JP2013030157A - Secret information browsing method and secret information browsing system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a secret information browsing method and secret information browsing system which can provide the person himself/herself of secret information with security sense and does not give a burden to an owner of the secret information.SOLUTION: This invention sequentially has a secret information registration step in which a first terminal 1 registers secret information about a specific person in a content server 4, a browsing permission step in which the first terminal 1 acquires the effect that permits secret information browsing, a password storage step in which the content server 4 associates a password with the secret information to store the password, and a password collation type secret information transmission step in which the content server 4 receives a password from a second terminal 2, confirms that the second terminal 2 is a predetermined normal terminal and that the received password is associated with the secret information of the specific person, and transmits the secret information to the second terminal 2 when the confirmation is successful.

Description

  The present invention relates to a secret information browsing method and a secret information browsing system that allow a third party to browse secret information including personal information such as an electronic medical record.

  Non-public information includes a medical record in which medical information is described. When the medical information described in the medical record is to be viewed by a third-party referral doctor, the consulted doctor makes various referrals with the patient and creates a referral with medical information. I was handing it to. The patient himself then handed the referral letter to the referral doctor. According to the conventional practice, by following this procedure, it was possible to obtain a sense of security that the medical record was not viewed by anyone other than the referring doctor, for both the treating doctor and the patient. In this way, non-public information has been handed over in paper form to the owner of the information or the person requested by the owner.

  On the other hand, digitization of medical charts has progressed, and a system that enables browsing of electronic medical charts has been proposed (see, for example, Patent Documents 1 and 2).

  In the system of Patent Document 1, an electronic medical record management server that acquires electronic medical records each created in a plurality of different formats including patient examination contents via a communication network adjusts the items of the electronic medical record information, Sent when a browsing request is received.

  The system of Patent Document 2 transmits and receives referral letter information issued by the referral source hospital, requests for medical information from the referral destination hospital, and patient medical information sent from the referral source hospital via the data management server. To do. This makes it possible for the referral doctor to view the medical record.

JP 2009-266077 A JP 2010-237834 A

  Although the system of patent document 1 makes a medical record database, the intention of a patient is not considered. For this reason, the system of patent document 1 had the problem that the security of the person of non-public information cannot be obtained.

  In the system of Patent Document 2, it is necessary to transmit a medical chart from the referring doctor at a timing when the referring doctor needs a medical chart. For this reason, the system of Patent Document 2 has a problem that it becomes a burden on the owner of non-public information.

  An object of the present invention is to provide a method for browsing private information and a system for browsing private information that can provide a sense of security for the private information and that do not burden the owner of the private information.

  In order to achieve the above-described object, a method for browsing private information according to the present invention includes a private information registration step in which a first terminal registers private information relating to a specific person in a content server, and the first terminal. Displays whether to permit browsing of the non-public information, and obtains the permission to view the non-public information, and the first terminal or the content server includes the non-public information. A password storage step in which the content server generates a password that enables browsing, and the content server stores the password in association with the non-public information, and a second terminal that is different from the first terminal is stored in the content server. Access to the non-public information about the specific person who is, acquire and transmit the password generated in the password storage step, and The content server receives a password from the second terminal, the second terminal is a predetermined regular terminal, and the received password is associated with the private information of the specific person And the password verification type private information transmission step of transmitting the specific person's private information to the second terminal when the confirmation is made.

  Since the private information browsing method of the present invention has a private information registration step, a browsing permission step, and a password storage step, the private information can be stored on the agreement of the private information and the registrant. The authority to permit browsing can be given to the specific person. Since the private information browsing method of the present invention has a password verification type private information transmission step, the private information can be obtained only by obtaining the permission of the specific person without involving the private information owner. It can be viewed on two terminals. Accordingly, it is possible to provide a method for browsing private information, which can provide a sense of security for the private information and does not place a burden on the owner of the private information.

In the secret information browsing method of the present invention, in the password storing step, the first terminal generates and displays the password and transmits it to the content server, and the content server transmits the transmitted password to the secret server. The information may be stored in association with the information.
In the present invention, since a registrant of private information can determine a password, a person who is directly involved in the private information can manage the password.

In the method for browsing private information according to the present invention, in the password storage step, the content server generates the password, transmits it to the first terminal, stores it in association with the private information, and stores the content server. The first terminal may display the password transmitted from.
According to the present invention, passwords can be collectively managed in the content server, so that duplication of passwords can be avoided.

In the secret information browsing method of the present invention, in the password storing step, the content server generates the password and transmits it to a third terminal different from the first terminal and the second terminal. The information may be stored in association with the non-public information.
According to the present invention, passwords can be collectively managed in the content server, so that duplication of passwords can be avoided. Furthermore, since the third terminal stores the password, it is possible to prevent the password from being lost by the person who has the private information.

In the secret information browsing method of the present invention, the content server indicates that the first terminal permits browsing of the secret information after the browse permission step and before the password verification type secret information transmission step. You may register with.
According to the present invention, it is possible to prevent a third party from browsing information that is not permitted by a registrant of private information.

  In order to achieve the above-described object, a method for browsing private information according to the present invention includes a private information registration step in which a first terminal registers private information relating to a specific person in a content server, and the first terminal. Displays whether to permit browsing of the non-public information, and obtains a permission to read the non-public information, and a third terminal different from the first terminal is a personal identification number Is acquired and stored, and the personal identification number and the information for specifying the non-public information are transmitted to the content server, and the content server is a legitimate terminal in which the third terminal is associated with the specific person. A password number storing step for confirming that the password is stored in association with the non-public information, and storing a second terminal different from the first terminal and the third terminal in the content server; The secret information stored in the third terminal is acquired and transmitted in the password storing step, and the content server receives the password from the second terminal. Received the number, confirmed that the second terminal is a predetermined legitimate terminal and that the received personal identification number is associated with the private information of the specific person, and was able to confirm A secret code collation type non-public information transmitting step for transmitting the non-public information of the specific person to the second terminal in this case.

  The private information browsing method of the present invention has a private information registration step, a browsing permission step, and a personal identification number storage step. Therefore, upon the agreement between the private information and the registrant, the private information It is possible to give the specific person the authority to permit viewing. Since the private information browsing method of the present invention has a secret number collation type private information transmission step, the private information can be obtained only by obtaining the permission of the specific person without involving the owner of the private information. The browsing can be made possible on the second terminal. Accordingly, it is possible to provide a method for browsing private information, which can provide a sense of security for the private information and does not place a burden on the owner of the private information.

In the secret information browsing method of the present invention, the content that the first terminal permits browsing of the secret information after the browse permission step and before the password verification type secret information transmission step is performed. You may register with the server.
According to the present invention, it is possible to prevent a third party from browsing information that is not permitted by a registrant of private information.

  In order to achieve the above-described object, a method for browsing private information according to the present invention includes a private information registration step in which a first terminal registers private information relating to a specific person in a content server, and the first terminal. Displays whether to permit browsing of the non-public information, and a browsing permission step for obtaining permission to browse the non-public information, and a third terminal different from the first terminal, User information, which is information related to the specific person stored in the third terminal, and information specifying the non-public information are transmitted to the content server, and the content server is connected to the specific terminal. A user information storage step of confirming that the terminal is a legitimate terminal associated with the person and storing the user information in association with the non-public information; and the first terminal and the third terminal Different second The terminal accesses private information relating to the specific person stored in the content server, the content server receives the user information from the third terminal, and the second terminal is predetermined. And confirming that the received user information is associated with the specific person's private information, and if the confirmation is made, the specific person's private information is A user information collation type non-public information transmission step to be transmitted to the second terminal.

  The private information browsing method of the present invention has a private information registration step, a browsing permission step, and a user information storage step. Therefore, the private information browsing method is private after the private information and the registrant agree. The authority to permit browsing of information can be given to the specific person. Since the private information browsing method of the present invention has a user information collation type private information transmission step, the private information can be obtained only by obtaining the permission of the specific person without involving the private information owner. Can be viewed on the second terminal. Accordingly, it is possible to provide a method for browsing private information, which can provide a sense of security for the private information and does not place a burden on the owner of the private information.

In the private information browsing method of the present invention, the fact that the first terminal permits browsing of the private information after the browsing permission step and before the user information collation type private information transmission step is described above. You may register with a content server.
According to the present invention, it is possible to prevent a third party from browsing information that is not permitted by a registrant of private information.

In the non-public information browsing method of the present invention, the non-public information is an electronic medical record, and when the first terminal registers in the content server that the non-public information is permitted to be read, the scanner An image conversion step for converting the chart and the code into image data in a state where the chart is stored in a transparent case to which a code indicating attribute information of the chart is attached, and approval of storage of the image data of the chart The authentication server identifies an image of the code from the image data of the medical record and the code, extracts attribute information of the medical record from the identified image of the code, and uses the extracted attribute information of the medical record as image data of the medical record An attribute information setting step for setting the attribute information as the attribute information.
According to the present invention, it is only necessary to give a scan start instruction to the scanner in a state where the chart is stored in the transparent case and the chart is stored in the transparent case. Therefore, it is not necessary to input the file name of the image data when converting the medical chart into image data. If the transparent case is prepared first, the transparent case can be reused thereafter. Furthermore, since the position of the code attached to the transparent case is not changed each time the chart is updated, the code image can be automatically identified, and the code recognition rate can be increased.

  In order to achieve the above-mentioned object, the non-public information browsing system of the present invention registers non-public information related to a specific person in a content server, displays whether or not to permit browsing of the non-public information, A first terminal that obtains permission to view private information and the private information and password received from the first terminal are stored and accessed by a second terminal different from the first terminal. Then, it can be confirmed that the second terminal is a predetermined regular terminal and the password received from the second terminal is associated with the private information of the specific person. The content server that transmits the private information of the specific person to the second terminal in the case of access to the private information related to the specific person stored in the content server and the Send acquires the password, and a different second terminal from said first terminal for displaying the private information of the specific person transmitted from the content server.

  Since the private information browsing system of the present invention includes the first terminal, the content server, and the second terminal, the authentication information and password of the second terminal without involving the owner of the private information. The secret information can be viewed on the second terminal simply by inputting. In addition, in order to generate a password after the first terminal has obtained permission to view private information, the private terminal is allowed to view private information upon agreement between the private information person and the registrant. Authority can be granted to the specific person. Accordingly, it is possible to provide a method for browsing private information, which can provide a sense of security for the private information and does not place a burden on the owner of the private information.

In the private information browsing system of the present invention, the first terminal generates and displays the password and transmits it to the content server, and the content server stores the transmitted password in association with the private information. May be.
In the present invention, since a registrant of private information can determine a password, a person who is directly involved in the private information can manage the password.

In the private information browsing system of the present invention, the content server generates the password and transmits it to the first terminal and stores the password in association with the private information, and the password transmitted from the content server is The first terminal may display.
According to the present invention, passwords can be collectively managed in the content server, so that duplication of passwords can be avoided.

In the private information browsing system of the present invention, the content server generates the password, transmits it to a third terminal different from the first terminal and the second terminal, and stores it in association with the private information. May be.
According to the present invention, passwords can be collectively managed in the content server, so that duplication of passwords can be avoided. Furthermore, since the third terminal stores the password, it is possible to prevent the password from being lost by the person who has the private information.

In the private information browsing system of the present invention, the first terminal may register in the content server that permission to browse the private information.
According to the present invention, it is possible to prevent a third party from browsing information that is not permitted by a registrant of private information.

  In order to achieve the above-mentioned object, the non-public information browsing system of the present invention registers non-public information related to a specific person in a content server, displays whether or not to permit browsing of the non-public information, A first terminal that obtains permission to view private information, a personal identification number is obtained and stored, and information identifying the personal identification number and the private information is transmitted to the content server, A third terminal different from the first terminal, the private information received from the first terminal, and the personal identification number received from the third terminal, and the first terminal and the third terminal When a second terminal different from the second terminal accesses, the second terminal is a predetermined regular terminal and the personal identification number received from the second terminal is associated with the private information of the specific person. Make sure When the confirmation can be made, the content server that transmits the private information of the specific person to the second terminal, and the private information related to the specific person stored in the content server are accessed and the first The third terminal is different from the first terminal and the third terminal that acquire and transmit the personal identification number stored in the terminal 3 and display the private information of the specific person transmitted from the content server. 2 terminals.

  Since the private information browsing system according to the present invention includes the first terminal, the content server, and the second terminal, the authentication information and password of the second terminal without involving the owner of the private information. Private information can be viewed on the second terminal simply by entering a number. In addition, since the first terminal obtains the permission to view non-public information and transmits a personal identification number from the third terminal, it is private after the agreement between the private information person and the registrant. The authority to permit browsing of information can be given to the specific person. Accordingly, it is possible to provide a method for browsing private information, which can provide a sense of security for the private information and does not place a burden on the owner of the private information.

In the private information browsing system of the present invention, the first terminal may register in the content server that permission to browse the private information.
According to the present invention, it is possible to prevent a third party from browsing information that is not permitted by a registrant of private information.

  In order to achieve the above-mentioned object, the non-public information browsing system of the present invention registers non-public information related to a specific person in a content server, displays whether or not to permit browsing of the non-public information, A first terminal that obtains permission to view private information, user information that is information relating to the specific person, and information that specifies the user information and the private information are stored in the content server Storing the third terminal different from the first terminal, the private information received from the first terminal, and the user information received from the third terminal, When a second terminal different from the terminal and the third terminal accesses, the user information is received from the third terminal, and the second terminal is a predetermined regular terminal and received. The user information is The content server that confirms that the information is associated with the private information of the specific person and transmits the private information of the specific person to the second terminal when the confirmation is made, and the content server A second different from the first terminal and the third terminal for accessing the stored private information relating to the specific person and displaying the private information of the specific person transmitted from the content server. A terminal.

  Since the private information browsing system of the present invention includes the first terminal, the content server, and the second terminal, the authentication information and use of the second terminal without involving the owner of the private information The private information can be viewed on the second terminal simply by inputting the person information. In addition, since the first terminal obtains the permission to view the non-public information and transmits the user information from the third terminal, the non-public information is agreed with the registrant. The authority to permit browsing of public information can be given to the specific person. Accordingly, it is possible to provide a method for browsing private information, which can provide a sense of security for the private information and does not place a burden on the owner of the private information.

In the private information browsing system of the present invention, the first terminal may register in the content server that permission to browse the private information.
According to the present invention, it is possible to prevent a third party from browsing information that is not permitted by a registrant of private information.

In the non-public information browsing system of the present invention, the non-public information is an electronic medical record, and the medical record and the code are stored in a state where the medical record is stored in a transparent case with a code indicating attribute information of the medical record. The content server further includes a scanner for converting to image data, the content server identifies the image of the code from the image data of the chart and the code, and extracts and extracts attribute information of the chart from the identified image of the code The chart attribute information may be set as attribute information of the chart image data.
According to the present invention, it is only necessary to give a scan start instruction to the scanner in a state where the chart is stored in the transparent case and the chart is stored in the transparent case. Therefore, it is not necessary to input the file name of the image data when converting the medical chart into image data. If the transparent case is prepared first, the transparent case can be reused thereafter. Furthermore, since the position of the code attached to the transparent case is not changed each time the chart is updated, the code image can be automatically identified, and the code recognition rate can be increased.

  According to the present invention, it is possible to provide a secret information browsing method and a secret information browsing system that can provide the security of the secret of the secret information and are not burdened by the owner of the secret information.

1 shows an example of a private information browsing system according to the present embodiment. FIG. 3 shows a sequence diagram of the private information browsing system according to the first embodiment. The sequence diagram of the non-public information browsing system concerning Embodiment 2 is shown. The sequence diagram of the secret information browsing system concerning Embodiment 3 is shown. The sequence diagram of the non-public information browsing system concerning Embodiment 4 is shown. The sequence diagram of the non-public information browsing system concerning Embodiment 5 is shown. The sequence diagram of the nonpublic information browsing system concerning Embodiment 6 is shown. The sequence diagram of the nonpublic information browsing system concerning Embodiment 7 is shown. The sequence diagram of the non-public information browsing system concerning Embodiment 8 is shown. The sequence diagram of the non-public information browsing system concerning Embodiment 9 is shown. It is a figure which shows the method of storing image data. It is a figure which shows the structure of an authentication server.

  Embodiments of the present invention will be described with reference to the accompanying drawings. The embodiments described below are examples of the present invention, and the present invention is not limited to the following embodiments. In the present specification and drawings, the same reference numerals denote the same components.

  FIG. 1 shows an example of a private information browsing system according to this embodiment. The first terminal 1, the second terminal 2, and the third terminal 3 are connected to the content server 4 through the communication network 5. The content server 4 stores non-public information regarding a specific person. The third terminal 3 is a portable mobile terminal owned by a specific person, and is, for example, a mobile phone, a smartphone, or a laptop computer.

  The private information browsing system according to the first embodiment and the second embodiment, which will be described later, includes a first terminal 1, a second terminal 2, and a content server 4. The private information browsing system according to Embodiments 3 to 9 described later includes a first terminal 1, a second terminal 2, a third terminal 3, and a content server 4.

  The non-public information browsing system according to the present embodiment is an electronic medical chart browsing system that enables the second terminal 2 to browse information on the electronic medical chart registered in the content server 4 by the first terminal 1, for example. Hereinafter, the case where the non-public information browsing method and the non-public information browsing system according to the present embodiment are an electronic medical chart browsing method and an electronic medical chart browsing system will be described.

(Embodiment 1)
FIG. 2 shows a sequence diagram of the private information browsing system according to the first embodiment. The secret information browsing method according to the present embodiment includes a secret information registration step, a browse permission step, a password storage step, and a password verification type secret information transmission step in this order. The private information registration step, the browsing permission step, and the password storage step are performed during the examination by the first doctor. The password verification private information transmission step is performed during the examination by the second doctor.

In the private information registration step, the private information browsing system operates as follows.
The first terminal 1 registers an electronic medical record relating to a specific person in the content server 4 (S111). For example, the first doctor uses the first terminal 1 to create a new patient chart on the content server 4. When this patient's electronic medical record already exists on the content server 4, the creation of the first medical record corresponds to this step.

In the browsing permission step, the private information browsing system operates as follows.
The first terminal 1 displays on the display whether or not to permit browsing of the electronic medical record (S112). The first doctor obtains consent from the patient being examined as to whether or not the chart can be disclosed to other doctors. If the consent is obtained, the first doctor inputs to the first terminal 1 that the electronic medical chart is permitted to be browsed. As a result, the first terminal 1 acquires permission to view the electronic medical record (S113), and registers in the content server 4 that permission to view the electronic medical record (S114). The content server 4 stores information indicating that browsing of the electronic medical chart is permitted (S414). At this time, the 2nd terminal 2 which permits browsing is specified. For example, the ID of the second doctor who plans to use the second terminal 2 is specified. Also, information that can be disclosed or information that should not be disclosed in the electronic medical record is designated.

  Here, when the second terminal 2 does not know the location of the content server 4 or the second terminal 2 does not have the access right of the content server 4, the first terminal 1 accesses the content server 4. Necessary server information and authentication information are notified to the second terminal 2 (S115). The second terminal 2 receives and stores server information and authentication information (S215). The timing of this notification can be performed at any timing after the browsing permission step and before the password verification type private information transmission step. The same applies to step S115 and step S215 in other embodiments not shown.

In the password storage step, the private information browsing system operates as follows.
A password that enables the first terminal 1 to view the electronic medical record is generated (S121) and displayed on the display. Thereby, the patient can know the password. Then, the first terminal 1 registers the password in the content server 4 (S122), and the content server 4 stores the password in association with the electronic medical record (S422).

In the password verification private information transmission step, the private information browsing system operates as follows.
When the patient is examined by the second doctor, the second terminal 2 accesses the electronic medical record of the patient stored in the content server 4. At this time, a message requesting a password is displayed on the display of the second terminal 2, and the second doctor inquires of the patient whether or not the electronic medical record is permitted to be browsed (S224). Obtain (S225).

  The second terminal 2 transmits authentication information indicating that the second terminal 2 is a legitimate terminal and a password acquired from the patient to the content server 4 (S226). The content server 4 confirms whether or not the received authentication information is registered as a legitimate terminal. Then, the content server 4 confirms that the second terminal 2 is a predetermined regular terminal and that the received password is associated with the electronic medical record of a specific person (S426). If this confirmation is possible, the content server 4 transmits the patient's electronic medical record to the second terminal 2 (S427). As a result, the patient's electronic medical record can be viewed on the second terminal 2 (S227).

  The non-public information browsing system and the non-public information browsing method according to the present embodiment generate a password when both the first doctor and the patient agree, and when the patient notifies the second doctor of the password It is possible to view electronic medical records. Therefore, it is possible to provide an undisclosed information browsing method and an undisclosed information browsing system in which agreement between the doctor and the patient and a sense of security are obtained, and the burden on the referring doctor is low.

(Embodiment 2)
FIG. 3 shows a sequence diagram of the private information browsing system according to the second embodiment. The secret information browsing method according to the present embodiment is different from the first embodiment in the password storage step. In the present embodiment, only different points will be described.

In the password storage step, the private information browsing system operates as follows.
The first terminal 1 requests a password from the content server 4 (S131). This password request may be performed simultaneously with step S114. Upon receiving this request, the content server 4 generates a password and transmits it to the first terminal 1 (S432), and stores the password in association with the electronic medical record (S433). The first terminal 1 displays the password transmitted from the content server 4 (S132). Thereby, the patient can know the password.

(Embodiment 3)
FIG. 4 shows a sequence diagram of the private information browsing system according to the third embodiment. The secret information browsing method according to the present embodiment is different from the first and second embodiments in the password storage step and the password verification type secret information transmission step. In the present embodiment, only different points will be described.

In the password storage step, the private information browsing system operates as follows.
The first terminal 1 requests a password from the content server 4 (S141). This password request may be performed simultaneously with step S114. Upon receiving this request, the content server 4 generates a password and transmits it to the third terminal 3 (S442), and stores the password in association with the electronic medical record (S443). The third terminal 3 receives and stores the password transmitted from the content server 4 (S342). Since the third terminal 3 is a patient terminal, the patient can know the password.

In the password verification private information transmission step, the private information browsing system operates as follows.
When the patient is examined by the second doctor, the second terminal 2 accesses the electronic medical record of the patient stored in the content server 4. At this time, the fact that the password is requested is displayed on the display of the second terminal 2, and the second doctor inquires of the patient whether or not the electronic medical record is permitted to be browsed (S244), and obtains the browse permission from the patient. (S245). If permission is obtained, the third terminal 3 transmits the password to the second terminal 2 (S346), and the second terminal 2 receives the password from the third terminal 3 (S246). Note that the third terminal 3 may display the password, and the second terminal 2 may obtain the displayed password.

  The second terminal 2 transmits authentication information indicating that the second terminal 2 is a legitimate terminal and the password received from the third terminal 3 to the content server 4 (S247). The content server 4 confirms that the second terminal 2 is a predetermined regular terminal and that the received password is associated with the electronic medical record of a specific person (S447). When this confirmation is possible, the content server 4 transmits the patient's electronic medical record to the second terminal 2 (S448). As a result, the patient's electronic medical record can be viewed on the second terminal 2 (S248).

  In the secret information browsing system and the secret information browsing method according to the present embodiment, since the content server 4 transmits a password to the third terminal 3, the patient does not need to write down or store the password. For this reason, the loss of the password by the patient can be prevented.

(Embodiment 4)
FIG. 5 shows a sequence diagram of the private information browsing system according to the fourth embodiment. The secret information browsing method according to the present embodiment replaces the password storage step and the password verification type secret information transmission step in the first to fourth embodiments with a password number storage step and a password number verification type secret information transmission. Steps. In the present embodiment, only the password number storing step and the password number collation type secret information transmission step will be described.

In the personal identification number storing step, the private information browsing system operates as follows.
The third terminal 3 transmits information specifying the electronic medical record to the content server 4 to access the patient's electronic medical record. In this state, the third terminal 3 stores the password entered from the patient, and registers the password in the content server 4 (S351). The content server 4 confirms that the third terminal 3 is a legitimate terminal associated with the patient, and stores the personal identification number in association with the electronic medical record (S451).

In the secret number collation type private information transmission step, the private information browsing system operates as follows.
When the patient is examined by the second doctor, the second terminal 2 accesses the electronic medical record of the patient stored in the content server 4. At this time, a message indicating that the personal identification number is requested is displayed on the display of the second terminal 2, and the second doctor inquires of the patient whether or not the electronic medical record is permitted to be read (S252), and obtains the permission to read from the patient. (S253). At this time, the third terminal 3 transmits the personal identification number (S354), and the second terminal 2 receives the personal identification number from the third terminal 3 (S254).

  The second terminal 2 transmits the authentication information indicating that the second terminal 2 is a legitimate terminal and the password received from the third terminal 3 to the content server 4 (S255). The content server 4 confirms that the second terminal 2 is a predetermined regular terminal and that the received personal identification number is associated with the electronic medical record of a specific person (S455). When this confirmation is possible, the content server 4 transmits the patient's electronic medical record to the second terminal 2 (S456). As a result, the patient's electronic medical record can be viewed on the second terminal 2 (S256).

  In the secret information browsing system and the secret information browsing method according to the present embodiment, since the third terminal 3 inputs the password, the patient can determine the password. For this reason, only those who know the personal identification number can browse the electronic medical record. Further, since the patient himself / herself determines the personal identification number, by using a number that is easy for the patient to remember as the personal identification number, it is possible to prevent leakage of information in the electronic medical record due to leakage of the personal identification number.

(Embodiment 5)
FIG. 6 shows a sequence diagram of the private information browsing system according to the fifth embodiment. The secret information browsing method according to the present embodiment is different from the secret code storage step and the secret code collation type secret information transmission step in the fourth embodiment. In the present embodiment, only differences from the fourth embodiment will be described.

  In the personal identification number storing step of this embodiment, the electronic medical record is encrypted with the personal identification number (S457). Thereby, the possibility that information described in the electronic medical record stored in the content server 4 is leaked to a third party can be reduced.

  In the personal identification number collation type private information transmission step according to the present embodiment, when the confirmation in step S455 is completed, the electronic medical record is decrypted using the personal identification number transmitted from the second terminal 2 (S458). Then, the content server 4 transmits the patient's electronic medical record to the second terminal 2 (S456). As a result, the patient's electronic medical record can be viewed on the second terminal 2.

(Embodiment 6)
FIG. 7 shows a sequence diagram of the private information browsing system according to the sixth embodiment. The secret information browsing method according to the present embodiment is different in the password collation type secret information transmission step in the fourth embodiment. In the present embodiment, only differences from the fourth embodiment will be described.

In the personal identification number collation type secret information transmission step of the present embodiment, the secret information browsing system operates as follows.
When the patient is examined by the second doctor, the second terminal 2 accesses the electronic medical record of the patient stored in the content server 4. At this time, the display requesting the personal identification number is displayed on the display of the second terminal 2, and the second doctor inquires of the patient whether or not the electronic medical record is permitted to be browsed (S262), and obtains the browse permission from the patient. (S263). At this time, the third terminal 3 transmits the personal identification number to the content server 4 (S365), and the second terminal 2 transmits the authentication information of the second terminal 2 to the content server 4 (S265).

  The content server 4 confirms that the second terminal 2 is a predetermined regular terminal and that the received personal identification number is associated with the electronic medical record of the accessing patient (S465). When this confirmation is possible, the content server 4 transmits the patient's electronic medical record to the second terminal 2 (S466). As a result, the patient's electronic medical record can be viewed on the second terminal 2 (S266).

(Embodiment 7)
FIG. 8 shows a sequence diagram of the private information browsing system according to the seventh embodiment. The secret information browsing method according to the present embodiment is different from the secret code storage step and the secret code collation type secret information transmission step in the sixth embodiment. In the present embodiment, only differences from the fourth embodiment will be described.

  In the personal identification number storing step of this embodiment, the electronic medical record is encrypted with the personal identification number (S467). Thereby, the possibility that information described in the electronic medical record stored in the content server 4 is leaked to a third party can be reduced.

  In the personal identification number collation type private information transmission step of the present embodiment, when the confirmation in step S465 is completed, the electronic medical record is decrypted using the personal identification number transmitted from the third terminal 3 (S468). Then, the content server 4 transmits the patient's electronic medical record to the second terminal 2 (S466). As a result, the patient's electronic medical record can be viewed on the second terminal 2.

(Embodiment 8)
FIG. 9 shows a sequence diagram of the private information browsing system according to the eighth embodiment. The secret information browsing method according to the present embodiment is a user information storage step and a user information verification type non-replacement in place of the password number storage step and the password verification type secret information transmission step in the fourth to seventh embodiments. A public information transmission step is included. In the present embodiment, only the user information storage step and the user information collation type private information transmission step will be described.

In the user information storage step, the private information browsing system operates as follows.
The third terminal 3 transmits information specifying the electronic medical record to the content server 4 to access the patient's electronic medical record. In this state, the third terminal 3 reads specific information from the user information stored therein and registers it in the content server 4 (S371). The content server 4 confirms that the third terminal 3 is a legitimate terminal associated with the patient, and stores the user information in association with the electronic medical record (S471).

  Here, the user information is information regarding a specific person, for example, an ID, a password, and unique information of the owner of the third terminal 3. The unique information of the owner of the third terminal 3 is, for example, biometric authentication information such as the position of the third terminal 3, propagation delay characteristics between the third terminal 3 and the content server 4, and fingerprints or irises. .

In the user information collation type private information transmission step, the private information browsing system operates as follows.
When the patient is examined by the second doctor, the second terminal 2 accesses the electronic medical record of the patient stored in the content server 4. At this time, a message indicating that the user information is requested is displayed on the display of the second terminal 2, and the second doctor inquires of the patient whether or not the electronic medical record is permitted to be browsed (S272), and the patient is allowed to browse. Obtain (S273). At this time, the third terminal 3 accesses its own electronic medical record on the content server 4 and transmits user information (S375). At the same time, the second terminal 2 transmits authentication information indicating that the second terminal 2 is a legitimate terminal (S275).

  The content server 4 confirms that the second terminal 2 is a predetermined regular terminal and that the received user information is associated with the electronic medical record of a specific person (S475). When this confirmation is possible, the content server 4 transmits the patient's electronic medical record to the second terminal 2 (S476). As a result, the patient's electronic medical record can be viewed on the second terminal 2 (S276).

  Since the secret information browsing system and the secret information browsing method according to the present embodiment use the user information of the third terminal 3 as an encryption key, the patient uses the third terminal 3 as the second doctor's examination room. If you bring it to, you can browse the electronic medical record. In addition, since the electronic medical record cannot be viewed in a place where the third terminal 3 is not present, it is possible to prevent the medical record from being viewed by a person other than the patient himself / herself.

(Embodiment 9)
FIG. 10 shows a sequence diagram of the private information browsing system according to the ninth embodiment. The secret information browsing method according to the present embodiment is different in the user information storage step and the user information collation type secret information transmission step in the eighth embodiment. In the present embodiment, only differences from the eighth embodiment will be described.

  In the user information storage step of this embodiment, the electronic medical record is encrypted with the user information (S467). Thereby, the possibility that information described in the electronic medical record stored in the content server 4 is leaked to a third party can be reduced. Here, the user information to be encrypted may be all or part of the user information.

  In the user information collation type private information transmission step of the present embodiment, when the confirmation in step S475 is completed, the electronic medical record is decrypted using the user information transmitted from the third terminal 3 (S478). Then, the content server 4 transmits the patient's electronic medical record to the second terminal 2 (S476). As a result, the patient's electronic medical record can be viewed on the second terminal 2 (S276).

  As described above, the inventions according to the first to tenth embodiments not only share the electronic medical record on the server, but the patient can use his / her own medical record like a referral letter between doctors. Show to the referred doctor and make it possible to receive medical care. Thereby, it is possible to restrict the doctor from browsing the patient's medical charts that other doctors treat without permission, and to reliably record that the patient has permitted the viewing of other doctors regarding the browsing.

  The invention according to the first to tenth embodiments relates to electronic information such as medical records or medical information performed between doctors, permission to share electronic information between doctors, and electronic information between doctors and patients. The sharing of computerized information, permission to provide computerized information to other doctors, etc. can be recorded reliably. In addition, digitization of medical charts and the like can be promoted without changing current processes such as sharing of medical charts in current medical care of doctors and introduction of other doctors to patients.

Although Embodiment 1-Embodiment 10 demonstrated the electronic medical chart browsing system whose non-public information is an electronic medical chart, it is not limited to this.
For example, the non-public information browsing system can be applied to a student achievement information browsing system. In this case, the non-public information is the student's grade information, the first terminal is the terminal of the educational institution to which the student belongs, and the second terminal is the educational institution such as the university or transfer destination, It is a terminal.
For example, the private information browsing system can be applied to a resident information browsing system. In this case, the non-public information is personal information such as the address and family register of the residents, the first terminal is the terminal of the municipality that has jurisdiction over the residents, and the second terminal is the public that confirms the address and family register of the residents It is an institution or company terminal.
For example, the private information browsing system can be applied to a marriage introduction information browsing system. In this case, the non-public information is information on the applicant for marriage, the first terminal is the terminal of the marriage introduction organization to which the applicant for marriage belongs, and the second terminal is another marriage request in which the applicant for marriage is introduced. Terminal.
For example, the private information browsing system can be applied to a content browsing system. In this case, the non-public information is content, the first terminal is a terminal managing the content, and the second terminal is a terminal of a person who uses the content. The content is an arbitrary work such as a video or a game whose copyright is to be protected.

(Embodiment 10)
In the present embodiment, the first terminal 1 registers in the content server 4 that the browsing of the private information is permitted before the password verification type private information transmission step after the browsing permission step. At this time, if the medical record as non-public information is not digitized, the electronic medical record obtained by digitizing the medical chart is stored in the content server 4. FIG. 11 shows a method for storing the electronic medical record. As a method for storing the electronic medical chart, an image conversion step and an attribute information setting step are sequentially performed.

  In the image conversion step, the scanner 300 converts the chart 200 and the code 101 into image data in a state where the chart 200 is stored in the transparent case 100 to which the code 101 indicating the attribute information of the chart 200 is attached. In the image conversion step, for example, Step P2 to Step P5 are performed.

  In the attribute information setting step, the authentication server 500 that approves storage of the image data of the chart 200 identifies the image of the code 101 from the chart 200 and the image data of the code 101, and attribute information of the chart 200 from the identified image of the code 101 And the extracted attribute information of the chart 200 is set as attribute information of the image data of the chart 200. In the attribute information setting step, steps P6 to P11 are performed.

(How to store medical records in a transparent case)
First, the code 101 indicating the attribute information of the chart 200 and the characters 102 are attached to the transparent case 100, and then the chart 200 is stored in the transparent case 100. In the electronic medical record system, the transparent case 100 is a clear file, the medical record 200 is a handwritten medical record, the code 101 is a QR code (registered trademark), and the attribute information includes the patient's name and its pseudonym and the patient. Patient information such as date of birth. The transparent case 100 does not need to be prepared every time the medical chart 200 is updated, and may be prepared at the first registration of the medical chart 200.

(Method of storing image data)
A method for storing image data is shown in FIG. First, the transparent case 100 is prepared in advance. In the electronic medical chart system, a doctor or a nurse prepares a clear file in advance. Next, the medical chart 200 is stored in the transparent case 100. In the electronic medical record system, the doctor or nurse puts the handwritten medical record in the clear file so that the patient information indicated by the characters 102 matches the patient information of the medical record 200 (step P1). Next, the medical chart 200 stored in the transparent case 100 is set in the scanner 300. In the electronic medical chart system, a doctor or a nurse sets a handwritten medical chart sandwiched between clear files on the scanner 300 (step P2). Finally, the doctor or nurse presses the scan start button (step P3). The doctor or nurse may perform the processing up to Step P3 and may not perform the subsequent processing.

  The scanner 300 acquires a scan start instruction (step P4). Next, in the image conversion step, the scanner 300 converts the chart 200 and the code 101 into image data in a state where the chart 200 is stored in the transparent case 100 to which the code 101 indicating the attribute information of the chart 200 is attached. In the electronic medical record system, the scanner 300 scans the handwritten medical record and the QR code (registered trademark) with the electronic medical record in a state where the handwritten medical record is sandwiched between the clear files to which the QR code (registered trademark) indicating the patient information of the handwritten medical record is attached. Convert to Next, the scanner 300 transmits the chart 200 and the image data of the code 101 to the computer 400 (step P5). Next, the computer 400 executes authentication using an ID or a password for the authentication server 500 that approves storage of the image data of the medical chart 200, and transmits the image data of the medical chart 200 and the code 101 if the authentication is successful. (Step P6).

  In the attribute information setting step, the authentication server 500 identifies the image of the code 101 from the image data of the chart 200 and the code 101, extracts the attribute information of the chart 200 from the identified image of the code 101, and extracts the attribute of the extracted chart 200 Information is set as attribute information of image data of the chart 200. In the electronic medical record system, the authentication server 500 identifies the QR code (registered trademark) image from the electronic medical record, extracts the patient information of the handwritten medical record from the identified QR code (registered trademark) image (step P7), and extracts it. The patient information in the handwritten medical record is set as patient information in the electronic medical record (step P8).

  In the storage authentication step, the authentication server 500 approves storage of the image data of the medical chart 200 when the attribute information set in the image data of the medical chart 200 matches the attribute information of the medical chart 200. In the electronic medical record system, the authentication server 500 approves storage of the electronic medical record (step P10) when the patient information set in the electronic medical record matches the patient information of the handwritten medical record (step P9). Specifically, the authentication server 500 confirms with the computer 400 whether these pieces of patient information match. Then, the computer 400 responds to the authentication server 500 as to whether or not the patient information matches in accordance with an instruction from a doctor having registration authority.

  In the chart addition step, the authentication server 500 searches the image data of the chart 200 before the update based on the attribute information set in the image data of the chart 200, and the chart 200 before the update of the chart 200 before the update. Add to 200 image data. In the electronic medical record system, the authentication server 500 searches the electronic medical record before the update based on the patient information set in the electronic medical record, and adds the updated electronic medical record to the electronic medical record before the update (step P11).

  For the same patient, the same clear file is reused each time the handwritten medical chart is updated, so an electronic medical chart in which the same attribute information is set is generated. Therefore, the authentication server 500 can search the electronic medical record before the update based on the attribute information set in the electronic medical record after the update. The authentication server 500 can also add an updated electronic medical record in addition to the electronic medical record before updating as an additional form of the electronic medical record, and stores the updated electronic medical record instead of the electronic medical record before updating. It is also possible to create a new file and register the electronic medical record in a new file when registering for the first time.

  In the image conversion step and the attribute information setting step, it is only necessary to give a scan start instruction to the scanner 300 in a state where the chart 200 is stored in the transparent case 100 and the chart 200 is stored in the transparent case 100. Therefore, it is not necessary to input a file name of image data when converting the medical chart 200 into image data. In the storage authentication step, it is possible to store the image data after confirming whether or not the chart 200 is stored in the transparent case 100 with the attribute information matched. In the chart addition step, by using the automatic processing of the authentication server 500, the user does not need to search the chart 200 before update and add the chart 200 after update to the chart 200 before update.

  The transparent case 100 need only be prepared once and can be reused any number of times. It is not necessary to attach the code 101 to the chart 200 every time the chart 200 is updated. Here, if the code 101 is attached to the chart 200, the position of the code 101 is changed every time the chart is updated. However, since the code 101 is attached to the transparent case 100, The position is not changed each time the chart is updated. Therefore, the image of the code 101 can be automatically identified, and the recognition rate of the code 101 can be increased. Furthermore, even if the chart 200 is created by handwriting or the chart 200 created before introducing the method for storing the chart of the present application, it can be easily digitized using the method for storing the chart of the present application. .

(Configuration of authentication server)
The configuration of the authentication server 500 is shown in FIG. The authentication server 500 includes a content storage unit 501, a data communication unit 502, a code extraction unit 503, an attribute information setting unit 504, a content storage authentication unit 505, and a content storage addition unit 506. The content storage unit 501 stores image data and may be disposed in the authentication server 500 or may be disposed in a device other than the authentication server 500. The data communication unit 502 serves as an interface between the computer 400 and the authentication server 500 for authentication using ID or password and transmission of image data in step P6 and confirmation of attribute information match in step P9.

  The code extraction unit 503 identifies the image of the code 101 from the chart 200 and the image data of the code 101 created in a state where the chart 200 is stored in the transparent case 100 to which the code 101 indicating the attribute information of the chart 200 is attached. Then, the attribute information of the medical chart 200 is extracted from the identified image of the code 101. In the electronic medical record system, the code extraction unit 503 generates a QR code (registered) from an electronic medical record created with the handwritten medical record sandwiched between clear files attached with a QR code (registered trademark) indicating patient information of the handwritten medical record. (Trademark) image is identified, and patient information of the handwritten medical chart is extracted from the identified QR code (registered trademark) image (step P7). The attribute information setting unit 504 sets the extracted attribute information of the chart 200 as attribute information of the image data of the chart 200. In the electronic medical record system, the attribute information setting unit 504 sets the extracted patient information of the handwritten medical record as the patient information of the electronic medical record (step P8).

  The content storage authentication unit 505 approves storage of the image data of the medical chart 200 when the attribute information set in the image data of the medical chart 200 matches the attribute information of the medical chart 200. In the electronic medical record system, the content storage authentication unit 505 approves the storage of the electronic medical record when the patient information set in the electronic medical record matches the patient information of the handwritten medical record (steps P9 and P10). The content storage / addition unit 506 searches the image data of the chart 200 before the update based on the attribute information set in the image data of the chart 200, and the image data of the chart 200 before the update is updated. Append to data. In the electronic medical record system, the content storage adding unit 506 searches the electronic medical record before update based on the patient information set in the electronic medical record, and adds the updated electronic medical record to the electronic medical record before updating (step P11). ).

  In this embodiment, the code 101 indicating the attribute information of the chart 200 is attached to the transparent case 100. However, in another embodiment, the code 101 indicating the attribute information that is changed every time the chart 200 is updated is It may be attached to the chart 200. The transparent case 100 is reused for each update, but since the medical chart 200 is created for each update, the code 101 indicating the attribute information that is changed each time the medical chart 200 is updated is not the transparent case 100 but the medical chart. It is attached to 200. As attribute information that is changed each time the medical chart 200 is updated, information on the updated date, the changed content, and the like can be given.

  In the image conversion step, the scanner 300 converts the chart 200 and the code 101 into image data in a state where the code 101 indicating the attribute information that is changed each time the chart 200 is updated is attached to the chart 200. The code extraction unit 503 identifies the image of the code 101 from the chart 200 and the image data of the code 101 created with the code 101 indicating the attribute information changed every time the chart 200 is updated attached to the chart 200 Then, the attribute information of the medical chart 200 is extracted from the identified image of the code 101.

  The stored image data may be image data of only the chart 200, or may be image data of both the chart 200 and the code 101. When image data of only the chart 200 is stored, the image data of the code 101 is deleted from the image data of the chart 200 and the code 101, and the image data of only the chart 200 can be browsed. When both image data of the chart 200 and the code 101 are stored, the image data can be easily stored.

  In the present embodiment, the computer 400 performs authentication with the authentication server 500 using an ID or a password. However, in another embodiment, the mobile phone associated with the computer 400 transmits the ID or password to the authentication server 500. Authentication using a password or the like may be performed. The authentication server 500 associates the computer 400 and the mobile phone, and requests the mobile phone for authentication when the computer 400 requests permission to transmit image data. Since the mobile phone and the user are associated with each other on a one-to-one basis, the security of authentication can be enhanced when the mobile phone performs authentication with the authentication server 500. Further, the content server 4 may have the function of the authentication server 500.

  The non-public information browsing method and the non-public information browsing system of the present invention can be applied to an electronic medical record browsing system, a results information browsing system, a resident information browsing system, a marriage introduction information browsing system, and a content browsing system. It can be used not only in industry but also in medical industry, education industry, public participation industry, bridal industry and media industry.

1: First terminal 2: Second terminal 3: Third terminal 4: Content server 5: Communication network 100: Transparent case 200: Medical chart 300: Scanner 400: Computer 500: Authentication server 101: Code 102: Character 501 : Content storage unit 502: data communication unit 503: code extraction unit 504: attribute information setting unit 505: content storage authentication unit 506: content storage addition unit

Claims (16)

A first terminal that registers private information relating to a specific person in the content server;
The first terminal displays whether to permit browsing of the non-public information, and a browsing permission step for acquiring the permission to browse the non-public information;
A password storing step in which the first terminal or the content server generates a password that allows the private information to be browsed, and the content server stores the password in association with the private information;
A second terminal different from the first terminal accesses the private information related to the specific person stored in the content server and acquires and transmits the password generated in the password storage step, The content server receives a password from the second terminal, the second terminal is a predetermined regular terminal, and the received password is associated with the private information of the specific person A password verification type private information transmission step of transmitting private information of the specific person to the second terminal when the confirmation is made,
Private information browsing method that has In the password storing step,
The first terminal generates and displays the password and transmits it to the content server, and the content server stores the password associated with the non-public information, or
The content server generates the password and transmits it to the first terminal and stores it in association with the non-public information, and the first terminal displays the password transmitted from the content server, or ,
The content server generates the password, transmits it to a third terminal different from the first terminal and the second terminal, and stores it in association with the non-public information;
The method for browsing private information according to claim 1.   The first terminal registers that the browsing of the private information is permitted in the content server after the browsing permission step and before the password verification private information transmission step. The method for browsing private information according to 1 or 2. A first terminal that registers private information relating to a specific person in the content server;
The first terminal displays whether to permit browsing of the non-public information, and a browsing permission step for acquiring the permission to browse the non-public information;
A third terminal different from the first terminal acquires and stores a personal identification number, transmits information identifying the personal identification number and the private information to the content server, and the content server Confirming that the terminal is a legitimate terminal associated with the specific person and storing the personal identification number in association with the non-public information;
A second terminal different from the first terminal and the third terminal accesses non-public information relating to the specific person stored in the content server, and the third terminal in the password storing step The personal identification number stored is transmitted and the content server receives the personal identification number from the second terminal, and the second terminal is a predetermined regular terminal and has received the personal identification number. Is confirmed to be associated with the private information of the specific person, and when the confirmation is made, the secret number collation type private information for transmitting the private information of the specific person to the second terminal Sending step;
Private information browsing method that has   The first terminal registers in the content server that the browsing of the non-public information is permitted after the browsing permission step and before the personal identification number collation type non-public information transmission step. Item 5. The method for browsing private information according to Item 4. A first terminal that registers private information relating to a specific person in the content server;
The first terminal displays whether to permit browsing of the non-public information, and a browsing permission step for acquiring the permission to browse the non-public information;
A third terminal different from the first terminal transmits user information that is information related to the specific person stored in the third terminal and information specifying the non-public information to the content server. A user information storage step in which the content server confirms that the third terminal is a legitimate terminal associated with the specific person and stores the user information in association with the non-public information; ,
A second terminal different from the first terminal and the third terminal accesses non-public information related to the specific person stored in the content server, and the content server receives information from the third terminal. Receiving the user information, confirming that the second terminal is a predetermined regular terminal and the received user information is associated with the private information of the specific person, and A user information collation type non-public information transmission step of transmitting non-public information of the specific person to the second terminal when confirmation is possible;
Private information browsing method that has   The first terminal registers in the content server that the browsing of the private information is permitted after the browsing permission step and before the user information collation type private information transmission step. The non-public information browsing method according to claim 6. The non-public information is an electronic medical record,
When the first terminal registers in the content server that permission to view the non-public information is registered,
An image conversion step of converting the medical chart and the code into image data in a state where the scanner stores the medical chart in a transparent case to which a code indicating medical chart attribute information is attached;
The authentication server that approves storage of the image data of the medical record identifies the image of the code from the image data of the medical record and the code, extracts attribute information of the medical record from the identified image of the code, and extracts the extracted An attribute information setting step for setting attribute information of the medical chart as attribute information of the image data of the medical chart;
The method for browsing private information according to claim 3, 5 or 7. A first terminal for registering non-public information related to a specific person in a content server, displaying whether to permit browsing of the non-public information, and obtaining permission to view the non-public information;
The private information received from the first terminal and the password are stored, and when accessed by a second terminal different from the first terminal, the second terminal is a predetermined regular terminal and Confirm that the password received from the second terminal is associated with the private information of the specific person, and if the confirmation is made, the private information of the specific person is sent to the second terminal. A content server to send,
The first that accesses the private information related to the specific person stored in the content server, acquires and transmits the password, and displays the private information of the specific person transmitted from the content server A second terminal different from the terminal of
A private information browsing system. The first terminal generates and displays the password and transmits it to the content server, and the content server stores the password associated with the non-public information, or
The content server generates the password and transmits it to the first terminal and stores it in association with the non-public information, and the first terminal displays the password transmitted from the content server, or ,
The content server generates the password, transmits it to a third terminal different from the first terminal and the second terminal, and stores it in association with the non-public information;
The non-public information browsing system according to claim 9.   The non-public information browsing system according to claim 9 or 10, wherein the first terminal registers in the content server that the non-public information is permitted to be read. A first terminal for registering non-public information related to a specific person in a content server, displaying whether to permit browsing of the non-public information, and obtaining permission to view the non-public information;
A third terminal different from the first terminal for acquiring and storing a personal identification number, and transmitting the personal identification number and information specifying the private information to the content server;
When the second terminal different from the first terminal and the third terminal accesses the private information received from the first terminal and the personal identification number received from the third terminal are stored, Confirming that the second terminal is a predetermined regular terminal and that the personal identification number received from the second terminal is associated with the private information of the specific person, and the confirmation has been made A content server that transmits private information of the specific person to the second terminal in the case,
The specified person transmitted from the content server by accessing the non-public information related to the specified person stored in the content server and acquiring and transmitting the personal identification number stored in the third terminal A second terminal that is different from the first terminal and the third terminal displaying the private information of
A private information browsing system.   13. The private information browsing system according to claim 12, wherein the first terminal registers in the content server that permission to view the private information is permitted. A first terminal for registering non-public information related to a specific person in a content server, displaying whether to permit browsing of the non-public information, and obtaining permission to view the non-public information;
A third terminal different from the first terminal, storing user information that is information relating to the specific person, and transmitting information identifying the user information and the non-public information to the content server;
When the non-public information received from the first terminal and the user information received from the third terminal are stored and accessed by a second terminal different from the first terminal and the third terminal The user information is received from the third terminal, the second terminal is a predetermined regular terminal, and the received user information is associated with the private information of the specific person. A content server that transmits the non-public information of the specific person to the second terminal when the confirmation is made,
The first terminal and the third terminal for accessing private information relating to the specific person stored in the content server and displaying the private information of the specific person transmitted from the content server; With a different second terminal,
A private information browsing system.   The private information browsing system according to claim 14, wherein the first terminal registers in the content server that permission to browse the private information. The non-public information is an electronic medical record,
A scanner that converts the chart and the code into image data in a state where the chart is stored in a transparent case with a code indicating attribute information of the chart;
The content server identifies an image of the code from the image data of the medical record and the code, extracts attribute information of the medical record from the identified image of the code, and uses the extracted attribute information of the medical record as an image of the medical record The private information browsing system according to claim 11, wherein the information is set as attribute information of data.

Images