authority determination for a media transfer function of an image file when the medical image diagnostic apparatus shown in FIG. 1 is in a file operation state. The figure which shows an example of the layout of the file operation screen produced when the role of the operator in the medical image diagnostic apparatus shown in FIG. 1 is a general user. The figure which shows an example of the layout of the file operation screen produced when the role of the operator in the medical image diagnostic apparatus shown in FIG. 1 is an emergency operator. 6 is a flowchart showing a flow of access authority determination for an account management screen display function when the medical image diagnostic apparatus shown in FIG. 1 is in an account management state. The flowchart which shows the flow of access authority determination with respect to the display function of an audit log in case the medical image diagnostic apparatus shown in FIG. 1 is an account management state. The figure which shows an example of the layout of the account management screen produced when the operator's role in the medical image diagnostic apparatus shown in FIG. 1 is an administrator. The figure which shows the example which compared each screen displayed with the state transition of the medical image diagnostic apparatus shown in FIG. 1 according to the role of an operator.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Medical diagnostic imaging apparatus 2 Input device 3 Display apparatus 4 Access control system 5 Authority information creation part 6 Authority information storage part 7 Authority information acquisition part 8 Operator authentication part 9 Operator role information creation part 10 Operator role information storage part 11 Operator role information acquisition unit 12 Authority determination unit 13 Screen creation unit

Claims (8)

In a medical device equipped with an input device and a display device,
An operator role information storage unit for storing operator role information in which the role of the operator is associated with the identification information of the operator;
An authority information storage unit for storing authority information describing functions of the medical device accessible for each role of the operator;
An operator role information acquisition unit that acquires the operator role information corresponding to the identification information of an operator who is about to log in or logs in to the medical device, from the operator role information storage unit,
An authority information acquisition unit that acquires the authority information corresponding to the role of the operator included in the operator role information acquired by the operator role information acquisition unit from the authority information storage unit;
The operator who is logging in or is logged in by referring to the operator role information acquired by the operator role information acquisition unit and the authority information acquired by the authority information acquisition unit An authority determination unit that determines the function of the accessible medical device;
The function of the medical device that is going to be logged in or accessible by the logged-in operator by controlling the screen displayed on the display device based on the determination result of the function by the authority determining unit. A screen creation unit to be controlled;
A medical device characterized by comprising: The medical device according to claim 1, wherein the screen creation unit is configured to control a function of the accessible medical device by determining a layout of a screen to be displayed on the display device. 2. The medical device according to claim 1, wherein the screen creation unit is configured to control a function of the accessible medical device by determining a screen to be displayed on the display device and a screen to be not displayed. machine. The medical device according to claim 1, wherein the function of the medical device is defined by associating a function number with a function name. The screen creation unit does not display on the screen of the display device an operation component for accessing the function of the medical device that is about to log in or is not accessible to the logged-in operator. The medical device according to claim 1, wherein the medical device is configured to be controlled so as not to be selected by an operation of the input device although displayed on the screen. The medical device according to claim 1, wherein the function of the medical device changes according to a state of the medical device. The medical device according to claim 1, wherein the function of the medical device includes a function in an application. Computer
An operator role information storage unit for storing operator role information in which the role of the operator is associated with the identification information of the operator;
An authority information storage unit for storing authority information describing functions of the medical device accessible for each role of the operator;
An operator role information acquisition unit that acquires the operator role information corresponding to the identification information of the operator who is about to log in or is logged in to the medical device, from the operator role information storage unit,
An authority information acquisition unit that acquires the authority information corresponding to the role of the operator included in the operator role information acquired by the operator role information acquisition unit from the authority information storage unit;
The operator who is logging in or is logged in by referring to the operator role information acquired by the operator role information acquisition unit and the authority information acquired by the authority information acquisition unit An authority determination unit that determines the function of the accessible medical device; and
The function of the medical device that is going to be logged in or accessible by the logged-in operator by controlling the screen displayed on the display device based on the determination result of the function by the authority determining unit. Screen creation part to control,
An access control program characterized by functioning as

Images