JP4024116B2 - Medical data management system - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention enables medical staff, patients, and researchers to share medical data efficiently and safely, and enables the use of medical data linked in the fields of medical care, medical research, and medical economy. The present invention relates to a medical data management system capable of selecting and storing medical data.
[0002]
[Prior art]
Conventionally, medical data is a medical record recorded on paper, X-ray images, CT / MRI, etc. stored as a film, and the provision of medical data to other healthcare professionals depends on the provision of paper and film. It was common.
[0003]
The electronic medical chart system (prior art 1) that has begun to be introduced recently enables electronic storage and browsing of medical data, but for the purpose of digitizing existing paper medical charts, information sharing is aimed at doctors. The main body of storage, storage, and browsing of medical data was designed around doctors.
[0004]
In addition, a remote diagnosis system (Prior Art 2) has begun to be put into practical use between specific facilities.
[0005]
Japanese Patent Publication No. 2001-297153 (Prior Art 3) discloses a personal medical information sharing method and a personal medical information database terminal as a medical chart database among a plurality of hospitals.
[0006]
[Problems to be solved by the invention]
According to the prior art 1, since the electronic medical record system is a system mainly for medical personnel, the medical institution is arbitrarily determined to maintain the medical data after the medical data storage duty period has passed. Nevertheless, there is a problem that there is a high risk of losing medical data.
[0007]
In addition, it lacked the viewpoint that “the patient is the main player and decides to provide information to the medical research field, thereby contributing to the development of medicine and the development of medical business”.
[0008]
Furthermore, there is no means for users who share medical data to store medical data individually according to their importance, and there is no means for sharing the storage cost.
[0009]
On the other hand, in the remote diagnosis system according to the prior art 2, there is no means for realizing high quality remote diagnosis as a medical business in a wide area network.
[0010]
In the prior art 3, the second password is proposed as a means for sharing medical data between the doctor and the patient. However, there is no means for managing the access right in units of medical data. (2) If the password is changed, the hospital will be unable to access all patient data including medical data used as the basis for diagnosis, and no one will be able to access medical data when the patient is unconscious. Realistic and rational management was difficult.
[0011]
In consideration of the above points, the present invention allows patients, doctors, medical workers other than doctors (hereinafter referred to as quasi-medical workers), researchers, medical institutions, etc. to be electronically transmitted through communication means such as the Internet. By providing medical data access right management means to share stored medical data efficiently and safely, medical data can be disclosed to patients and medical institutions within the scope of medical law and medical law. Maintaining medical data at the same time, enabling effective remote diagnosis, enabling the selection of important medical data for the period requested by members, including patients, and storage of medical data. Another object is to construct a medical data management system that enables the use of medical data in the medical economic field.
[0012]
[Means for Solving the Problems]
The first invention of the present application that solves the above problem is that a patient, a doctor, a medical worker other than a doctor, and a medical institution are registered as members, and logs in using the ID and login authentication means for each member. In a medical data management system for registering, storing and effectively using data, a management file attached to each medical data is provided, and the access right of the member is recorded by recording the access right of the member in the management file. An access right adding authentication means is provided as a means for enabling and additionally recording the access right of the member in the management file so that the access right adding authentication means exists for each patient member. This is a medical data management system configured.
[0013]
In the medical data management system of the present invention, medical data generated by a doctor's examination is provided to this system by various members such as a doctor member, a semi-medical worker member, a patient member, and the provided medical data is managed. Managed individually by file.
[0014]
The members in the present invention are classified and registered as various members according to the relationship with the medical data, and from the medical data management system side, an ID for each member and, for example, a login password is given as a login authentication means. Each member logs in to the system with the assigned ID and login password.
[0015]
In order to efficiently control the access right of each member to medical data, a management file for medical data and an authentication means for adding access right existing for each patient member are prepared. Implementation of access rights management in line with practical use not realized.
[0016]
That is, the access right to the medical data is recorded in the medical data management file, and an access right adding authentication means is required to additionally record the access right in the management file.
[0017]
Therefore, a member whose access right is recorded in the management file is permitted to access the medical data, and acquisition of a new access right to the medical data is performed by using an access right adding authentication means disclosed by the patient member. Acquired by a doctor member or the like and added to the management file.
[0018]
The login authentication means and the access right addition authentication means as used herein are information stored and managed by an individual as a password, information entered each time, information recorded in a storage medium such as a magnetic card or IC card, and a personal fingerprint. Any of those created using personal biological information such as retinal patterns and retinal patterns.
[0019]
As a result, medical data that has conventionally been dependent on paper or film is accumulated as electronic data, and can be shared across temporal and spatial gaps.
[0020]
Conventionally, the main subject of storage, storage, and browsing of medical data has been a doctor. However, in the present invention, a patient can participate as a member in the storage, storage, and browsing of medical data, and permission to add access to medical data is permitted. Since the right to do exists in the patient member, the subject of the use of the medical data becomes the patient member.
[0021]
However, since the member whose access right is recorded in the medical data management file becomes a person who has access right to the medical data, for example, the access right of the medical member to the medical data that is the basis of diagnosis once used for the diagnosis is Guaranteed.
[0022]
The functions that can be performed on the medical data differ depending on the type of member.
[0023]
The medical data here includes, for example, indefinite form data and comments registered by each member (including diagnosis comments, remote diagnosis comments, etc.), and the indefinite form data includes, for example, patient member's medical history, prescription, Character data such as findings, diagnosis, comments, etc., numerical data such as clinical examinations, electrocardiograms, X-ray photographs, image data such as MRI, CT, etc., moving images and voices, etc. These data alone or these data Or information expressed in XML (eXtensible Markup Language) or the like, and also includes secondary medical data obtained by performing processing such as changing the color tone or shading of the image.
[0024]
The management file for managing medical data here records information relating to management of medical data, and there exists one or more for one medical data. For example, the management file is independent of medical data. Even if it exists, it may be integrated with medical data and exist as part of medical data, or may exist as a database.
[0025]
In addition, a doctor here is a person who has a license to make a diagnosis based on the law, and a dentist or the like follows this.
[0026]
The information included in the management file includes, for example, the storage location of medical data, the member ID having the access right, the date and time when the access right was acquired, the member ID to which the access right was added, the background to the addition of the access right, etc. Information on the history of access rights, restrictions on addition of access rights, declarations that medical data is unnecessary, the scope of research purpose disclosure of medical data, the amount of medical data, and the like.
[0027]
The recording of the access right of each member in the management file is realized, for example, by recording the member ID in the access right recording area of the data management file. When an access request to the medical data is made from the logged-in member, The data management system searches the management file for the medical data requested to be accessed, and permits the member whose ID is recorded in the access right recording area to access the medical data.
[0028]
In order to protect the privacy of members, information such as member information, medical data, and medical data management files recorded in the medical data management system may be encrypted and recorded.
[0029]
According to the second invention of this application, a member whose access right is already recorded in the management file of medical data allows another member to access the medical data by the function of additionally recording the access right of the other member in the management file. It is characterized by making access possible.
[0030]
For example, as a function that can be used when one doctor member already has access to medical data of a patient member and logs in to the medical data management system, the function of selecting the medical data, the member By implementing a function for confirming that the access right is present in the access right recording area of the management file for the medical data and a function for adding an ID as a new access right to the management file, It becomes possible to add access rights of members.
[0031]
As a result, for example, in remote diagnosis, it is possible to give the right of access to specific medical data to a remote diagnosis requestee, and it is possible to safely deploy remote diagnosis over a wide area network.
[0032]
If there is a member who has illegally obtained the right to access medical data, the patient member can capture the unauthorized access right acquirer by searching the access right recorded in the medical data management file. When access is detected, the access right of the member who performs unauthorized access may be deleted from the management file of the medical data with the authority of the system administrator at the request of the patient member.
[0033]
The third invention of the present application has a function that enables a patient member to register his / her own medical data for the patient member, and includes those registered by other members. The management file of all medical data is configured to have a function of automatically recording the access right of the patient member, so that the patient member can always access his / her medical data as well as the medical data. Is configured to be disclosed to others.
[0034]
Since all medical data is created in the presence of patient members, for example, by implementing a function that automatically records patient member IDs in the access right recording area of the management file when medical data is generated, Patient members are guaranteed access to their medical data.
[0035]
The fourth invention of the present application has a function of recording a medical data range approved by a patient member in a medical data management file by allowing a researcher member to participate, thereby obtaining medical data permitted to the researcher member. It is configured to be openable.
[0036]
For example, for a patient member who has logged in to the medical data management system, this system can select the medical data that the patient member may disclose, and the personal information of the patient member associated with the medical data such as gender and age. This function can be realized by providing a function to select the disclosure range, a function to record the selection result in the management file, and a function to extract the intended medical data by the researcher member through a conditional search. At this time, the patient member may request a fee for research use of his / her medical data.
[0037]
This makes it possible for the patient to take the lead in determining the provision of information to the medical research field, thereby contributing to the development of medicine and the development of the medical business.
[0038]
Since medical data consists of data registered by patient members, multiple doctor members, and associate health care professional members, whether or not medical data can be disclosed has a function that reflects the intention of these registrants to be disclosed. You may equip it.
[0039]
In the fifth invention of this application, in each member whose access right is recorded in the management file, the person in charge of storing the medical data is determined in the order in which the medical data is required, and the person in charge of the storage abandons the responsibility. When the responsibility of the custody moves to the next candidate and eventually all members abandon the custody responsibility, a function for deleting the medical data is provided. is there.
[0040]
For example, the access rights holders recorded in the medical data management file are sorted by membership type to determine the priority of the person responsible for storage, and the first access right holder is determined as the person responsible for storage and recorded in the management file. The step of notifying the determined custodian, the step of registering in the medical data management system whether the custodian who received the notification will continue or abandon the custodian, and the custodian is the custodian When abandoning something, the medical data management system has a function to repeat the step of deciding the next person responsible for storage according to the priorities shown above and a function for monitoring whether there is a person responsible for storage. This is realized by providing a function for deleting the medical data when the person in charge of storage disappears.
[0041]
As a result, medical data can be stored on the medical data management system as long as one of the members who have access rights recognizes the necessity as well as patient members, and the medical institution decides to discard the medical data unilaterally. You can avoid the situation.
[0042]
Further, when all members abandon the responsibility for storing medical data, there is no member who needs the medical data, so the medical data is deleted, and unnecessary medical data is accumulated on the medical data management system. The medical data is stored according to the importance.
[0043]
At this time, as a means of automatically avoiding a member becoming a storage manager, if you set in advance to “Abandon the storage responsibility for all medical data in advance” in advance, manual data abandonment Can be avoided.
[0044]
In the above case, by setting an important flag for certain important medical data, if the function to become a member responsible for storage is added, only the medical data is not automatically waived. Avoid the risk of accidentally losing important medical data.
[0045]
The sixth invention of the present application has a function of automatically searching for a person in charge of storing each medical data, and totaling the amount of medical data stored for each member, and a function that makes it possible to charge for the totaled result Is provided.
[0046]
For example, the system retrieves the person in charge of storage from all the medical data management files at regular intervals determined by the administrator of the medical data management system, and calculates the data amount of the medical data recorded in the management file. It is possible to determine the billing fee by providing a function for counting and calculating the total amount of medical data for storage responsibility for each member. In this case, not only charging for the member responsible for storage at the time of counting but also charging for other members having access rights to this medical data may be used in combination.
[0047]
The seventh invention of the present application is configured such that the patient member can change the authentication means for adding access right in order to prevent a doctor member who has examined the patient member in the past from accessing the medical data of the patient member without limitation. It is characterized by being made.
[0048]
The patient member is recognized by this system as a patient member by logging in to the medical data management system. For example, if an access right addition password is used as an access right addition authentication means, the system requests the access right addition password from the patient member and confirms the used access right addition password. It is possible to change to a password for adding a new access right.
[0049]
As described above, the access right addition password can be changed freely by the patient, and after the access right addition password is changed, the access right cannot be added with the old access right addition password. However, the access to the medical data of the member whose access right is already recorded in the management file is not affected.
[0050]
As a result, a medical data management system in consideration of the privacy of the patient member is constructed without causing an inaccessible situation to the medical data that has been used as a basis for diagnosis by the doctor member.
[0051]
In the eighth invention of this application, when another member performs an act of adding an access right to the medical data for his / her own medical data specified by the patient member, the other member's act to the other member Is provided with a warning setting function to record the behavior of other members and notify the patient members after the behavior of other members. is there.
[0052]
For example, after a patient member logs in to the medical data management system, the step of selecting medical data to be protected, the step of recording that a warning is set in the management file of the selected medical data, the access rights of other members When adding, a step of searching the medical data management file, a warning is set in the medical data management file, a step of issuing a warning to a person who adds the access right, an access right for the warning The step in which the additional actor determines the process. If the process is the additional execution of the access right, the access right is added, the actor is recorded in the management file, and the member to which the access right has been added ( For example, the patient member is notified of the referee at the time of remote diagnosis) and the member who performed the act (for example, the introducer at the time of remote diagnosis). It is realized by step.
[0053]
This enhances the morals regarding the medical data operation of the patient member in the doctor member or the quasi-medical worker member, and contributes to the privacy protection of the patient member.
[0054]
The ninth invention of the present application has a function of registering a disposable authentication means that allows another member to add an access right to the medical data only once for the medical data specified by the patient member. In addition, it is configured to be able to request the input of the disposable authentication means to other members who perform the act of adding the access right to the medical data.
[0055]
For example, after the patient member logs in to the medical data management system, the step of selecting the target medical data, and the step of recording that the request for the disposable authentication means is set when the access right is added to the selected medical data management file When the access right of another member is added, a step of searching the management file of the medical data, and when the input request of the disposable authentication means is set in the management file, the disposable authentication means is provided to the actor who adds the access right. In response to the request, the actor adding the access right inputs the disposable authentication means, confirms whether the input disposable authentication means is valid, and the disposable authentication means is valid. If you want to add access rights and record the actor in the management file, use Disposable authentication means which is realized by the step of disabling later.
[0056]
Thereby, the patient-centered medical data disclosure function is realized.
[0057]
For example, for the creation and acquisition of disposable authentication means for a patient member, the patient member enters a request for creating the disposable authentication means after logging into the medical data management system using a mobile phone, computer terminal, or other device that can be connected to the Internet. The expiration date when it is not used can be arbitrarily determined by the patient member.
[0058]
The means for passing the disposable authentication means created by the patient member to the user can be, for example, delivered verbally, displayed on the screen of a mobile phone, provided, or printed as a ticket.
[0059]
In the case where the ticket containing the disposable authentication means is lost, it is desirable that the patient member has a function of logging in to the system using a terminal or a mobile phone and invalidating the disposable authentication means.
[0060]
The single-use authentication means here refers to information that is stored and managed by an individual as a password, information that is input each time, information that is recorded on a storage medium such as a magnetic card or IC card, personal fingerprints, retinal patterns, and other personally unique organisms. Anything created using scientific information may be used.
[0061]
The tenth invention of the present application assumes that a member is a client of a remote diagnosis / medical care, and a doctor member who is a requestee has a function of posting information related to remote diagnosis / medical care such as a specialized area. It is characterized by being provided.
[0062]
For example, a doctor member who is willing to be a remote diagnosis client can log in to the medical data management system and then provide his / her department, career, qualification, specialized field, work area, and remote diagnosis / medical conditions. Or the like can be registered in advance in the medical data management system, and the registered information is realized by providing a function that allows a member who becomes a requester to perform a condition search and browse.
[0063]
Therefore, in the present invention, since it is possible to search and obtain information on specialized fields etc. from doctor members who are registered in the medical data management system and have announced that they are entrusted with remote diagnosis, it is possible to obtain information in medical offices or acquaintances. Compared to conventional remote diagnosis, which is often limited to doctors registered in one organization or doctors registered in one organization, it is highly possible to select a doctor who can provide high-quality remote diagnosis from a wide range.
[0064]
In the eleventh aspect of the present application, the diagnosis is provided by the doctor member who is the requestee after the member becomes the requester of the remote diagnosis / medical care and the remote diagnosis / treatment is performed by the doctor member who is the requestee. In addition to having a function to register the evaluation of the information of the client as a requester, the requested person can also register the evaluation for the evaluation given by the requester. It is.
[0065]
When the movement of the information of the requester and the requestee when the remote diagnosis is performed is briefly described, for example, the requestee registers the diagnosis result to the requester, and the requester looks at the diagnosis result. Step 2 for registering the evaluation for the diagnosis result to the requestee, and Step 3 for the requestee to see the evaluation in Step 2 and register the evaluation for the request to the requester.
[0066]
For example, in step 2, the comment as the client's text and the satisfaction as the class value regarding the appropriateness of the diagnosis contents, the kindness of the explanation, etc. are registered. The comment as the client's sentence and the satisfaction as the class value are registered.
[0067]
Of the exchanges between the two involved in remote diagnosis, the registration of the satisfaction level received as an evaluation from each other in steps 2 and 3 is, for example, determining whether or not the member who has received the evaluation understands the disclosure. If it is understood through the steps to be performed, a satisfaction history given to the other party is announced to other members by a function disclosed on the medical data management system for the remote diagnosis requester and the requestee.
[0068]
It is desirable to provide a function for publishing the ratio of evaluation published in the entire history in the publication of the satisfaction history given to the other party.
[0069]
The evaluation for the remote diagnosis and the function for registering the evaluation for the evaluation can improve the quality of the remote diagnosis and maintain the morality in the network medical care.
[0070]
DETAILED DESCRIPTION OF THE INVENTION
The medical data management system of the present invention is a computer system in which a terminal installed in each medical institution, home, research facility, etc., and a medical data management server are connected by communication means such as the Internet or a dedicated line, so that patients, doctors, Associate medical staff, researchers, and medical institutions become classified members, and the medical data generated by patient examinations by doctors is shared by each member while maintaining independent access rights, thereby preserving patient privacy However, it is a means for enabling remote diagnosis and storing data for a desired period of access right holder, and for effective use of medical data in the medical field. An embodiment of the present invention will be described below. However, the present invention is not limited to this.
[0071]
【Example】
First, an outline of a part that forms the skeleton of the medical data management system of the present invention will be described with a focus on access right management means. The medical data management system of the present invention is realized by a computer network and a program for members to effectively use medical data registered and stored on a network using a dedicated communication line or the Internet.
[0072]
The members are patient members, doctor members, non-doctoral health care professional members (for example, nurses and radiologists, etc., hereinafter referred to as quasi-medical care worker members), medical institution members (eg, hospital members), and researcher members. The members log in to the medical data management system of the present invention through the network using the ID for each member and the login authentication means. Note that the types of members are not necessarily limited as in the present embodiment.
[0073]
Data such as examination images generated in association with medical treatments for patient members, and data relating to wounds and diseases acquired by the patient members themselves (for example, photographs of burns taken by themselves) are referred to as medical data.
[0074]
The medical data of the patient means medical data of the patient member himself / herself for the patient member, and includes all of the data generated by the patient member upon receiving the doctor's examination and the data created by himself / herself.
[0075]
In the medical data management system of the present invention, the functions that can be used for each member type are limited, and the functions that can be used by each member are displayed as function buttons on the global menu for each member displayed after the member logs in. May be.
[0076]
Doctor members, associate medical staff members, and patient members can register medical data in the medical data management system of the present invention.
[0077]
Each registered medical data has a management file. In the access right recording area included in this management file, the access right of the member is recorded, and only the member whose access right is recorded. The medical data can be accessed.
[0078]
An access right addition authentication means is prepared as a means for a member (doctor member and associate health care worker member) involved in medical care to obtain access right to the registered medical data, and the access right addition authentication is prepared. Means are managed by patient members.
[0079]
Physician members or quasi-healthcare professional members receive the disclosure of the access right additional authentication means from the patient member at the time of the examination, and after entering the authentication means for adding the access right of the corresponding patient member into the medical data management system, The system can be used (hereinafter referred to as “medical examination mode”), and the access right can be additionally recorded in the medical data management file.
[0080]
The access right for medical data newly registered in the “Diagnosis Mode” is given to the doctor member or associate medical worker member who registered the medical data first. Based on the principle that the person who owns the patient is the patient, the patient member is also given access.
[0081]
Patient members can register only their own medical data, and it is not necessary to input authentication means for adding access rights at the time of registration. Access to medical data registered by patient members themselves is initially given only to patient members. Will be.
[0082]
In the medical data management system of the present invention, the right to access medical data that has been migrated and stored from another database is initially given only to patient members.
[0083]
If a patient member who has medical data registered in the medical data management system visits another medical institution and provides authentication means for adding access rights to other doctor members or quasi-healthcare professional members, it is necessary to add access rights. A doctor member or a quasi-medical worker member who has been provided with the authentication means can acquire an access right to medical data already registered and stored.
[0084]
In addition, since the authentication means for adding access rights is managed by the patient member and can be changed by the patient member, if the patient member changes, the doctor member or the associate medical staff member can obtain the access right that he / she has known in the past. Using the additional authentication means, it becomes impossible to newly acquire an access right to medical data that does not have an access right.
[0085]
Even if the access right adding authentication means is changed, the medical data that already has the access right can still be accessed, and the member is guaranteed the right to access the medical data acquired by the legitimate means. By this function, for example, the medical member is not unilaterally stripped of the medical data used as the basis for the diagnosis from the patient member.
[0086]
In the medical data management system of the present invention, if a patient member is young or cannot make a proper judgment or processing due to illness, the right parent or guardian accepts the right and obligation of the patient member on behalf of the patient member. Also good.
[0087]
In addition, examples of functions that can be implemented for each member type in the medical data management system of the present invention will be described.
[0088]
The doctor member can mainly register, browse, process medical data, register diagnostic comments, request remote diagnosis, accept remote diagnosis, and the like. Patient members can request registration, browsing, processing and remote diagnosis of medical data. A medical institution member (hospital member) is a facility member that performs office work such as reception work related to a patient member, and can be a cost bearer when the medical data management system of the present invention is used as an electronic medical record of a medical institution. Researcher members can search, view, and process medical data for research, education, and learning only with respect to medical data that patient members have approved for research use, but they are not involved in medical care.
[0089]
In the medical data management system of the present invention, when a remote diagnosis request is made, the remote diagnosis requester must be a member who already has access rights to the medical data used for the remote diagnosis. By allowing a member with access to medical data to newly grant access to the medical data to another doctor member, the remote diagnosis requestee can access the medical data. The access right at the time of remote diagnosis is ensured without depending on the authentication means for adding the access right.
[0090]
In the embodiment, a login password is used as an example of a login authentication unit, and a password as an example of an access right addition authentication unit is referred to as a diagnosis key. Moreover, a disposable password as an example of the disposable authentication means is used, and this is called a one-time password.
[0091]
Note that the disposable authentication means is an authentication means that can be used only once to release this protection when protection against the act of adding access rights to medical data is set. Includes "general-purpose disposable authentication means (general-purpose one-time password in this embodiment)" that can be used in common for all protected data, and "specific disposable authentication" that can release only protection for specific medical data Means (specific one-time password in this embodiment) ".
[0092]
For example, if there are multiple medical data protected by a general-purpose one-time password, any one can be canceled with a single general-purpose one-time password, while medical data protected by a specific one-time password In the case of data, only a specific one-time password created for each medical data can be released.
[0093]
Hereinafter, this will be described in detail with reference to FIGS.
[0094]
For example, as shown in FIG. 1, a network system constructed on the Internet 1-7, a hospital network 1-8 constructed in a large-scale medical institution 1-15, and a medium-scale medical institution 1-16. The in-hospital network 1-9 and the data acquisition reference terminal 1-12 installed in the small-scale medical institution 1-17 are connected via a communication line to form a network.
[0095]
The network system constructed on the Internet 1-7 includes data management servers 1-1, 1-2, 1-3, and mirror certification authorities 1-6a, 1-6b provided above the data management server. And a root certificate authority 1-6.
[0096]
In each of the data management servers 1-1, 1-2, and 1-3, the servers are linked by encryption communication, and processing such as registration, storage, browsing, and access right management of medical data is performed.
[0097]
Authentication at the time of encryption communication of each data management server 1-1, 1-2, 1-3 is distributedly processed by the root certificate authority 1-6 and the mirror certificate authorities 1-6a, 1-6b.
[0098]
Each data management server 1-1, 1-2, 1-3 stores files for medical data, member information, and management information (medical data management file, other information, etc.) for operating medical data. The program is stored and managed by the administrator.
[0099]
The network system constructed in the large-scale medical institution 1-15 includes a bridge / data server 1-4 and a data acquisition reference terminal 1-10, and is managed by an administrator or the like. Is used by.
[0100]
The network system constructed in the medium-sized medical institution 1-16 includes a bridge / cache server 1-5 and a data capture reference terminal 1-11, and is used by the doctor member B or the like.
[0101]
The small-scale medical institution 1-17 includes a data take-in reference terminal 1-12 and is used by the doctor member C or the like.
[0102]
The configuration constructed in the large-scale medical institution 1-15, the medium-scale medical institution 1-16, and the small-scale medical institution 1-17 will be described in detail.
[0103]
The bridge data server 1-4 and the bridge cache server 1-5 are connected to the data capture reference terminals 1-10 and 1-11 via the in-hospital networks 1-8 and 1-9, respectively, and the Internet 1-7. Is connected to the data management server 1-1.
[0104]
The bridge data server 1-4 has a function of storing medical data registered in the large-scale medical institution 1-15, and the medical data requested by the data acquisition reference terminal 1-10 of the large-scale medical institution 1-15. It has a function of temporarily storing medical data registered outside the large-scale medical institution 1-15 as data, and is expected to reduce processing time when data is requested again, and to improve security.
[0105]
That is, in the bridge data server 1-4, the large-scale medical institution 1-15 has a hard disk 1-4a capable of storing local medical data (original medical data), and a cache function for medical data, member information, and management information. And a hard disk 1-4b.
[0106]
The bridge / cache server 1-5 has a function of temporarily storing medical data requested from the data acquisition reference terminal 1-11 of the medium-sized hospital 1-16, and shortens the processing time when the data is requested again. Expected and improved security.
[0107]
That is, the bridge / cache server 1-5 includes a hard disk 1-5b having a cache function for medical data, member information, and management information.
[0108]
In the small medical institution 1-17, the house 1-18, and the research facility 1-19, the data acquisition reference terminals 1-12, 1-13, and 1-14 are respectively connected to the data management server via the Internet 1-7. It is connected to 1-2, 1-3, 1-3.
[0109]
The member information stored in the hard disks 1-1a, 1-2a, 1-3a of the data management servers 1-1, 1-2, 1-3 includes a member information file at the time of member registration. The example of the member information files 2-1 and 2-2 of a patient member and a doctor member is shown.
[0110]
The patient member's member information file 2-1 includes a member ID, personal identification information such as the patient's name, address, date of birth, telephone number, payment method, login authentication means (for example, login password). ), An access right adding authentication means (for example, a medical examination key), a storage responsibility automatic abandonment flag 2-1a, a medical data number having an access right, and a general-purpose disposable authentication means 2-1b (one of the disposable authentication means) In the embodiment, a general-purpose one-time password) is stored as necessary.
[0111]
The doctor member's member information file 2-2 includes a member ID, personal identification information such as a doctor's name, address, date of birth, and telephone number, a payment method, information of a member of a medical institution to which the user belongs, and login. Stored are authentication means (for example, login password), remote diagnosis related information such as a specialized field, automatic storage responsibility abandonment flag 2-2a, and a medical data number having an access right.
[0112]
FIG. 3 shows an example of the structure of a medical data management file. The medical data management file 3 includes a basic unit 3-1 and an access right recording area 3-2. In the basic unit 3-1, a medical data number, a medical data storage location, a medical data capacity, and an access right at diagnosis are added. Restriction, additional restriction of access right at remote diagnosis, specific disposable authentication means 3-1a (one of the disposable authentication means in this embodiment, a specific one-time password), the scope of disclosure in research use (diagnosis, etc.) are stored In the access right recording area 3-2, for each member having the access right, a medical data number, a member ID, an access right acquisition date and time, an access right additional member (member ID of the member to which the access right is added), There is information such as an access right addition act (the background of the addition of the access right such as medical examination and remote diagnosis), an important flag 3-2a, and an unnecessary flag 3-2b.
[0113]
FIG. 3 shows the access right recording area for the basic part data example 3-3 and the access right recording area 3-2 for the structural example of the basic part 3-1 of the medical data management file 3. Data example 3-4 is also shown.
[0114]
The flow of the member registration process is performed based on FIG. 4, and the flow of the member registration process will be described with reference to FIG. 1, FIG. 2, and FIG. First, when a non-member registers as a member in the medical data management system of the present invention, the data acquisition reference terminals 1-10, 1-11, 1-12, 1-13, connected to the Internet 1-7 in FIG. 1-14, the online member registration menu 5-2 is selected from the homepage screen 5-1 of this system as shown in FIG. 5, and a member registration screen (not shown) is displayed. A member type is appropriately selected from selection buttons of a patient member, a doctor member, a semi-medical worker member, a medical institution member, and a researcher member (S4-1).
[0115]
For example, if the large-scale medical institution 1-15 wants to use the medical data management system of the present invention, select a medical institution member from the selection button, and if the researcher wants to view medical data as research material, the researcher Select a member.
[0116]
After selecting the member type, the member agreement is displayed for each member type (S4-2), and after agreeing, the information necessary for member registration (name, address, etc., doctor member is a doctor license number, etc.) is entered (S4-). 3) The payment method is selected (S4-4) and member registration is performed.
[0117]
For example, the patient member a can register as a member from the house 1-18, and after registration, the member ID, a temporary login password as a login authentication means, and a diagnosis key as an access right addition authentication means are given (S4-5). ).
[0118]
In addition, in the case of a doctor member or a semi-medical worker member, an official member registration may be made after the identity is confirmed by a copy of a doctor license or a nurse license.
[0119]
For example, as shown in FIG. 2, personal information when registered as a member is recorded in member information files 2-1, 2-2, and each member has access rights in addition to the member's personal information. A list of medical data numbers having the access right is also stored, and each time the medical data to which each member has an access right is changed, the list of medical data numbers having the access right is also updated.
[0120]
Next, an access procedure common to each member after the member registration will be described with reference to FIGS. Each member can access the homepage screen of the system shown in FIG. 5 from the data capture reference terminals 1-10, 1-11, 1-12, 1-13, 1-14 connected to the Internet 1-7 shown in FIG. 5-1, login with the member ID and login password, and transition to the initial screen 6 after login for each member.
[0121]
When there is an item to be communicated to each member, “Notification” is displayed in the notification column 6-6 of the initial screen 6 after login shown in FIG.
[0122]
The contents of “Notification” include notification when the person responsible for storing medical data is stored, notification that access right has been added to medical data for which access right addition notification is set, and notification regarding remote diagnosis In addition, there are communication items from the operator of the medical data management system.
[0123]
From the initial screen 6 after login shown in FIG. 6, a global menu that is a function button that summarizes the functions that members can perform for each member type is displayed, and movement from the global menu to a processing screen desired by the member is realized. The
[0124]
The global menu includes functions that differ depending on the member type, and is displayed in principle regardless of the screen, and only buttons for functions that can be executed on that screen are valid.
[0125]
The global menu for each member is shown in FIG. 7 to FIG. 11, and the next global menu that has been hidden may be displayed by a key operation when it cannot be displayed in a row on the display. FIG. 7 is a global menu 7 for doctor members, FIG. 8 is a global menu 8 for patient members, FIG. 9 is a global menu 9 for quasi-medical worker members, FIG. 10 is a global menu 10 for medical institution members, and FIG. This is an example of the global menu 11 for use. (Hereafter, it is called the global menu for each member 7, 8, 9, 10, 11)
[0126]
The window opened by the “Notification” column 6-6 shown in FIG. 6 and the global menu for each member 7, 8, 9, 10, 11 includes a close button 6-7. By checking this, the window is closed. It is done.
[0127]
In this system, in addition to the global menus 7, 8, 9, 10, 11 for each member, for example, an “open medical data” button 13-1 in FIG. 13 is displayed as a local menu displayed only on the moved screen. Yes, this function button is displayed as needed.
[0128]
Further, as a function button common to all members provided in each member global menu 7, 8, 9, 10, 11, a login password change button 6-1 shown in FIG. 6 and a member basic information button 6-2 are shown. , A login history button 6-3, an accessible data button 6-4, and a storage responsibility information button 6-5.
[0129]
A function common to all members included in each member's global menu 7, 8, 9, 10, 11 includes a login password change function. When the login password change button 6-1 is selected, login is performed. Move to the password change screen (not shown).
[0130]
On the login password change screen (not shown), you are prompted to enter the current login password. If the entered password is true, you are then prompted to enter a new login password multiple times. If all new login passwords match, the system allows the login password to be changed and registers it in the system.
[0131]
In addition, there is a member basic information button 6-2 as a function button common to all members provided in each member's global menu 7, 8, 9, 10, 11 to confirm the basic information of the member, And changes can be made.
[0132]
For example, confirmation of basic member information such as name, gender, date of birth, address, occupation, telephone number, e-mail address, usage fee settlement method, and information that may be changed, such as address, telephone number, etc. It can be changed.
[0133]
The doctor member can register the clinical department, specialized area, remote diagnosis conditions, etc. in the remote diagnosis in the basic member information.
[0134]
Further, as a function common to all members provided in each member global menu 7, 8, 9, 10, 11, there is a login history button 6-3, which displays a past login history.
[0135]
As a function common to all members provided in each member global menu 7, 8, 9, 10, 11, there is a list function of accessible data. When the accessible data button 6-4 is selected, FIG. The accessible medical data list screen 13 shown in FIG.
[0136]
In the accessible medical data list screen 13, a medical data management file is searched based on the accessible medical data numbers recorded in the member information files 2-1 and 2-2 of the logged-in member in FIG. The date on which the patient member's name, patient member ID, and medical data were created from the information in the member information file 2-1 of the member and the medical data management file 3 in FIG. 3, that is, the date on which the patient member was examined and examined The logged-in member can view the data from the date of occurrence of medical data, the date of registration of the medical data in the system, the data type, the data size of the medical data, and a simple comment for identifying the medical data. The permitted items are displayed.
[0137]
Although there is no restriction on browsing the accessible medical data list screen 13 for the patient member, only the contents permitted for viewing are displayed for the researcher member, and the patient name and patient member ID are generally not displayed. .
[0138]
As a function common to all the members provided in the global menu, there is a medical data storage responsibility information list function, and a storage responsibility medical data list screen 14 shown in FIG. 14 is displayed by a storage responsibility information button 6-5 in FIG. 3 is displayed in the important / unnecessary input column 14-1, and the storage responsibility waiver is determined by setting the important flag 3-2a and the unnecessary flag 3-2b of the medical data shown in FIG. Can do.
[0139]
Further, when medical data is selected and opened on the accessible medical data list screen 13 shown in FIG. 13 or the storage-responsible medical data list screen 14 shown in FIG. 14, the medical data details browsing screen (for doctors) shown in FIG. 18 is opened in the normal mode (non-diagnosis mode), and “normal mode” is displayed in the accessor / mode column 18-1.
[0140]
Next, a description will be given of the functions provided in the global menu that differ depending on the type of member.
[0141]
For example, a patient reception screen (not shown) can be displayed by the consultation patient reception button 10-1 of the global menu 10 for medical institution members shown in FIG. 10, and today's outpatient reception can be performed. Then, it is recorded in an outpatient consultation recording file (not shown).
[0142]
The outpatient consultation record file is stored in the data management server 1-1 from the data acquisition reference terminal 1-10 of the large-scale medical institution 1-15 shown in FIG. 1, for example, and registration information and simple comments are registered. Can do.
[0143]
The global menu 10 for members of the medical institution shown in FIG. 10 has an inpatient acceptance button 10-2, which accepts admission and indicates that a patient member has been accepted for admission (not shown). ) Is recorded.
[0144]
The hospitalization procedure record file is stored in the data management server 1-1 shown in FIG. 1, and can have hospitalization procedure information and simple comments.
[0145]
The doctor menu global menu 7 in FIG. 7, the semi-medical worker member global menu 9 in FIG. 9, and the medical institution member global menu 10 in FIG. 10 include patient buttons 7-1, 9-1, 10-3. When this button is selected, a consultation patient list (outpatient) screen 15 shown in FIG. 15 is displayed.
[0146]
There are inpatient buttons 7-2, 9-2 and 10-4 in the global menu 7 for doctor members, the global menu 9 for members of semi-medical workers, and the global menu 10 for members of medical institutions. Select these buttons. Then, a consultation patient list (hospitalization) screen (not shown) which is a list of patients currently hospitalized is displayed.
[0147]
As shown in FIG. 7, the doctor menu global menu 7 includes a new examination patient button 7-3, and the doctor clicks on a patient member from the outpatient or hospitalized examination list to select the new examination patient button 7-3. When this button is clicked, the present system requests a diagnosis key. When the key is input correctly, the patient data list screen 16 shown in FIG. 16 is displayed.
[0148]
When the new diagnosis patient button 7-3 is selected without selecting a patient member, the patient member ID / diagnosis key request window 17 in which the present system requests both the patient member ID and the diagnosis key as shown in FIG. Is displayed, and if it is correctly input, the examination target patient data list screen 16 of FIG. 16 is displayed.
[0149]
In addition, the doctor menu global menu 7 of FIG. 7 has a diagnosis end button 7-4, which ends the diagnosis mode and returns to the screen before starting the diagnosis mode such as the list of patients to be examined (outpatient) 15 in FIG. .
[0150]
In the global menu 7 for doctor members in FIG. 7, the global menu 9 for associate medical staff members in FIG. 9, and the global menu 10 for medical institution members in FIG. 10, patient search buttons 7-5, 9-3, 10-5 are provided. As a result, the patient search condition input screen 12 shown in FIG. 12 is displayed, and the member information files 2-1 and 2-2 shown in FIG. 2 are combined with the information described in the medical data management file 3 shown in FIG. A search is performed.
[0151]
Each condition input in the patient search condition input field 12-1 shown in FIG. 12 is an AND condition in each line, and an OR condition in each line. For example, in the first line of the search condition, “Yamada” for the name and “ 10-20 ", enter" diabetes "for diagnosis, and in the second line of the search condition, enter" Yamada "for name," 10-20 "for age, and" gastric ulcer "for diagnosis, A patient member having medical data that includes “Yamada” in the name of the patient member, is 10 to 20 years old, and includes the words “diabetes” or “gastric ulcer” in the diagnosis comment is extracted.
[0152]
As a function common to the global menu 7 for doctor members in FIG. 7, the global menu 8 for patient members in FIG. 8, and the global menu 9 for associate medical staff members in FIG. 9, new data registration buttons 7-6 and 8 for medical data are provided. -4, 9-4, which register new medical data.
[0153]
As a common function to the global menu 7 for doctor members in FIG. 7, the global menu 8 for patient members in FIG. 8, the global menu 9 for quasi-medical worker members in FIG. 9, and the global menu 10 for medical institution members in FIG. There are doctor search buttons 7-7, 8-5, 9-5 and 10-6 for searching for doctors who receive a request for diagnosis. With this doctor search button, remote diagnosis undertaken doctor search as shown in FIG. The screen 22 is opened.
[0154]
The researcher member global menu 11 shown in FIG. 11 has a medical data search button 11-1, which opens a medical data search condition input screen 28 shown in FIG. 28. Therefore, the medical data search condition input field 28- Enter the condition in 1 and execute the search.
[0155]
The doctor member global menu 7 of FIG. 7 has a remote diagnosis button 7-8, and this button displays a remote diagnosis request list screen 26 shown in FIG.
[0156]
When a patient member to be diagnosed is selected from the remote diagnosis request list screen 26, the corresponding medical data detailed browsing screen 18 shown in FIG. 18 is displayed, and the mode of the accessor / mode column 18-1 at this time is “normal”. Mode "is displayed.
[0157]
The patient member global menu 8 shown in FIG. 8 has a diagnosis key change button 8-1 that can change a diagnosis key (password for adding access right) as an access right addition authentication means. To move to the examination key change screen and enter the examination key according to the request of the medical data management system.
[0158]
Since the medical data management system requests input of a new medical examination key if the medical examination key is true, the medical examination key is changed by inputting a new medical examination key and selecting a registration button.
[0159]
If the examination key requested by the system before the change is false, the medical data management system recognizes the change to the new examination key, but it can be recorded because there is a possibility of unauthorized access.
[0160]
The patient member global menu 8 includes a one-time password creation button 8-2 (an example of a disposable authentication means creation button). When the one-time password creation button 8-2 is selected, a one-time password creation screen ( Move to (not shown).
[0161]
In addition, there is a one-time password expiration button 8-3 for revoking the one-time password, and the patient member moves to a one-time password expiration screen (not shown) with the one-time password expiration button 8-3. When revocation is selected, all previously created one-time passwords are revoked.
[0162]
Here, first, a path to reach the medical data detailed browsing screen in order to use medical data will be shown using FIG. The member logs in (S35-1), and then reaches a detailed medical data browsing screen for each member (for example, FIG. 19 for the patient and FIG. 18 for the doctor) through a path available for the member type. For example, the route from the new diagnosis patient button (S35-2) and the route from the remote diagnosis button (S35-3) in the global menu can be used only by the doctor member, and the route from the accessible data button (S35-5). The route from the management responsibility information button (S35-6) can be used by all members, and the route from the new data registration button (S35-4) can be used by doctor members, associate medical staff members, and patient members. It is.
[0163]
In the medical data detailed browsing screen 18 shown in FIG. 18 opened by the doctor member as a medical examination, the name of the doctor is displayed in the accessor column 18-10, and “examination mode” is displayed in the accessor / mode column 18-1. When the medical data detail browsing screen 18 is opened other than the medical examination, “normal mode” is displayed.
[0164]
In the medical data detailed browsing screen 18 of FIG. 18, detailed information of an irregular data box 18-13, a diagnostic box 18-6, a comment box 18-8, an introduction box 18-2, and a return box 18-3 is displayed. The
[0165]
Next, usage modes of the medical data management system of the present invention will be described with reference to FIGS. 1, 7, 10, 15, 16, and 18. FIG.
[0166]
For example, when a new patient visits the outpatient of the large-scale medical institution 1-15 shown in FIG. 1, the medical institution member accepts the patient using the consultation patient acceptance button 10-1 in the global menu 10 shown in FIG.
[0167]
When the doctor member clicks on the consultation patient button 7-1 of the global menu 7 shown in FIG. 7, the examination patient list (outpatient) screen 15 shown in FIG. 15 is displayed, so that the examination patient is specified from the examination patient list, When the new examination patient button 7-3 in FIG. 7 is clicked, the examination key is requested, and if the input value is true, the examination target patient data list 16 shown in FIG. 16 is displayed. “-1” indicates “diagnosis mode”.
[0168]
In the patient data list screen 16 shown in FIG. 16, the medical data that the doctor member already has access to (the medical data in which the access right of the doctor member is recorded in the management file) and the doctor member still have the access right. Both medical data that has not been acquired (medical data in which the access right of the doctor member is not recorded in the management file) are displayed.
[0169]
If it is medical data for which the doctor member has not acquired the access right, “not acquired” is displayed in the access right column 16-2 of the diagnosis target patient data list screen 16, and the patient member has the access right additional restriction column 16 at the time of the diagnosis. -3 or remote diagnosis access right addition restriction column 16-4, if “warning” is set as protection for access right addition, access right addition restriction “1” is displayed in access right column 16-2. If “one-time password protection” is set, the access right additional restriction “2” is displayed.
[0170]
Further, when the doctor selects medical data from the patient data list screen 16 to be examined, clicks the “open medical data” button 16-5, and opens the medical data detail browsing screen (for doctor) 18 shown in FIG. Thereafter, the medical data management system recognizes the processing up to the selection of the diagnosis end button 7-4 in the global menu 7 of FIG.
[0171]
“Diagnosis mode” means a state in which an access right such as a doctor member can be additionally registered in the medical data of a patient member.
[0172]
Next, registration of new medical data on the medical data detail browsing screen (for doctor) 18 shown in FIG. 18 will be described.
[0173]
For example, when a doctor member clicks the new data registration button 7-6 in the global menu shown in FIG. 7, the medical data management system requests a patient member ID and a medical examination key for new registration of medical data, and inputs them. Then, the examination mode is entered, and a new medical data number for the patient member is created.
[0174]
The medical data management system describes the created medical data number and the member information at the time of the patient member, and a new medical data details browsing screen (doctor as shown in FIG. 18) in which the irregular data box 18-13 is blank. 18) is displayed in the “diagnosis mode”, so that the irregular data is input and the save button 18-4 is clicked, the medical data is saved in the system.
[0175]
The correction is possible until the save button 18-4 is clicked, and the close button 18-9 is clicked without clicking the save button 18-4 to close the medical data detail browsing screen (for the doctor) 18. Then, the created medical data number and all the information accompanying it are discarded.
[0176]
If the user does not click the save button 18-4 and tries to close the medical data detail browsing screen (for doctor) 18, a warning is issued.
[0177]
The initial value of the access right to the new medical data is the doctor A displayed in the access person column 18-10 of the new medical data and the patient a displayed in the display data column 18-11.
[0178]
In addition, as described above, in case a member other than the patient member newly registers medical data, the patient member preliminarily restricts the access right at the time of examination of this medical data and the additional access right at the time of remote diagnosis. A function of automatically registering the initial value may be provided. This is a function for enabling privacy protection of a patient member immediately after registration of medical data even when a member other than a patient newly registers medical data.
[0179]
When the doctor member finishes examining one patient member and examines the next patient member, the examination end button 7-4 shown in FIG. 7 is used to terminate the examination. For example, the examination patient data list in FIG. ) Select the next patient member from the screen 15, click the new examination patient button 7-3, and enter the examination key of the next patient member.
[0180]
When a patient member registers medical data, a new medical data number is created when the new data registration button 8-4 of the global menu 8 for patient members in FIG. 8 is clicked after login.
[0181]
The medical data management system records the created medical data number and the member information of the patient member at that time, and displays the medical data detailed browsing screen (for patient) 19 in which the irregular data portion shown in FIG. 19 is blank. When the standard data is input and finally the save button 19-2 is clicked, the data is saved in this system.
[0182]
Until the save button 19-2 is clicked, it can be corrected. When the medical data detail browsing screen (for patient) 19 is closed without clicking save, the created medical data number and the accompanying information are as follows. All are destroyed.
[0183]
On the other hand, if the user clicks the save button 19-2 and tries to close the medical data detail browsing screen 19, a warning is issued.
[0184]
The initial value of the access right to this medical data is only the patient member.
[0185]
The local menu of the medical data detail browsing screens 18 and 19 will be described with reference to FIGS.
[0186]
18 is accessed as a local menu on the medical data detailed browsing screen (for doctor) 18 in FIG. 18, a comment addition button 18-7, a medical data copy / processing button 18-12, a save button 18-4, and an access. A right confirmation button 18-20, an important / unnecessary registration button 18-21, and a remote diagnosis request button 18-17 are provided, and an access right as a local menu is displayed on the medical data detail browsing screen (for patient) 19 in FIG. An additional restriction change button 19-12 is provided.
[0187]
Note that the access right addition restriction change button can be used only by the patient member.
[0188]
The diagnosis addition button 18-5 shown in FIG. 18 is permitted only to doctor members, and when clicked, a diagnosis box 18-6 is additionally displayed. When the diagnosis name is input and the save button 18-4 is clicked, the diagnosis is added together with the name of the diagnosed doctor. Registered in the data management system.
[0189]
The correction can be made until the save button 18-4 is clicked. If the medical data detailed browsing screen (for doctor) 18 is closed without clicking save, the diagnosis created by this operation is discarded.
[0190]
The comment addition button 18-7 can be used by doctor members, associate medical staff members, and patient members. When the comment addition button 18-7 is clicked, a comment box 18-8 is additionally displayed, and a comment is input. When the save button 18-4 is clicked, it is registered in the medical data management system together with the comment registrant name.
[0191]
Correction is possible until the save button 18-4 is clicked. For example, when a doctor member closes the medical data detail view screen (for doctor) 18 without clicking save, the correction is made by this operation. Comments are discarded.
[0192]
The medical data copy / process button 18-12 can be used by a doctor member, a quasi-medical worker member, a patient member, or a researcher member. When the medical data copy / process button 18-12 is clicked, diagnosis is performed. A new medical data detail browsing screen and a new medical data number in which only the indefinite data without information in the box 18-6 and the comment box 18-8 are copied are created.
[0193]
However, the setting of the access right addition restriction for the access right addition in the access right addition restriction box 18-14 at the time of diagnosis and the access right addition restriction box 18-15 at the time of remote diagnosis is inherited from the original medical data.
[0194]
Therefore, by editing the copied new data and inputting a comment or the like and clicking the save button 18-4, the edited information can be saved in the medical data management system.
[0195]
Therefore, the original medical data and the copy-edited medical data remain in the medical data management system.
[0196]
At this time, the medical data type column 18-16 of the copy-edited medical data is set to “copy of medical data” as an initial value, and the initial value of the access right to this data is the creator and the patient of the original medical data. Become a member.
[0197]
The access right confirmation button 18-20 is a button for confirming members who have access rights to this medical data. When the access right confirmation button 18-20 is clicked, the access right holder list screen 20 of FIG. 20 is displayed to confirm the access right holders. Can do.
[0198]
Further, the important flag 3-2a and the unnecessary flag 3-2b in FIG. 3 can be registered by the important / unnecessary registration button 18-21 in FIG. 18. For example, the center of the medical data detail browsing screen (for doctor) 18 can be registered. In the vicinity, an important flag mark 18-23 and an unnecessary flag mark 18-24 are displayed.
[0199]
The important flag mark 18-23 is stored only for the corresponding data even when the member has automatically set the storage responsibility to be abandoned (displayed in the storage condition setting field 18-22). It is a sign that does not automatically give up responsibility.
[0200]
On the other hand, the unnecessary flag mark 18-24 is a mark indicating that the member has declared that the medical data is unnecessary.
[0201]
If both the unnecessary flag and the important flag are set, the unnecessary flag has priority.
[0202]
Further, an access right addition restriction change button 19-12 shown in FIG. 19 is a function button that can be used only by the patient member, and the access right addition restriction when adding the access right to the medical data is set to “no protection” and “warning setting”. , Change to each state of the one-time password setting.
[0203]
Each access right addition restriction is displayed in the access right addition restriction box 19-13 for diagnosis and the access right addition restriction box 19-14 for remote diagnosis in FIG.
[0204]
When the change button 19-12 of access right addition restriction in FIG. 19 is clicked, a medical data access right addition restriction setting window 21 as shown in FIG. 21 is opened, and the access right addition restriction is selected with the radio buttons 21-1, 21-2. Yes, close with the close button 21-3 on the upper right.
[0205]
A remote diagnosis request button 18-17 in FIG. 18 is a button for requesting a remote diagnosis.
[0206]
The remote diagnosis will be described with reference to FIGS. 6, 7, 18, 22, 23, 24, 25, and 26.
[0207]
When performing remote diagnosis, a doctor member registers information related to remote diagnosis, extracts an introduction destination (remote diagnosis request destination), requests remote diagnosis, creates a return for remote diagnosis, and performs evaluation for remote diagnosis.
[0208]
The doctor member registers in advance the clinical department, specialized area, remote diagnosis conditions, etc. for remote diagnosis using the basic member information button 6-2 in the global menu shown in FIG.
[0209]
As a remote diagnosis requester, when a member searches for a remote diagnosis request destination, doctor search buttons 7-7, 8-5, 9-5, 10- described in the global menus 7, 8, 9, 10 for each member 6 is clicked and the remote diagnosis acceptance doctor search screen 22 shown in FIG. 22 is opened.
[0210]
Next, a search is performed by entering the conditions such as name, department, specialized area, etc. in the blanks, and when the search is executed, the search result of information relating to remote diagnosis as shown in FIG. A list of doctors 23 who can accept a remote diagnosis is obtained.
[0211]
Here, when the retrieved doctor data is selected, as shown in FIG. 24, an evaluation comment box 24 that is an evaluation of the remote diagnosis performed by the doctor member in the past can be confirmed.
[0212]
Here, when the “view client information” button 24-1 in the evaluation comment box 24 is clicked, the doctor's reverse evaluation comment box 25 for the evaluation performed by the client in the past as shown in FIG. 25 can also be confirmed.
[0213]
Thus, it is expected that the requester and the requestee can realize high-quality medical care by evaluating comments on the medical data.
[0214]
Next, for example, when a doctor member requests remote diagnosis, the medical data detailed browsing screen (for doctor) 18 for medical data desired to be requested for remote diagnosis shown in FIG. 18 is opened by any of the methods described above. .
[0215]
When the remote diagnosis request button 18-17 in the local menu is clicked, a remote diagnosis undertaking doctor search screen 22 shown in FIG. 22 is displayed.
[0216]
As a result of the search, as shown in FIG. 23, a remote diagnosis undertaking doctor list screen 23 is displayed, from which a doctor who wants to request remote diagnosis is selected.
[0217]
When the requesting doctor is selected, the screen returns to the medical data detailed browsing screen 18 of FIG. 18, and the introduction box 18-2 and the return box 18-3 in which the introducer (requester) and the introduction destination (requestee) are automatically input at this time. Is created, and the client enters the contents of the introduction in the introduction box 18-2.
[0218]
When the save button 18-4 is clicked, the contents of the introduction box 18-2 are saved in the medical data management system, and the member of the requestee is stored in the access right recording area 3-2 of the medical data management file shown in FIG. The ID is additionally recorded, and a request for remote diagnosis is notified to the destination.
[0219]
Correction is possible until the save button 18-4 in FIG. 18 is clicked, and a warning is displayed if the medical data detail browsing screen (for doctor) 18 is closed without clicking the save button 18-4. If the medical data detail browsing screen (for doctor) 18 is closed ignoring the warning (not shown), the created introduction is discarded.
[0220]
The doctor of the remote diagnosis requestee can confirm that there is a request for remote diagnosis in the notification field 6-6 on the initial screen after login in FIG.
[0221]
The requestee clicks the remote diagnosis button 7-8 of the global menu 7 shown in FIG. 7, and clicks and selects the medical data for which a reply is to be created from the remote diagnosis request list of FIG.
[0222]
At this time, since the requester's access right to the medical data is added by the requester, the medical data detail browsing screen (for the doctor) 18 of FIG. 18 is displayed in the normal mode.
[0223]
In addition, since the introduction box 18-2 and the return box 18-3 are created by the remote diagnosis requester on the medical data detail browsing screen (for doctor) 18 in FIG. 18, the return box 18-3 is displayed by remote diagnosis. Enter your findings and click save button 18-4 to save.
[0224]
The correction is possible until the save button 18-4 is clicked. If the medical data detail browsing screen (for doctor) 18 is closed without clicking the save button 18-4, the comment created by this operation is discarded. Is done.
[0225]
If you try to close the medical data details browsing screen (for doctors) 18 without saving, a warning will be displayed, and when saved, input of the remote diagnosis return is completed to the client Notify that.
[0226]
The requester of the remote diagnosis can confirm that the return of the remote diagnosis has been created in the notification field 6-6 of the initial screen 6 after login in FIG. 6, and can input the evaluation for the next remote diagnosis.
[0227]
Next, evaluation / reverse evaluation for remote diagnosis will be described with reference to FIGS. 6, 18, 21, and 27.
[0228]
After the remote diagnosis is made by the requestee, when the requester opens the detailed medical data browsing screen (for doctor) 18 in FIG. 18, a reply is entered in the return box 18-3.
[0229]
An evaluation button 18-18 is prepared on the side of the introduction box 18-2. This evaluation button 18-18 is effective only for the requester of the remote diagnosis.
[0230]
When the evaluation button 18-18 is clicked, an evaluation / reverse evaluation window 27 as shown in FIG. 27 is opened.
[0231]
The evaluation / reverse evaluation window 27 includes an evaluation comment column 27-1 for a return of remote diagnosis and an evaluation five-step column 27-2 as a requester entry column.
[0232]
The requester of the remote diagnosis enters the evaluation in the evaluation comment column 27-1 and the evaluation five-step column 27-2 and is registered when the registration button 27-3 is clicked, and the evaluation is added to the requestee. Be notified.
[0233]
Similarly, the remote diagnosis requester is notified in the notification column 6-6 in FIG. 6 that the evaluation for the remote diagnosis has been added.
[0234]
The requestee clicks the reverse evaluation button 18-19 on the medical data detail browsing screen (for doctor) 18 in FIG. 18 to open the evaluation / reverse evaluation window 27 shown in FIG. Look at the evaluation comment column 27-1 and the 5-step evaluation column 27-2 for the diagnosis to determine whether or not these results can be disclosed, and check the check boxes 27-4 and 27-5 (or Click the registration button 27-6 to register.
[0235]
Further, the validity of the received evaluation is examined, and a reverse evaluation comment column 27-7 and a reverse evaluation 5-step column 27-8 can be input.
[0236]
When the registration button 27-9 is clicked after the input, the requester is notified that the reverse evaluation is performed together with the registration.
[0237]
Similarly, the requester receives the notice of the reverse evaluation performed by the requestee, opens the evaluation / reverse evaluation window 27, examines the contents of the reverse evaluation, and checks the check box 27-10 if the contents are disclosed. , 27-11, and a registration button 27-12 can be clicked to register.
[0238]
Next, protection of medical data will be described with reference to FIGS. 1, 19, 29, and 30. FIG.
[0239]
First, the patient member uses the access right addition restriction change button 19-12 in the local menu of the medical data detailed browsing screen (for patient) 19 in FIG. Set access right additional restrictions for “None”, “Warning”, and “Protect with one-time password”.
[0240]
The patient member can create a one-time password (disposable authentication means) based on the flow of FIG. First, the patient member inputs the member ID and password, logs in to the medical data management system (S29-1), displays the global menu for patient member (S29-2), and selects the one-time password creation button ( S29-3).
[0241]
There are two methods for selecting the one-time password creation method (S29-4). For example, if the one-time password to be created is a general-purpose one-time password that can be used in common for all protected data. (S29-5), a list of currently valid general-purpose one-time passwords is displayed (S29-6). If additional creation is required (S29-7, S29-8), the system is general-purpose. Create a one-time password, set an expiration date (S29-9), register the one-time password in the patient's member basic information file (S29-10), and then create the general-purpose one-time password on the screen Is displayed (S29-11).
[0242]
On the other hand, if the one-time password to be created is a specific one-time password that protects specific medical data (S29-12), from the list of medical data for which the one-time password protection is set from among the medical data. (S29-13) When medical data is selected (S29-14), a currently valid specific password is displayed (S29-15). If additional creation is required, the number of additional creations is input (S29-16, S29-16). S29-17), a specific one-time password is created (S29-18), registered in the medical data management file (S29-19), and the created specific one-time password is listed on the screen (S29-19). S29-20).
[0243]
Furthermore, if these one-time passwords are created by the data capture reference terminal 1-13 shown in FIG. 1, the created one-time passwords can be printed by a printer, When a one-time password is created by connecting to the Internet with a palmtop type mobile communication device, it is displayed on the monitor screen of the device.
[0244]
These one-time passwords may be created automatically by the system using random numbers or the like as described above, or the user himself / herself may select and create an arbitrary character string.
[0245]
The patient member can set up three additional access right restrictions on access right addition: “No protection”, “Warning”, and “Protect with one-time password”. In remote diagnosis, processing for additional access right restriction is performed.
[0246]
In the examination access right addition restriction column 16-3 in FIG. 16, the examination access right addition restriction in the basic part 3-1 of the medical data management file 3 in FIG. 3 (access during examination in the data example 3-3 of the basic part) 3 is displayed in the remote diagnosis access right additional restriction column 16-4 in the basic part 3-1 of the medical data management file 3 of FIG. The value of the access right additional restriction at the time of remote diagnosis in the data example 3-3 is displayed.
[0247]
The access right addition restriction process at the time of diagnosis is performed based on the flow shown in FIG. The doctor member inputs the member ID and password, logs in to the medical data management system (S30-1), selects a patient member, and clicks on the new diagnosis patient button (S30-2). Therefore, the examination key is obtained and inputted from the patient member (S30-3). If the examination key is wrong (S30-4), an error is displayed and the process ends (S30-8). When the examination key is correct (S30-4), the examination mode is confirmed and the examination target patient data list screen 16 is displayed (S30-5). When the doctor member selects medical data to be accessed on the examination target patient data list screen 16 and clicks the “open medical data” button 16-5 (S30-6), the doctor member has already given the access right to the selected medical data to the doctor. If the member has it (S30-7), the detailed medical data browsing screen (for doctor) 18 of FIG. 18 opens (S30-19).
[0248]
If the selected medical data is medical data for which the doctor member has not yet acquired the access right (S30-7), the following processing is performed according to the additional access right at the time of examination set by the patient member. The
[0249]
When “0” is displayed in the access right addition restriction column 16-3 at the diagnosis target patient data list screen 16 shown in FIG. 16 (S30-9), the patient member adds an access right at the time of the diagnosis. Therefore, the access right of the doctor member is additionally recorded in this medical data management file (S30-18), and the medical data is displayed on the medical data detailed browsing screen (for the doctor) 18. (S30-19).
[0250]
In addition, when “1” is displayed in the access right addition restriction column 16-3 on the examination target patient data list screen 16 shown in FIG. 16 (S30-10), the member who is trying to access the medical data is notified. On the other hand, it shows that the patient member is set to warn when adding the access right to the medical data. For example, “Open this medical data and notify the patient member that the access right has been obtained” A display to the effect that the patient member is notified of browsing is displayed (S30-11).
[0251]
After the warning, when the doctor member inputs the approval (S30-12) and does not approve the warning (S30-13), it is displayed that the browsing is impossible (S30-14). Return to screen 16.
[0252]
On the other hand, when the doctor member approves the warning in the input regarding approval (S30-12) (S30-13), the patient member is notified that the doctor member has accessed (S30-17), and the medical member The access right of the doctor member is additionally recorded in the data management file (S30-18), and the medical data is displayed on the medical data detailed browsing screen 18 of FIG. 18 (S30-19).
[0253]
Further, when “2” is displayed in the access right addition restriction column 16-3 on the examination target patient data list screen 16 shown in FIG. 16, “1” even if the access right addition restriction on the examination is “0”. Since it is not (S30-9, S30-10), it indicates that the patient member has set “protection by one-time password” for the addition of access right, and “opens this medical data and obtains access right. Is displayed, "the doctor member must obtain and enter the one-time password from the patient member (S30-15). If the one-time password is valid ( S30-16) Notifying the patient member that the doctor member has accessed (S30-17), and additionally recording the access right of the doctor member in the medical data management file (S3) -18), to display the medical data in medical data for viewing details screen 18 (S30-19).
[0254]
Next, the case where the access right addition restriction at the time of the remote diagnosis request is processed will be described based on the flow of FIG. The doctor member inputs the member ID and password, logs in to the medical data management system (S31-1), and selects a patient member (S31-2), the examination target patient data list screen 16 is displayed in the normal mode. At this time, “normal” is displayed in the accessor / mode column 16-1 (S31-3). When the medical doctor member selects medical data to be accessed on the examination target patient data list screen 16 and clicks the “open medical data” button 16-5, the medical doctor member does not have the right to access the selected medical data. (S31-5), the system displays that access is not possible (S31-6), and the process ends (S31-7). If the doctor member already has the right to access the medical data (S31-5), the medical data detailed browsing screen (for doctor) 18 shown in FIG. 18 is opened (S31-8).
[0255]
When the medical data detailed browsing screen 18 of FIG. 18 is displayed (S31-8), when introducing medical data by remote diagnosis, clicking the remote diagnosis request button 18-17 of the local menu (S31-9), the patient The processing is divided as follows depending on the value set in the remote diagnosis access right additional restriction column 16-4 on the diagnosis target patient data list screen 16 in FIG. 16 set by the member for the medical data.
[0256]
If the patient member has set “0” indicating that there is no particular restriction in the access right additional restriction field during remote diagnosis (S31-10), a list of doctor members who can accept remote diagnosis is displayed ( 23 (S31-19), if a doctor member who requests remote diagnosis is selected (S31-20), the access right of the doctor member who is the requestee is added to the management file of medical data (S31). -21) After that, a request for remote diagnosis is notified to the doctor member who is the requestee (S31-22).
[0257]
On the other hand, if the patient member has set “1” indicating that a warning is to be performed in the remote diagnosis access right additional restriction column 16-4 of the diagnosis target patient data list screen 16 of FIG. 16 (S31-11). The patient member is notified that the request has been made. For example, a warning is displayed that "the patient member is notified that this medical data has been requested for remote diagnosis" (S31-12). If the member does not approve the notification regarding the remote diagnosis request to the patient member (S31-14) in the input relating to the approval (S31-13), it is displayed that the remote diagnosis request is not possible (S31-15). Return to the medical data detail browsing screen 18.
[0258]
If the member agrees to notify the patient member of the remote diagnosis request (S31-14), the patient member is notified that the member requested the remote diagnosis (S31-18), and the remote diagnosis can be accepted. When a list of doctor members is displayed (S31-19) and a doctor member requesting remote diagnosis is selected (S31-20), the access right of the doctor member is additionally recorded in the medical data management file (S31-21). The doctor member is notified of a request for remote diagnosis (S31-22), and the process is terminated.
[0259]
Further, if the patient member has set “2” indicating protection by the one-time password in the remote diagnosis access right additional restriction column 16-4 on the examination target patient data list screen 16 in FIG. 16 (S31-). 10, S31-11), “To request a remote diagnosis for this medical data, a one-time password is required” is displayed, and a one-time password is obtained from a patient member and entered (S31-16) Only when the one-time password is valid (S31-17), the patient member is notified that another member has requested remote diagnosis (S31-18), and the doctor member who requests remote diagnosis is selected (S31). -20), additionally record the access right of the doctor member in the medical data management file (S31-21), notify the doctor member of the request for remote diagnosis (S31-22), Management is completed.
[0260]
As described above, even when the medical data management system of the present invention is applied to a wide area network, the patient member can control the access right addition, so that remote diagnosis can be realized safely.
[0261]
Next, research use of medical data in this system will be described with reference to FIGS.
[0262]
If the patient member intends to release the medical data for research use, the member information setting screen (not shown) opened by the member basic information button 6-2 shown in FIG. Check the box (not shown).
[0263]
If the medical data research disclosure check box is not checked, all the medical data of the patient member is not disclosed. If checked, the date of birth, address, and gender can be selected individually. .
[0264]
Also, on the medical data detail browsing screen (for patient) 19, when the unpublished unformatted data research disclosure check box (for patient) 19-3 that may be disclosed is checked, the unformatted data including the medical data type and the list comment is displayed. Open to the public.
[0265]
Furthermore, a research release check box for a diagnostic box (for patients) 19-4, a research release check box for comment boxes (for patients) 19-5, 19-6, a research release check box for introduction boxes (for patients) 19-7 By checking, you can decide the intention of disclosure individually.
[0266]
These public check boxes for research can be changed only by patient members.
[0267]
Members who registered diagnosis, comments, referrals, and replies for the medical data research release can register their intention to release the self-created data, and the diagnostic box research release check box (for registrants) 19-8, comment box The research release check box (for registrants) 19-9 and 19-10, and the research release check box for introduction boxes (for registrants) 19-11 are checked to register the intention of research release.
[0268]
In this case, only the diagnosis box, comment box, and introduction box that are publicly announced by both the patient member and the creator are disclosed.
[0269]
Upon receiving the registration of the medical data for research, the medical data of the researcher member can be used.
[0270]
When the researcher member clicks the medical data search button 11-1 of the global menu 11 for researcher members shown in FIG. 11, a medical data search condition input screen 28 shown in FIG. 28 is displayed.
[0271]
In the medical data search condition input screen 28, for example, in the first line of the search condition, “Kagoshima Prefecture” is input for the region, “10-20” for the age, and “diabetes” is input for the diagnosis. If you search by entering “Kagoshima Prefecture” in the region, “10-20” in the age, and “gastric ulcer” in the diagnosis, the address of the member information file of the patient member will include “Kagoshima Prefecture” and the age is Medical data that is 10 to 20 years old and includes “diabetes” or “gastric ulcer” in the diagnostic comment is extracted (not shown). Each condition is an AND condition in the line and an OR condition in the line.
[0272]
When one of the extracted medical data is selected, the screen shifts to a detailed browsing screen (not shown) of the medical data, and an access right is added to the medical data as a researcher member.
[0273]
Next, with respect to one embodiment of the storage responsibility member determination method for enabling important medical data to be selected and stored for the period required by the member including the patient, FIG. 2, FIG. 3, FIG. This will be described with reference to FIGS.
[0274]
The responsibility for storing medical data is determined by confirming the intention of the member who has access to the medical data. The priority of the member who is responsible for storing medical data depends on the degree to which the medical data is required. If all members who have been determined and have access rights have given up their responsibility for storage, the medical data is discarded.
[0275]
FIG. 32 is a schematic diagram of data example 3-4 in the access right recording area of the medical data management file 3 shown in FIG. 3. For example, as a member who has access rights to medical data, a medical institution member The state transition of the access right recording area when there is medical α, patient a as a patient member, and doctor A and doctor B as doctor members is shown.
[0276]
For example, as shown in FIG. 33, the storage responsibility member is determined in the order of a medical institution member, a patient member, a doctor member, a quasi-healthcare worker member, and a researcher member. If the priority is determined to be given priority in the possession order, the first-priority storage responsibility member is medical α, and the access right recording area of the medical data management file at this time is the state A (S32-1) of the access right recording area in FIG. )become that way.
[0277]
The method for determining the responsible storage member is not limited to the determination method described in the present embodiment, and may be changed according to the use mode of each medical institution.
[0278]
Here, when the medical α makes an unnecessary declaration in the medical data, the storage responsibility is transferred to the patient a who is the next storage responsibility member candidate, and the patient is notified that the storage responsibility has been transferred. When patient a receives and approves the storage responsibility transfer notification, patient a becomes the storage supervisor and becomes in a state B (S32-2) in FIG.
[0279]
However, when the patient a makes an unnecessary declaration for the medical data, the responsibility for storage is transferred to the next candidate, but the doctor A is older than the doctor B in the doctor member frame which is the next candidate for storage responsibility. Since it has the access right, the next storage responsible member is determined to be the doctor A, the doctor A is notified that the storage responsibility has been transferred, and the access right recording area is in the state C (S32-3).
[0280]
Thereafter, the same processing is repeated until there is no storage responsibility candidate. As shown in the state D (S32-4), when all the storage responsibility members no longer exist, the medical data is deleted.
[0281]
A member who has an access right to the medical data management file can access the medical data until the medical data is deleted from the system even if the medical data is declared unnecessary.
[0282]
In this way, a mechanism is realized in which all members who have access rights to medical data confirm the intent to store and when all members declare that they are unnecessary, the medical data is automatically deleted.
[0283]
In order to cope with the case where management regarding the responsibility for storing medical data becomes complicated for members who have access to a lot of medical data, the member information files 2-1 and 2-2 in FIG. The automatic abandonment flags 2-1a and 2-2a may be set.
[0284]
Here, when the storage responsibility automatic abandonment flag 2-1a, 2-2a is “1”, it indicates that the member automatically declares that the medical data is not required when it becomes a medical data storage manager. When the automatic abandonment flags 2-1a and 2-2a are “0”, this indicates that the member is notified each time the member becomes a medical data storage manager.
[0285]
Furthermore, as shown in FIG. 3, each member may be able to set an important flag 3-2a in the access right recording area 3-2 of the management file of medical data judged to be important.
[0286]
Here, when the important flag 3-2a is “1”, the medical data is particularly important for members who set the storage responsibility automatic abandonment flags 2-1a and 2-2a to “1”. And does not automatically give up storage responsibility.
[0287]
Details of the storage responsibility determination process including the important flag 3-2a and the automatic storage responsibility abandonment flags 2-1a and 2-2a will be described with reference to FIG.
[0288]
When a member inputs a member ID and password and logs in to the medical data management system (S34-1), first, when there is medical data newly responsible for storage (S34-2), the member becomes a new storage manager. The medical data is notified (S34-3).
[0289]
Here, if the medical data having responsibility for storage is not required, “unnecessary” is input and an unnecessary declaration is made (S34-4). As a result, the unnecessary access right flag 3-2b of the member in the medical data management file is set. It becomes "1" (S34-5).
[0290]
If the unnecessary flag 3-2b of all members who have access rights to the medical data is “1” (S34-6), the medical data is deleted (S34-10), and the process ends.
[0291]
If there is a member who sets the unnecessary flag 3-2b to “0” among the members who have the right to access the medical data, the next candidate for the storage responsible member is selected from the medical data management file (S34-7). .
[0292]
If the storage responsibility automatic abandonment flags 2-1a and 2-2a in the member information files 2-1 and 2-2 of the new storage responsibility member candidate shown in FIG. 2 are not "1" (S34-8), the member (S34-11), the process ends.
[0293]
If the storage responsibility automatic abandonment flags 2-1a and 2-2a of the member information files 2-1 and 2-2 of the new storage responsibility candidate candidates are "1" (S34-8), the information is shown in FIG. The important flag 3-2a of the storage responsible member candidate is checked.
[0294]
If the important flag 3-2a of the storage responsible member candidate is “1” (S34-9), the member is notified that the member has become a new storage responsibility member (S34-11), and the process ends. .
[0295]
If the important flag 3-2a of the storage responsible member candidate is “0” (S34-9), the process returns to S34-5 and the same process is continued.
[0296]
In this way, the maintenance of medical data is entrusted to each member, and members who share medical data can be selected and stored according to their importance, and the medical data for which the obligation to store medical data has passed has passed. There is no risk of being easily lost.
[0297]
Next, an embodiment in which a medical data management system is managed and operated in order to contribute to the medical economic field will be described.
[0298]
For example, the economic base for managing and operating a medical data management system is billing and advertising fees for members. Member billing is due to membership fees and system usage fees associated with system usage (remote diagnosis, researcher membership) Medical data use) and medical data storage fees.
[0299]
When performing remote diagnosis, a doctor member who receives a request for remote diagnosis can present a specialized field and conditions for undertaking remote diagnosis. However, conditions such as a fee may be presented here. In this case, when the requesting member requests remote diagnosis and the doctor member who receives the request creates a return, the system administrator collects a part of the fee as a system usage fee.
[0300]
When medical data is used for research, for example, when a medical researcher browses medical data of a plurality of patient members using this system, a charge is made for each medical data viewed. At this time, the system administrator collects a system usage fee. If the patient member who provides the medical data may request a medical data provision fee, the promotion of the disclosure of the medical data can be expected.
[0301]
When determining the storage fee for medical data, the medical data management system retrieves the person in charge of storage from all the medical data management files every month, totals the amount of the medical data recorded in the management file, and The storage amount of medical data for each storage responsibility is calculated and charged for this.
[0302]
Regarding the advertisement fee, for example, the system administrator may publish an advertisement on the homepage screen 5-1 shown in FIG. 5 or the initial screen 6 after login of each member in FIG. 6 and collect the advertisement fee.
[0303]
Since the advertisement on this system can be sent to a certain membership type, it has an added value, so an effective advertising effect can be expected.
[0304]
In addition, it is expected that billing to members will be suppressed by putting advertising revenue into the system operating expenses.
[0305]
The system usage fee and the medical data storage fee associated with the use of the medical data management system may be a completely pay-as-you-go system, a fixed fee system, or a combination of both.
[0306]
In the medical data management system of the present invention, in order for the patient to enjoy the maximum rights and convenience, the patient whose medical data is registered / stored needs to be a member, but the patient is not a member. Even in cases (hereinafter referred to as non-member patients), the medical data management system can be used for the convenience of medical staff.
[0307]
However, it is desirable to perform necessary restrictions in order to ensure security, such as preventing unauthorized use of the medical data management system of the present invention.
[0308]
An operation example of a non-member patient is shown below, but this operation example does not limit the present invention.
[0309]
For example, a non-member patient can be registered as a doctor member, a semi-medical worker member, or a medical institution member, and a researcher member cannot register a non-member patient.
[0310]
When registering a non-member patient, a patient member ID and an access right adding authentication means are issued, but a login authentication means is not issued to a non-member, and a non-member patient cannot log in to the system.
[0311]
The non-member patient ID and the access right addition authentication means are managed by the doctor member, the semi-medical worker member, and the medical institution member who registered the non-member patient.
[0312]
Registration of medical data is performed by a member of a doctor, a member of a semi-medical worker, or a member of a medical institution using a non-member patient member ID and an access right adding authentication means, and the access right of the registered medical data is registered as medical data. The medical data storage responsible member is also a member who has registered the medical data.
[0313]
A request for remote diagnosis regarding medical data of a non-member patient can be realized as usual by a member having access rights adding access rights to other members.
[0314]
Protecting other members from adding access to medical data for non-member patients, and research publishing is not possible because they cannot log in as patient members.
[0315]
Non-member patients may be registered as formal patient members as necessary. In this case, the patient member ID can be used continuously, new login authentication means are registered, and access rights are added. It is desirable to update the authentication means.
[0316]
When a non-member patient becomes an official patient member, the patient member may be able to acquire access rights for medical data registered in the past.
【The invention's effect】
As described above, in the medical data management system of the present invention, a patient, a doctor, a medical worker other than a doctor, and a medical institution are members, and an ID for each member includes an authentication means for login. The Internet can be used effectively and medical data can be used effectively.
[0317]
In addition, the member's access right is recorded in the management file attached to each medical data, so that the member's access to the medical data is made possible. it can.
[0318]
Further, since the access right addition authentication means is provided as a means for enabling the new access right of the member to be recorded in the management file, and the access right addition authentication means is provided for each patient member, the doctor A new method is also provided for accessing medical data of a patient member to which the member does not yet have access.
[0319]
Furthermore, since the access right of the member is recorded in the management file and the access right addition authentication means is provided as a means for enabling the new access right of the member to be recorded in the management file. The medical data in which the access right is recorded in the management file can be accessed without the access right additional authentication means, and the acquisition of the access right and the holding of the access right are managed independently.
[0320]
If a member whose access right has already been recorded in the management file for medical data can record other members' access right in the management file, other members can access this medical data. As a result, a member who has access to medical data can give access to other members, and medical data can be disclosed among the members of this system during remote diagnosis.
[0321]
With the feature that the patient member automatically records the access right in the management file of all his / her medical data, the patient member can browse and disclose his / her medical data, and the patient's right to know can be enhanced.
[0322]
In addition, since it is possible for patient members to register their own medical data in the medical data management system, the patient members themselves will be provided with a means to store information such as their own physical condition, which is proactive. Management of medical information.
[0323]
It is possible to use the information on the medical field directly for research and education because it is configured so that the researcher members can participate and the patient members can release their own medical data on the medical data management system. Open sex.
[0324]
The medical data range approved by the patient member is recorded in the medical data management file, and the medical data permitted to the researcher member can be released. Therefore, since it can be regarded as medical data that has undergone informed consent, its utility value is high.
[0325]
For each member whose access right is recorded in the management file, the person responsible for storing the medical data is determined in the order in which the medical data is required. Therefore, even if multiple members have access to the same medical data, The person responsible for data storage is clear.
[0326]
When the custody manager renounces his / her duties, the custody officer's appointment is transferred to the next candidate, and all members who have access rights can become custody managers, so the members cannot be recognized. Thus, necessary medical data is not discarded.
[0327]
When all members finally give up the responsibility for storage, a function for deleting the medical data is provided, so that useless data storage does not occur.
[0328]
By searching for the person in charge of storing each medical data, a function is provided that makes it possible to aggregate the amount of medical data stored for each member and charge for this, so that multiple medical data can be stored in the same medical data. In the situation where the members have access rights, a fee structure that considers the amount of medical data stored can be constructed, and the amount of data stored can be balanced with the usage fee.
[0329]
Since the authentication means for adding access rights of a patient member can be changed, even if a patient member tells another person the authentication means for adding access rights, the old authentication means for adding access rights is invalidated by changing it. And can be expected to protect medical data that is personal information.
[0330]
This medical data management system allows other members to perform other member's actions to add other users' access rights to their own medical data specified by the patient members. By alerting the patient member to notify, it is expected that the medical data, which is personal information, can be prevented from being disclosed indiscriminately by others.
[0331]
In addition, after the other member's action, the member's action is recorded and notified to the patient member, so that the patient member knows the member who has given the right to access his / her medical data and the given member. I get out.
[0332]
The medical data management system of the present invention can register a disposable authentication means for allowing other members to add an access right to the medical data only once for the medical data specified by the patient member. By setting the authentication means to medical data, it is possible to request the input of the disposable authentication means to other members who perform the act of adding access rights, thereby providing a strict medical data protection action. I can expect.
[0333]
In the medical data management system of the present invention, a doctor member who is a requestee of remote diagnosis / medical care is provided with a function for posting information related to remote diagnosis / medical care such as a specialized area, The self-advertisement effect can be expected, and at the same time, the client can easily obtain information for selecting a doctor member who is a client of remote diagnosis / medical care.
[0334]
Evaluation of the diagnosis and other information provided by the requesting doctor member after the doctor member or patient member becomes the requester of remote diagnosis / medical care and the remote diagnosis / medical care is performed by the requesting doctor member. Since the client, who is the client, can register, remote diagnosis and medical treatment will be evaluated by the client, and maintenance of quality can be expected.
[0335]
In addition, because the client who has received the evaluation can register the reverse evaluation for the evaluation performed by the client in the medical data management system, the evaluation tends to be unsuitable for remote diagnosis and medical treatment. It is possible to expect the effect of keeping the morality of system use by the network by checking the requesting clients and clients who perform extreme evaluation.
[Brief description of the drawings]
FIG. 1 is an explanatory diagram showing a configuration of a medical data management system of the present invention.
FIG. 2 is an example of a member information file.
FIG. 3 is an explanatory diagram of a medical data management file.
FIG. 4 is an explanatory diagram of member registration.
FIG. 5 is a screen example of a home page screen.
FIG. 6 is a screen example of an initial screen after login.
FIG. 7 is a screen example of a global menu for doctor members.
FIG. 8 is a screen example of a global menu for patient members.
FIG. 9 is a screen example of a global menu for semi-medical workers.
FIG. 10 is a screen example of a global menu for medical institution members.
FIG. 11 is a screen example of a global menu for researcher members.
FIG. 12 is a screen example of a patient search screen.
FIG. 13 is a screen example of an accessible medical data list screen.
FIG. 14 is a screen example of a storage responsibility medical data list screen.
FIG. 15 is a screen example of a diagnosis patient list screen.
FIG. 16 is a screen example of a medical data list screen for a patient to be examined.
FIG. 17 is a screen example of a diagnosis key input screen.
FIG. 18 is a screen example of a medical data details browsing screen (for doctors).
FIG. 19 is a screen example of a medical data details browsing screen (for a patient).
FIG. 20 is a screen example of a medical data access right holder list screen;
FIG. 21 is a screen example of a medical data access right addition restriction setting screen.
FIG. 22 is a screen example of a remote doctor requestable doctor search screen.
FIG. 23 is a screen example of a remote diagnosis requestable doctor list screen.
FIG. 24 is a screen example of a remote diagnosis requesting doctor determination screen.
FIG. 25 is a screen example of a reverse evaluation comment browsing screen.
FIG. 26 is a screen example of a remote diagnosis request list screen.
FIG. 27 is a screen example of a remote diagnosis evaluation input screen.
FIG. 28 is a screen example of a medical data search screen.
FIG. 29 is an explanatory diagram of creating a one-time password.
FIG. 30 is an explanatory diagram of access right addition restriction processing during diagnosis.
FIG. 31 is an explanatory diagram of access right addition restriction processing during remote diagnosis;
FIG. 32 is an explanatory diagram of a concept of a medical data storage responsibility member determination process.
FIG. 33 is an explanatory diagram of a storage responsibility member candidate determination process.
FIG. 34 is an explanatory diagram of a medical data storage responsibility member determination process and a medical data deletion process;
FIG. 35 is a schematic diagram of functional restrictions regarding medical data use in each member.
[Explanation of symbols]
1-1, 1-2, 1-3 Data management server
1-1a, 1-2a, 1-3a, 1-4a, 1-4b, 1-5b
1-4 Bridge data server
1-5 Bridge cache server
1-6 Root Certification Authority
1-6a, 1-6b Mirror certification authority
1-7 Internet
1-8, 1-9 Hospital network
1-10, 1-11, 1-12, 1-13, 1-14 Data acquisition reference terminal
1-15 Large scale medical institutions
1-16 Medium-sized medical institutions
1-17 Small medical institutions
1-18 Housing
1-19 Research Facility
2-1, 2-2 Member information file
2-1a Storage responsibility automatic abandonment flag
2-1b General-purpose disposable authentication means (general-purpose one-time password)
2-2a Automatic storage waiver flag
3 Medical data management file
3-1 Basic part
3-1a Specific disposable authentication means (specific one-time password)
3-2 Access right recording area
3-2a Important flag
3-2b Unnecessary flag
3-3 Basic part data example
3-4 Data example of access right recording area
5-1 Homepage screen
5-2 Online member registration menu
6 Initial screen after login
6-1 Login password change button
6-2 Member Basic Information Button
6-3 Login history button
6-4 Accessible data button
6-5 Storage responsibility information button
6-6 Information column
6-7, 21-3 Close button
7 Global menu for doctor members
7-1,9-1,10-3 Examination patient button
7-2,9-2,10-4 Hospitalized patient button
7-3 New patient button
7-4 Examination end button
7-5, 9-3, 10-5 Patient search button
7-6, 8-4, 9-4 New data registration button
7-7, 9-5 Doctor search button
7-8, 10-6 Remote diagnosis button
8 Global menu for patient members
8-1 Examination key change button
8-2 One-time password creation button
8-3 One-time password revocation button
8-5 Doctor search button
9 Global Menu for Associate Healthcare Professional Members
10 Global menu for medical institution members
10-1 Consultation patient reception button
10-2 Hospitalized patient reception button
11 Global menu for researcher members
11-1 Search button for medical data
12 Patient search condition input screen
12-1 Patient search condition input field
13 List of accessible medical data
13-1 “Open medical data” button
14 Storage Responsible Medical Data List Screen
14-1 Important / unnecessary input fields
15 Examination patient list (outpatient) screen
16 Patient data list screen for medical examination
16-1 Accessor / Mode field
16-2 Access right column
16-3 Access right additional restriction column at the time of medical examination
16-4 Access right additional restriction column for remote diagnosis
16-5 “Open medical data” button
17 Patient Member ID / Examination Key Request Window
18 Detailed medical data browsing screen (for doctors)
18-1 Accessor / Mode field
18-2 Introduction box
18-3 Return box
18-4 Save button
18-5 Add diagnosis button
18-6 Diagnostic box
18-7 Add comment button
18-8 Comment box
18-9 Close box
18-10 Accessor column
18-11 Display data column
18-12 Medical Data Copy / Process Button
18-13 Undefined data box
18-14 Access right additional restriction box at the time of medical examination
18-15 Access right additional restriction box for remote diagnosis
18-16 Medical Data Type Field
18-17 Remote diagnosis request button
18-18 Evaluation button
18-19 Reverse evaluation button
18-20 Access right confirmation button
18-21 Important / Unnecessary Registration Button
18-22 Storage condition setting field
18-23 Sign of important flag
18-24 Unnecessary flag mark
19 Detailed medical data browsing screen (for patients)
19-1 Accessor / Mode column
19-2 Save button
19-3 Research release check box for non-standard data (for patients)
19-4 Research public check box for diagnosis box (for patients)
19-5, 19-6 Public check box for comment box (for patients)
19-7 Introductory box research release check box (for patients)
19-8 Research Public Checkbox for Diagnostic Box (for registrants)
19-9, 19-10 Research release check box for comment boxes (for registrants)
19-11 Research release check box for introduction boxes (for registrants)
19-12 Access right addition restriction change button
19-13 Access Right Additional Restriction Box at Examination
19-14 Access right additional restriction box for remote diagnosis
20 Access right holder list screen
21 Medical data access right additional restriction setting window
21-1, 21-2 radio buttons
21-3 Close button
22 Remote diagnosis undertaking doctor search screen
23 List of doctors available for remote diagnosis
24 Evaluation comment box
24-1 “View client information” button
25 Reverse evaluation comment box
26 Remote diagnosis request list screen
27 Evaluation / Reverse Evaluation Window
27-1 Evaluation comment field
27-2 Evaluation 5 stage column
27-3, 27-6, 27-9, 27-12 Registration button
27-4, 27-5, 27-10, 27-11 check box
27-7 Reverse evaluation comment field
27-8 Reverse evaluation, 5-level column
28 Medical data search condition input screen
28-1 Medical data search condition input field

Claims (5)

A computer terminal located at a patient's home, a computer terminal located at a medical institution or research facility, and a medical data management server equipped with a plurality of hard disks are connected by communication means such as the Internet or a dedicated line. A medical data management system for enabling access to medical data stored in the medical data management server from each of the terminals ,
The medical data management server is
A member information file in which member information of a patient registered as a member in the medical data management system and member information of a doctor other than a patient , a medical worker other than a doctor, a researcher, a medical institution, and the like are stored;
It has a medical data file where patient medical data is registered and stored,
In addition, each medical data registered and stored in the medical data file is accompanied by a medical data management file in which information necessary for managing the medical data is stored .
Wherein the membership information file, at least member ID or membership of personal identification information, information about the log-in authentication means and access additional authentication means is recorded, also physician other than the patient, health care other than physicians as member information of the patient Information on at least a member ID, member personal identification information, and login authentication means as member information of a researcher , researcher, medical institution,
Further, in the medical data management file associated with each medical data of the patient stored in the medical data file, information regarding the access right includes the patient member information of the medical data and the member information in the member information file. Based on the use of the access right additional authentication means granted to the patient member based on the member information of the doctor, the medical staff other than the doctor, the researcher, the medical institution, etc. whose access right is authenticated ,
The computer terminal includes a display unit for a login screen, a patient information search screen, a medical data list screen, and a medical data details browsing screen, and selects one medical data from the medical data list displayed on the medical data list screen. Medical data selection means for receiving input to be performed,
The medical data management server includes:
A member information file collating means for collating whether the member ID of the patient member and the access right adding authentication means are registered in the member information file;
In a medical data management system provided with a medical data management file collating means for collating whether or not a member ID is recorded as member information whose access right is authenticated in the medical data management file of the selected medical data ,
The medical data management server in the medical data management system is a computer terminal arranged at the patient's home or the like, or a doctor inputted for login from a login screen of a computer terminal arranged at the medical institution or the like member ID and login for authentication means is a member information is, as long as it is registered in the member information file, then allowed to log in to said medical data management system,
Prompting the input of member information of the patient member, the computer terminal of patient information der those member ID and access rights for the additional authentication means of patient members that have been input from the search screen is registered in the member information file Luke member information file Collating using the collating means, extracting data for list display from the medical data in the patient member's medical data file, displaying it on a computer terminal as a medical data list screen, and trying to access from the list of medical data When the medical data to be selected is selected, the member ID input at the time of login is verified using the medical data management file verification means to determine whether the member ID is recorded in the medical data management file of the medical data,
(1) From the collation result of the member information file collating means and the collation result of the medical data management file collating means, if corresponding data exists, the medical data is displayed on the computer terminal as a medical data detailed browsing screen. And
If the relevant data exists from the collation result of the member information file collating means, and the relevant data does not exist from the collation result of the medical data management file collating means, input when the medical data is logged in while the member ID added recorded as member information access is authenticated medical data management file of the patient member is displayed on the computer terminal the medical data as medical data viewing details screen,
(2) If the corresponding data does not exist from the collation result of the member information file collating unit and the corresponding data exists from the collation result of the medical data management file collating unit, the medical data is Displayed on a computer terminal as a medical data detail browsing screen,
If the corresponding data does not exist from the collation result of the member information file collating means, and if the corresponding data does not exist from the collation result of the medical data management file collating means, the medical data detailed browsing screen is displayed. medical data management system, wherein the prohibiting child access. Further, the medical data management server includes medical data storage means for registering or updating the detailed medical data selected from the medical data detailed browsing screen in a medical data file,
When medical data is stored by the medical data storage means, the member ID of the medical data and / or the member ID input at the time of login is recorded in a medical data management file attached to the medical data. The medical data management system according to claim 1.   The medical data stored in the medical data file is recorded and stored in a medical data management file attached to the medical data so that the medical data can be accessed by the person who recorded and stored the medical data in the medical data file. 3. The medical data management system according to claim 1, wherein member information of the person is recorded and the medical data is made accessible.   The medical data stored in the medical data file is newly registered with the member information by the function of additionally recording the access right given to the member whose member information is already recorded in the medical data management file attached to the medical data. The medical data management system according to any one of claims 1 to 3, wherein another additionally recorded member can access the medical data.   The medical data management system according to any one of claims 1 to 4, wherein the authentication means for adding access rights of a patient member recorded in the "member information file" is changeable.

Images