JP2023131435A - Information processing system, information processing method, and program - Google Patents

Abstract

To achieve both an improvement in accuracy of authenticating persons undergoing medical-related treatment and a reduction in burden of the authentication.SOLUTION: An information processing system 100 selects a method of authenticating a patient based at least on either of disease information and test information.SELECTED DRAWING: Figure 1

Description

The present invention relates to an information processing system, an information processing method, and a program.

Patent Document 1 discloses that when a patient corresponding to an ID number read by a contactless IC card reader/writer is stored in a storage device, information on predetermined items of the patient's medical information is stored in the patient's ID number. It is disclosed that the information is displayed on a display terminal. As medical information displayed on this display terminal, Patent Document 1 shows conditions regarding patient movement, restrictions regarding patient posture and diet, and symbols indicating the risk of falling. Furthermore, Patent Document 1 discloses that instead of a non-contact IC card reader/writer, a barcode reader that reads a barcode attached to a patient's arm or the like or a biometric information reader that reads a patient's biometric information is used. It has been shown that it is possible.

Japanese Patent Application Publication No. 2012-118782

However, in the technique disclosed in Patent Document 1, the authentication method actually used to authenticate a patient is one type of predetermined method. Therefore, there is a possibility that errors may easily occur in patient authentication results. For example, in the technology disclosed in Patent Document 1, if the association between a patient's ID number and the patient's medical information is incorrect, there is a possibility that another patient's medical information will be displayed on the display terminal. In this case, there is a possibility that medical treatment will be performed on a certain patient based on the medical information of a different patient. On the other hand, if the authentication method used to authenticate a patient becomes complicated, there is a risk that the burden of authentication will increase. For example, there is a risk that the burden of work performed to authenticate a patient and the burden of information processing for authenticating a patient will increase.

The present invention has been made in view of the above-mentioned problems, and an object of the present invention is to simultaneously improve the accuracy of authentication of persons undergoing medical-related activities and reduce the burden of such authentication.

The information processing system of the present invention includes: a selection means for selecting an authentication method for a person receiving a medical-related act from among a plurality of authentication methods, based on information determined for each person receiving the medical-related act; and authentication means for authenticating the person undergoing the medical-related act using the authentication method selected by the method.

According to the present invention, it is possible to both improve the accuracy of authentication of a person undergoing a medical-related act and reduce the burden of the authentication.

FIG. 1 is a diagram showing an information processing system. FIG. 2 is a diagram showing the configuration of a computer. It is a figure showing the composition of an inspection device. FIG. 2 is a diagram showing the configuration of an inspection data acquisition device. 3 is a flowchart illustrating advance preparation processing of the information processing system. It is a flowchart explaining processing of an information processing system. FIG. 2 is a diagram showing the configuration of an authentication method database.

The present embodiment will be described below with reference to the drawings.
First, an example of an information processing system will be described with reference to FIG. FIG. 1 is a block diagram showing an example of an overview of an information processing system.
The information processing system 100 includes a testing device 101, an information terminal 102, an authentication method server 103, a hospital information system 104, and a clinical test information system 105. In addition, in FIG. 1, in order to avoid complicating the notation, only main lines connecting the testing device 101, information terminal 102, authentication method server 103, hospital information system 104, and clinical test information system 105 are shown. . However, the testing device 101, the information terminal 102, the authentication method server 103, the hospital information system 104, and the clinical test information system 105 are connected to be able to communicate with each other. Further, the hospital information system 104 and the clinical test information system 105 may be located outside the information processing system 100.

A hospital information system (HIS) 104 is a general term for a system (network system) that aims to improve the efficiency of medical treatment and accounting operations in a hospital as a whole. For example, the hospital information system 104 includes an ordering system, a medical accounting system, an electronic medical record system, a hospital reception system, and the like. The hospital information system 104 is a system that aims to improve operational efficiency, activate information sharing within the hospital, activate information sharing between the hospital and outside the hospital, and provide intelligent medical care support, and has been introduced in various hospitals. has been done. Since the hospital information system 104 itself is realized using a known technology, a detailed explanation of the hospital information system 104 will be omitted here.

A laboratory information system (LIS) 105 is a comprehensive testing system (network system) related to clinical testing, and is installed in, for example, a hospital testing department and a testing center. The clinical test information system 105 has, for example, a processing function that manages data for each testing department, and an integrated management function that requests the use of a testing room and centrally manages test data. In this embodiment, it is assumed that a device that stores test data is included in the clinical test information system 105. Since the clinical test information system 105 itself is realized by a known technique, a detailed explanation of the clinical test information system 105 will be omitted here.

Here, in this embodiment, a case where the test is a clinical test will be exemplified. Note that the clinical test includes a physiological function test and a sample test. In the following description, a clinical test will be abbreviated as a test if necessary. However, the test is not limited to a clinical test as long as it is related to medical care. For example, the information processing system 100 of this embodiment may be applied when an examination for the purpose of testing or research (for example, an examination in a clinical trial such as a clinical trial) is performed instead of or in addition to a clinical examination.

Next, an overview of the operation of the information processing system 100 will be explained.
In the information processing system 100 of this embodiment, a case is assumed in which a patient (not shown) scheduled for examination is authenticated by the information terminal 102, and after the patient is authenticated, the examination of the patient is performed by the testing apparatus 101. Illustrate. When the test is completed, the test data obtained from the test is sent to the clinical test information system 105. In the following description, a patient scheduled for examination will be abbreviated as a patient if necessary.

Furthermore, in this embodiment, a case will be exemplified in which the authentication method server 103 selects a patient authentication method before patient authentication is performed. To this end, the authentication method server 103 first performs at least one of receiving disease information from the hospital information system 104 and receiving test information from the testing device 101. Then, the authentication method server 103 selects an authentication method for each patient based on at least one of the disease information and test information, and sends information indicating the selected patient authentication method to the information terminal 102. Send.

Disease information is patient-individual information, and includes information determined depending on the patient's disease, for example. Specifically, in this embodiment, the disease information includes identification information of a patient (patient ID) and identification information of the patient's disease (disease ID). More specifically, in this embodiment, the disease information includes information stored in a patient disease table 730, which will be described later with reference to FIG.

Test information is patient-individual information, and includes, for example, information determined depending on the test that the patient undergoes. Specifically, in this embodiment, the test information includes identification information of the test that the patient undergoes. More specifically, in this embodiment, the test information includes a test ID. The test ID is identification information that identifies each test device 101 and the date and time of the test performed by the test device 101. Further, in this embodiment, it is assumed that the examination information may include information indicating whether the examination that the patient undergoes is a pre-surgery examination. Note that the information included in the disease information and the information included in the test information may partially overlap. For example, patient identification information (patient ID) may be included in the examination information. Furthermore, in this embodiment, a case will be exemplified in which the "pre-surgery test", which will be described later with reference to FIG. 7, is information stored in the patient disease table 730 and is information included in the disease information. "Pre-surgery test" is also test information.

The information terminal 102 uses the patient authentication method received from the authentication method server 103 to authenticate the patient. When the patient is authenticated (that is, when the patient authentication is successful), the testing device 101 tests the patient based on the user's (testing person's) operation on the testing device 101. Further, the information terminal 102 transmits information indicating the patient's authentication result to the hospital information system 104. If the patient is not authenticated (that is, if the patient authentication fails), the office terminal included in the hospital information system 104 manually confirms the patient's identity and re-registers the patient's authentication information. Information indicating that it is necessary is displayed on the display device. Authentication information is information that is checked against patient information during patient authentication. Authentication information is linked to individual patients. In addition, the testing device 101 transmits patient test data to the clinical test information system 105.

Next, an example of the functional configuration of the inspection device 101, the information terminal 102, and the authentication method server 103 will be described with reference to FIG. An example of the hardware configuration of the inspection device 101, the information terminal 102, and the authentication method server 103 will be described later with reference to FIGS. 2 to 4. Note that FIG. 1 shows one inspection device 101 and one information terminal 102. However, there may be a plurality of at least one of the inspection device 101 and the information terminal 102.

First, an example of the functional configuration of the inspection device 101 will be explained.
The inspection device 101 includes an inspection data acquisition section 111, an inspection ID acquisition section 112, and an output section 113.

As described above, the testing device 101 tests the patient based on the operation of the testing device 101 by the tester (user). The test data acquisition unit 111 obtains test data of the patient. In this embodiment (FIG. 4, which will be described later), a case will be exemplified in which the inspection device 101 is a digital camera. Furthermore, in this embodiment, a case will be exemplified in which the inspection device 101 is a digital camera and the inspection data includes image data including an affected area and data indicating the size of the affected area. Moreover, in this embodiment, a case is illustrated in which the examination includes an examination to measure the size of the affected area. Specifically, in this embodiment, it is assumed that the size of the affected area is specified based on processing (for example, region division) performed on the test data (image data) obtained by the test data acquisition unit 111. In the following description, this inspection will be referred to as a camera image inspection as necessary.

Note that the inspection is not limited to camera image inspection. Therefore, when the inspection apparatus 101 is an apparatus that performs an inspection different from camera image inspection, the inspection data acquisition unit 111 included in the inspection apparatus 101 acquires inspection data according to the content of the inspection. The test may include, for example, at least one of a blood pressure test, a body temperature measurement, a blood vessel echo test, an intraocular pressure test, a contrast medium CT test, and a colonoscopy.

The test ID acquisition unit 112 obtains the test ID. As described above, the test ID is, for example, identification information that identifies each test device 101 and the date and time of the test performed by the test device 101. The test ID may be, for example, a character string in which the MAC address of the test device 101 and the test date and time are concatenated.
The output unit 113 transmits information to an external device outside the inspection device 101. The output unit 113 transmits a test ID to the information terminal 102 and the authentication method server 103, and transmits test data to the clinical test information system 105, for example.

Next, an example of the functional configuration of the information terminal 102 will be described.
The information terminal 102 includes an information acquisition section 121, an authentication section 122, a display section 123, and an output section 124. The information terminal 102 may be, for example, a smart device or a computer other than a smart device.

The information acquisition unit 121 acquires information input to the information terminal 102. The information acquisition unit 121 acquires information including, for example, information transmitted from an external device outside the information terminal 102 and information input into the information terminal 102 by a user's operation on the information terminal 102. Specifically, the information acquisition unit 121 acquires identification information for identifying a patient (patient ID) transmitted from the hospital information system 104 and information indicating a patient authentication method transmitted from the authentication method server 103. do. Furthermore, the information acquisition unit 121 acquires the test ID of the test device 101 transmitted from the test device 101. Note that the information acquisition unit 121 may read a two-dimensional code in which information including an examination ID of an examination performed by the inspection apparatus 101 is stored, and acquire the examination ID from the read two-dimensional code.

The authentication unit 122 uses the patient authentication method acquired by the information acquisition unit 121 to authenticate the patient. Preferably, the plurality of authentication methods include an authentication method that requires multiple authentications. This is because patient authentication can be performed more reliably. Moreover, when authentication is performed multiple times, it is more preferable that the means used for each authentication are different from each other. This is because patient authentication can be performed more reliably. Therefore, it is preferable that the authentication unit 122 has a plurality of means used for performing authentication. In addition, in this embodiment, if at least one of the type of information to be collated during authentication, the algorithm for authentication, and the hardware for authentication is different, multiple types of information used for authentication are different. The means shall be different from each other.

However, when authentication is performed multiple times, the means used to perform the multiple authentications may be the same. For example, if a password is used as (the type of information) to be verified during authentication, each of the multiple authentications may be performed by verifying a plurality of mutually different passwords. Further, each of the multiple authentications may be performed by repeatedly verifying the same password.

Authentication that can be performed by the authentication unit 122 includes, for example, at least one of IC card authentication, password authentication, fingerprint authentication, iris authentication, face authentication, and vein authentication. In this case, the authentication information is reference information when performing each authentication, and includes, for example, biometric information, a password, and a patient ID.
The display unit 123 displays the patient authentication result performed by the authentication unit 122.
The output unit 124 transmits information to an external device outside the information terminal 102. For example, the output unit 124 transmits information indicating the patient's authentication result to the hospital information system 104.

Next, an example of the functional configuration of the authentication method server 103 will be described.
The authentication method server 103 includes an information acquisition section 131 , an authentication method selection section 132 , an authentication information management section 133 , an authentication method database 134 , and an output section 135 .

The information acquisition unit 131 acquires information input to the authentication method server 103. The information acquisition unit 131 acquires information including, for example, information transmitted from an external device outside the authentication method server 103 and information input to the authentication method server 103 by a user's operation on the authentication method server 103. do. Specifically, the information acquisition unit 131 acquires the disease information transmitted from the hospital information system 104 as information stored in the authentication method database 134, which will be described later with reference to FIG. Further, the information acquisition unit 131 acquires other information stored in the authentication method database 134, which will be described later with reference to FIG. 7, through the user's operation on the authentication method server 103. In the following description, the information stored in the authentication method database 134 will be referred to as authentication method selection information as necessary. Further, the information acquisition unit 131 acquires authentication information through a user's operation on the authentication method server 103. The information acquisition unit 131 also acquires the inspection ID transmitted from the inspection device 101.

The authentication method selection unit 132 selects an authentication method for the patient scheduled for examination from among a plurality of authentication methods, based on information determined depending on the patient scheduled for examination. Specifically, this embodiment exemplifies a case where the authentication method selection unit 132 selects a patient authentication method from among a plurality of authentication methods based on at least one of disease information and test information. More specifically, in this embodiment, the authentication method selection unit 132 sets the degree of risk of the test based on at least one of disease information and test information, and determines the degree of risk of the patient based on the set risk level of the test. A case where an authentication method is selected from a plurality of authentication methods will be exemplified. The degree of risk of a test is information indicating the degree of risk caused to a patient by performing a test. This embodiment exemplifies a case where the degree of risk of a test is set based on the type of disease of the patient and the type of test. In addition, this embodiment also exemplifies a case where the degree of risk of a test is set based on whether or not the test the patient undergoes is a pre-surgery test, regardless of the type of disease of the patient and the type of test. .

The authentication information management unit 133 stores and manages authentication information. As described above, the authentication information is the reference information at the time of patient authentication, and is correct information about the patient. Note that if the authentication information is stored in the hospital information system 104, the authentication information management unit 133 may request the hospital information system 104 via the information acquisition unit 131 to acquire part or all of the authentication information. good. In this case, the authentication information management unit 133 stores and manages the authentication information that the information acquisition unit 131 has acquired from the hospital information system 104.

The authentication method database 134 is a database that the authentication method selection unit 132 refers to when selecting an authentication method. A specific example of the authentication method database 134 will be described later with reference to FIG.
The output unit 135 transmits information to an external device outside the authentication method server 103. For example, the output unit 135 transmits information indicating the patient authentication method selected by the authentication method selection unit 132 to the information terminal 102.

Next, an example of the hardware configuration of the information terminal 102 and the authentication method server 103 will be described. The hardware of the information terminal 102 and the authentication method server 103 is configured by using the computer 200 shown in FIG. 2, for example. In this embodiment, a case is illustrated in which the information terminal 102 has a smart device and the authentication method server 103 has a computer server. Smart devices are, for example, smartphones and tablets. In addition to the configuration shown in FIG. 2, the information terminal 102 includes hardware (not shown) for performing authentication. The hardware for performing authentication is the hardware necessary to implement the authentication method described later. The information terminal 102 has hardware for authentication that corresponds to the authentication performed by the information terminal 102. For example, the information terminal 102 includes at least one of a fingerprint authentication device and an IC card reader as hardware for performing authentication. The hardware for performing authentication may be included in the computer 200 or may be connected to the computer 200.

Each function of the information terminal 102 and the authentication method server 103 is executed by using the computer 200, for example. In FIG. 2, computer 200 includes an arithmetic processing unit 211, a storage device 212, an input device 213, an output device 214, and a communication device 215.

The storage device 212 includes a main storage device 212a and an auxiliary storage device 212b. The main storage device 212a includes a working main memory such as a RAM (Random Access Memory), for example. The auxiliary storage device 212b included in the smart device includes, for example, a flash memory. The auxiliary storage device 212b included in the computer server includes, for example, at least one of a magnetic disk device and an SSD (Solid State Drive).

Input device 213 has a user interface. Input device 213 includes, for example, a mouse and a keyboard. Further, in addition to or in place of these, the input device 213 may include a touch panel or the like installed on a display device included in the output device 214.

The output device 214 has a display device that displays various information. Examples of the display device include a TFT (Thin Film Transistor) liquid crystal and an organic EL display.
The input device 213 and the output device 214 are configured to be able to communicate with each other at least one of wired and wireless communication. Specific examples of networks for wireless communication include networks based on the Wi-Fi (registered trademark) standard and wireless LANs (Local Area Networks). Further, a wired LAN is a specific example of a network for wired communication. Furthermore, the input device 213 and the output device 214 may perform wired communication based on the USB (Universal Serial Bus) standard.

Communication device 215 has a communication interface through which computer 200 communicates with an external device via at least one of a wired network and a wireless network (not shown). The specific example of the network for performing wireless communication and the network for performing wired communication has been described as a specific example of the network for performing communication between input device 213 and output device 214. However, from the viewpoint of usability of the information terminal 102, it is preferable that the connection between the information terminal 102 and the authentication method server 103 is a wireless LAN.

The arithmetic processing unit 211 functions as each part of the computer 200 (information terminal 102, authentication method server 103) by executing a program stored in the storage device 212. Furthermore, the arithmetic processing unit 211 controls the order in which processes are executed in each part of the computer 200 (information terminal 102, authentication method server 103). The arithmetic processing device 211 includes, for example, a CPU (Central Processing Unit).

Note that the computer 200 may include one arithmetic processing unit 211 and a plurality of storage devices 212. For example, at least one arithmetic processing device 211 and at least one storage device 212 may be connected to be able to communicate with each other. In this case, the computer 200 functions as each unit shown in FIG. 2 by having at least one arithmetic processing unit 211 execute a program stored in at least one storage device 212. Note that the arithmetic processing device may include, for example, at least one of an FPGA (Field Programmable Gate Array) and an ASIC (Application Specific Integrated Circuit). In this case, the arithmetic processing device may or may not have a CPU. Further, the hardware of the information processing apparatuses included in the hospital information system 104 and the clinical test information system 105, such as the aforementioned office terminals, is also configured by using the computer 200 shown in FIG. 2, for example.

Next, an example of the hardware configuration of the inspection device 101 is shown in FIG. The inspection apparatus 101 includes an inspection data acquisition device 311 and an inspection apparatus computer 312. The connection interface between the inspection data acquisition device 311 and the inspection apparatus computer 312 is determined by, for example, a use case. The connection between the inspection data acquisition device 311 and the inspection apparatus computer 312 may be a wired connection or a wireless connection.

The inspection data acquisition device 311 is the main body of the inspection apparatus 101. The inspection data acquisition device 311 acquires inspection data and transmits the inspection data to the inspection apparatus computer 312.
The test apparatus computer 312 receives test data from the test data acquisition device 311 and transmits it to an external device such as the clinical test information system 105. In addition, the inspection device computer 312 generates an inspection ID and sends it to the information terminal 102 and the authentication method server 103.

The hardware of the inspection device computer 312 is configured by using the computer 200, for example. Therefore, a detailed description of the hardware of the inspection device computer 312 will be omitted here.

Moreover, the inspection data acquisition device 311 and the inspection apparatus computer 312 may be separated or may be included in the same housing. When the inspection data acquisition device 311 and the inspection apparatus computer 312 are included in the same housing, handling of the inspection apparatus 101 becomes easier. For example, there is no need to connect the inspection data acquisition device 311 and the inspection apparatus computer 312. Furthermore, it becomes unnecessary to separately manage the inspection data acquisition device 311 and the inspection apparatus computer 312. On the other hand, if the inspection data acquisition device 311 is separated from the inspection apparatus computer 312, the inspection data acquisition device 311 can be made smaller, so that the workability during inspection is improved. For example, when the load of processing such as post-processing of test data is high, it is better to have the test equipment computer 312 that exists separately from the test data acquisition device 311 perform the processing, which makes the test data acquisition device 311 smaller. be able to. Therefore, workability during inspection is improved. Further, for example, when the test data acquisition device 311 has a test probe, the test probe can be made smaller. Therefore, workability during inspection is improved.

Next, an example of the hardware configuration of the inspection data acquisition device 311 is shown in FIG. FIG. 4 illustrates a case where the inspection data acquisition device 311 of the inspection apparatus 101 has a digital camera and the inspection is a camera image inspection.

The inspection data acquisition device 311 includes an imaging section 411 , a zoom control section 412 , a distance measurement system 413 , an image processing section 414 , a communication section 415 , a system control section 416 , and a storage section 417 . The inspection data acquisition device 311 also includes an external memory 418, a display section 419, an operation section 420, a common bus 421, an AF control section 422, and an image analysis section 423.

The imaging unit 411 includes a lens 411a, a shutter 411b, and an image sensor 411c. The functions of the inspection data acquisition device 311 in the inspection apparatus 101 are realized, for example, by the operation of the imaging unit 411.
The lens 411a forms an optical image of the subject on the image sensor 411c. The image sensor 411c converts an optical image into an electrical signal. The image sensor 411c includes, for example, a charge accumulation type solid-state image sensor. A charge storage type solid-state image sensor includes, for example, a CCD (Charge-Coupled Device) image sensor or a CMOS (Complementary Metal Oxide Semiconductor) image sensor. The image sensor 411c outputs RAW image data.

An aperture (not shown) that determines an aperture value for adjusting the amount of exposure is installed in the area where the lens 411a is installed.
The shutter 411b performs opening and closing operations. The opening/closing operation of the shutter 411b exposes and blocks light to the image sensor 411c, and controls the shutter speed. Note that the shutter 411b is not limited to a mechanical shutter, and may be an electronic shutter. When the shutter 411b has an electronic shutter and the image sensor 411c has a CMOS image sensor, the following processing is performed in the image sensor 411c, for example. First, a reset scan is performed for each pixel or for each area (eg, for each line) consisting of a plurality of pixels to zero the amount of accumulated charge in the pixel. Then, after a predetermined period of time has passed since the reset scan was performed, a scan to read out electrical signals based on the charges accumulated in the pixels is performed for each pixel where the reset scan was performed or for each area where the reset scan was performed. It will be held on.

The zoom control unit 412 controls driving of a zoom lens included in the lens 411a. The zoom control unit 412 drives the zoom lens via a zoom motor (not shown) according to instructions from the system control unit 416. This performs magnification.
The distance measurement system 413 has a function capable of deriving the subject distance (distance from the digital camera to the subject) for each of a plurality of blocks within a screen divided into a plurality of blocks each consisting of a plurality of pixels. have The distance measurement system 413 may derive the subject distance using, for example, a TOF (Time Of Flight) sensor. Further, the distance measurement system 413 may derive the subject distance using a PSD (Position Sensitive Device). The distance measurement system 413 may derive the subject distance using other known techniques. The object distance information may be information that specifies the object distance for each of a plurality of blocks.

The AF control unit 422 automatically adjusts the focus. The AF control unit 422 performs automatic focus adjustment using a focus control method, for example. When automatically adjusting the focus using the focus control method, the AF control unit 422 performs the following processing. First, the AF control unit 422 extracts a high frequency component of an imaging signal (video signal). Next, the AF control unit 422 searches for a position where the integral value of the high frequency component of the imaging signal is maximum, as the position of the focus lens included in the lens 411a. Next, the AF control unit 422 automatically adjusts the focus by controlling the focus lens based on the searched position. The focus control method is also called TV-AF (Auto Focus) or contrast AF. The focus control method is characterized in that highly accurate focusing can be obtained.

Note that the focus control method is not limited to contrast AF, and may be phase difference AF or other AF methods. Furthermore, the method for automatically adjusting the focus is not limited to the focus control method, and may be any other method. Further, the AF control unit 422 may detect the amount of adjustment of the focus or the position (amount of movement) of the focus lens, and derive the subject distance based on the detected result. Further, the derivation of the subject distance may be performed only by either the AF control unit 422 or the distance measuring system 413. For example, when the subject distance is detected by the AF control unit 422, the distance measurement system 413 may be omitted.

The image processing unit 414 performs image processing on the RAW image data output from the image sensor 411c and the image data stored in the storage unit 417, which will be described later. Image processing includes, for example, white balance adjustment, gamma correction, color interpolation or demosaicing, filtering, and the like. The image processing unit 414 also performs compression processing on the image data based on standards such as JPEG (Joint Photographic Experts Group).

The image analysis unit 423 extracts the affected area of the subject from the image data and measures the size of the affected area.
The image analysis unit 423 may perform segmentation on the image data when extracting the affected region. As a region segmentation method, for example, there is a method of performing semantic region segmentation using deep learning. In this method, for example, a learning computer (not shown) generates a trained model by training a neural network model. For example, a plurality of pieces of teacher data are used when learning. The teacher data includes, for example, image data including an actual affected area. Note that the affected region is, for example, a bed sore region. The image analysis unit 423 estimates the affected region from the input image based on the learned model. An example of a neural network model is a fully convolutional network (FCN), which is a segmentation model using deep learning. Here, the deep learning inference process may be performed by a GPU (Graphics Processing Unit) that is good at parallel execution of product-sum operations. Note that the inference processing may be performed by FPGA, ASIC, or the like. Note that region segmentation may be realized using a deep learning model other than the neural network model. Furthermore, the method of region division is not limited to deep learning, and may be a method using graph cuts, edge detection, region division using superpixels, or the like, for example.

The image analysis unit 423 converts the size of the affected area on the image data into an actual size. This conversion is performed based on, for example, information regarding the viewing angle of the image data, information regarding the number of pixels (pixel size) of the image sensor 411c, and information regarding the subject distance. This transformation provides information about the actual size of the affected area.

Note that, as described above, the information output from the ranging system 413 or the AF control unit 422 is used as the object distance information. Here, the image analysis unit 423 may derive the actual distance from the digital camera to the subject included in the image data when deriving the actual size of the affected area. Further, the image analysis unit 423 does not necessarily need to use the above-mentioned information as long as it can derive the actual size of the affected area. For example, the image analysis unit 423 uses only one of information regarding the angle of view of the image data and information regarding the number of pixels (pixel size) of the image sensor 411c to determine the actual size of the affected area. Information may also be derived.

The size of the affected region may be the length of the affected region or the area of the affected region. For example, the affected area may be approximated to a predetermined shape. For example, when the affected area is represented by an ellipse, the length of the affected area may be at least one of the major axis and the minor axis. Further, the length of the affected area may be a typical length of the affected area. When the affected area is represented by an ellipse, the representative length of the affected area may be calculated using the major axis and the minor axis. The type of information to be used as the size of the affected area may be determined depending on the purpose of the examination and treatment.
Note that the image analysis unit 423 may be included in the inspection data acquisition device 311 or the inspection apparatus computer 312.

The communication unit 415 has a communication interface for communicating with an external device such as the inspection device computer 312 via at least one of a wired network and a wireless network (not shown). The communication interface may be a communication interface for wired communication or an interface for wireless communication. The wireless communication interface has a wireless communication module according to a network for performing wireless communication. Note that communication using Wi-Fi (registered trademark) may be realized via a router. Further, a wired LAN is a specific example of a network for wired communication. Further, the wired communication interface may be a communication interface for performing wired communication based on the USB standard.

The system control unit 416 includes, for example, a CPU. The system control unit 416 performs overall control of the test data acquisition device 311 (digital camera) by controlling each part of the test data acquisition device 311 (digital camera) according to a program stored in the storage unit 417. Further, the system control unit 416 performs overall control of the AF control unit 422, the imaging unit 411, the zoom control unit 412, the ranging system 413, the image processing unit 414, and the like.

The storage unit 417 temporarily stores various information. The storage unit 417 temporarily stores various setting information necessary for the operation of the test data acquisition device 311, for example. Note that the various setting information includes information on the focus position when capturing an image, and the like. Further, the storage unit 417 temporarily stores, for example, RAW image data output from the imaging unit 411 and image data subjected to image processing by the image processing unit 414. The storage unit 417 may temporarily store image data received by the communication unit 415 by communicating with the inspection device computer 312, analysis data output from the image analysis unit 423, and the like. The analysis data includes, for example, information regarding the size of the affected region. The storage unit 417 includes, for example, a nonvolatile storage medium in which data can be rewritten. Examples of storage media included in the storage unit 417 include flash memory and SDRAM (Synchronous Dynamic Random Access Memory). Note that the storage of information in the storage unit 417 does not have to be temporary storage.

External memory 418 includes a nonvolatile storage medium. The external memory 418 may be freely loaded into the main body of the test data acquisition device 311 (digital camera), or may be fixed inside the test data acquisition device 311. Examples of nonvolatile storage media included in the external memory 418 include an SD (Secure Digital) card and a CF (CompactFlash) card. The external memory 418 stores, for example, image data including image data subjected to image processing by the image processing unit 414, data received by the communication unit 415 by communicating with an external device, and data output from the image analysis unit 423. Stores analysis data including analysis data. When the external device reproduces the image data stored in the external memory 418, the image data stored in the external memory 418 is read from the external memory 418 and output to the external device.

The display unit 419 displays various information. The information displayed by the display unit 419 includes, for example, image data temporarily stored in the storage unit 417, data such as image data stored in the external memory 418, disease information, test data, alert information, and This includes a setting screen for the test data acquisition device 311, etc. The display unit 419 includes, for example, a TFT (Thin Film Transistor) liquid crystal, an organic EL display, or an EVF (Electronic View Finder).

The operation unit 420 has a user interface. The operation unit 420 includes, for example, buttons, switches, keys, and a mode dial. Buttons, switches, keys, and mode dials are attached to the test data acquisition device 311, for example. Furthermore, in addition to or in place of these, the operation unit 420 may include a touch panel or the like installed on the display unit 419. The user's various mode settings and commands for shooting operations such as release are output to the system control unit 416 via the operation unit 420. An imaging unit 411 , a zoom control unit 412 , a ranging system 413 , an image processing unit 414 , a communication unit 415 , and a system control unit 416 are connected to the common bus 421 . Further, a storage section 417 , an external memory 418 , a display section 419 , an operation section 420 , an AF control section 422 , and an image analysis section 423 are also connected to the common bus 421 . The common bus 421 is a signal line through which each part of the test data acquisition device 311 transmits and receives signals. Note that the digital camera itself for performing the camera image inspection is realized using a known technique, and is not limited to the one shown in FIG. 4.

Next, an example of the advance preparation process of the information processing system 100 of this embodiment will be described with reference to the flowchart shown in FIG. The advance preparation process of the information processing system 100 includes a process of registering information necessary for the processing of the information processing system 100 in the information processing system 100 before the processing according to the flowchart shown in FIG. 6, which will be described later, starts.

First, in S501, authentication method selection information is registered. For example, the user inputs authentication method selection information into the authentication method server 103 by operating the input device 213 included in the authentication method server 103 . The users include, for example, users on the hospital management side, SEs, and medical personnel. The information acquisition unit 131 acquires the authentication method selection information input to the authentication method server 103 in this manner. The authentication method database 134 stores authentication method selection information acquired by the information acquisition unit 131. As described above, this embodiment exemplifies the case where the authentication method selection information is information stored in the authentication method database 134, which will be described later with reference to FIG. Specifically, a case will be exemplified in which the authentication method selection information stored in the authentication method database 134 is information stored in the default test risk table 710, disease-test risk definition table 720, and risk authentication method table 750. . Note that the information acquisition unit 131 may receive authentication method selection information from an external device such as the hospital information system 104.

Next, in S502, it is determined whether or not authentication information is registered. For example, the authentication information management unit 133 determines whether the authentication information has already been registered and there is no need to change the authentication information. This determination may be made, for example, based on whether or not the user has performed an operation on the input device 213 of the authentication method server 103 to instruct registration of authentication information.

As a result of this determination, if at least one of the following is true: the authentication information has not already been registered, or the registered authentication information needs to be changed, the authentication information is registered in S503. . For example, the user inputs authentication information into the authentication method server 103 by operating the input device 213 that the authentication method server 103 has. As described above, the users include hospital management users, SEs, medical personnel, and the like. The information acquisition unit 131 acquires the authentication information input to the authentication method server 103 in this manner. The authentication information management unit 133 stores the authentication information acquired by the information acquisition unit 131. Then, in S504, disease information is registered.

On the other hand, if the authentication information has already been registered and there is no need to change the authentication information, the process of S503 is skipped and disease information is registered in S504. In S504, for example, the information acquisition unit 131 receives disease information from the hospital information system 104. The patient disease table 730 of the authentication method database 134 stores disease information acquired by the information acquisition unit 131. The information acquisition unit 131 may inquire of the hospital information system 104 to receive the latest disease information. The timing at which the information acquisition unit 131 inquires of the hospital information system 104 regarding the presence or absence of the latest disease information is not particularly limited. Inquiries regarding the presence or absence of the latest disease information to the hospital information system 104 may be made, for example, periodically or when a predetermined condition is met. For example, when the user performs an operation on the input device 213 included in the authentication method server 103 to instruct an inquiry about disease information, it may be determined that a predetermined condition is satisfied. In S504, when the registration of disease information ends, the advance preparation process according to the flowchart of FIG. 5 ends.

Next, an example of the processing of the information processing system 100 of this embodiment will be described with reference to the flowchart shown in FIG. The process according to the flowchart shown in FIG. 6 starts after the advance preparation process according to the flowchart shown in FIG. 5 is completed.

First, in S601, a request to select an authentication method is notified. For example, the user (examiner) performs an operation on the input device 213 included in the information terminal 102 to instruct output of a request for selecting a patient authentication method. Based on this operation, the output unit 113 transmits information indicating a request for selecting a patient authentication method to the authentication method server 103. The flowchart shown in FIG. 6 exemplifies a case where this request for selecting a patient authentication method triggers the patient authentication process. When the information processing system 100 has a plurality of information terminals 102, the flowchart of FIG. Processing is executed. In this case, a patient authentication method is selected individually for each information terminal 102.

Next, in S602, the information acquisition unit 121 acquires identification information (patient ID) that identifies the patient. For example, when there is a test order for a patient, the information acquisition unit 121 receives the patient ID from the hospital information system 104. For example, the information acquisition unit 121 receives a list of patients waiting for a test that includes the patient ID of the patient from the hospital information system 104 as the patient's test order, and displays it on the output device 214 (display device). The user (examiner) of the information terminal 102 specifies a patient from the list. The information acquisition unit 121 acquires the patient ID of the designated patient in this way. The output unit 124 transmits information including the patient ID acquired by the information acquisition unit 121 to the authentication method server 103.

On the other hand, for example, if there is no test order for the patient, the information acquisition unit 121 acquires the patient ID received when the patient entered the hospital reception system. In this case, the information acquisition unit 121 acquires the patient ID of the patient accepted by the hospital information system 104. For example, the information acquisition unit 121 receives a list including the patient ID of the patient as a list of patients accepted by the hospital information system 104 from the hospital information system 104, and displays the list on the output device 214 (display device). The user (examiner) of the information terminal 102 specifies a patient from the list. The information acquisition unit 121 acquires the patient ID of the designated patient in this way. The output unit 124 transmits information including the patient ID acquired by the information acquisition unit 121 to the authentication method server 103.

Furthermore, the patient ID does not necessarily have to be obtained in the manner described above. For example, the user (examiner) may be able to grasp the patient ID of the patient based on patient information managed at a medical facility separately from the hospital information system 104. In this case, the user (examiner) specifies the patient ID of the patient based on patient information managed at the medical facility separately from the hospital information system 104. Then, the user (examiner) inputs the identified patient ID into the information terminal 102 by operating the input device 213 included in the information terminal 102 . The information acquisition unit 121 acquires the patient ID input into the information terminal 102 in this manner.

Next, in S603, an examination ID is acquired. For example, the information acquisition unit 131 receives the examination ID of the examination apparatus 101 acquired by the examination ID acquisition unit 112. Here, the information acquisition unit 131 acquires the test ID of the test that the patient identified by the patient ID obtained in S602 receives from the test device 101 used for the test that the patient takes. The user (examiner) knows the examination device 101 used for the examination that the patient undergoes. Therefore, for example, the information acquisition unit 121 acquires the test ID of the test to be taken by the patient from the test device 101 used for the test to be taken by the patient, based on the user's (tester's) operation on the input device 213 included in the information terminal 102. get. As described above, the inspection ID may be acquired, for example, by receiving information transmitted from the inspection device 101 or by reading a two-dimensional code. Then, the output unit 124 transmits information including the test ID acquired by the information acquisition unit 121 to the authentication method server 103. At this time, the output unit 124 may transmit information in which the patient ID acquired in S602 and the test ID acquired in S603 are mutually linked to the authentication method server 103. In this way, the authentication method server 103 can determine which test ID corresponds to which patient ID (that is, which test is for which patient). The information acquisition unit 131 acquires the test ID transmitted from the output unit 124 (information terminal 102) in this manner.

Next, in S604, an authentication method is selected. For example, the authentication method selection unit 132 refers to the authentication method database 134 and selects an authentication method for the patient identified by the patient ID acquired in S602.

FIG. 7 shows an example of the authentication method database 134 and a table included in the authentication method database 134. An example of a process for selecting a patient authentication method will be described with reference to FIG.
The authentication method database 134 is stored in the main storage device 212a of the computer 200, which is the hardware of the authentication method server 103, via the auxiliary storage device 212b. While stored in the main storage device 212a, information is written to, read from, and updated in the authentication method database 134. In this embodiment, a case will be exemplified in which information used for selecting a patient authentication method is collectively managed by using the authentication method database 134.

The authentication method database 134 includes a default test risk table 710, a disease-test risk definition table 720, a patient disease table 730, a per-patient test risk table 740, and a risk authentication method table 750. The default test risk table 710, disease-test risk definition table 720, patient disease table 730, and risk authentication method table 750 are created before the process according to the flowchart of FIG. 6 starts. On the other hand, the patient-by-patient test risk table 740 is created in S604.

The default test risk table 710 stores default (standard) information for each type of test as information including the degree of risk of the test. In this embodiment, a case will be exemplified in which the test stored in the default test risk table 710 is a test that requires patient authentication before the test is performed. The information stored in the default test risk table 710 is included in the authentication method selection information acquired in S501, and is stored in the default test risk table 710 in S501. In FIG. 7, a default test risk table 710 includes a test ID as a primary key, and a test name and risk level as other columns.

As described above, the degree of risk of a test is information indicating the degree of risk that occurs to a patient by performing a test. In this embodiment, as an example, the risk level of the test is set in three levels: low, medium, and high. However, the method for setting the degree of risk of testing is not limited to this method. For example, the number of levels indicating the degree of risk of testing is not limited to three levels. Further, the degree of risk of the test may be expressed numerically.

Here, in this embodiment, a case is exemplified in which the content of the degree of risk of the test is set depending on the invasiveness of the test. In the default test risk table 710, the blood pressure test, weight measurement, camera image test, and blood vessel echo test are non-invasive tests. Therefore, in the default test risk table 710, the risk level of these tests is set to "low". Intraocular pressure testing is a non-contact test. However, in an intraocular pressure test, air pressure is applied to the eyeball. Therefore, in the default test risk table 710, the risk degree of the intraocular pressure test is set to "medium". Contrast CT (Computed Tomography) examinations and colonoscopy are invasive examinations. Therefore, in the default test risk table 710, the risk level of these tests is set to "high." Note that the criteria for determining the content of the degree of risk are not limited to the invasiveness of the test.

The disease-test risk definition table 720 stores information including the degree of risk of a test when a patient suffers from a specific disease, for each type of test. The information stored in the disease-testing risk definition table 720 is included in the authentication method selection information acquired in S501, and is stored in the disease-testing risk definition table 720 in S501. In FIG. 7, the disease-test risk definition table 720 includes a disease-test ID as a primary key, and other columns include disease ID, disease name, test ID, test name, and risk level. exemplify. Disease-test ID, which is one of the columns of the disease-test risk definition table 720, is a composite key of a disease ID and a test ID.

When a patient suffers from a specific disease, there are cases where the patient is at risk that exceeds the risk level of the test stored in the default test risk table 710. FIG. 7 illustrates a case where the disease-examination risk definition table 720 includes hypertension and glaucoma as disease names. Treatment strategies for patients with hypertension are greatly influenced by blood pressure and blood vessel echocardiography results. For this reason, these tests are of high importance for patients with hypertension. Similarly, treatment strategies for glaucoma patients are greatly influenced by the results of intraocular pressure tests. For this reason, intraocular pressure testing is highly important for glaucoma patients.

If a patient mix-up occurs during such an important test, there is a risk of serious problems. Therefore, in this embodiment, the risk degree stored in the disease-test risk definition table 720 is used as the risk degree of a specific test (for example, a test of high importance to the patient) determined according to the patient's disease. It will be done. In this case, the test risk level stored in the default test risk table 710 is not used as the specific test risk level determined according to the patient's disease.

Patient disease table 730 stores disease information. The disease information stored in the patient disease table 730 is included in the authentication method selection information acquired in S501, and is stored in the patient disease table 730 in S501. In FIG. 7, the patient disease table 730 includes patient-disease ID as a primary key, and other columns include patient ID, patient name, age, gender, date, department, pre-surgery test, disease ID, The following is an example of a case where a disease name and a disease name are included. Disease-Patient ID, which is one of the columns of the patient disease table 730, is a composite key of disease ID and patient ID. Note that the disease-patient ID does not need to be included in the disease information. In this case, the disease-patient ID is created using, for example, the patient ID and the disease ID. Further, the columns of the patient disease table 730 may include the test ID and test name of the test that the patient undergoes.

A column of the patient disease table 730 includes "pre-surgery test". Preoperative examinations are of high importance because the results of preoperative examinations affect the details of the surgery. Therefore, in the patient disease table 730, if yes is stored in the pre-surgery test column, the risk degree of the pre-surgery test is maximized and is set as "high". The date and time column and the department column of the patient disease table 730 have the role of specifying the surgery.

The patient-by-patient test risk table 740 stores information including the degree of test risk for each patient and each type of test. In this embodiment, a case is illustrated in which the degree of risk of a test is determined based on at least one of disease information and test information. Specifically, in this embodiment, the degree of risk of a test is determined based on the content of the test that a patient undergoes, the patient's disease, and whether or not the test that the patient undergoes is a preoperative test. Illustrate. Further, in this embodiment, the information stored in the patient-specific test risk table 740 is determined based on the information stored in the default test risk table 710, the disease-test risk definition table 720, and the patient disease table 730. Illustrate a case.

In FIG. 7, the patient-by-patient test risk table 740 includes a patient-test ID as a primary key, and other columns include patient ID, patient name, test ID, test name, and risk level. Illustrate. Patient-examination ID, which is one of the columns of the patient-specific examination risk table 740, is a composite key of patient ID and examination ID. In this embodiment, a case will be exemplified in which the patient-by-patient test risk table 740 is created in S604. A specific example of a method for creating the patient-by-patient test risk table 740 will be described later.

The risk authentication method table 750 stores information including patient authentication methods for each degree of risk of the test. The information stored in the risk authentication method table 750 is included in the authentication method selection information acquired in S501, and is stored in the risk authentication method table 750 in S501. In FIG. 7, a case is illustrated in which the risk authentication method table 750 includes risk degree as a primary key, and authentication policy and authentication method as other columns.

The risk authentication method table 750 is used by the authentication method selection unit 132 to determine a patient authentication method according to the degree of risk of the test. FIG. 7 illustrates a case where the risk level is "low", the authentication policy is one-factor authentication of "possession", and the authentication method is IC card authentication. In addition, in Figure 7, when the risk level is "medium", the authentication policy is two-factor authentication of "possession" and "knowledge", and the authentication method is IC card authentication and date of birth authentication. The following is an example of an authentication method. In addition, in Figure 7, when the risk level is "high", the authentication policy is two-factor authentication of "possession" and "biometrics", and the authentication method is an authentication method that uses IC card authentication and fingerprint authentication. An example is shown below.

By storing the above information in the risk authentication method table 750, when a patient undergoes a test with a low degree of risk, it is possible to efficiently authenticate the patient. On the other hand, when a patient undergoes a high-risk test, more reliable authentication can be performed to authenticate the patient. Here, in general, the greater the number of authentications, the higher the certainty of authentication. Additionally, biometric authentication is generally more reliable than knowledge and possession. Furthermore, the “Guidelines for Safety Management of Medical Information Systems, Version 5.1, Ministry of Health, Labor and Welfare, January 2021” provides guidelines regarding certification for businesses (staff and related parties) that regularly operate medical information systems. has been done. These guidelines list "memory," "biometric information," and "physical media" as authentication factors. The aforementioned "knowledge," "biological body," and "possession" correspond to "memory," "biological information," and "physical medium," respectively.

As described above, two-factor authentication is a method of performing authentication by combining two independent factors. If a single authentication method includes performing authentication by combining a plurality of independent elements in this way, it is preferable because more reliable authentication can be performed. However, for example, multiple authentications belonging to the same element but using mutually different means (multi-step authentication such as so-called two-step authentication) may be performed. may be included in one authentication method. For example, even if one authentication method includes multiple authentications that belong to the same element of "knowledge" but differ only in the type of information checked during authentication, good. A specific example of an authentication method in this case includes an authentication method that performs password authentication and date of birth authentication.

Furthermore, different means used for authentication are not limited to means that differ only in the type of information to be verified during authentication. As described above, in this embodiment, if at least one of the types of information to be collated during authentication, the algorithm for authentication, and the hardware for authentication differ, It is assumed that the plurality of means used are mutually different means. Here, the phrase "the hardware for performing authentication is different" means that the combination of hardware for performing authentication does not completely match. When password authentication and date of birth authentication are performed, it is assumed that, for example, hardware including the computer 200 is used. When IC card authentication is performed, it is assumed that hardware including an IC card reader/writer and the computer 200 is used as the authentication hardware, for example. When fingerprint authentication is performed, it is assumed that hardware including a fingerprint authentication device and computer 200 is used, for example. In such an example, the computer 200 is used regardless of whether password authentication, IC card authentication, or fingerprint authentication is performed. However, the combination of hardware for performing authentication does not completely match. Therefore, the hardware for performing these authentications will be different. Furthermore, even if multiple authentications use the same hardware for authentication, if the algorithms used for the authentication are different, the means used for the authentication will be different. Assume that there is. For example, as an algorithm for fingerprint authentication, an algorithm that uses the fingerprint information read from a human finger as is and an algorithm that involves removing noise from the fingerprint information read from the human finger are different from each other. It shall be an algorithm.

Further, one authentication method may include a plurality of authentications performed using the same means as the means used for performing the authentication. For example, in order to prevent accidental authentication success, the user may be prompted to input the same information two or more times for verification.

Note that the content of the authentication policy and the content of the authentication method are not limited to the content shown in FIG. 7. The contents of the authentication policy and the contents of the authentication method are determined according to, for example, the authentication policy defined for each medical facility, the equipment of the authentication system that the medical facility has, and the like.

Column items in the default test risk table 710, disease-test risk definition table 720, patient disease table 730, patient-specific test risk table 740, and risk authentication method table 750 are examples, and are limited to those shown in FIG. Not done.

Next, an example of a procedure in which the authentication method selection unit 132 selects a patient authentication method using the authentication method database 134 in S604 will be described.
The authentication method selection unit 132 extracts patient records from the patient disease table 730. The patient is identified based on the patient ID acquired in S602. In FIG. 7, a case is illustrated in which a record of Taro Yamada whose patient ID is "A0001" is extracted from the patient disease table 730. Based on the disease ID (“S0001”, “S0002”) or disease name in Taro Yamada's record, it is specified that Taro Yamada's diseases are hypertension and glaucoma.

Next, the authentication method selection unit 132 acquires information on the degree of risk corresponding to the examination ID acquired in S603 from the “degree of risk” column of the default examination risk table 710. In FIG. 7, a case is illustrated in which the diseases of Taro Yamada, a patient, are hypertension and glaucoma, and the tests corresponding to the diseases are a blood pressure test, a blood vessel echo test, and an intraocular pressure test. Therefore, from the default inspection risk table 710, "low" is acquired as the risk degree corresponding to "K0001", "low" is acquired as the risk degree corresponding to "K0004", and "low" is acquired as the risk degree corresponding to "K0005". "Medium" is obtained. Note that which test the patient identified by the patient ID undergoes is specified by, for example, associating the patient ID with the test ID acquired in S603, as described above.

The authentication method selection unit 132 also acquires test information (test ID) corresponding to the patient's disease information (information on the patient's record extracted from the patient disease table 730) from the disease-test risk definition table 720. In FIG. 7, a case is illustrated in which "K0001," "K0004," and "K0005" are acquired from the disease-test risk definition table 720 as the test IDs of the tests that Taro Yamada undergoes. If there is no test information corresponding to the patient's disease information in the disease-test risk definition table 720, the test information corresponding to the patient's disease information is not acquired.

Next, the authentication method selection unit 132 obtains the risk degree of the test corresponding to the patient's disease information from the “risk degree” column of the disease-test risk definition table 720. FIG. 7 illustrates a case where the following test risk levels are obtained from the disease-test risk definition table 720. That is, "high" is acquired as the risk level of the test corresponding to "K0001", "high" is acquired as the risk level of the test corresponding to "K0004", and "high" is acquired as the risk level of the test corresponding to "K0005". A case in which "high" is obtained will be exemplified.

Here, as the risk level of the test corresponding to the same test ID, the test risk level obtained from the default test risk table 710 and the test risk level obtained from the disease-test risk definition table 720 are different. There are cases. In this case, the test risk degree obtained from the disease-test risk definition table 720 is used instead of the test risk degree obtained from the default test risk table 710. In FIG. 7, "high" is stored in the disease-test risk definition table 720 as the risk degree of the test corresponding to the test ID ("K0001", "K0004", and "K0005") of the test that Taro Yamada undergoes. Here is an example of when is used.

Also, if there is a test ID that is linked to a disease ID in a record for which "pre-surgery test" is yes among patient records extracted from the patient disease table 730, the importance of the test identified by the test ID is The degree is high. Therefore, among the patient records extracted from the patient disease table 730, if there is a test ID that is linked to a disease ID in a record for which "pre-surgery test" is yes, the authentication method selection unit 132 selects the test ID. Set the risk level of the corresponding test to "high." In this case, regardless of the test risk obtained from the default test risk table 710 and the disease-test risk definition table 720, the test risk is "high." In FIG. 7, among the records of Taro Yamada extracted from the patient disease table 730, there is no record for which "pre-surgery test" is yes. Therefore, as described above, the disease-test risk definition table 720 stores the risk degree of the test corresponding to the test ID ("K0001", "K0004", and "K0005") of the test that Taro Yamada undergoes. "High" is used.

Further, the authentication method selection unit 132 determines the degree of risk of the test that the patient with the same patient ID as the patient ID of the record in which "pre-surgery test" is yes among the patient records extracted from the patient disease table 730, is to be taken for the disease. It may be set to "high" regardless of the ID. In this way, for example, if a patient undergoing a pre-surgery test also undergoes a test other than tests considered to be of high importance in the default test risk table 710 and the disease-test risk definition table 720, the risk of the test can be adjusted. The level is also "high." The patient disease table 730 may also include a column of information identifying pre-operative tests. For example, the patient disease table 730 may have a column of test IDs that identify the test device 101 that performs the pre-surgery test and the date and time of the test performed by the test device 101. In this way, the authentication method selection unit 132 can specify the content of the “pre-surgery examination” from the patient disease table 730. Further, the authentication method selection unit 132 may set the risk degree of the test corresponding to the patient ID and the test ID to "high" based on the patient ID and test ID in the record where "pre-surgery test" is yes. . In this way, the risk level of the "pre-surgical test" will be "high" regardless of whether the "pre-surgical test" is determined as a high-importance test in the disease-test risk definition table 720. Therefore, for example, even if a test other than the test considered to be of high importance in the disease-test risk definition table 720 is a pre-surgery test, the risk degree of the test can be set to "high". On the other hand, the risk levels of the remaining tests (i.e. tests other than pre-surgery tests) among the tests that the patient identified by the patient ID undergoes are determined based on the default test risk table 710 or the disease-test risk definition table 720. and can be anything other than "high".

The authentication method selection unit 132 creates a test risk table for each patient based on the patient record information extracted from the patient disease table 730, the test ID obtained in S603, and the risk level determined as described above. Create 740.

In the patient-by-patient test risk table 740 created in this way, test risk levels are set for each patient and for each test type. As described above, the degree of risk of a test is determined based on, for example, the details of the test the patient undergoes, the details of the disease the patient is suffering from, and whether the test the patient undergoes is a pre-surgical test. As described above, this embodiment exemplifies a case where the degree of risk of a test is specified based on information stored in the patient-by-patient test risk table 740.

The authentication method selection unit 132 creates the patient-by-patient test risk table 740 as described above. The authentication method selection unit 132 reads from the patient-by-patient test risk table 740 the degree of risk of the test stored in the patient-by-patient test risk table 740 in association with the test ID acquired in S603. The risk degree of this test is read out for each test ID acquired in S603.

The authentication method selection unit 132 reads from the risk authentication method table 750 the authentication method stored in the risk authentication method table 750 in association with the degree of risk of the test read from the patient-by-patient test risk table 740 . This authentication method is read for each test ID acquired in S603.

In FIG. 7, the inspection ID of the camera image inspection is "K0003", and the risk level of the camera image inspection is "low" (see the default inspection risk table 710). Further, the test that the patient Taro Yamada undergoes is not a pre-surgery test (see patient disease table 730). Further, the camera image test (test ID “K0003”) is not stored in the disease-test risk definition table 720. Therefore, when the test that Taro Yamada undergoes is a camera image test, the risk (degree of risk) of the test that the patient undergoes is "low" (see the patient-specific test risk table 740). Further, in the risk authentication method table 750, "IC card" is stored as an authentication method for a patient undergoing an examination with a "low" risk level. Therefore, if the test that Taro Yamada undergoes is a camera image test, IC card authentication is selected as the authentication method.

In this embodiment, the authentication method selection unit 132 selects the patient authentication method in S604 as described above. When the information processing system 100 has a plurality of information terminals 102, the authentication method selection unit 132 selects a patient authentication method performed on the information terminal 102 in response to a request for selecting a patient authentication method from each information terminal 102 in S601. The authentication method is individually selected as described above. Then, the output unit 135 transmits information indicating the patient authentication method selected by the authentication method selection unit 132 to the information terminal 102.

Returning to the explanation of FIG. 6, in S605, patient authentication is performed. For example, the information acquisition unit 121 acquires information indicating the patient authentication method transmitted from the authentication method server 103 (output unit 135) in S604. The authentication unit 122 authenticates the patient according to the patient authentication method indicated in the information. If the patient authentication method indicated in the information is an authentication method that requires multiple authentications, if all authentications (the multiple authentications) are successful, the authentication is successful (authentication OK) and Otherwise, authentication will fail (authentication NG). The display unit 123 displays information indicating the authentication result by the authentication unit 122.

Next, in S606, the authentication result is notified. For example, the output unit 124 transmits information indicating the authentication result in S605 to the hospital information system 104. At this time, it is preferable that the information terminal 102 transmits the patient ID of the patient and the test ID of the test that the patient undergoes to the hospital information system 104 in addition to information indicating the patient's authentication result.

Next, in S607, the authentication result is determined. For example, in S605, it is determined whether the patient has been authenticated (whether the authentication was successful or not). The determination in S607 is made by, for example, a user of the information terminal 102 (for example, an examiner, etc.) and a user of the hospital information system 104 (for example, a user on the hospital management side, an SE, a medical personnel, etc.). For example, the user of the information terminal 102 determines whether the patient has been authenticated by checking the information indicating the authentication result displayed on the display unit 123 in S605. Further, for example, when information indicating the authentication result is displayed on an office terminal (not shown) included in the hospital information system 104, the user of the office terminal can confirm that the patient is authenticated by checking the information. Determine whether or not it has been done. However, the subject of determination in S607 is not limited to the user (person). The determination in S607 may be made, for example, by at least one of the information terminal 102 and the office terminal included in the hospital information system 104.

If it is determined in S607 that the patient has been authenticated (patient authentication was successful), an examination is performed in S608. For example, the testing device 101 tests a patient based on an operator's operation of the testing device 101. For example, if the inspection device 101 has a digital camera and the inspection is a camera image inspection, the inspection device 101 acquires data including image data including the affected area and data indicating the size of the affected area as the inspection data. do. Data indicating the size of the affected area, information on the scale on the subject of the image, etc. may be stored as image metadata.
The output unit 113 of the testing device 101 then transmits the testing data to the clinical testing information system 105.

Note that the output unit 135 of the authentication method server 103 transmits information including the patient's test data, information indicating the patient's authentication method, and information indicating the patient's authentication result to the clinical test information system 105. You may. In this case, the clinical test information system 105 may store the patient's test data, information indicating the patient's authentication method, and information indicating the patient's authentication result in association with each other. By doing so, the patient authentication method can be tracked later for each patient and each test. Additionally, the results of follow-up surveys can be used as evidence for patient authentication. When the process of S608 ends as described above, the process according to the flowchart of FIG. 6 ends.

If it is determined in S607 that the patient has not been authenticated (patient authentication has failed), the patient's identity is verified in S609. In S609, for example, the office terminal included in the hospital information system 104 acquires information indicating the patient authentication result transmitted from the information terminal 102 (output unit 124) to the hospital information system 104 in S606. In S608, information indicating that the patient was not authenticated (patient authentication failed) is acquired. The office terminal included in the hospital information system 104 displays information indicating that it is necessary to confirm the identity of the patient who was not authenticated and to re-register the authentication information of the patient. Based on this display, manual identification is performed. Identity verification is performed using information such as date of birth, address, documents for identity verification, etc. that can clearly identify the individual.

Next, in S610, authentication information is re-registered. For example, the information acquisition unit 131 acquires authentication information of a patient whose identity has been verified through a user's operation on the authentication method server 103. The authentication information management unit 133 stores the authentication information of the patient whose identity has been confirmed. Note that, when the authentication information management unit 133 has already stored the authentication information of the patient whose identity has been confirmed, the authentication information management unit 133 updates the authentication information of the patient to the latest information.
By newly storing the patient's authentication information as described above, if the cause of authentication failure is a defect in the authentication information, the defect can be corrected. When the process of S610 ends as described above, the process according to the flowchart of FIG. 6 ends.

Here, the authentication unit 122 may perform authentication of the same patient for multiple tests all at once. For example, if multiple tests are performed on the same patient by multiple testing devices 101 in the same room, and the patient authentication method for the multiple tests is the same, the authentication unit 122 Authentication of the patient for the test may be omitted at once.

A specific example of a process in which patient authentication for a plurality of tests is performed all at once will be described with reference to FIG. 7.
In the example shown in FIG. 7, the tests other than the camera image test that Taro Yamada undergoes are a blood pressure test, body temperature measurement, and a blood vessel echo test (see the patient-by-patient test risk table 740). The risks of the blood pressure tests, body temperature measurements, and vascular echo tests that Taro Yamada undergoes are ``low,'' the same as the risks of camera image tests. Therefore, Taro Yamada's authentication method for the camera image test is the same as his authentication method for the blood pressure test, body temperature measurement, and blood vessel echo test, which is IC card authentication (see risk authentication method table 750).

Therefore, in S605, when authenticating Taro Yamada for the camera image test, the authentication unit 122 uses the test device 101 located in the same room as the test device 101 to perform the blood pressure test, body temperature measurement, and blood vessel echo test. Taro Yamada's certification for the tests conducted will also be carried out. Then, the processes of S606 to S608 are performed regarding the camera image inspection that Taro Yamada undergoes. After the process according to the flowchart of FIG. 6 is thus completed, the process according to the flowchart of FIG. 6 is performed as described above for blood pressure examination, body temperature measurement, and blood vessel echo examination. However, the authentication unit 122 performs the following processing between S603 and S604.

First, the authentication unit 122 determines whether Taro Yamada has been authenticated for the test identified by the test ID acquired in S603. As a result of this determination, if Taro Yamada has not been authenticated for the test identified by the test ID acquired in S603, the process of S604 described above is performed. On the other hand, if Taro Yamada has been authenticated for the test identified by the test ID acquired in S603, the processes in S604 to S607 are omitted and the process in S608 is performed. In S608, an examination (blood pressure examination, body temperature measurement, or blood vessel echo examination) is performed by an examination apparatus located in the same room as the examination apparatus 101 that performs the camera image examination. Here, the presence of a plurality of testing devices 101 in the same room may be determined by, for example, the information terminal 102 acquiring information on the installation locations of the testing devices 101 used in each test. For example, by adding a column of information on the installation location of the inspection device 101 to the default inspection risk table 710, the installation location of the inspection device 101 and the inspection ID may be stored in association with each other. In this case, the information terminal 102 may obtain information about the installation location of each inspection device 101 by receiving it from the authentication method server 103, for example.

The above is an example of the embodiment of the information processing system. “Guidelines for Safety Management of Medical Information Systems, Version 5.1, Ministry of Health, Labor and Welfare, January 2021” provides guidelines regarding certification for businesses (staff and related parties) that regularly operate medical information systems. There is. However, there is no agreement regarding patient authentication, and when confirming a patient, it is basically necessary to manually confirm the identity, such as by calling out to the patient. Therefore, for example, if there are patients with the same first and last name, or if the patient and the person verifying the identity mishear or misunderstand what the other person is saying, there is a risk that the patient may be mistaken. For example, in tests that pose a high risk to the patient, such as invasive tests or tests of high importance where the test results affect the treatment plan, there is a risk that mistaking the patient could lead to a serious accident. On the other hand, there are some tests that are less risky for patients. If complex authentication is performed for such an examination, there is a risk that the burden of work required to authenticate the patient will increase, and the burden of information processing for authenticating the patient will increase. Therefore, in this embodiment, the information processing system 100 selects a patient authentication method based on at least one of disease information and test information. Therefore, it is possible to both improve patient authentication accuracy and reduce the burden of authentication.

As described above, in this embodiment, the case where the patient undergoing the test is authenticated is illustrated. Therefore, in this embodiment, the information determined according to the injury or illness of the person receiving the medical-related action is disease information, and the information determined according to the medical-related action received by the person receiving the medical-related action is test information. An example is given below. However, the information processing system described in this embodiment may also authenticate a person undergoing medical-related activities other than examinations. For example, the information processing system described in this embodiment may authenticate a patient undergoing at least one of surgery, treatment, diagnosis, and medication, instead of or in addition to an examination. Further, a person receiving medical-related treatment is not limited to a patient (a person suffering from an illness), but may be any person suffering from an injury or disease (at least one of an illness and an injury). Furthermore, those who receive medical-related acts (acts performed in connection with medical care) are not limited to those who are suffering from injury or illness. For example, a person undergoing a medical-related procedure may be a person undergoing a periodic examination or a medical checkup, or a person undergoing a clinical test (for example, a clinical trial).

Moreover, in this embodiment, the case where the degree of risk of a test is determined based on the details of the test that a patient undergoes and the details of the patient's disease has been illustrated. In this case, the authentication method server 103 selects a patient authentication method for each patient based on both disease information and test information. However, the patient authentication method may be selected based only on either disease information or test information. For example, as described above, the patient authentication method for a pre-surgical test is selected from only test information. For example, if the patient's disease is a specific disease (for example, if it is a serious disease), an authentication method that corresponds to the "high" risk level of the test may be used, regardless of the test the patient undergoes. You may choose. In this case, the patient authentication method is selected from only disease information. Further, in the present embodiment, a case has been exemplified in which the authentication method selection unit 132 specifies the degree of risk of a test based on disease information and test information. However, the degree of risk of the test may be included in the patient's disease information, for example. In this case, the authentication method selection unit 132 may specify the degree of risk of the test by extracting it from the disease information.

Furthermore, in this embodiment, a case has been exemplified in which the authentication method is selected from among a plurality of authentication methods based on the risk caused to the patient by performing the test. However, by selecting an authentication method for each patient depending on the patient's situation, it is possible to use different authentication methods for patients who prioritize improving authentication accuracy and patients who prioritize reducing the burden of authentication. Therefore, the patient authentication method may be selected from among a plurality of authentication methods based on information determined for each patient undergoing examination. For example, the method for authenticating the patient may be selected from among a plurality of authentication methods based on the cost of the test that the patient undergoes instead of or in addition to the risk that the test poses to the patient. Furthermore, as mentioned above, medical-related actions are not limited to testing. If the medical-related act is other than an examination, information corresponding to the medical-related act is determined for each person receiving the medical-related act. For example, when the medical-related activity is treatment, the authentication method for the patient is selected from among multiple authentication methods based on at least one of the risks to the patient resulting from the treatment and the costs of the treatment. You may also do so. The risk to a patient resulting from a treatment is determined, for example, depending on the invasiveness of the treatment the patient receives. In addition, when the medical-related act is medication, the authentication method for the patient is selected from among multiple authentication methods based on at least one of the risks to the patient caused by administering the medication and the cost of the medication. You can also do this. The risk to a patient caused by administering medication is determined, for example, depending on the degree of side effects caused by the medication.

Further, in this embodiment, the testing device 101, the information terminal 102, the authentication method server 103, the hospital information system 104, and the clinical laboratory information system 105 are separated from each other and are connected to each other so that they can communicate by wire or wirelessly. The example below shows the case where this is done. However, it is not necessary to do this. The functions of the inspection device 101, the information terminal 102, and the authentication method server 103 may be located anywhere in the information processing system 100. For example, the functions of the information terminal 102 and the authentication method server 103 may be included in the same casing (one device). For example, the functions of the authentication method server 103 may be included in the information terminal 102 as software. This is preferable when the information terminal 102 is a smart device. For example, since operations for communicating with the authentication method server 103 are no longer necessary, usability for the user who operates the information terminal 102 in hand is improved. Further, the functions of the authentication method server 103 may be included in the hospital information system 104 as software.

(Other examples)
The present invention provides a system or device with a program that implements one or more of the functions of the embodiments described above via a network or a storage medium, and one or more processors in the computer of the system or device reads and executes the program. This can also be achieved by processing. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.
Furthermore, the embodiments of the present invention described above are merely examples of implementation of the present invention, and the technical scope of the present invention should not be construed as limited by these. It is something. That is, the present invention can be implemented in various forms without departing from its technical idea or its main features.

100: Information processing system, 101: Inspection device, 102: Information terminal, 103: Authentication method server

Claims (15)

a selection means for selecting an authentication method for a person receiving a medical-related act from among a plurality of authentication methods based on information determined for each person receiving the medical-related act;
authentication means for authenticating a person undergoing the medical-related act using the authentication method selected by the selection means;
An information processing system comprising: The information specified for each person receiving the above-mentioned medical-related act is divided into two types: information specified according to the injury or illness of the person receiving the medical-related act, and information specified depending on the medical-related act the person receiving the medical-related act receives. 2. The information processing system according to claim 1, comprising at least one of the following. The information according to claim 1 or 2, characterized in that the information determined for each person receiving the medical-related act includes information regarding risks caused to the person receiving the medical-related act by performing the medical-related act. processing system. Information regarding the risks that arise to the person receiving the medical-related act by performing the above-mentioned medical-related act includes information determined depending on the injury or illness of the person receiving the medical-related act, and information related to the medical care received by the person receiving the medical-related act. 4. The information processing system according to claim 3, wherein the information is based on at least one of information determined according to an action. 5. The information processing system according to claim 1, wherein at least one of the plurality of authentication methods includes an authentication method that requires multiple authentications. 6. The information processing system according to claim 5, wherein means used to perform at least two of the plurality of times of authentication are mutually different means. The authentication means is included in each of a plurality of devices,
The selection means is characterized in that, in response to a request from a device including the authentication means, the selection means individually selects an authentication method performed by the authentication means included in the device from among a plurality of authentication methods. The information processing system according to any one of claims 1 to 6. The information processing system according to any one of claims 1 to 7, further comprising a management unit that collectively manages information used for selecting the authentication method. Information regarding the medical-related act performed on the person receiving the medical-related act, information regarding the authentication method used to authenticate the person receiving the medical-related act, and information regarding the authentication results of the person receiving the medical-related act. The information processing system according to any one of claims 1 to 8, further comprising a storage means for storing information in a storage medium in association with each other. It is characterized by further comprising an output means for outputting information including that, when the person undergoing the medical-related act is not authenticated by the authentication means, manual identification of the person undergoing the medical-related act is required. The information processing system according to any one of claims 1 to 9. The authentication means may simultaneously perform authentication of the person receiving the medical-related act for two or more medical-related acts out of a plurality of medical-related acts that the same person receives as the person receiving the medical-related act. The information processing system according to any one of claims 1 to 10, characterized by: 12. The information processing system according to claim 11, wherein the two or more medical-related actions are determined based on information determined for each person receiving the medical-related actions. The information processing system according to any one of claims 1 to 12, wherein the medical-related act includes an examination. a selection step of selecting an authentication method for a person receiving a medical-related act from among a plurality of authentication methods based on information determined for each person receiving the medical-related act;
an authentication step of authenticating a person undergoing the medical-related act using the authentication method selected in the selection step;
An information processing method characterized by having the following. A program for causing a computer to function as each means of the information processing system according to any one of claims 1 to 13.

Images