JP2006301676A - Medical device, operator management system and operator management method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a medical device, an operator management system and an operator management method, capable of managing the using state of each operator when a plurality of operators use apparatuses while appropriately protecting personal information. <P>SOLUTION: The medical device 1 comprises a log-in part 7 acquiring identification information of the plurality of operators and executing log-in of the plurality of operators; a log-out part 8 acquiring log-out instructions and executing the log-out of the plurality of operators; a user management part 14 managing, based on log-in information acquired from the log-in part 7 and log-out information acquired from the log-out part 7, a list of operators who are currently using the apparatuses as using user list information, and an auditing log recording part 17 recording, when the plurality of operators use the apparatuses in parallel based on the using user list information acquired from the user management part 14, and auditing log information showing the parallel use of the apparatuses by the plurality of operators. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a medical device, an operator management system, and an operator management method capable of managing the security of stored personal information, and in particular, to an audit log that a plurality of operators have accessed personal information. The present invention relates to a medical device capable of recording, an operator management system, and an operator management method.

  Conventionally, an ultrasonic diagnostic apparatus, an X-ray CT (computed tomography) apparatus, an image diagnostic apparatus such as an MRI (magnetic resonance imaging), a HIS (hospital information system simulating system), and an RIS (radiologic information system CMS). In the medical information system such as the above, operator authentication is performed in order to protect the stored personal information, and the fact that the operator has accessed the personal information is recorded as an audit log.

  The audit log records detailed information such as a setting change for a medical apparatus such as an image diagnostic apparatus or a medical information system, access to personal information such as patient information, or information related to a login / logoff operation.

  Then, the security administrator who manages the security of the personal information stored in the medical device or the medical information system audits the presence / absence of unauthorized access to the personal information using the audit log.

In general, an audit log is simply time-series information and is a huge amount of information. Therefore, it is difficult to check all audit logs. Therefore, log analysis software is used as one of means for analyzing the audit log. Recent log analysis software includes, for example, those referred to in Non-Patent Document 1 and Non-Patent Document 2.
BOM (registered trademark) for Windows (registered trademark), [online], Say Technologies Co., Ltd. (SAY Technologies) product information, [December 10, 2004 search], Internet <URL: http: //www.say -tech.co.jp/product/01.html> Surveillance solution, Windows (registered trademark) server, [online], Say Technologies, Inc., [Searched on December 10, 2004], Internet <URL: http://www.say-tech.co .jp / sol / 01.html>

  However, operator authentication in conventional medical devices and medical information systems is performed for a single operator, and the audit log also records information related to access and login / logoff operations by a single operator in time series. It is a thing. On the other hand, in a medical device or a medical information system, a plurality of operators may actually use the same device at the same time. For this reason, in the conventional access management method, it is difficult to record an appropriate audit log when a plurality of operators use it simultaneously.

  For example, the operation terminal of the X-ray diagnostic apparatus is installed in each of two rooms, an examination room and an operation room. A doctor enters the examination room and an engineer enters the operation room, and the doctor and the engineer operate the operation terminals in the examination room and the operation room, respectively.

  However, since the conventional access management technology authenticates only one operator, it cannot authenticate a plurality of operators. In addition, there is a problem that a record remains in the audit log as if one operator was using the device.

  The present invention has been made in order to cope with such a conventional situation, and when a plurality of operators use the apparatus, it is possible to manage the usage status of each operator and appropriately protect personal information. It is an object to provide a medical device, an operator management system, and an operator management method.

  In order to achieve the above object, a medical device according to the present invention includes a login unit that acquires identification information of a plurality of operators and executes login of the plurality of operators, as described in claim 1. A logout unit that obtains a logout instruction and logs out the plurality of operators, and an operator who uses the apparatus based on the login information acquired from the login unit and the logout information acquired from the logout unit A user management unit that manages the user list as usage user list information, and the plurality of operators when the plurality of operators use the apparatus in parallel based on the usage user list information acquired from the user management unit. And an audit log recording unit for recording audit log information indicating that the apparatus has been used in parallel.

  In order to achieve the above-mentioned object, the medical information system according to the present invention acquires identification information of a plurality of operators of a medical device to obtain the identification information of the plurality of operators. A log-in unit that executes log-in to the medical device; a log-out unit that acquires log-out instructions from the medical device and performs log-out of the plurality of operators to the medical device; the log-in information acquired from the log-in unit; Based on the logout information acquired from the logout unit, based on the user management unit that manages the list of operators using the medical device as the user list information, and the user list information acquired from the user management unit When the plurality of operators use the medical device in parallel, the plurality of operators use the medical device in parallel It is characterized in that it has a audit log recording unit that records the audit log information.

  In order to achieve the above-mentioned object, the operator management method according to the present invention acquires identification information of a plurality of operators and logs in the plurality of operators as described in claim 23. A step of performing logout of the plurality of operators by acquiring a logout instruction, logout information indicating that the login has been executed, and logout information indicating that the logout has been executed, Managing a list of operators as use user list information; and when the plurality of operators use medical devices in parallel based on the use user list information, the plurality of operators in parallel Recording audit log information indicating that the medical device has been used.

  In the medical device, the operator management system, and the operator management method according to the present invention, when a plurality of operators use the device, the usage status of each operator can be managed and personal information can be appropriately protected. .

  Embodiments of a medical device, an operator management system, and an operator management method according to the present invention will be described with reference to the accompanying drawings.

  FIG. 1 is a block diagram showing an embodiment of a medical device according to the present invention.

  The medical apparatus 1 can be an ultrasonic diagnostic apparatus, an X-ray CT apparatus, an image diagnostic apparatus such as MRI, or a medical information system such as HIS, RIS, and PACS. The medical device 1 includes an arbitrary number, for example, two operation terminals 4 including an input device 2 and a display device 3, and includes an application execution unit 5 for executing various applications.

  Furthermore, an operator management system 6 is built in the medical device 1. However, the operator management system 6 may be a system independent of the medical device 1 and may be connected to any medical device 1.

  The application execution unit 5 uses the function of executing the application while identifying the operator according to the information from the input device 2 or the operator management system 6 and the information regarding the logged-in operator acquired from the operator management system 6. Then, operation information of an application to be recorded as an audit log is created, and the created operation information is given to the operator management system 6 to request recording as an audit log. The operation information of the application to be recorded as the audit log includes information regarding the operation status of the application such as the usage status such as activation and termination of the application, the operator who is using it, and personal information being displayed.

  Although the application execution unit 5 is provided for each application, only one application execution unit 5 is displayed in FIG. 1 and illustration of the other application execution units 5 is omitted.

  Further, the operator management system 6 can be constructed by causing a computer to read an audit log recording program. However, all or part of the operator management system 6 may be configured by a circuit. The operator management system 6 includes a login unit 7, a logout unit 8, a lock screen unit 9, an unlock screen unit 10, a user registration / deletion unit 11, a group user addition / deletion unit 12, a group creation / deletion unit 13, and a user management Unit 14, authentication unit 15, authentication result display unit 16, audit log recording unit 17, audit log output unit 18, user history search / acquisition unit 19, and examination order acquisition unit 20.

  The login unit 7 receives the login information from the input device 2 and requests the authentication unit 15 for authentication. On the other hand, if the login unit 7 receives the authentication result from the authentication unit 15 and the authentication is successful, the login unit 7 stores the login information. 14 is provided. That is, the login unit 7 has a function of executing login in accordance with login information from the input device 2.

  As login information, user information such as a user ID as operator identification information and a password as authentication information can be used. In addition, instead of inputting information such as a user ID from the input device 2 by key input, the login information is input from the input device 2 as login information recorded on a smart card or an magnetic card as an example of an IC (Integrated Circuit) card. Alternatively, login information may be input to the input device 2 using a barcode. Furthermore, biometric information such as fingerprints, irises, retinas, voiceprints, and capillary patterns may be used as login information instead of or in addition to passwords.

  Here, login means an action of inputting user information regardless of whether an application or system is active or inactive.

  The logout unit 8 has a function of notifying the user management unit 14 of logout information when receiving a logout instruction from the input device 2. In other words, the logout unit 8 has a function of executing logout of the operator, but is configured to be able to logout by switching all or some of the plurality of operators.

  The lock screen unit 9 locks the screen of the display device 3 when a certain condition is satisfied, such as when a lock screen instruction is received from the input device 2 or when the input device 2 has not been operated for a certain period of time. It has a function to lock.

  When the unlock screen unit 10 receives an unlock screen instruction for releasing the screen lock from the input device 2, the unlock screen unit 10 gives user information included in the unlock screen instruction to the authentication unit 15 to request authentication, while the authentication unit 15 If the authentication result is received successfully from the authentication, the screen lock is released.

  The user registration / deletion unit 11 receives user information as identification information of an operator who uses the medical device 1 from the input device 2, gives the user information to the user management unit 14, and stores the user information. 2 has a function of updating or deleting the user registration by updating or deleting the user information stored in the user management unit 14 in accordance with the instruction from 2. The user information can be configured by a combination of a user ID and a password, for example.

  The authentication unit 15 refers to the user registration information stored in the user management unit 14 and operates based on the user information included in the login information received from the login unit 7 and the user information received from the unlock screen unit 10. And a function for notifying the log-in unit 7, the unlock screen unit 10 and the authentication result display unit 16 of the authentication result.

  The authentication result display unit 16 has a function of giving the operator authentication result received from the authentication unit 15 to the display device 3 for display.

  The group creation / deletion unit 13 has a function of executing group registration according to group information from the input device 2. In other words, the group creation / deletion unit 13 receives group information, which is identification information of a group to which a plurality of operators using the medical device 1 can belong, from the input device 2 and gives it to the user management unit 14. A function for executing creation and registration of a group, and a function for deleting a group by giving an instruction from the input device 2 to the user management unit 14. The group information can be configured by a combination of a user group ID and a password, for example.

  The group user addition / deletion unit 12 has a function of adding or deleting operators belonging to a group according to information from the input device 2. That is, the group user addition / deletion unit 12 has a function of executing group user registration by receiving a group user registration instruction from the input device 2 and giving it to the user management unit 14. Group user registration information can be created by associating identification information of operators belonging to a group with the group.

  The user management unit 14 stores the user information received from the user registration / deletion unit 11 and manages it as user registration information, the login information received from the login unit 7, and the logout information received from the logout unit 8. In addition, it has a function of managing information about an operator who is currently using the medical apparatus 1 as user list information to be used.

  Further, the user management unit 14 registers a group according to the group information received from the group creation / deletion unit 13, a function for managing the registered group as group registration information, and the group received from the group user addition / deletion unit 12 It has a function of registering operators belonging to a group in accordance with a user registration instruction and managing it as group user registration information and a function of managing an update history of group user registration information.

  The audit log recording unit 17 acquires information to be recorded as an audit log from the login unit 7, logout unit 8, lock screen unit 9, unlock screen unit 10, user management unit 14, and application execution unit 5, and the acquired information The audit log information is created and recorded based on the above. The audit log recording unit 17 can specify an operator and record it as audit log information when, for example, there is a login, logout, lock screen, unlock screen, personal information access or device setting change. Configured as follows.

  The audit log output unit 18 acquires the audit log information included in the designated browsing range from the audit log recording unit 17 in accordance with the browsing request for the audit log information from the input device 2, and displays the acquired audit log information on the display device 3. It has the function to display by giving to.

  The user history search / acquisition unit 19 searches for registration / deletion history information of operators, groups, and group users managed by the user management unit 14 in accordance with a browsing request from the input device 2, and retrieves and acquires the desired information. The history information is given to the display device 3 for display.

  When the medical device 1 is an image diagnostic device connected to a network, the test order acquisition unit 20 acquires a test order received by the medical device 1 via the network, and the medical order included in the acquired test order. It has a function of extracting the user ID and password of an operator (such as a doctor or engineer) of the apparatus 1 and giving it to the login unit 7.

  That is, in an image diagnostic apparatus connected to a network, an examination order is transmitted as an examination instruction from a medical information system (not shown) to the image diagnostic apparatus via the network. In the case of DICOM (Digital Imaging and Communications in Medicine) communication, which is a typical communication standard for medical image data, prior to the collection of image data, MWM (Modality Worklist Management Service Class) data indicating an examination order is medical information. Sent from the system to the diagnostic imaging apparatus.

  Since the examination order including the MWM data includes the user ID and password of a doctor, a technician, etc., it can be used when an operator such as a doctor, a technician, etc. logs in to the medical apparatus 1. Therefore, the inspection order acquisition unit 20 acquires the user ID and password included in the inspection order, and logs in the acquired user ID and password so that login can be executed through authentication without manual operation of the input device 2. It is comprised so that it can give to the part 7.

  Next, the operation of the medical device 1 will be described.

  The medical device 1 shown in FIG. 1 can perform access management using a group user and access management not using a group user. First, the operation of the medical device 1 when a group user is not used will be described. Here, an example will be described in which two operators, a doctor and an engineer, and an administrator operate the medical device 1 via the respective operation terminals 4.

  FIG. 2 is a sequence diagram showing a flow when a plurality of operators execute login, lock screen, unlock screen, and logout without using a group user in the medical apparatus 1 shown in FIG.

  First, user registration is executed, and user registration information is managed by the user management unit 14. Therefore, in S <b> 1, the administrator operates the input device 2 of the operation terminal 4 and gives a user ID and password as user information to the user registration / deletion unit 11. Next, in S <b> 2, the user registration / deletion unit 11 gives user information to the user management unit 14. Then, in S3, the user management unit 14 adds the user information newly received from the user registration / deletion unit 11 to the user registration information created in response to user information from the user registration / deletion unit 11 in the past. Update user registration information.

  FIG. 3 is a diagram showing an example of user registration information stored in the user management unit 14 of the medical apparatus 1 shown in FIG.

  As shown in FIG. 3, the user ID and the password are associated with each other and stored in the user management unit 14 as user registration information. Moreover, the registration date and time and peripheral date and time of user information are recorded as needed.

  When user information is registered and managed as user registration information in this way, each operator can log in or unlock the medical apparatus 1 using the user information.

  Therefore, in S <b> 4 of FIG. 2, the engineer who is an operator gives login information to the login unit 7 from the input device 2 of the operation terminal 4. Information that is input from the input device 2 as login information when there is no operator who is currently logged in is (1) the user ID of all the operators who use the medical device 1, and (2) the operator who uses the medical device 1. All the user IDs and all the passwords, and (3) the user ID of all the operators who use the medical apparatus 1 and the password of one (representative) password among the operators can be selected.

  Then, in S5, the login unit 7 gives the login information received from the input device 2 to the authentication unit 15 and requests authentication. In S <b> 6, the authentication unit 15 makes a user registration information reference request to the user management unit 14, and the user registration information is given to the authentication unit 15 from the user management unit 14 in S <b> 7.

  The authentication unit 15 determines whether or not the user ID and password included in the login information are a correct combination based on the user registration information. That is, the password input from the input device 2 via the login unit 7 is compared with the password managed as user registration information in the user management unit 14 to determine whether or not they match. In S <b> 8, the authentication result is given from the authentication unit 15 to the login unit 7.

  The authentication result is also given from the authentication unit 15 to the authentication result display unit 16. And the authentication result display part 16 gives an operator's authentication result to the display apparatus 3, and displays it. For this reason, the operator can confirm the authentication result. Hereinafter, when the authentication result is obtained, the authentication result is similarly displayed on the display device 3 via the authentication result display unit 16, but the description thereof is omitted.

  Next, when it is determined from the authentication result that the authentication is successful, the login unit 7 provides the login information to the user management unit 14 in S9. In S <b> 10, based on the login information received from the login unit 7, the user management unit 14 manages information about the operator who is currently using the medical device 1 as use user list information.

  FIG. 4 is a diagram illustrating an example of user user list information managed by the user management unit 14 in accordance with information input from the input device 2 of the medical device 1 illustrated in FIG.

  In the user management unit 14, user list information is managed. Before the operator logs in to the medical device 1, as shown in S <b> 40 of FIG. 4, the user (user) currently using the medical device 1 has the use user list information indicating “none”. It is stored in the user management unit 14. In S41, for example, when the passwords of representatives whose user IDs are taro and hana and the user ID is taro are given to the user management unit 14 as login information of all operators, for example, The management unit 14 refers to the login information and determines that the operators currently using the medical device 1 are taro and hana. Therefore, as shown in S <b> 42, use user list information indicating that the user currently using the medical device 1 is “taro, hana” is stored in the user management unit 14.

  Further, another operator can be added after the operator logs into the medical apparatus 1. For example, when a doctor joins as a new operator, the doctor inputs login information from the input device 2 of the operation terminal 4 to the login unit 7 as shown in S11 of FIG. Then, in S12, the login unit 7 gives the login information received from the input device 2 to the user management unit 14 as additional information. For this reason, in S13, the user management unit 14 manages the operator who is currently using the medical device 1 by updating the user list information based on the additional login information received from the login unit 7. .

  The login information to be input when adding an operator while another operator is already logged in includes (1) the user IDs of all the operators to be added, and (2) the user IDs of all the operators to be added. Password, (3) the user ID of all the operators to be added and the password of one of the added operators (representative), (4) the user ID of all the operators to be added and the password of the operator who has already logged in Any one of the four combinations of information.

  Among these, in the case of (2) which requires the input of the passwords of all operators to be added, all the operators to be added perform a procedure for logging in to the medical device 1, and in addition to the user ID, the representative's In the case of (3) where only the password needs to be input, a procedure for the representative to log in to the medical device 1 is performed. Further, in the case of (4) where it is necessary to input the password of the operator who has already logged in, a procedure for logging in the medical apparatus 1 by the operator who has already logged in is performed.

  For example, as shown in S43 of FIG. 4, it is possible to input the user ID of the operator who adds the user IDs of the two operators together with the ID and password of the operator who has already logged in. Then, as shown in S44, the user list information indicating that the number of users who are currently using the medical device 1 is “jiro, sakura” in addition to the two users “taro, hana” is the user. Stored in the management unit 14.

  When the operator temporarily leaves the medical device 1, the operator can manually lock the screen of the medical device 1. Even when the medical device 1 is not operated for a certain period, the screen of the medical device 1 is automatically locked.

  When the screen is manually locked, a lock screen instruction is given to the screen lock unit from the input device 2 as shown in S14 of FIG. Then, in S15, the screen lock unit locks the screen of the medical device 1. Furthermore, when the operator resumes the use of the medical device 1, the screen lock can be released.

  When unlocking the screen, an unlock screen instruction is given from the input device 2 to the unlock screen unit 10 in S16. The unlock screen instruction includes (1) the user ID of all operators, (2) the user ID of one of the operators (representative), (3) the user ID of all the operators and the passwords of all the operators, (4 ) User ID of all operators and the password of one of the operators (representative), (5) User information of one of the operators (representative), and any one of the five information of the password It can be set as required.

  For example, when the representative user ID and password are used as an unlock screen instruction, the password associated with the representative user IDs “taro” and “taro” is given from the input device 2 to the unlock screen unit 10. .

  Then, in S <b> 17, the unlock screen unit 10 issues an authentication request to the authentication unit 15 using the user information included in the unlock screen instruction. In S18, a request for user registration information is given from the authentication unit 15 to the user management unit 14, and in S19, user registration information is given from the user management unit 14 to the authentication unit 15, and the authentication unit 15 performs authentication.

  Next, in S20, the authentication result is given from the authentication unit 15 to the unlock screen unit 10. If the authentication is successful in S21, the unlock screen unit 10 releases the screen lock.

  On the other hand, when the screen of the medical device 1 is manually locked and the use of the medical device 1 by some operators is terminated, the operator can be logged out at the same time. In this case, in S22 of FIG. 2, a lock screen instruction is given from the input device 2 to the screen lock unit, and a logout instruction for logging out the operator who has been used in S23 is given from the input device 2 to the logout unit 8, respectively. It is done. For this reason, in S24, the screen lock unit locks the screen.

  On the other hand, in S 25, logout information is given from the logout unit 8 to the user management unit 14. In S <b> 26, the user management unit 14 deletes the operator who logs out according to the logout information from the currently used operator, and updates the user list information.

  For example, as shown in S45 of FIG. 4, out of four operators identified by four user IDs of taro, hana, jiro, and sakura, logout specifying jiro and sakura as operators who log out when the screen is locked. An instruction is given from the input device 2 to the logout unit 8.

  Then, as shown in S <b> 46 when the screen is locked, user user list information indicating that two users currently using the medical device 1 are “taro, hana” is stored in the user management unit 14.

  Also, an operator can be added when releasing the screen lock. In this case, an unlock screen instruction with user information is given from the input device 2 to the unlock screen unit 10 in S27 of FIG. 2, and the login information of the operator to be added is sent from the input device 2 to the login unit 7 in S28. Given each.

  Then, in S29, an authentication request is given from the unlock screen unit 10 to the authentication unit 15, and authentication is performed based on the user registration information acquired by the authentication unit 15 from the user management unit 14 in S30 and S31. In S32, the authentication result is notified from the authentication unit 15 to the unlock screen unit 10, and if the authentication is successful, the unlock screen unit 10 releases the screen lock in S33.

  On the other hand, login information is given from the login unit 7 to the user management unit 14 in S34, and in S35, the user management unit 14 updates the user list information to make the newly logged-in operator the currently used operator. to add.

  For example, as shown in S47 of FIG. 4, the user ID of the representative of the currently logged-in operator, taro, the password, and the user ID of the operator who logs in along with unlocking the screen, jiro and sakura, are unlocked. In addition to this, it is possible to input from the input device 2. Then, the operator who has the user ID of jiro and sakura logs in together with unlocking the screen, and the user who is currently using the medical device 1 as shown in S48 adds “taro, hana” in addition to “jiro, hana”. , Sakura ”is stored in the user management unit 14.

  When all the operators have been used in this manner, all the operators can be logged out. When logout of all operators is executed, a logout instruction to execute logout of all operators is given from the input device 2 to the logout unit 8 in S36 of FIG. A logout instruction to execute logout for all operators is as follows: (1) By inputting from the input device 2 information indicating that all users have terminated use and have logged out without entering user information such as a user ID. Alternatively, (2) it can be performed by inputting user information such as the user IDs of all the operators who have finished using and logged out.

  Then, in S37, logout information indicating that all the operators are logged out is provided from the logout unit 8 to the user management unit 14, and in S38, the user management unit 14 updates the use user list information. As a result, user list information indicating that there is no operator is stored in the user management unit 14.

  For example, when a logout instruction for logging out an operator having all user IDs is given from the input device 2 to the logout unit 8 as shown in S49 of FIG. 4, logout information is given to the user management unit 14. Then, based on the logout information received from the logout unit 8, the user management unit 14 deletes the user IDs of all operators from the user list information currently using the medical device 1. As a result, the user list information in which the currently used operator (user) is “none” as shown in S50 is stored in the user management unit 14.

  That is, the access management performed without using the group user as described above is such that when a plurality of operators use the medical device 1, the user management unit can grasp each operator operating at each time. 14 is managed as user list information.

  Next, the operation of the medical device 1 when using a group user will be described.

  FIG. 5 is a sequence diagram showing a flow when a plurality of operators execute login, lock screen, unlock screen, and logout using the group user in the medical apparatus 1 shown in FIG.

  First, in S60, S61, and S62, user registration is performed similarly to S1, S2, and S3 of FIG.

  Next, group registration is executed, and group registration information is managed by the user management unit 14. For this purpose, in S63, the administrator or an authorized operator operates the input device 2 of the operation terminal 4, and gives the user group ID and password, which are user group identification information, to the group creation / deletion unit 13 as group information. . Then, in S <b> 64, the group creation / deletion unit 13 provides group information to the user management unit 14. In S65, the user management unit 14 adds the group information newly received from the group creation / deletion unit 13 to the group registration information created in the past by receiving the group information from the group creation / deletion unit 13. The group registration information is updated.

  FIG. 6 is a diagram illustrating an example of user registration information and group registration information stored in the user management unit 14 of the medical apparatus 1 illustrated in FIG.

  As shown in FIG. 6, group registration information is also handled in the same way as user registration information, and is managed by a combination of a user group ID and a password. In FIG. 6, groups are managed with user group IDs of mon-group, two-group, and wet-group. Also, registration date and peripheral date are recorded as necessary.

  Once the group is registered, group user registration is then performed. Then, identification information of operators belonging to the registered group is associated with the group and managed as group user registration information by the user management unit 14.

  Therefore, in S66 of FIG. 5, the administrator or an authorized operator operates the input device 2 of the operation terminal 4, and uses the user ID and password of the operator to be added to the group as a group user registration instruction. This is given to the deletion unit 12. Then, in S67, the group user addition / deletion unit 12 gives the user management unit 14 the group user registration instruction received from the input device 2. In S68, the user management unit 14 adds the group user registration information newly created from the group user addition / deletion unit 12 to the group user registration information created in response to the group user registration instruction from the group user addition / deletion unit 12 in the past. By adding a user registration instruction, the group user registration information is updated. In addition, the update history of the group user registration information is also managed by the user management unit 14.

  The user management unit 14 manages the group registration information received from the group creation / deletion unit 13 and the group user registration information received from the group user addition / deletion unit 12.

  7 is a diagram showing an example of group user registration information stored in the user management unit 14 of the medical apparatus 1 shown in FIG. 1. FIG. 8 is a diagram recorded in the user management unit 14 of the medical apparatus 1 shown in FIG. It is a figure which shows an example of the registration and deletion history of a group user to be performed.

  As shown in FIG. 7, group user registration information indicating that the operator identified by the user ID belongs to each group identified by the user group ID is managed in the user management unit 14. Also, as shown in FIG. 8, when an operator is registered or deleted from a group, the update date / time and update contents of the group user registration information are recorded in the user management unit 14 as an update history.

  When the group registration and the group user registration are completed, the operator who is registered as a group user logs in using the user group ID of the group to which the user belongs and the password of the group in addition to using the user ID and password of the operator. Is possible.

  In order for a single or a plurality of operators registered as group users to log in, login information is input to the login unit 7 from the input device 2 in S69 of FIG. The login information input from the input device 2 at this time includes (1) the user IDs of all operators, (2) the user IDs and passwords of all operators, and (3) the user IDs and operations of all operators. (4) User group ID of the group to which each operator belongs, (5) User group ID and group password of the group to which each operator belongs, (6) Each operator User group ID of the group to which it belongs and passwords of all operators belonging to the group, (7) User group ID of the group to which each operator belongs and password of one operator (representative) belonging to the group Or any combination of information. It is also possible to set so that the user ID and password of the operator who is given the login authority are required as login information.

  When the login information is input to the login unit 7, in S70, S71, S72, S73, S74, and S75, as in S5, S6, S7, S8, S9, and S10 in FIG. The user list information is updated.

  However, the authentication of the group and whether the operator belongs to the group are also authenticated. For example, when the user group ID and the operator password are input as login information, the user belongs to the corresponding group, the corresponding operator password is given from the user management unit 14 to the authentication unit 15, and the authentication unit 15 The entered operator password and the password acquired from the user management unit 14 are compared to determine whether or not they match.

  The user list information includes the user group ID of the group using the medical device 1.

  FIG. 9 is a diagram illustrating an example of user list information including groups managed by the user management unit 14 in accordance with information input from the input device 2 of the medical device 1 illustrated in FIG.

  Before the operator logs in to the medical device 1, as shown in S <b> 100 of FIG. 9, the user (user) currently using the medical device 1 has usage user list information indicating “none”. It is stored in the user management unit 14. In S101, for example, a user group ID of a group to which each operator belongs and a group password and a group password are given to the user management unit 14 as login information. Then, the user management unit 14 refers to the login information, and determines that the group currently using the medical device 1 is a wed-group and the operator is taro, hana, jiro belonging to the wed-group.

  For this reason, as shown in S102, the group currently using the medical device 1 is “weed-group” and the user list information indicating that the user is “taro, hana, jiro” is the user management unit. 14 is stored.

  In addition, after an operator or a group logs in, an operator can be newly added to or deleted from the group. When a new operator is added to the group, an administrator or an authorized operator is added from the input device 2 in S76, S77, and S78 of FIG. 5 as in S66, S67, and S68. A group user registration instruction is input to update the group user registration information. Note that deleting an operator from a group is the same as adding an operator, and thus description thereof is omitted.

  FIG. 10 is a diagram showing an example of updating the group user registration information managed by the user management unit 14 of the medical apparatus 1 shown in FIG. 1, and FIG. 11 shows a group in the user management unit 14 as shown in FIG. It is a figure which shows an example of the update log | history of group user registration information recorded when user registration information is updated.

  As shown in S110 of FIG. 10, the user ID of the operator belonging to each group identified by the three user group IDs (mon-group, two-group, and weed-group) is used as group user registration information as the user management unit 14. If a group user registration instruction for adding the user ID “sakura” is given to a group whose user group ID is identified by a wed-group, as shown in S111, for example, as shown in S111, it is shown in S112. As described above, the user ID “sakura” is added to the group identified by the wed-group.

  Then, as shown in FIG. 11, the update content and update date / time indicating that the user ID “sakura” has been added to the group identified by the wed-group is recorded in the user management unit 14 as the update history of the group user registration information. Is done.

  When an operator is added to the group, the added operator can also log in to the medical apparatus 1. When the added operator logs in to the medical apparatus 1, login information is input from the input apparatus 2 to the login unit 7 in S79 of FIG. Then, as in S70, S71, S72, S73, S74, and S75, after authentication is performed in S80, S81, S82, S83, S84, and S85, login information is given to the user management unit 14 and the user list information is updated. Is done.

  However, it is possible to input login information together with the group user registration instruction of the operator to be added. In this case, the operator who is added almost simultaneously with the update of the group user registration information logs in. Become.

  The login information input here includes (1) the user IDs of all operators to be added, (2) the user IDs of all operators to be added and the passwords of all operators to be added, and (3) all the operators to be added. One of the four information of the user ID and the password of one of the added operators (representative), (4) the user ID of all the added operators and the password of the operator who has already logged in. . It is also possible to set so that the user ID and password of the operator who is given the user addition authority are required as login information.

  When the passwords of all the operators to be added are required (2), a procedure for logging in the medical apparatus 1 with all the added operators is performed. In the case of requiring the representative password (3), the representative performs a procedure for logging in to the medical apparatus 1. In the case of requiring the password of the operator who has already logged in (4), The login procedure is performed by an operator who has already logged in.

  For example, as shown in S103 of FIG. 9, when the user ID “sakura” and password of the operator to be added are given as login information from the input device 2 to the user management unit 14 via the login unit 7, as shown in S104. In addition, the user list information is updated, and the operator identified by the user ID “sakura” is managed as currently logged in.

  Moreover, the lock screen and the unlock screen can be executed in the same manner as when the group is not used. In this case, a lock screen instruction is given from the input device 2 to the screen lock unit in S86 of FIG. 5, and the screen lock unit locks the screen in S87.

  When the screen lock is to be released, an unlock screen instruction is given from the input device 2 to the unlock screen unit 10 in S88. This unlock screen instruction can be selected when the user group is not used. (1) User IDs of all operators, (2) User ID of one of the operators (representative), (3) All operators (4) User ID of all operators and the password of one of the operators (representative), (5) User ID and password of one of the operators (representative) In addition to the five pieces of information, (6) user group ID, (7) user group ID and group password, (8) user group ID and password of all operators belonging to the group, (9) user group ID and group It can be any of nine pieces of password information of one of the operators to which the user belongs (representative). That is, the user group ID and the group password can be used for an unlock screen instruction.

  When the unlock screen instruction is given to the unlock screen unit 10, the authentication is performed in S89, S90, S91, S92, and S93 and then unlocked in the same manner as S17, S18, S19, S20, and S21 in FIG. The screen lock is released by the screen unit 10.

  When all the operations are completed, a logout instruction is given from the input device 2 to the logout unit 8 in S94, S95, and S96 in the same manner as S36, S37, and S38 in FIG. However, the user group ID can also be used as a logout instruction. It is also possible to execute login and logout of the operator together with the lock screen instruction and the unlock screen instruction. In this case, the user group ID and the group password are used for the lock screen instruction and the unlock screen instruction. Can do.

  That is, the access management performed using the group user as described above is not only capable of grasping each operator operating at each time when the medical device 1 is used by a plurality of operators, The user management unit 14 uses the group user group ID and password as group registration information and the user ID and password of the operator belonging to the group as a group user so that the access control of the operator can be executed depending on whether or not the user belongs to the group Each of them is managed as registration information. For this reason, the access authority with respect to the medical apparatus 1 can be changed with the combination of several operators. In addition, access management in accordance with the actual usage of the medical device 1 can be performed.

  Therefore, a usage example of an image diagnostic apparatus that is one of the medical apparatuses 1 using group users will be described. First, an administrator registers a technician as an operator belonging to a group and the group in advance. For example, in the morning, an engineer turns on the power of the diagnostic imaging apparatus. The engineer logs in to the diagnostic imaging apparatus. At this time, the engineer logs in using the user group ID and password of the group.

  The engineer then prepares for the inspection. When the preparation is completed and the doctor intends to log in to the diagnostic imaging apparatus for the examination, the doctor is registered as an operator to be added to the user group. Thereby, it becomes possible to perform a test by a plurality of doctors and engineers.

  Further, the doctor returns after completion of the examination, but at that time, the doctor instructs the engineer to perform the remaining work such as the work of storing the image on a medium and the work of outputting to the film. Then, the doctor is deleted from the group. Furthermore, the engineer performs work based on the instructions of the doctor.

  When a series of examination work is completed for a certain examination, a different doctor comes for the next examination. Similarly, registration and deletion of a doctor in the group are repeated. In addition, logout is executed when all tasks are completed.

  By the way, when the operator performs login, logout, lock screen, unlock screen, operator addition / deletion (user registration), group addition / deletion (user group registration), group user addition / deletion (group) When the user registration is executed, when the operator's authority is changed, or when the operator operates the application, these events can be recorded in the audit log recording unit 17 as audit log information.

  When login, logout, lock screen, and unlock screen are executed, logout, lock screen, and unlock screen are executed from login unit 7, logout unit 8, lock screen unit 9, and unlock screen unit 10, respectively. Information to that effect is given to the audit log recording unit 17 as an audit log recording request.

  Also, when an operator is added / deleted (user registration), a group is added / deleted (user group registration), a group user is added / deleted (group user registration), or the operator's authority is changed The user management unit 14 notifies the audit log recording unit 17 of these facts as an audit log recording request. At this time, group identification information such as group ID and operator user ID and operator identification information are also provided from the user management unit 14 to the audit log recording unit 17.

  Further, the recording of the audit log information to the effect that the operator has operated the application is executed by the application execution unit 5 and the operation contents of the application and the operator being given to the audit log recording unit 17 as an audit log recording request. . Thereby, for example, the fact that the operator has started the application and accessed the personal information can be recorded as the audit log information.

  FIG. 12 is a sequence diagram illustrating a flow when the application operation is recorded in the audit log recording unit 17 as audit log information in the medical device 1 illustrated in FIG. 1.

  First, when login information is given from the input device 2 to the login unit 7 in S120, authentication is performed in S121, S122, S123, S124, S125, and S126 in the same manner as S5, S6, S7, S8, S9, and S10 in FIG. After that, login is executed. Then, a new operator logs in or an operator is added.

  Furthermore, in S127, the login unit 7 provides the audit log recording unit 17 with the identification information of the logged-in operator as the audit log request together with information indicating that the login has been executed as the operation content. Then, in S128, the audit log recording unit 17 creates and stores audit log information indicating that the operator identified by the user ID has logged in. That is, the audit log recording unit 17 records, as audit log information, the user ID used for login as the operator and the content indicating that the login was successful as the operation content.

  In S129 and S130, the login unit 7 gives a login notification indicating that the user has logged in to each application execution unit 5 in the medical apparatus 1. Then, in S131, the application execution unit 5 corresponding to the application set to record the operator as audit log information together with the operation content provides the user list information indicating the currently logged-in operator or group. Is requested to the user management unit 14. For this reason, in step S <b> 132, the user management unit 14 provides the usage user list information to the application execution unit 5. In step S <b> 133, the application execution unit 5 holds the use user list information acquired from the user management unit 14.

  Next, when the application is executed by giving an operation instruction of the application from the input device 2 to the application execution unit 5 in S134, the application execution unit 5 displays the held user list information in S135. The identification information of the operator who operated the application and the operation content are given to the audit log recording unit 17 as an audit log request. Therefore, in S136, the audit log recording unit 17 creates and saves audit log information from the identification information of the operator and the operation content.

  For example, when an operation instruction of an application for outputting a captured image to a film is given from the input device 2 to the application execution unit 5, the identification information of the operator who has input the operation instruction is included, and the operation content is Audit log information indicating that the film output is successful is recorded in the audit log recording unit 17.

  Note that the processing of S131, S132, and S133 in which the application execution unit 5 acquires the use user list information from the user management unit 14 is not when the login notification is received from the login unit 7, but the operation instruction of the application is first input device 2 may be executed when given to the application execution unit 5.

  The audit log information recorded in this way can be displayed on the display device 3. When displaying the audit log information on the display device 3, an instruction to display the audit log information specifying the display range is given to the audit log output unit 18 from the input device 2. Then, the audit log output unit 18 acquires the audit log information included in the designated display range from the audit log recording unit 17 and gives it to the display device 3 for display. As a result, the administrator can check the audit log information.

  FIG. 13 is a diagram showing an example of audit log information recorded in the audit log recording unit 17 of the medical device 1 shown in FIG.

  As shown in FIG. 13, actions such as login of a group, addition of a group user, image display by use of an application, logout of a group, etc. are recorded in the audit log recording unit 17 as audit log information in time series with an operator or a group. Is done. Further, as necessary, information such as the operator who added the group user, the added operator, the name of the group to be added, and the identification information of the displayed image is added.

  Furthermore, not only the audit log information recorded in the audit log recording unit 17 but also various information managed by the user management unit 14 can be displayed on the display device 3. In particular, it is possible to display and browse the history of addition / deletion of operators, groups, and group users. Thus, the administrator can check when and which operator belongs to which group.

  Specific examples include (1) a list of currently registered operators and a list of groups, (2) whether or not a specific operator or group has been registered, and a period during which (3) a specific List of operators belonging to the group and the period during which the operator belonged to the group, (4) List of groups to which the specific operator belonged and period during which the operator belonged to the group ( 5) Information such as whether or not a specific operator belonged to a group and a period during which the operator belonged to the group can be browsed.

  When displaying the history of addition / deletion of operators, groups, and group users, the administrator gives a history browsing request from the input device 2 to the user history search / acquisition unit 19. Then, the user history search / acquisition unit 19 searches the user management unit 14, acquires information that matches the browsing request, and provides the information to the display device 3. As a result, the history information to be browsed is displayed on the display device 3.

  Such a history display function is used to check, for example, when a certain operator or group has a problem and for which period the operator or group is registered and possibly using the medical device 1. can do.

  Furthermore, as an optional function of the medical device 1, when an examination order such as MWM data in DICOM communication is stored in the medical device 1, the user ID and password of the operator included in the examination order are used for login processing. Can do. In that case, the inspection order acquisition unit 20 acquires the inspection order and extracts the user ID and password included in the inspection order. Then, the inspection order acquisition unit 20 gives the extracted user ID and password to the login unit 7 as login information. In this way, the operator can automatically log in through authentication without manual operation of the input device 2.

The block diagram which shows embodiment of the medical device which concerns on this invention. The sequence diagram which shows the flow at the time of a some operator performing login, a lock screen, an unlock screen, and logout, without using a group user in the medical device shown in FIG. The figure which shows an example of the user registration information preserve | saved at the user management part of the medical device shown in FIG. The figure which shows an example of the utilization user list information managed in a user management part according to the information input from the input device of the medical device shown in FIG. The sequence diagram which shows the flow at the time of a some operator performing login, a lock screen, an unlock screen, and logout using a group user in the medical device shown in FIG. The figure which shows an example of the user registration information and group registration information preserve | saved at the user management part of the medical device shown in FIG. The figure which shows an example of the group user registration information preserve | saved at the user management part of the medical device shown in FIG. The figure which shows an example of the registration and deletion log | history of a group user recorded in the user management part of the medical device shown in FIG. The figure which shows an example of utilization user list information including the group managed in a user management part according to the information input from the input device of the medical device shown in FIG. The figure which shows the example which updates the group user registration information managed in the user management part of the medical device shown in FIG. The figure which shows an example of the update log | history of the group user registration information recorded when the group user registration information in a user management part is updated as shown in FIG. The sequence diagram which shows the flow at the time of recording operation of an application as audit log information in an audit log recording part in the medical device shown in FIG. The figure which shows an example of the audit log information recorded on the audit log recording part of the medical device shown in FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Medical apparatus 2 Input device 3 Display apparatus 4 Operation terminal 5 Application execution part 6 Operator management system 7 Login part 8 Logout part 9 Lock screen part 10 Unlock screen part 11 User registration / deletion part 12 Group user addition / deletion part 13 Group creation / deletion unit 14 User management unit 15 Authentication unit 16 Authentication result display unit 17 Audit log recording unit 18 Audit log output unit 19 User history search / acquisition unit 20 Inspection order acquisition unit

Claims (23)

A login unit for acquiring identification information of a plurality of operators and executing login of the plurality of operators;
A logout unit that obtains logout instructions and performs logout of the plurality of operators;
Based on the login information acquired from the login unit and the logout information acquired from the logout unit, a user management unit that manages a list of operators using the device as user list information,
When the plurality of operators use the apparatus in parallel based on the user list information acquired from the user management unit, the audit log information indicating that the plurality of operators have used the apparatus in parallel is recorded. An audit log recording unit,
A medical device comprising: A group creation / deletion unit that obtains identification information of a group to which the operator can belong and gives the user management unit;
A group user addition / deletion unit that obtains a group user registration instruction indicating identification information of the operator belonging to the group and gives it to the user management unit;
The user management unit is configured to manage the user list information using the group identification information,
The audit log recording unit is configured to record the audit log information using identification information of the group;
The medical device according to claim 1. When there is no operator logged in, the login unit identifies identification information of all operators who are newly logged in, authentication information of all operators who are newly logged in, and the new login The medical device according to claim 1, wherein login is performed when at least one piece of authentication information of one or more operators among all the operators is acquired. . The login unit includes identification information of all operators who are newly logged in and authentication information of one or more operators among the operators who are newly logged in when there is no operator logged in. The medical device according to claim 1, wherein the medical device is configured to execute login when the password is acquired. The login unit logs in when identification information of all operators who are newly logged in and authentication information of all operators who are newly logged in are acquired when there is no operator logged in. The medical device of claim 1, wherein the medical device is configured to perform: The login unit includes, when another operator is logged in, identification information of all operators who want to add and log in, authentication information of all operators who want to add and log in, and the addition Authentication information of one or more operators among all operators who want to log in, all authentication information of the other operators, authentication information of one or more operators of the other operators The medical apparatus according to claim 1, wherein when at least one or more pieces of information are acquired, the medical apparatus is configured to perform login of all the operators who want to log in additionally. The login unit includes, when another operator is logged in, authentication information of all operators who want to log in additionally, one or more of all operators who want to log in additionally Authentication information of the operator, all authentication information of the other operator, and at least one information of authentication information of one or more operators among the other operators, and all of the additional login attempts The medical device according to claim 1, wherein when the identification information of the operator is acquired, login is performed for all the operators who want to log in additionally. The login unit obtains identification information of all operators who want to log in additionally and authentication information of one or more operators among the other operators when another operator is logged in The medical apparatus according to claim 1, wherein the medical apparatus is configured to execute login of all the operators who want to log in after the addition. The medical apparatus according to claim 1, wherein the logout unit is configured to log out a part of the plurality of operators. The medical apparatus according to claim 1, wherein the logout unit is configured to be able to log out by switching all or part of the plurality of operators. A lock screen that locks the screen of the display device when certain conditions are satisfied;
An unlock screen unit for unlocking a screen locked by the lock screen unit;
The medical device according to claim 1, comprising: A lock screen that locks the screen of the display device when certain conditions are satisfied;
An unlock screen part for unlocking a screen locked by the lock screen part,
The login unit is configured to be able to execute login of an operator who wants to log in by adding when the unlock screen unit unlocks the screen,
The logout unit is configured to perform logout of an operator to be deleted when the lock screen unit locks the screen.
The medical device according to claim 1. The login unit is configured to acquire at least one of identification information and authentication information of at least one operator among the plurality of operators from an inspection order, and execute login using the acquired inspection order. The medical device according to claim 1, wherein: When there is no operator logged in, the login unit identifies the group, identification information of the group, identification information of all operators belonging to the group, all operators belonging to the group Authentication information, identification information of one or more operators among all operators belonging to the group, authentication information of one or more operators among all operators belonging to the group, belonging to the group Acquire at least one or more information of identification information of an operator who has been given login authority among all operators who perform login and authentication information of an operator who has been given login authority among all operators belonging to the group The medical device according to claim 2, wherein the medical device is configured to perform login in the event of a failure. The login unit, when there is no operator logged in, the authentication information of the group, the authentication information of one or more operators among all operators belonging to the group, and all the members belonging to the group The login is performed when at least one piece of information of authentication information of an operator who is given login authority among the operators and identification information of the group are acquired. The medical device described. When there is no operator logged in, the login unit includes authentication information of the group, identification information of all operators belonging to the group, authentication information of all operators belonging to the group, the group Identification information of one or more operators among all operators belonging to the group, authentication information of one or more operators among all operators belonging to the group, and identification of all operators belonging to the group Among them, the identification information of the operator who has been given login authority and the authentication information of the operator who has been given login authority among all the operators belonging to the group, and the identification information of the group are acquired. The medical device according to claim 2, wherein the medical device is configured to perform login in the event of a failure. The login unit includes, when another operator is logged in, identification information of all operators who want to add and log in, authentication information of all operators who want to add and log in, and the addition Authentication information of one or more operators among all the operators who want to log in, identification information of the group, authentication information of the group, all authentication information of the other operator, another operator Authentication information of one or more operators, identification information of all operators belonging to the group, authentication information of all operators belonging to the group, 1 of all operators belonging to the group Identification information of more than one operator, authentication information of one or more operators among all operators belonging to the group, and operations given user addition authority among all operators belonging to the group All the operations to be added and logged in when at least one piece of authentication information of the operator who has been given the authority to add users among all the operators belonging to the group is acquired. The medical device according to claim 2, wherein the medical device is configured to perform login of a person. A lock screen that locks the screen of the display device when certain conditions are satisfied;
An unlock screen part for unlocking a screen locked by the lock screen part,
The unlock screen unit includes identification information of the group, authentication information of the group, authentication information of all logged-in operators, authentication information of one or more operators among the logged-in operators, When at least one information of identification information of one or more operators among the operators belonging to the group and authentication information of one or more operators among the operators belonging to the group is acquired The medical device according to claim 2, wherein the medical device is configured to unlock the screen. The medical device according to claim 2, wherein the audit log recording unit is configured to record at least one of identification information of all the plurality of operators and identification information of the group. List of registered operators, list of registered groups, whether or not a specific operator is registered, whether or not a specific group is registered, and the period during which a specific operator is registered , A period when a specific group was registered, a list of operators belonging to a specific group, a period when a specific operator belonged to a group, a list of groups where a specific operator belonged, and A user history search / acquisition unit is provided for acquiring at least one piece of information indicating whether or not a specific operator belongs to a group from the user management unit and displaying the information on a display device. The medical device according to claim 1 or 2. 3. The medical apparatus according to claim 1, wherein the access authority can be changed by a combination of a plurality of operators. A login unit that acquires identification information of a plurality of operators of the medical device and logs in the medical devices of the plurality of operators;
A logout unit that acquires a logout instruction from the medical device and performs logout of the plurality of operators with respect to the medical device;
Based on login information acquired from the login unit and logout information acquired from the logout unit, a user management unit that manages a list of operators using the medical device as usage user list information;
Audit that the plurality of operators used the medical device in parallel when the plurality of operators used the medical device in parallel based on the user list information acquired from the user management unit An audit log recording unit for recording log information;
An operator management system comprising: Acquiring identification information of a plurality of operators and executing login of the plurality of operators; and
Obtaining a logout instruction and performing logout of the plurality of operators;
Managing a list of operators as user list information based on log-in information indicating that the log-in has been executed and log-out information indicating that the log-out has been executed;
Recording the audit log information to the effect that the plurality of operators used the medical device in parallel when the plurality of operators used the medical device in parallel based on the user list information; ,
An operator management method characterized by comprising:

Images