TW200535746A - A method for protecting information integrity - Google Patents

Abstract

This patent application presents a novel method for structuring the electronic patient records as a compound document, based on the current practices of collecting the paper-form patient records in a hospital. This invention further devises a method for protecting information integrity to utilizing the new structural features of the compound-document. The novel methods as devised is more effective and efficient as compared with other methods that utilize integrity protection codes.

Description

200535746 IX. Description of the invention: [Technical field to which the invention belongs] The present invention belongs to the field of information security technology that uses cryptographic methods to protect the security of electronic medical records, especially a compound that is designed to integrate electronic medical records with ... Data file structure and composite file data integrity protection method 'enables the electronic medical record system to meet the requirements for the integrity and correctness of the poor data in the electronic medical record security protection.

[Previous technology] Press' Because of the attractiveness of information technology, major changes have been made in the field of medical treatment and care, especially the operating time, storage cost and efficiency of information sharing fish exchange have been greatly improved, and it also makes information applications The main issues, especially the protection of confidentiality (Integrity), integrity (GQmpieteness), integrity (Correctness) and privacy (Privacy), have become the most urgently needed goals for related research. -'In order to achieve the above-mentioned security requirements, the basic condition that must be met is the protection of the original output information, that is, to protect the authenticity of the original content of the medical record, so as to construct other application methods that meet the security protection requirements. In this way, in the current state of the development of electronic medical records, the protection of data integrity and correctness has become the main issue. Among them, referenced documents include the methods invented by Cropper and Sean Doyle, which have been sent to the US Patent Office for Review, application number is us 20003 / 〇1 77446 Aι •, one of the goals to be achieved by this method is to design the structure and method of a document that can be transmitted electronically, and the document still retains other related Marking of document links without destroying the integrity provided by the original document, while enabling users to present = 200535746 • All attached plants related to the main document 4 Presentation of relevant information ...: Bu Er reorganized in the case To make the user rethink the grass ... of which 'reorganization is used to indicate the system' and the importance of the attachment in the entire document, whether to include this-attachment in the integrated file; The attacking woman v bottom turn off the building Xingzheng-Cheng a during the treatment period 'All the diagnosis and treatment phase ^ A complete record, including the diagnosis and treatment content with X-rays, Cai Huan% report and other related attachments 隹丨 Payment operation forms a complete medical history record. The complete absence of the original Θ ^, ..., is due to the physician ’s signature on the diagnosis and treatment records and the mark indicating the end of the file, so this method is applicable to An outpatient record =, as the protection of the integrity and correctness of the early-stage medical records, it is designed for the purpose rather than the personal electronic medical records composed of multiple medical records to provide the required protection. In addition, the related literature also includes the method invented by Thomas M. Walker and Mark Madden, patent number us 6, 684, 2 76 Μ. After studying the current domestic electronic medical record management system, the treatment process of diagnosis and treatment records, and the regulations of medical care insurance related laws and regulations, this method divides the general diagnosis and treatment process into five parts. History Taking

Segment), physical examination (phySicai £ xaminati〇n segment); X-Ray Segment (X-Ray Segment); Treatment Plan (Treatment pian $ egment) 'Medical Insurance Record (Record Segment); and whether each process requires diagnosis and treatment Physicians and patients are present at the same time for analysis, shortening certain processes under the premise that it will not reduce the time and quality of patients' treatment, and propose an improved electronic medical record system architecture to make the production of medical insurance records more efficient. It can maintain the integrity of the original medical records, and establish medical documents that meet the requirements of integration, correctness, and compliance with laws and regulations. According to the above-mentioned patents and the # 殹 瘆 义 / v see, it is the medical records and The treatment of western medical insurance records and the treatment schedule are performed simultaneously. The second history ", the results of the physical examination, and the procedures for writing the records of the doctors, △ forgotten mother-injury medical records were terminated, and the face doctors wrote the treatment plans. At the time of day; that is, when the four procedures are not recorded, the medical insurance records are divided into two parts. At the same time, they are intercepted to a specific treatment model of Li Tongzhong. Make the whole stamp to be taken within 70 days of the birth day of the "Time Treatment Insurance Record" that was born when the patient and the doctor were present at the same time, without having to extend the processing time of the medical record and the engraving, Liuru From the time spent at the temple of 1 side, you can increase ΐ'Γ = Γ: and still keep the information in the electronic medical record, a lifetime "only applies to-outpatient records, as a single-diagnosis of the disease ”And the protection of correctness are the goals of its design, not for multiple diagnosis and treatment. A personal electronic medical record consisting of recorded records provides the required protection. „The foregoing 1 solution towel is complete and correct. The scope is an individual sub-record or integrated record of early-diagnosis and treatment, and only a part of the personal medical record building does not protect the entire medical record. However, in fact, the integrity and correctness of the entire electronic medical record that combines individual medical records is :: The key to solving the current research issues related to electronic medical records; For this reason, domestic studies have pointed out that the use of collections Multiple medical care records become an integrated medical care record, and then this—integrated resources: The method of performing electronic signature calculations to achieve the goal of ensuring the integrity of medical care records and positive males ♦ 'Α Integrity and correctness tests are more efficient. In this study, the concept of using a trusted third party was also proposed, and an independent institution was used as the storage place for the information summary of integrated medical care records as the 200535746 basis for verification; however, The integrated medical care record method has incorporated the completeness and correctness of the data required for the ordinary operation of medical institutions into human security protection, but For the ever-increasing content of medical care records, it is necessary to continuously repeat the oral and new medical care records and recalculate the integrated message summary and early value. Therefore, the more records, the more information The more complex the calculation of the abstract, the less efficient it is. • In addition, in the study of methods of authenticity protection, Jacques Debiez,

Ws P. Hughes & AxeUe Apvrniu's method, cleverly uses a hash function to provide a check value for the protection of a serial cautious beetle. The patent number is US 6,640,294. The method used by Brother 扪 to test the authenticity of the material is the same as that of the hash function used to calculate the message digest. 'It will be stored in the same storage medium for many assets. 4 &#; Sequential data section of the sequence, as the input value of the system, is input to the corresponding sequence one-way Hertzian function in sequence, in which the order with * has the same order as the input data section Xiang Hexian • Numbers = 仃 运 异 'When calculating the check value of each data section, the content of the data section of the current difference is used ^, then the output value of one person f is served as the time The input of the operation is to obtain the check value of this time ", which is the default value. This check value is also used as the next input value at the same time. This is the second time when the check value is calculated in each frame. Input sequentially complete the check value of each data section. After checking the value link, the mosquitoes, generals, Haibei, Zhengmen, and Cheng Yuanyuan will be able to use a series of tributary materials produced by the data section to link the corresponding check values _, ΠΠ acres " " As the basis for checking the authenticity of all the shellfish; among them, the input value of a music column can be the different data sections divided by the same document 200535746. Each file is regarded as a different data section 'lean material section'. Counting list — The number of early / heavy sequence numbers is the same, and except for the calculation of the first data section, the Dai-yidiyi to η data sections will calculate the check value, will The inspection values calculated by the former data area 々 and the ten 匚 slaves are included in the calculation of the inspection value. That is, if η is a positive integer of π 八 A 丨, the η data section is calculating the inspection value. Value time-value% will introduce the check value calculated from the η-1 data section, and perform the check value calculation together with the data of the 筮 Plus Zimbe material section, so as to obtain Check value of lean section. This method makes the sequence file MU a & / rT # /, $ Sex protection and inspection are more efficient, but the weakness of using the message digest & adjustment method is still not overcome-it is impossible to identify whether the source is correct, because the message summary method is ancient and easy to obtain. , Anyone can get the same message from 3; (: ¾ ^ ^ Calculate the same message digest with the number of four and the message itself. Therefore, any receiver who knows the content of the message is unknown. Both the flood digest and its digest can be used as the correct U-post to maintain the authenticity of the information to the recipients, so that the forged information is mistakenly considered to be true. In addition, this method must verify the authenticity of the information in the stored information through sequential calculations and intentional tampering. The data person can still tamper with some of the data in the ρ π & rat text shell 1 2 3 section, and complete the relevant planning before and after to achieve the purpose of the rat change message content. Therefore, the message storage 1 Obtaining a safe plutonium becomes the key to maintaining the authenticity of the data; however, this method can still be used as a pre-step for calculating the true protection value of a sequential file, making such operations more efficient. [Summary of the Invention] To this end, the main purpose of this creation is to provide a method for protecting the integrity and correctness of digital materials, which is to design an electronic medical record storage that can meet the requirements of the medical 200535746 institution. The method is to propose an innovative composite electronic medical record _ structure to meet the medical staff's operation and management needs of medical records, and can effectively achieve the integrity and correctness of medical record data protection. The second purpose of this creation is to provide a method for protecting the integrity and correctness of digital documents. It is to design a method for protecting the integrity and correctness of data in composite files. Better computing efficiency. In order to achieve the above purpose, this creation provides a method for protecting the integrity and correctness of the data of digital documents, which includes: combining multiple digital documents into a composite document; 2 combined digital Documents, structured documents that are structured as the above-mentioned composite documents;: Don't: be counted into the document file of each of the above-mentioned sequential member documents; check the code of a composite document that belongs to the composite document; Each of the member files is considered to provide individual persistent memory—the body space is used to store the member file check code; check = for a persistent memory m to store ± i ^ composite files from which all the member files mentioned here Check code and composite document inspection: It can be used to provide verification information to more efficiently prepare for testing and find out unauthorised data changes. By using the concept of a composite file 'designing a document structure for storing electronic medical records' to make electronic medical records conform to the operating characteristics of traditional medical records' and designing a method of data integrity and correctness protection, using multiple levels 10 200535746 : Check code calculation method 'allows multiple copies of relevant and sequential documents to be selected for more effective integrity and readability protection. In addition, the composite electronic medical record storage structure proposed by the present invention, combined with the integrity and correctness protection mechanism of the composite file proposed at the same time, will make the electronic medical record system have more extensive protection capabilities and allow the medical information system to calculate: It has better operation efficiency than the existing methods when it comes to sexual verification mark. Next, the preferred embodiments of the present invention will be enumerated, and other purposes and effects of the present invention will be further explained in conjunction with the illustrations and figure numbers. It is hoped that the review committee will have a more detailed understanding of the present invention and familiarize them with the system. Technician = According to the implementation of 'The following is only to explain the preferred embodiment, rather than to limit the scope of the invention, so anyone who changes or loses the invention in any form based on the spirit of the invention Modifications belong to the scope of this invention. [Embodiments] 1. The functions provided by the present invention The present invention provides three new designs: First, Han Ji is a method for protecting the integrity and correctness of data operating on a compound file structure; Brother-, the design conforms to traditional medical records The function of the composite structure of the record structure of the electronic medical record structure; First, the method of protecting the integrity and correctness of the compound file is applied to the composite electronic medical record structure. These designs can not only be used to protect the data integrity of composite documents and 11 200535746, but also allow the electronic disease system to independently expand each diagnosis's medical records in the same patient's medical records as needed, and to be efficient Protect the integrity and correctness of the entire electronic medical record. The data integrity and correctness protection method proposed by the present invention does not require the hospital to change the electronic medical record system in operation, and any storage structure, form or record presentation rules used in the original system, or even medical personnel's records of medical records The specifications of the signature can be maintained in the original system. However, the composite electronic medical record structure proposed by the present invention can provide a more consistent method for traditional medical record management, and a more efficient method for protecting and verifying the integrity and correctness of data. The patient is the main body to manage and protect all its medical records. Therefore, you can adopt the proposed electronic medical record structure at the same time, and you will get the utility listed in the subsequent description. Before explaining the present invention, it is necessary to explain the relationship between the authenticity of information and the integrity and correctness of data. There are five operations for destroying the authenticity of data described in IS〇 / IEC 1〇 丨 81_6 (Infomati⑽ technology — Open Systems Interconnection-Security frameworks for open systems: Integrity framework) documents, which are unauthorized data modifications. , Unauthorized data deletion, unauthorized data creation, unauthorized data increase, and unauthorized data reuse, so it has two meanings: the correctness of the data and the authenticity of the data, that is, the data must be correct , And the process of its creation must be legitimate, authorized, and not fraudulent. The authenticity of information is more extensive than the definition of authenticity of data. This is because the data has some related attributes, such as the presentation rules of the data, which will affect the interpretation of the data. Therefore, 'protection of related attributes: one of completely different tributes; in addition, the completeness and correctness of the data represent; 1 the essential meaning of authenticity, consistent with the authenticity of the data, and the meaning of comprehensive protection The translation terms used by 疋 are not the same. Therefore, 'negative truthfulness' implies that we can understand the nature of the imagination, and naturally include the positivity and correctness of Shen Zu々. However, the method designed by the present invention, Z Fan Φ ^ ^ ^ ^, $ protects the protection of medical institutions, so it has the ability to achieve the authenticity of the material with the accuracy of 1 ± w. Electronic medical records research has been developed for many years. JT ^ ^ Thousands have listed the integrity of medical records and birds as important topics, and 1 "Market 4" and / or the completeness and correctness of the medical records

The safety protection function that sex desires to achieve, just before I, f -I b, it is said that Gongxun authenticity protection

4. Item 4 shows the data of the same medical records T t A 'T and the date is correct and correct. Therefore, the reason why Jiguang achieves the same goal, although the authenticity of the information is better: "True intentions" still follow this-the precedent of field research, when explaining the protection method of electronic medical record data, "data integrity and correctness

Taxi: rj J 〇2. Information security technology to protect the integrity and correctness of data Information security technology generally used to protect the integrity and correctness of lean materials is a "check code" method. In actual operation, The check code is a mathematical function that operates on the original message to obtain a short and fixed-length test value. It is attached to the original message and provides the receiver as a confirmation message to confirm whether the message was transmitted in a private way. These changes include unauthorized creation, addition, modification, partial deletion, and total deletion; the method of confirmation, 13 200535746 疋 & received information obtained through the calculation of the same-mathematical functions, a comparison for 'K-check value' then compares the received check value with the re-calculated check value. When the two are equal, the receiver can confirm that the message has not been modified. Otherwise, the integrity and correctness of the message have been destroyed.

The widely used check code technology can be roughly divided into two types. One is the check code that can be obtained without the use of gold loss, and the other is the check code that can be generated using ㈣ calculation. The check code calculation function belonging to the first category is called "#cous function or one-way Hertzian function". This type of function has the function of corresponding multiple values to a single function value. In addition, it is difficult to obtain from any two messages. The collision resistance characteristic of the same hash value is therefore widely used in the process of condensing an input message into a short message sufficient to represent the message. The check code belonging to the second type uses the key codebook and four numbers to take Xin Xin and gold loss as the input values of the function to obtain a check value related to the message and gold loss. During the check, you need to enter the message again. And key, when both are correct, a matching check code can be obtained. If the message re-entered and the key are incorrect, it is difficult to obtain a correct check value. The check code calculation method that belongs to the second type can be further divided into two types.-The type of method in which the check key is made by the person who makes the check code and the person who verifies the check code is called "symmetric cryptography". The check value obtained is often It is called "protected titanium", and the method by which the check code maker and verification check coder use different keys in the paired key is called "asymmetric cryptography", and the check value is called Lou Literary Seals ". Therefore, in the process of making and verifying the check code, if the symmetric cipher method is used, the party must have the same key to complete the 'right use of asymmetric cipher method, then both parties must have the corresponding one of the paired keys. Money only works, so the integrity and correctness of information depends on the protection of 14 200535746 keys. In addition, because the one-way Hertzian function is a public method, when 1 · is protected or hidden, the factor that affects the test result is only 1Z, which is correct. Therefore, malicious vandals need only use the same function. = == Generates a check code that complies with the specifications with forged information and passes verification. The integrity and correctness of the code created from 0fL ^ are damaged. If you use Golden Cryptography, you can protect the integrity and correctness of the cryptographic ^ key held by the two parties making and verifying the check code to prevent damage to the integrity and correctness, but its operation == compared to For one-way Hertzian functions that do not require a key, it is a bit slower ^ ^ ^ Therefore, the practical approach is to use one-way Hertzian functions to condense the ^ of the original message. It represents the value of the Hertzian function of the original message, and then calculates this by using the Golden Cryptography method to #order the value of the function. The check code of the message is obtained to enhance the integrity and correctness of the flood information, and to increase the calculation speed. 3 · Protection of data integrity and correctness of composite documents designed by the present invention

Method ^ The data integrity and correctness guarantee method of the composite document produced by Ben & Sham & Co., Ltd. is to improve the check code calculation method designed for a single source in a clever way to make it It can be applied to the -V. Mouth ^ file that can continuously increase the content. The principle of this method is to use the check code of the same layer file in the composite file as the check code L. One% ... is a temporary record, and then calculate the check code of the temporary record as the check code of the ^ ^ layer file. During the implementation, as shown in the first figure, a compound file with a layer structure (1 ο 〇) will be included, each member included in the 2005 2005746 file (1 0 1) and (1 0 1 1) The data integrity and correctness check code is linked to a temporary record, and then a check code operation is performed to obtain a check code (103) that is sufficient to represent the entire composite document, so that the entire document can be made. Obtain proper data integrity and correctness protection. In addition, because the check code of each layer of files is linked in a fixed order to generate temporary storage records, when the order between the files at the same layer is changed, or the internally damaged files in it are deleted without technical rights, the link is generated. The temporary record will be changed, and the check code obtained by the temporary record will also be changed, and it is possible to check the behavior of changing the order of the file or the partial deletion. Please refer to the first formula in (104) shown in the first figure. The above description can be expressed as follows: CCd = CCFCCCF (Mo) I lCCF (Mi) | | CCF (M2) | | · · · I lCCF (Mn) II · · ·); where: CCD represents the inspection of the entire composite document Code (10) (Checki called

Code of a C⑽pound D〇cument); CCF represents the Checking Code Function (Checking Function) (105); Mn represents the nth member file (MemberD0CUment); η represents the number of the member file (107) , Is a positive integer that starts to increase progressively from one to one; and learns the% representative number of tigers. Therefore, an efficient and able to provide the entire composite file with full integrity and correctness protection methods, the king's piece performs a unidirectional hierarchic sequence. Function operation, the mother and son into Bevin code ', and then each member file (1〇 ", do " = "check the temporary record, so that the temporary record represents the entire compound ^ into a record for one-way The operation of the ordinal function, and finally: 2: Perform the key cryptographic operation of the one-way Hertzian function value of this temporary record: :: The memorizer records the check value of the compound formula 16 200535746. The above execution method The reason is that the higher than one-way Hertzian function is that the computational load of Jinmao Mimas can increase continuously. If the quantity load of Bayi file (101) and (i011) is used, therefore, the technology of Chengyi will be There are a lot of negative operations. Compared with the Ding Jinsong, the family member VII from the early to the Hexian order function, and only when the check code of the entire composite file (1 00) is calculated, so the use of the Golden Cryptography method, "... has a higher degree of protection '... 0) integrity ..., also ;: 7 Ethical protection of composite files also improves the efficiency of checksum calculations. Degree comparison = bu :: Then, for each-member file ⑴ ", (ion), the value of the protection order date is used as the check value, and the integrity of the method of the present method will not be degraded. The ability to protect the correctness is because the check code of each member (1001) and (1011) will also be checked by the composite file (100). The protection of the code is' Ren-member file (1. 1), the contents of (1011) or the check code fork to unauthorized changes can be obtained by checking the check code of the composite file. This method can be expressed as follows: CCn-KC (H (H (M〇) IIH ( Mi) | | H (M2) | | ·. · | | H (Mn) Where: CCd represents the check code (丨 〇8) (Checking

Code 〇fa Compound Document); KC means Cryptographic Function using Cryptography; H means One-way Hashfunction; Μη means nth Member Document η represents the number of the member file (107), which is a positive integer that is sequentially increased from one; and "II", the symbol represents the link in the mathematical operation. Because the check code operation is performed using the key cryptography function At the time, in practice, 17 200535746 with one-way Hertzian function makes the operation efficient, so this expression is actually the same as the original expression described above. As can be found from the previous paragraph description, the method proposed by the present invention uses each member file The concatenated values of the one-way Hertzian function values of (1 0 1) and (1 0 11) replace the original contents of all member files (101) and (1011) as the contents of the compound file, and then perform this link value The operation of the one-way Hertzian function, in order to obtain the value of the one-way Hertzian function is sufficient to represent the value of the one-way Hertzian function of the composite file. The reason for this is Function values have enough in the field of information security

Represents the ability of the original message, and a composite document is composed of all the member documents (101) and (1011) it contains. The content of all the member documents (101) and (1 0 1 1) is exactly The contents of the composite file. In the previous rule, the one-way Hertzian function values of each member file (101) and (1011) have been obtained. These function values can represent the original information used to generate the function value. Therefore, Link each unidirectional Hersequence function value into a digital message, then the digital message will also have the effect of representing all member documents (丨 〇 丨) and (1 0 1 1) linked messages to represent the entire composite document Function; 'That is, this message has an additional'

It is usually only a size of more than a hundred bits, which is much smaller than the original message that generated it. After f is a digital message, it will be much smaller than the link value of the original message. Therefore, in the calculation of the one-way Hertzian function value, Will be more efficient. In order to make the method mentioned in the present invention allow individual member files (1001), (1ο 11) to have the function of protecting their integrity and correctness, it can be performed in %%. One member file (101), (101 ο) perform one-way Hertzian function operation, and then use the Golden Cryptography method for the one-way Hertzian function value of each member file (丨 0 丨), (丨 0 丨 i) Obtain the check code of each member file, and link the one-way Hertzian function values of each member file (1 0 1) and (丨 〇 丨 丨) obtained in the previous step as-temporary storage records, and temporarily Store the record and perform one-way 18 200535746 one-way Hertzian function value operation, which can achieve the goal of effectively protecting member text 0). Therefore, one) and composite file (100) Hertzian function operation, and then use the golden key cryptography method. In this regard, the check code of the composite file (100) is obtained, that is, the methods of (101) and (1011) and the composite file (10) effectively protect the member files (101) and (100). Expressed like this: CC Μη-KC (H (Mn)) ;, • IIH (Mn) CCd = KC (H (H (M〇) II Μ (Μι ) IIH (M2) Where: Μη stands for the nth Member File (nth Member “⑶㈣ ″) (1 07) n stands for the number of the Member File, which is a positive integer that increments sequentially from one; ccMn is the nth copy Check code of member file (丨 〇6) (Checki is called Code of nth Member D〇cument); Kc represents the use of Cryptographic Functiocn; H represents one-way Hertzian function (One -way Hash functlon); CCd represents the Checking Code of a Compound Document; and the "II" symbol represents the link in mathematical operations. Because the check code is performed using a key cryptography function In the calculation, it is practically matched with a one-way Hertzian function to make the operation efficient. Therefore, this expression is actually an extension of the aforementioned original expression. As can be seen from the above expression, each member file (101), the true The check code of is calculated by using the check code function of the key, but as mentioned earlier, the lattice with one-way Hertzian function can make the overall operation efficiency better, so in the calculation of the composite file (100) Inspection Code, use the unidirectional Hertz function value of the member file (丨 〇 丨), U 0 1 1) to replace the real check code. Because this unidirectional Hertz function value is a step before calculating the real check code, and It also has the function of checking the integrity and correctness of the file, so it is called a temporary check 19 200535746 code. In addition, as long as it is not the check code of the file, but the knowledge and function of the check code are sufficient to represent the original condition A value that can verify the integrity and correctness of a message can be called a temporary check code. Therefore, the temporary check code may be a value generated by stepping before calculating the check code as described above, or may be a derived value of the check code, for example, a link value between the check code and the serial number of the message. The reason for this is that the value of the one-way Hertzian function has the same characteristics as the check code generated by key cryptography, and both have the ability to represent the original message. Therefore, the above formula can be modified as: CCd ^ CCFCTCCmo | | TCCmi II TCCm2 || ··· || TCCMn II ···); where: CCd represents the check code of the entire compound file (i 〇8) (Checking Code of a Compound Document); CCF stands for Checking Code Function (105); Mn stands for nth Member Document; n stands for member document number (107), 疋A positive integer that increases from one to one; TCCMn is the temporary check code for the nth member file (9) (Cheeklng㈤e Qfshirt Me —

Document) 'and 丨 丨 # represent links in mathematical operations. For example, this' is the same as the second narrative of the temporary check code in the figure. In addition, each member file (101), (1011) may also have a unique serial number. This serial number 侔 /, -person IUT is based on the time when the file was generated or the position of the document i ° t H Generated by a lack of order, usually has the power% to identify the document, and it is called the identification code (ide, when checking the mark, you can use :. Generate a composite document value, protection seal value or seal value connection; piece, code Rather than the one-way Hexian sequence letter files (1⑴ and ⑴U)? Two :: Generate a composite file that is sufficient to represent all the complete operations, and you can get a compound file 2: The _line check code link value 'also has the check file: : "Where" the function of the integrality and correctness of the identifiable identification code is another example of the 2005 200535746 ^ temporary check code, and the expression of the foregoing description is also shown in the first figure (104) The second narrative formula is summarized. The application of the temporary check code is summarized. The actual check code stored in each member file (1001), (1 0 1 1), and the steps before the check code are obtained. The output value, or the link between the above two and the document identifier, is treated as a compound The source of the operation of the document (100) check code; in the field of information security, the above-mentioned values are sufficient to represent the nature of the original message, so the one-way calculation based on the temporary records generated by these values The value of the ordinal function can represent all the member files (101) and (1011) —one is the inner valley of the entire compound file (100), and Asia performs the operation of generating the check code again to obtain enough representation: The check code of the file enables members to obtain complete integrity and correctness. 11} The check code operation of the file is more efficient " Shengbao 4 " and the entire composite text is generated: the check code operation described above can be summarized. The check code of a file is 'the second is to calculate a complex,' and the early code is calculated; both are specific mathematical expressions. The (100) check one-way Hertzian function, symmetric dense Marfa, or inability, can represent an I can take the most appropriate method according to the needs. 'Ran-style code method operation, 4. The electronic medical record structure designed by the present invention. The invention also proposes an innovative structure for the disease Suffering in the same-medical ; The structure of the electronic medical record case 'This structure is realized by the same time as the integration of medical records into medical records. The method is == and the electronic medical record development plan. — The medical record records are aggregated into — 敕 Fan mobile electronic medical records should be combined. The records of King Xi Fan's files, the child medical record C record can be regarded as having at least /, mouth, a complex /, there are ~ levels of compound 21 200535746, Ji Lu, the two levels are the first Level medical documents, level patient layer; records belonging to the second level and the second level patient level :: level level medical file level records belong to the second level itself through the check code :: record '第-The check code of the level record is obtained by the code recorded by the first layer: "Differentiation", and the check code of the second level record is calculated according to the method described above. The completeness and correctness of the data of Fu Ren Ding as stated here = due to the electronic medical record of the compound file previously introduced-the word ΓΓ: The compound file to is the same, and only paid, so in order to match the person's medical records In the construction, the electronic device designed in the present invention is referred to as a member record. ;? % Is a composite record, and each member of the member's affairs file layer is 9p, 4 ·, # 印 丝, Η 山 山 伤 5 己 recorded ^ The author of a diagnosis and treatment-related doctors take D, which constitutes a whole The basic components of a medical record file, which can be used to read the electronic medical records within the institution. The 5 records can be submitted by other medical institutions through the medical record data exchange mechanism. Used by the record system to identify: only T: gcode) 'where' the identification code is the unique serial number of the system, and the check code will be used as a basis for checking the integrity and correctness of the C record of the medical document layer. The record described by the patient stratum of Xi Zhengwen is a composite record. This record is the same as the one generated by the medical institution during the diagnosis and treatment: it also has an identification code. Therefore,-two patient strata: 2: Γ The completeness of the patient Emperor 4i Μ 丨 The eight-wearer is a check code used to protect the record. The entire contents of the record are used as the source of calculation. The first is to verify the integrity and correctness of the patient-level record: … 4 The division of the medical records of Li Er Re Medical Institution during the normal operation of the medical records;: 2 # The treatment history is used to record the related medical separation and drought, that is, the medical treatment related records generated by the mother and child will pass the medical 22 200535746 After being written or reviewed by the teacher, they are included in the same diagnosis and treatment process, and then based on the doctor =, the signature value also has the function of separating medical responsibilities. In: The electronic medical record structure should also include this management requirement, so that + and Wo can truly conform to the operating structure of medical institutions, and obtain a more perfect 敕 = medical record accuracy protection function. 『Wang Xing and Zheng 'therefore can use the aforementioned composite electronic medical record record holder to extend the architecture, as shown in the second picture; two copies of a patient: two Chu, a compound with at least three levels Recording these three ::: The video screen may be attached to the Yiji Qi ag ㈢, and y knives are the first and the 酉 酉 event file layers, such as (201) and (2011); the second horse 々 layer: ： 则 和 咖啡); and patients at the third level;,: (= medical records at the medical level of the first level can be subordinate to the second level of records, or can be directly subordinate to the third level of patients 'records', ': The diagnosis and treatment level = the treatment level statement has been subordinated to the third level and the level of the patient level ^ table. The check codes (201) and (2011) of the first level of the brother-level level are shown through its own content The check code function is obtained by calculation, and the catalogue: check codes (204) and (2041) are made up of the check codes (201) and (20) subordinate to them, which are set by the present invention: If the check code of the third-level record is obtained, the check codes (204) and (2041) recorded by the subordinates are added, or the number ":" is already included. And, as the second round of the second round designed by the present invention, the definition of the medical file layer is the same as in the previous paragraph. The records described in the treatment layer are produced by everyone in the same diagnosis and treatment process: the records in the file layer The red record is a composite record, also in the record :: From the identification code and the check code used to protect the record, this check code: calculated from the entire content of the record, will be used as a test of the The basis of the completeness and correctness of the second sample. Among them, the medical document layer record subordinate to the diagnosis and treatment layer record may be a diagnosis record, a digital X-two film 23 200535746 data, layer scan disease-medical inclusion disease record office The recorded medical network department records the records of the students, and the system is not the same operation. Or the medical image data generated by the medical imaging technology 'such as computer generated (CT), magnetic resonance (MRI) and other technologies Image records. The records described by the human level are still composite records, each of the medical level records generated by patients receiving treatment in the same institution, and the records must be recorded and cannot be attributed to a certain level. The medical document layer composition of the diagnosis and treatment layer record also has an-identification code. Among them, the & method belongs to the diagnosis and treatment bank; the event file layer record may be the basic information of the patient, or it may be: exchanged from other medical institutions. Obtained summary information, etc.-A copy of ^ represents a complete electronic medical record of a patient, used for protection = check code 'should also be based on the entire content of the record as a calculation source: as a check of the entire patient level record The basis of completeness and correctness. The check code technology used in the records of each level is not subject to any restrictions. Records of the same level can use different check code calculation techniques, even different records belonging to the level, and different checks can be used. Code operation technique 5 · Applying the protection method to the composite electronic medical record Cheng Gang, the composite electronic medical record record rod f 'designed by the present invention can be combined with the data integrity and correctness protection method of the composite file to make ^ The completeness and correctness protection of the child medical records are more complete. According to the foregoing about the integrity and correctness of the compound document data = check code generation method, a variety of electronic medical records can be derived: Checker 2: = One of the implementation methods is described later. For each medical act, the Western Record file-level record is signed with the physician's key, and the check value of the record is signed, and the signed value is calculated as the one-way signature generated by the previous step 24 200535746. Then sequentially connect to a temporary representative value, and then use the secret key pair of the medical institution ::: the entire medical record slot to obtain the value of the protection seal; The check value of the case record of the medical record broadcast is stored in the system. All the information of the medical record file with each one-way Hertz function value is a single @digit message representing the characteristics that are sufficient to represent the original message, plus the value It has a compositional nature in the field of cryptography 'designed representation method 22, recorded by members' and efficiency required for practical applications. The correctness of Fuchacha's code theory 'The following two-layer composite electronic medical record record structure is combined with;:-style files ... integrity and correctness protection methods, then you can refer to the third figure as follows. The silicon therapy layer records consisting of medical records > &… into file records (300) and (300 1) will pass the check code number, the check code recorded, and here, the check code operation can be included; To represent that each of the medical documents belonging to the same-diagnosis and treatment layer is composed of two medical records, that is, 'the temporary record side will be stored, and then the one-way Hertzian function operation will be performed. Two: foot = the message summary' and the Private thank you for the second step = Ask for a digital signature 'as the check code of the diagnosis and treatment layer records (303), stored in the 21 medical record database' as a complete summary of inspection and protection of the diagnosis and treatment layer expressions are as follows ... ^ The message hash (diagnostic layer record) = hash (γ), which represents the record of the ㈣ layer, where ⑹ ㈠ is a one-way Hertz function calculated by the search code, and γ represents the medical file layer record of all subordinate H home treatment layer records Link value of the digital signature, for example 25 200535746 For example, Slgnature (the first medical document layer record) M Slgnature (the second medical document layer record) II... II Signature (final-one medical affairs = piece of record) Here, the symbol "丨 丨" ❹thinking about connections in mathematical operations, η represents the number of the nth medical file layer record in the diagnosis and treatment layer record; in this example, it also means that the record is the last-member two record. ',, $ The figure shows the fourth picture. In the patient The complete medical records of the patients who are treated in the same medical institution are stored in the layer records. According to the wooden structure mentioned in this month, they are medical records layer records (40 0) that belong directly to the patient layer records. And the diagnosis and treatment layer records (4〇1) and (4〇⑴), so: When calculating the check code of the patient layer record, it is necessary to protect each of the medical documents from the subordinates, and seal the value 'link each The signature value of a diagnosis layer record becomes a temporary record (403), which is then used to perform a one-way # _ ^ Ding Zaoxiang order function operation to obtain information that is sufficient to represent the patient layer record. Abstract 'Asia uses a secret key to calculate it to obtain a protective seal, which is used as the patient's seal. The recorded check code (404) is stored in the electronic medical record database. For inspection, it is only for protection and security. The completeness and correctness of the patient's electronic medical record Basis. Among them, the expression φ ΑΑ 主-”which is sufficient to represent the message summary of the patient layer record can also be expressed as follows: hash (patient layer record) two hashr c, nash (S), where S represents all subordinate to the Medical documents recorded on the patient level; .y τ Λ 9 5 Recorded (identified by the patient's basic data as an example) identification code and check code, toilet ..yr Λ A ^ 0 treatment level recorded / Emergency medical records as an example) identification code and check the connection value of Yima, for example, S = signature (the first medical document layer · 蛉 瘩 Μ ~ you, II ·. $) II signature (第 1 Copies of the 0 treatment layer § recorded) II s 1 gnature (篦 98 八 II · divided treatment layer records) | | · · · 丨 丨 signature (a medical treatment layer record after the Yuan) Or, it can also be used in the fifth picture From Kung & kr ancient, the method shown. The identification code (identified by the identification code ri 26 200535746-shown in the figure) of the mother-percent document layer that belongs to the same shirt treatment layer is linked to its check code (the digital record is also used here to sign a temporary record (5 0 3 ), And use this temporary storage record to reconnect one-way ,,,, and so on to obtain a digital signature on its operation. It is stored in the electronic medical record database as a private gold medal. The completeness of the record and The basis for correctness. Among them, the expression summary of the message summary recorded in the diagnosis and treatment layer is as follows:

hash (diagnosis and treatment layer record) = hash (γ), which belongs to the identification code of the medical file layer record of the diagnosis and treatment layer record, and the link / value of the chapter ^ such as' Y: the identification code of the first medical file layer record ^: First (brother! A copy of the medical file record) 丨 丨 Section • The identification code of the next record of the medical file 丨 丨

signature (Last-the first medical document layer record I The nth medical document in the diagnosis and treatment layer record: Erguang represents the second layer. Edited record: In this example, there is also a record indicating that the record should be the last member record In order to refer to the sixth figure, the content stored in the patient layer record constitutes the complete medical records of the visit. According to this post (6 的 The medical file layer record of the patient layer record \ fir therapy layer record (601 ) And (6〇1 υ), therefore, when calculating the :: layer. The recorded check code, such as the label (604), needs to be linked to its signature value and each diagnosis and treatment layer. The identification code of the record ^ its signature value is linked into-temporary storage record 3), and then the temporary storage operation to the Hertzian function is obtained to represent the patient's record of the Guangxi Abstract 'Asia-Secret Gold Lost Pair It performs calculations to obtain protection seals. ^ The medical record database is used as the basis for the integrity and correctness of the electronic C test for this patient (604). Among them, the above is sufficient to represent 27 200535746 patient-level records. The expression of the message summary can also be expressed as follows hash (patient level ^ σ self-recorded) = hash (S), where S represents all the subordinate parties, the identification code of the patient data record and the diagnosis and treatment record recorded in the "Hei disease ^ layer §" and / or the digital double-early Link value, for example, the identification code of the first medical file layer record "丨 Slgnature (the first medical file layer record) | | The first diagnostic and treatment record record number 丨 丨 (the first medical record layer record) 丨i The identification code of the first / treatment layer record I 丨 signature (the second diagnosis layer record 11 •• 丨 丨 the identification code of the last diagnosis layer record | | signature (the last diagnosis layer record).

In addition, it must be explained that the description of the calculation of the electronic medical record check code as shown in the third and fourth figures, and the method of generating a composite electronic medical record check code using the member record check code. The description of the check code operation composed of the 56th figure is an example of using the temporary check code of the member record to generate a composite electronic medical record check code; and using other similar concepts to introduce other feasible check code operation methods . 6. The process of maintaining the completeness and correctness of the operation of the medical record record—as shown in the seventh figure, it is used to explain the initial Beta process of creating a patient. This procedure is started when the patient first visits. The medical staff responsible for the care-giving business will operate the system to complete the whole process. In the second step, the system will establish a Medical document layer. Recorded, this record will directly belong to the patient layer record of the patient. At step (710), the medical staff will not enter the personal basic information provided by the patient. The input of the required external information is used as the content of the medical document layer record generated in the previous step. Then, at the y ^ of the symbol (), the order for storing this record is issued by the nursing staff, and the entire 28 200535746 is generated to generate the record identification code. And the process code that must be followed for authenticity maintenance. At step (7 30), the system automatically refers to the identification code of the medical record in Zhaozhao, which is the new serial number that is stored in the database. As the case of the disease M㈣ ^ 4δ, a number with any order and uniqueness is usually established. Usually, the maximum number can be used as the medical record number. The method is to use the patient's step (740), and the system will follow Said 丨 丨 ^, Γ, the identification code rules formulated by Xi Jigou. For this purpose, a layer of electrical, numeral and zeta [, α, an orderly number, and an orderly number of the patient's medical records were established for the file layer records. The bluff code is connected to the aforementioned sequential number. Do not be full. This, ten, + Jun Gu 卞 is the identification code recorded on the document level of the interview, and one of the records recorded on the medical document level is described. If you have a bad product, you can have it all: you can use these numbers repeatedly in each patient's medical record stored. This is because Ding ’s medical record number becomes an identification code and you do n’t need to connect it to the patient system. The uniqueness of the identification is required. The step of (750) is provided for the record, and the system automatically performs the protection seal operation based on the secret. Since more than 0 records of this § have been recorded, the There is only this one in the 彔-the medical affairs document has already maintained the authenticity of the entire medical record. The seal obtained in the two-step search will be appended with the step (755), the authenticity check code of the record. In the records of western affairs, as the system-^ = 护 ^ = 存 \ 于 Ｍ 的From (75G), the system can directly re-create and store-the steps cut in (77〇), complete the whole: ~ new electronic medical record records. In conclusion, the record is protected by the medical key i key. The seal II has recorded the use of the medical institution's system for transporting money, rather than using the private key of the medical staff to enter the record. 29 200535746-The reason for signing the seal is as described in the previous chapter ... The position of the case is not the responsibility of the fixed personnel, and I Ichiguchi is to establish a new medical record key. If there is a need for a signature, I will use a private type of medical staff.… I know that the party who uses a fixed job golden wheel belongs to the order number recorded in the western affairs file layer, then ' Automatically establish records for the medical file layer-the system follows the identification number composed of the medical record number and the second file layer record serial number in sequence, which can also ensure that any-δβ individual records and the establishment of the record room 1 recorded in the overall file In addition, in the step (770), 〃 'sex. The check code that records all the medical records of the patient should be used. The original record 'and the summary value calculation value of the record ^ is obtained temporarily. However, when creating a new medical record file, the initial :: thin seal method There is one item of basic patient information, and the records of the medical and western files are only for this reason, and it is explained by f-< & & > ^ ^ 5 The recorded check code is the same, and the method is described in the following. He Wenzhong 'protects the use of medical records at the file level to protect the use of records, and the reason why the unstructured key of the year-old structure of Zhang Yun is against Zhang Yun is because Jian Xinming signed the record, and cannot use a medical record. Renchangkou can be carried out in a manner that can be changed to use a fixed smoker, have early drama, and lack a job key. The medical records that belong to the medical file layer have θ ^, which is composed of the medical records of the medical records created by the recorded medical records of the medical records of the medical records of the medical records ~ μ 疋 music system in accordance with the original order, ^,% ,,,, In addition, you can also ensure that any one that has been recorded in the step (760) of 敕 ～ 逯 立 间, 忘 人 厣 々 技 庄 In addition, the check code recorded in the disease layer will be used in the original database. Recognition of the juvenile stratum in medical affairs ▲ Ling Ying should use the method of linking the δ digest recorded in the diseased cow stratum δ and record the protection seal value. Miscellaneous ... # Λ 息 Abstract '^ Another patient level record inspection杳 石 g, when the scholar created a new medical history, the first # check the code, but the original western file layer records only the patient's basic data 30 200535746-one item, and the same check code as the medical file layer record, so , Described as a direct copy. Increasing the content of medical records is a commonly used function in electronic medical record systems, which also means that it is the most likely behavior that undermines authenticity. It must be ensured that this operation can truly maintain the authenticity of the medical records. In the method of the present invention, when the physician performs the operation of adding the medical record content, only a new medical file layer record needs to be added, the medical record content is recorded in the record, and whether the record needs to belong to a certain medical record, and at the same time, The identification code of the record created by the system is recorded in the record, and then the physician signs the medical document layer record and stores it in the system, which completes a visit. Among them, the method of establishing the identification code will vary according to whether the record belongs to a certain diagnosis and treatment layer; when the physician decides that the medical file layer record should belong to a specific diagnosis and treatment layer, the identification code should be the patient's The medical record number is linked to the order number of the 4-inch 疋 " rural treatment layer, and then to the orderly code of the newly added medical file layer record. If the doctor decides that the medical file layer record does not need to belong to any medical treatment, its identification code There is a missing m 0, b ′,, and P may be added to the medical file layer record for the patient's medical record number link. The file-level records do not need to belong to any of the diagnosis and treatment layers, and their other codes are ^ g ,,,, 'The order number of the sick patient's medical record number linked to the medical file layer order is started and completed by the clinician' The following introduces various possibilities The implementer must refer to an example. Please refer to Figure 8. In the step (80G), when the doctor-copy medical affairs I: add a diagnosis content, only the step of system instruction production (81 °) is needed, the medical division = new and used for?, The content of the diagnosis. In the content that should be recorded in the diagnosis and treatment, within this 4b :::: layer record, write this event file, and the layer text is a doctor in the entire patient's medical history. As to whether the file conforms to f Then the physician decides after the diagnosis and treatment is completed: "... Transfer layer records' 31 200535746 Step (8 2 0), because the physician can choose to archive the record. In the writing of the medical record, the routine, It is up to the physician to decide whether to take this step, because the diagnosis and treatment has been completed in the record. The step record in (830) is classified into a certain record-the diagnosis and treatment record belongs to the diagnosis and treatment record. The file layer of all things is included in the record of the diagnosis and treatment layer. If the V is known, the system will follow the steps of 184¾J to the serial number of the treatment layer record, and then link the patient's medical record number to the diagnosis number to establish the medical affairs. The orderly system recorded in the file layer at the medical file layer of the 5th Haiyi Medical Center is the unique serial number of the recorder 2 in the physician's private space. At step (_), the recorded authenticity check code. 2 ^ The value of the chapter is used as the sum Misstored medical records-enter (870) step after action ' The whole increase is if the doctor chooses not to treat the treatment layer at (830), then in the step (850), the 4M _ file layer brother records are admitted to the doctor 'Le Tong is automatically assigned with "# β + 4 sequence number And establish a unique identification code by linking the I number with the calendar number. In step (860), the signature calculation is performed by the cattle record, and the record value is entered into the record using the private value of the currency: The straightforwardness of the record for the 5th Hais is in the step of apricot entry (870), which completes the whole increase of one plant. After the table, the operation of adding A g to add and storing the medical record is required. The teacher needs to retrieve a patient's medical record file. At that time, you can retrieve the medical records contained in the Yuanzheng medical record file, and you can also retrieve the specific medical record data according to "7: 2 records and medical file layer records. When the contents of the diagnosis and treatment layer, the order number recorded by the treatment layer, and all the medical records of the 12: '# :: = 医 = You can get back the records of a specific diagnosis and treatment department. The right teacher needs to take a test and a medical document to print the medical record of Lu Yue. Also, ^ f 0 a, you have the specific information in the related case to obtain the medical record eaves from the identification code of the record 32 200535746 'Below, please refer to the ninth figure. In the present invention, when the physician needs to consult $ s $, implementation $ speak h _ —. Some patients' medical records of Xuan patients are recorded in the steps of (n cases, department, and firstly by reading the pain rate Θ), and in the step of (90 5) The result of the right test is incorrect. —Ma Jinzheng ’s test, selected in the step of I y 5 0), the manager and re-inspect the system to continue the system. Other related Yu, and Xianguan indeed 'then enter the step of (91), from the nine right "results are some related restrictions. 0 Healing Acupuncture Decided whether to attach the force "If the doctor decides to use the same medical record number as the main without additional restrictions: Budden (920), will be recorded with the medical file layer, all listed in the number of cattle in (925) The right doctor wants to attach restrictions, or subjects, and records the phase Λ according to the restrictions indicated by the doctor. # ° Records are listed for the clinician to choose the steps to review the date and time medical history file (1). The system then verifies the records that meet the doctor's requirements. The records of the doctor's records have been verified. If the doctors are not satisfied, the doctors will be notified to the administrator and re-yuzhen; t + person (95) records to find out which records are new. For other related diseases, enter the step of (94 (n branch nuclear change; if the test result τ,)), let the system enter + + county-based &correct; steps, if the J test result is not correct, you also need to enter (: The system must notify the management (9 5 0) of the record, find out which β and re-examine other related & find out which records have been unregistered medical records then enter ㈠ ... # 步 ％ Γ If The inspection results are correctly reviewed. At ζ 97fn, The selected medical record (970) steps are carefully entered by Yin Mo for medical treatment (98 (n), select the medical records to be reviewed for $ Coins v 980), and +5 After recording, g] XL ”,,,,,, and 5 of the medical record content UK, the present invention can provide a detailed description of the ancient valley of 41. The ability to record, # " Efficiently check any part% ^, It also has the flexibility to obtain medical records according to the specific medical records of the two known medical records. This 200535746 is shown in the tenth figure, which is the same as the second one. Plus,... Process flow. In the general writing process of '1 5 Jilu, it is necessary to add supplementary actions to the contents of the medical record ^ ^, the drama is not happening, but it is still necessary to design the mechanism to complete all of the preventive. _ The integrity and correctness protection problems encountered here, for example, let the diagnosis and treatment 嫛 warehouse ^ Table 7 ^ Teacher W added Zhuya in the patient's X-ray film file, and only the physician should have The authority of the procedure. In step (1_), the patient's medical record number is first entered by the clinician. ^ 0005) ^^,: List all the medical records with the medical record number as the main identification code. (0 1 0) Step 'The West Teacher selects the medical file layer records to be supplemented and supplements the data. However, the first step is to verify the authenticity check code of the medical record. In step (1G15), the system confirms whether the record is authentic or not, so as to recalculate the Λ of the medical file layer record. The information digest is used to check whether the recalculated message digest matches the Λ heart abstract stored in the record and to check whether the authenticity of the record is maintained. In the step (1 0 2 0), if the test result is incorrect, enter the step of (1 0 2 $), and the system actively informs the manager that the authenticity of the medical record is damaged, and re-examine other related Medical records to find out which records have been altered without authorization. In the step (1020), if the test result is correct, then enter) spoon V to establish a new medical file layer record, the record user; store the medical history data to be supplemented. In step (105), the physician uses the medical document layer record generated by Liyi step to write the inner valley that needs to be supplemented or annotated. After writing 70% of the supplementary information, he enters the step (1 0 4 0). "The coin issued an instruction to store the record, and returned the system operation right to supplement the private order in the medical record ', and then completed the subsequent process. 34 200535746 • In step (1), "Copy the message summary of the original document to be supplemented with the information of the document layer, and attach it to the medical article storing the supplementary information: layer record. "1" stores the newly added medical records of supplementary tribute, which is related to the original medical records of the information to be added ^; the lack of relationship is established, because the added medical records of the supplementary information are supplementary records of the medical records of the original information to be supplemented "and this A supplementary information of the medical chef Bing I 5 can not replace the original medical record; the original medical record must not have been subjected to any changes. At 0050) step '"should be in accordance with the original medical documents to be supplemented with an orderly number 'Sequentially establish this order number for storing the supplementary record Γ layer records, so the medical file layer storing supplementary information. The recorded identification code, that is, the sequence of 4 y- /-, nrr Λ ΛΑ ^, / stop δ recorded recorded code according to the original supplementary information, can be added to the storage by following the steps in ("〇55). The content of the medical document operation information of the information to perform the calculation of the message digestion. A M Qola pulls the complete record of the message digest with the original information to be added to the Western Affairs document as the input during the calculation (1〇 6.) step, and then perform the signature calculation on the previous abstract with the doctor's private space, and dimension # and 亍 〇Λ heart step, will be counted and ... "The accuracy. In the step (1 0 65):" and pay The physician's signature is appended to the record, and the value of the signature is used as the authenticity check code of the record. β In the step (urn), to determine whether the record is 疋, enter the step of U 075), use the physician's default to increase the medical file layer that stores supplementary information 入 ^ enter the early private key, and recalculate the signature value ... The identification of the doctor's record in the diagnosis and treatment layer record of the ancient ”record is linked to a message summary-file layer _ Yin Zhongyue Cun Jiji, or only the message summary of each w record is linked to a temporary record, and then this Record 35 200535746-Perform a one-way Hertzian function operation, and perform a signature calculation with the clinician u. Then in the step (1 080), = the original signature value of the message extracted from the system storage by private input, that is, — The & seal value replaces the authenticity of the patient-level record and then the update of the patient-level record is required. At step (1 085), the protection seal of the patient-level record needs to be recalculated because it has been previously updated. Personnel records' because each patient-level medical record of the patient-level record ^ ^ will also be a summary and sequentially link the code of each-diagnosis-level record to its message as a temporary record, or, only each ... Information summary Each—diagnosis and treatment ^ The information recorded in the file layer is one-way. This record is temporarily stored, and then the message digest is protected by a seal operation, that is, the authenticity check code of the secret institution's record of the treatment institution. The security seal is used as the step of the disease in (1 0 0 9) instead of the stored work. If the information of the supplementary medical record is taken in the step of (1G70), it is judged that the record does not belong to the record, then directly enter Step (1 085), repeat // //, 0; ', the patient layer record of the medical file layer record 3 = force, store supplementary information as described. In the step (1 0 0 9), the previous step " 2 The original protection is stored in the system storage in a different way; the security seal ': replaces the complete supplementary medical record of Er Cong), and replenishes: ::: a new medical document You can use the method of adding supplementary information to the original record in addition to the method of storing supplementary records. You can use the method to add supplementary information to the original record. Within 'will be supplemented by funds under construction When the electronic medical record system is established, it is 'inside the storage field', so 'required storage field' will add extra 'type' medical records to the storage device, which will cause additional system load. * Even if there is no need for a null value stop, in addition, it can also be achieved by using the supplementary formula, that is, the original design that does not add people to the medical record—the medical document layer, is regarded as a complex oral formula. The structure of the lowest-level I-level record of the file has an added value; ::, becomes a fourth-level member record that can be added to the fourth-level level, and will add :; Yes, you can create-a lack of sufficient medical records Part of the function. " Save this file to achieve the addition of a new fourth-level record in the calculation. A record of the additional supplementary information ::: 'is due to its upper-level record. In order to incorporate this-the newly added record into Ling He # The content of the secondary record of the original record must not be changed to link the information of the upper record with the summary of the fourth miscellaneous "recorded message. Check / continuously perform calculations early, if the record that needs additional information belongs to—the check code of the new diagnosis and treatment layer record: 0, the treatment layer record, then the message summary of the four-level record, and the blood will be obtained from the previous calculation. The summary of the first message is linked into-temporary storage; said § number calculation of all member files in the record, using the physician's signature private rest = save the record to perform a one-way Hexu letter to issue a new digital seal value 'to sign The value replaces the check code that was stored in t:… to-that is to complete the update of the check code of the diagnosis and treatment layer record. The system's signature value '37 200535746 Then updates the message c check code of the patient and diagnosis layer record; Ordinal function operations, — temporary storage records, And it performs the function of protecting the seal ^ the secret money of the treatment institution "to obtain the one-way hi-sequence protective seal, that is, the protective seal generated by M replaces the original information stored in the record I ^ move an additional information operation. When the bran,: ,,, and 杳 code belongs to the “patient level”, the disease is directly proceeded: the medical records provided by the widely needed supplementary invention can also be based on the needs of the 'level to meet the level of use or management = The number is expanded to more layers. Although supplementing the medical record +-elastic function so that; = content and non-normal events', but still need to provide this demand, farmers, = teachers can complete the supplement in accordance with the regulations "must be supplemented Into the gas: the requirement of the two combination is that the original record can not be changed and it is not allowed: 7 ^ Refer to the implementation of the current electronic medical record system. / ... control over sub-authorization authority, to achieve in a way that does not provide any function to modify the existing 4; Cantonese coins have the flexibility to supplement relevant information, allowing physicians to target The part that requires ": total%" adds the function of descriptive text, and it does not provide the function of deleting the original disease: Ren Mingzhi-part of the content. Therefore, if the physician needs to supplement the medical record information, he can only update the updated information in the newly added medical documents, and he needs to record the medical documents to be supplemented. Φ L To be included in this signature calculation, and responsible for their changes, the original data has not been modified; in addition, this supplementary function should be performed in the latest medical record data. This is because It is an unreasonable design to give doctors the ability to modify the medical records of the past, so it can be used in the system to "restrict the limits 38 200535746 conditions" to prevent such situations, although the "k • like mechanism still cannot prevent the establishment of _ ^ ^ In order to supplement the erroneous information, when the occurrence of the animal, the information after the supplementation of the original medical record data and the physician's signature can still be obtained from the medical record stomach: early conversion to clarify the responsibility. ", And the correct system manager of the Western System said in the general records of all the medical records in the medical record system

It may be a frequent operation, and the most direct two: inspection: This kind of inspection is very convenient. It is performed by examining the records of the mother's injury and medical records in the system. Because the method of this issue of Sun and Moon '-^ ^ ^ ^ ^ ~~ Ming has designed a copy of ^ Zhitian Muha to have a two-level structure and can be combined with medical machines; ^ Λ 苏 俨 安 Ｍ management and operation, so in = The organization's medical record = mother: the records of the transfer layer and the patient layer of the patient, as shown in Figure 11 below. In the step of (1_), the system manager issues a test to check all the medical records. The electronic medical records of each patient are checked in order according to the referenced medical record number, that is, the special patient's All the medical record records are retrieved and checked one by one. In the step (111 〇), each medical file layer record in the ^ patient's medical record file is firstly entered into a check code to check the operation. The method is to record a new summary of each message in the medical file layer, and then the system retrieves the public key of the person who performed the signature calculation, and uses this public key to restore the medical record stored in the system. The signature value recorded in the file layer is compared with the obtained message digest and the λ * heart_required value in advance to determine whether they are the same. ^ The two right message digests are the same, then repeat (π 1 0) Steps to complete the examination of the patient's all-level documentary records; when the two are found to be different, enter the step of 39 200535746 -⑴40), and the system actively informs the administrator for subsequent processing. The steps in (1 1 1 0) are completed, and it is judged that the authenticity of each event level record in the medical record file has not been destroyed, then ⑴2G) ^ is performed, and the step-by-step = each diagnosis and treatment in the medical record file The inspection method is the same as that of the above-mentioned 'Make the medical doctor openly check the sound of the diagnosis and treatment for which he is responsible. If the test is correct, repeat steps 20) to complete the diagnosis and treatment of the patient. Inspection of layer records. When the inspection result is found to be incorrect, step 40 ') is notified to the manager by the system for related processing. The steps in (U20) are completed, and it is judged that the medical record is straightforward, and the Weng private points, the V treatment layer and the human layer ㈣H will enter the person (U3G), and the disease " W-code inspection operation is performed. The test method is to recalculate the message summary of the patient layer record, and then to access the unique secrets it possesses; seal: value, 'restore 1 gold balance to restore the information of the patient layer record stored in the system. The digest is compared with the pre-calculated message digest value to determine whether they are the same. If the digests are not the same, proceed to ⑴4. ) The steps are the same, then follow-up processing is performed immediately by the manager; when it is judged that the two are related to the inspection work, the emphasis is on the following: the patient's medical record number is subjected to the same inspection process. After the inspection of all medical records is completed, you can complete the entire medical record file due to a disease φ Μ 事 侔 展 + ~ to complete the examination of all the patients that belong to the patient, in principle, and in principle, in principle, As long as the records of each medical file layer cannot ensure the true maintenance of each medical record file, however, in this way, the order of the diagnosis and treatment layer records into the gate should not be broken, so, "", ~ ^ We follow each subordinate record in the diagnosis and treatment layer 40 200535746 • The sequence of the recording room and its management implications ~~ The clinician is responsible for the functions of the individual mosquito diagnosis and treatment process; and the examination of the patient layer records, then The function to maintain the integrity of the entire medical record file and the order between each subordinate record /, In addition, the various operating methods 7 of the medical record records proposed in the previous sections, explain that an identification code must be established for each medical file layer record. + y has been used ". Therefore, a more accurate test method can be applied to the identification method as a part of the verification code of this Putian seal. m Tian Yu Clinic! The xiangxiang heart check code is a summary of the identification code linked to each medical record of the subordinates that it subordinates. It becomes a temporary record and then counts *. The check code of the factory and patient records is determined by each subordinate of the subordinate. The medical document's identification number is linked to the digest of the message, and the identification number of each record in the diagnosis and treatment layer is linked: calculated from the abstract 'and then sequentially linked to each other to form a temporary record. Therefore, the two diseases: the truth of the case , Can be compared in advance: the identification code between the files, by the identification code inspection ^ Η ^ ^ β Ran to the parent side of the file layer records of the direct inspection, you can complete the entire inspection work. The retreat really contains two aspects of the present invention-those who can explain the content already described ... high: /, the method of applying the body, and the method of implementation of the present invention is well known, so Tian Zhikai's different expressions and The application, the innovative method of the machine, the application ... see the extension of the invention. The electronic detailed system, equipment and objects should be regarded as the present invention. 7. Execution efficiency In the description of the composite electronic identification code to explain the medical record layer medical record record structure, the application of the use of records into the diagnosis or treatment layer has been proposed. Fang 41 200535746 Law. In this section, we explain a feasible method for forming the four different codes, and the corresponding storage method or _ ^ formula of the record check code.凊 Refer to Annex I. Part A in the annex is used to explain the identification code recorded in the second right of a medical document in the system of seven μ ^ under the two-level composite electronic medical record structure and the record. Of the check code. 1 Φ, /, The identification number can be a unique serial number recorded on the patient level (for example, the patient's medical record number Shi Min, Tu ^ $ m 码 code) 'linked to the order number of the diagnosis and treatment level record, and then linked to a medical document 屛 ,, The first and second layers consist of ordered numbers.承 前段 'Please refer to B Qiu / Ba in the attachment. ^ ^ ^ Β 邛 Injury, this table is used to show a system using a two-level composite electronic medical record structure, to establish a medical affairs # identification number of the sound record A feasible implementation rule of m, ^ r Λ. ^ Is the identification of the record of the affair file, and the pro-only serial number is connected with the sequence number of the record to meet the function of identifying the record. 3 Ordered bluff codes. And part C of the annex is used to explain a storage structure of ^ ^ a first layer, and a compound type 5 electronic medical record. The system must be broken into storage space; it is used to record information-^, δίι, and the identification code recorded in the diagnosis and treatment layer is

It can be composed of the only record recorded by the patient layer, and the check from Ding Yue]. In order, Qianlian, 纟 α are part of the ordering number attached to the diagnosis and treatment layer. Part D in the annex indicates that in the structure, a patient's session "" and the next layer, "and" Tunzi's medical record record rack ~ the year's recorded ID " And checksum storage architecture. The identification code recorded on the patient level can be the patient's unique serial number. To construct the patient, in the alpha attachment, the fields that store the check code are all stored-a value "I. The value series can be a series of values, in hexadecimal or hexadecimal form: method, or octal, Ten indications. Illegal, and the check code in each table is based on the decimal system. The designer can choose not to record the knowledge of each layer. However, in the second v research, it can still provide enough The function of authenticity protection, if any records in the medical records are deleted, the calculation is effective. It will be better to use the implementation method of storing the identification code at the same time. This is because although the system checks the household records, & When the authenticity of the record is recorded, no matter how it is operated, all records need to be re-examined: the system of the law, only Γί :: ;; delete all, make the record identification code ^ find out which record is subject to Destroyed quickly — it's' filling the unused storage record identification code, ^ ^ ^ conclude each member's record, and then-Dasao Zeng,-human fighting ... "Ji Jiu" must reconnect the composite record to be broken : ... check the code to find Finding potential errors: This sub-second factory conducts inspections of member records. Case, Chu Cun. Recorded identification code is a better implementation. 4 'Accessing the patient's medical record code (patient-level Only the patient's medical records are addicted to some restrictions, such as taking the entire medical record file back or adding additional, etc., for example, the attending department, the treating physician, the visiting date … In addition, the history records in column ^ are retrieved and provided to the clinician for judgment. The value string Λ is stored in the check code, and is stored in a number string. / Double-valued string can be-one or sixteen ^ ^, No>, can also use octal, ten tabulation, and the check code in the figure is expressed in decimal. The system is as true as possible! The system designer can choose not to keep the identification code of each layer of records intact Sexuality and correctness. The present invention can still provide the desired accuracy of the medical record content is destroyed. * * Find "the integrity and correct method of recording, aa ^, the rate of foreign affairs' will not be as good as storing the identification code at the same time. Enforcement; when the recognition of the completeness and correctness of records is not uniformly checked Although the answer is no matter how old or bad, each one of the 'operations' needs to re-check all records. Shipping records of members are destroyed or even completely deleted, using 43 200535746. Method of storing record identification codes System, just in the order, you can quickly find out the method of recording the § self-recorded identification code in: record the identification code, you must re-connect each unfinished, and then further success :: now the composite record Accepted by ancient Wu. W 屮 '' 彔 才 双, ^, to find out, both y-ren °°, 'storage record identification code is a better implementation. The composite electronic medical record operation mechanism is used to make the operating efficiency of the system return. The mechanism is the most obvious. Therefore, the quality of the rate is better when the file is changed. There is a better example to illustrate the invention. The file rack mentioned is more dry: the eleventh and the thirteenth pictures of the younger brother are added to the title, which is not the changed asset'1, and the picture of the titanium case. (The birth doctor must now be in the patient's record) Enter a medical record) (ie, a new storage is added to the records of the diagnosis and treatment layer; so he only needs to store the digital data of the diagnosis and treatment layer into the record of the medical and western affairs layer and save the x-ray film ( 1301)) Perform the "," and then add the new X-ray film (checked in the twelfth picture: Mathematics: Abstraction with digital signature and digital signature), and store the recorded medical documents in two layers. The 'in the device' will be indicated by the map belonging to the diagnosis and treatment layer) as follows: the 4th code of the temporary 2nd is linked with the message summary (the temporary record with (1 302) is re-recorded (labeled in the twelfth figure ( 13〇3)), and (1305)), and then Litian ° ^ β rural medical records of the message summary (the twelfth figure in the twelfth figure (1330 digital signature method of cryptography method to calculate ( The first integrity and Zheng Wei. 'The protection of the changed single-diagnosis layer records can be protected. The first one is because the diagnosis layer records have been modified, and then the disease 44 200535746 person layer records must be updated immediately. Heart) check code of the medical record (13th figure (1 4 0 1)) (here the rabbit > thin seal) and then record every medical file in the patient layer & 1 The identification code of the treatment layer S record and the message summary (the temporary check code of the record) are ligated (represented by 1 / n Q — 乂 (1402)) to obtain a temporary record (Figure 13 Ling, Shir Di) 'Yi Juyi's message digest of the temporary record (Figure 13 (1 405)) is the summary of the message of the main birth at the A site, which is enough to represent the patient level record. The poor version of the formula fork code method and Shi Buzheng's male code method operation (label (1 406)) (1407) in the thirteenth figure can update the check code of the entire patient layer record (thirteenth figure In this way, the integrity and correctness protection of the entire medical record can be achieved. As can be seen from the foregoing description, the document structure proposed by the present invention When supplementing the contents of medical records, only a small amount of integrity and correctness protection calculations are required; of course, it is not reasonable for medical staff to make changes to existing medical records, but to provide medical staff with supplementary medical records to make them more detailed The present invention still proposes an implementation method for the authorized person to operate the existing record of supplementary information to be explained, without destroying the integrity and correctness of the medical record, but it must still be set by the system. The latest method is to give birth to the medical records. The supplementary method is to first add a new medical document layer 5 for writing supplementary content. When the check code of the record is different, the record will be recorded. ≫ The combined message summary of the original Sfi record to be added to the Sfi is used as the input value of the check code operation function, and the generated check code is used as a new check code for supplementing the medical record. Then it will be described in detail with an example. ， V α π 'presents the patient's medical record with-a hundred times of consultation and office records, that is,-one treatment level record' hypothesis that the internal diagnosis and inspection are included in the records of the diagnosis and treatment levels of the mother. The report and the X-ray film, if the most y, ^ 177 quarantine treatment layer records 45 200535746 x-ray film need to be annotated. In the present invention only need to add a new one for writing supplement / C In the calendar storage structure, record and store the required X-rays: add the content of the annotations to the medical file layer of the protozoate and establish the medical check-up code, and update the check-up code that represents the diagnosis and treatment layer: Edit the check code of the diagnosis and treatment layer record in the preparation, update the patient layer record = first = = recorded check code 'and update the disease check code in the system storage device. The assumption of the π eight shield record is made by the SHA-1 Hertz function. Digest for the message = To occupy only the plan ..., and the identification code to account for "":": A mother's injury to the West is recorded in its original size. KK Xinduo wants to get a binary value of the blts length for each of the different sub-groups, so the diagnosis layer file only needs to be (160H00) x4 bi ts (the linked identification code and message summary, the size is 丄 and ㈣ bits, such as (1 303)) in the twelfth figure to calculate the message summary, and other medical records that do not need to be annotated need only use (160 + 100) x3 bitS (the linked identifier and message summary). , The size is 78〇M ts) to calculate the message digest; similarly, in the operation of the check code recorded on the patient level, only (160 + 100) x 100 bits (the linked identification code) And the message summary, with a size of 3.2 KB, as shown in the thirteenth figure (1 403)) to calculate the message summary of the medical record file. In addition, from the above description, it can be found that the file structure proposed by the present invention also has very high efficiency in error checking. Because the system storage equipment, the identification codes of medical file layer records, diagnosis and treatment layer records, and patient layer records are stored. And check code, so when the data is missing or wrong, the abnormal part can be immediately compared with the stored identification code and check code, without the need to check through additional processes or calculations, which is relatively reduced. System load, improve overall efficiency 46 200535746 = energy. Next, the operation mode in the document structure generally used for generating will be discussed, and the details are as follows:; ::: Method based on the code operation method of the present invention. Describe the inspection adopted by the present invention8. Suggested check code technology The composite electronic-level document protection measures proposed by the present invention will design a document: record structure to design a separate file to be stored in the medical document layer and the diagnosis and treatment layer The content of OR = is divided into three levels according to its own level. Therefore, the code is protected by code checking, and the basis of integrity and correctness is protected. The check codes with different meanings are stored in the medical document layer records, including the medical records written by the doctors, and the medical records of the early morning medical records, including the inspection report, because each medical record; For this reason, in order to protect individual medical personnel with the identity identification function of the check code technology pair, it is necessary to achieve this by law :: pair code method and well-protected symmetric password. However, under the current medical system, Digital Voucher for Medical Use 2: The basic environment has been formed. All doctors, medical staff and "sentences have representative positions or personal identities and have the ability to digitally sign and sign. =: Vouchers-physician card, medical staff card and health insurance 1C If the card is to be spent again: the external cost is used to build and manage a symmetrical surplus environment, which is definitely not the correct test. Therefore, the inspection team used to protect the integrity and correctness of individual medical records will use sfl information. The abstract works with digital signatures, as shown in the fourteenth diagram D ^ 47 200535746 In the records of the diagnosis and treatment layer, the gates in the course of the diagnosis and treatment are stored ("· Medical records or hospital admissions The contents of the event record (150,000), the householder said: After: individual medical records are protected, they must also be protected, and the heart 2. The relationship between daggers, that is, the medical records that protect a complete single diagnosis and treatment process i σ has been recorded. Therefore, the present invention will be sufficient to represent the individual message summary and the || egg and 硪 code, which are connected in the order in which they are arranged inside the record (with a chart of (1 5 〇1)). Gan η, ΠΟΛ ^ 7 (not expressing it), a temporary record 02) 'then calculate the message digest (15q3)' find a message summary (15〇4) that is sufficient to represent the entire medical history of the diagnosis and treatment process And again to the required cryptographic protection. After taking into account the technology of stream coding protection during the doctor's consultation, it should still be a digital signing activity. All relevant doctors have read all the reference information in detail to still use the message summary to protect the medical process at this time. Fourteenth figure. Privately, the seal (15 0 7) used by the diagnosis and treatment layer records, because the complete consultation 5 has been included. Therefore, in order to indicate medical reading and take responsibility for the entire consultation process, the digital signature of the division, Reaching the entire diagnosis and treatment. Then, the above-mentioned message summary of the diagnosis and treatment layer record which is sufficient to represent the medical record of a single diagnosis and treatment will be combined with the medical record layer of the existing patient layer record. The message summary is linked to the identification code (represented by the figure of (1601)), which is a temporary record (1602), and it is used as the calculation source for calculating the message summary of the patient layer record, which is sufficient to represent the patient The medical records at the medical level and the records at the diagnosis and treatment level are all one-to-one, the patient's complete medical records—a message summary; and the custodian of the medical records is the medical institution 'after considering the hospital's processing process and medical record protection needs It can be found that there may be two methods for the protection of a complete medical record: the first method is to protect the medical record with a unique symmetrical key 48 200535746 * Run t. The second method is to use asymmetric gold-medical records for signature calculation. In the first case, the medical institution can use the key management system. Only the internal medical record management f needs to establish an additional symmetric golden secret balance, and use the secret financial record to treat the illness ^ and protect the t —'S (1 60 7) 'It is attached to the electronic medical record and encrypted to obtain a protective seal, such as the integrity and correctness of the file, as shown in the figure below. In the second situation, due to the current public key environment, medical institutions have built exclusive: they need to use the money to add money to their medical records, so they can exchange the keys used for information. Separation can also be in addition to: Yunbi 'if you want to register another _ copy of the gold dedicated to the signature _ = used in the transaction center to register the voucher calendar management system in the environment. 3. Diseases applied to medical institutions The following table lists the check code technology on the list. Enhancement § The recorded protection requirements are divided into the medical code records of the medical code and the mutual protection standard iL II-one-to-one " ^ 's check code and individual medical records-^ -----__ l # + AA t — one-to-one · The poor information in the table can be found that the 诂 m-horse technology used in this patent can be roughly divided into two categories. It is generated by Meng Ming, such as in the previous paragraph, ,,, and calculated by key, such as Jl # + seal and digital signature. A w The protection code PD in the table above, using a key other than the key to calculate the production bucket and identifying the horse can achieve the required 6 housekeeping verification of π positive and correct protection and calculation is fast, however, 49 200535746 The method of calculating the check code generated by the price reading can be obtained and used by anyone, which can not achieve the function of separation of powers and responsibilities: It is a medical responsibility to use a check code produced by Jin silk ^ a々 & ^ ^ r ^ It is for the ancient people to yield. In order to summarize the above-mentioned description of the calculation effect of the check code generated by the key, in the present invention, Tai Shiyi, in the present invention, the inspection stone horse of a single Western affairs record stored in the medical document layer. : "Summary of the information at the event file level-the signature of the doctor or the medical staff on the piece of document. 丨 The stored one consultation 瘆 屛 jealous person αα π the wind β treatment layer ^, Zhi Renzhong々 the entire record of all medical file layers & Check the code, you need to use every _ H Segu to arrive ^ i Caihuan as a temporary record of the identification number of the record i and the message summary link digits] Zhang Yun the message summary calculated by the temporary record through early reversal ^ The doctor's signature of the requested document was reached. However, in the operation of the patient layer, only the medical institution keeps the disease film ㈣ "the physician or the medical staff is responsible for the identification number and the message summary of the staff record, and the message summary belongs to the patient layer. Computational tasting ... For the temporary storage of 5 records and use of medical institutions to adequately record ^ ^ ^, t ^ V; ^^ ^ ^ ^^ recorded trout · ^ L transport ΤΓ to achieve the efficiency and security of the whole injury medical records To the advantages of using the check code technology, you can also take into account the operation and treatment layer i: In the structure mentioned by = r, to ensure the integrity and correctness of the diagnosis in the medical record, the use of [... After completing the message digest method, the '° identifier and the message digest are recalculated to ensure the overall accuracy. ^ &Quot; The $ layer and the diagnosis and treatment layer perform overall integrity and correctness. In this way, you can significantly reduce the 50 200535746 misfortunes when obtaining the message summary from the medical record. Therefore, when using this composite record's data integrity and correctness protection method combined with the composite electronic medical record structure, in addition to providing better protection of the electronic medical record, it can also achieve the function of separating the power and responsibility of medical behaviors. [Schematic description] The first figure is a check code calculation method of the present invention. The second figure is a three-layer composite electronic medical record recording structure of the present invention. The third diagram illustrates one embodiment of the present invention for calculating a check code sufficient to represent a record of a medical treatment layer. The fourth diagram illustrates one embodiment of the present invention for calculating an examination code sufficient to represent a patient level record. The fifth diagram illustrates one embodiment of the present invention for calculating a check code that is sufficient to represent the records of the clinic. The sixth diagram illustrates one embodiment of the present invention for calculating an examination code sufficient to represent a patient level record. φ The seventh diagram is a flowchart illustrating a feasible implementation scheme of the present invention for establishing a new medical record file. The eighth diagram is a flowchart illustrating a feasible implementation scheme of the present invention for establishing a medical document layer record. The ninth figure is a flowchart illustrating a feasible implementation scheme for retrieving / reviewing the contents of the medical records of the present invention. The tenth figure is a flowchart illustrating a feasible implementation scheme of the present invention to supplement the information of a medical record. The eleventh figure is a flowchart illustrating a feasible implementation scheme when the medical institution of the present invention periodically checks all electronic medical records. The twelfth figure illustrates changes to the diagnosis and treatment layer records when the present invention supplements the contents of the medical records. The thirteenth figure illustrates the changes made to the patient level when the present invention supplements the contents of the medical record. The fourteenth figure illustrates the recommended calculation method of the present invention which is sufficient to represent the check code recorded by the diagnosis and treatment layer. The fifteenth figure illustrates the method of calculating the referral code of the present invention which is sufficient to represent the patient layer record. Attachment 1 is a schematic diagram of the storage structure of the record identification code of the present invention. [Description of Symbols of Main Components] (1 0 0) — a composite document (1 0 1) (1 0 11) a member document of the composite document (10 2) composite document identification code (1 0 3) compound The check code (1 0 4) of the formula file is the two expressions of the check code calculation method Φ (1 0 5) represents the function (1 0 6) that calculates the check code of the compound file, which represents the check code of the nth member file ( 107) represents the member file number, 11 = 1, 2, 3, ... (1 0 8) represents the check code of the entire composite file (1 0 9) represents the temporary check code of the nth member file (2 0 0) Patient level record (2 0 1) (2 0 1 1) — a medical file level record (20 2) (2 02 1) diagnosis level record (20 3) (2 0 3 1) identification of the diagnosis level record Code 200535746 U〇4) (204l) Clinic layer records (205) Patient layer § Recorded identification (20 6) Patient layer records picking (30 0) (300 1) Clinic layer ~ horse records (3 0 1) Will every medical affairs 9. The second temporary result from the link of a medical document layer (302) in the middle and the middle = the signature link (303) of the record. The inspection (304) of the diagnosis and treatment layer record represents the time axis. (400) Patient-level records: the sequentiality of non-member records (40 1) (40 1 1) Patient-level medical records layer records (402) Link each medical affairs ". A record of the diagnosis and treatment layer records in the recorded record (4 0 3) is linked to the service layer § have recorded and the diagnosis and treatment layer records # 存 Storing records (404) The examination code of the patient layer records (405) represents the time axis, the standard plant:. i record Mo Shi ,,, 0 (50 0) (500 1) the sequentiality of the τ member records of the diagnosis and treatment layer (50 2) a medical document layer (503) linked from each medical record H record The identification code of the record and the seal and the J Fei record (504). The check code (505) of the diagnosis and treatment layer records represents the time axis, and the sequence of the records in the patient layer records (6 0 0) (6 0 1) (6 0 1 1) Patient level, has: a copy of medical affairs document level records (60 2) A medical treatment level record of each medical affairs document is displayed and the examination code is linked to S. Temporary record (604) generated by linking recorded and diagnosis layer records (604). Examination of patient layer records (6 0 5) represents the timeline, and marks ~ ... (70 0) establish a medical member record. Sequentiality_Another layer record, 53 200535746 (7 1 0) Fill in the patient's base material (7 2 0) Store the medical file layer record (73 0) Create the identification line of the medical record number record to protect the seal calendar file Check (74 0) the medical record number linked with an ordered number as the code (75 0) and use the system key to perform the operation on the medical file layer record (755). Use the protection seal value as the check code of the record (7 6 0). A copy of the above-mentioned protection seal value is used as the disease, # 查 码 (770) successfully created and stored a new medical record file (80 0), established a medical file layer record (8 1 0), wrote a diagnosis result (8 2 0), and stored a medical file layer record (8 3 0) Is it attributable to a certain medical record? (840) Select the diagnosis and treatment layer records (8 4 5) (8 50 0) Establish the serial number (86 0) The physician has successfully saved the record signature φ (870) and saved (9 0 0) reads the medical record number (9 0 5) medical record file Is the check code correct? (9 1 0) Are there any restrictions? ? Other related (92 0) Obtain all medical records (925) Obtain the required medical records (93 0) Is the check code of the medical file layer record correct (940) Is the check code of the medical layer record correct? (9 5 0) Notify the system administrator and re-examine the medical record in the system 54 200535746-(9 6 0) Display the medical record (9 7 0) Select the medical record to be reviewed (98 0) Display the selected medical record content ( 1 0 0 0) Enter the medical record number (1 0 0 5) List the medical record according to the medical record number (1 0 1 0) The doctor selects the medical file layer record (1 0 1 5) to add supplementary information to check the medical file The integrity and correctness of the layer record (1 0 20) check code is correct? (1 0 2 5) Notify the system administrator and re-examine other relevant medical records in the system (1 0 3 0) Create a medical file layer record for storing supplementary information (1 0 35) Write supplementary information (1 0 4 0) Store the medical file layer record (1 045) The system appends the message summary of the medical file layer record to be supplemented to the medical file layer record of the supplementary information Φ (1 0 5 0) supplementary information as desired The serial number of the medical file layer record is established in sequence (1 0 55). The message summary of the medical file layer record for writing supplementary information is calculated (1 0 0). The private file of the physician is used to record the medical file layer record for storing supplementary information The message digest is used for signature calculation (1 0 6 5). The signature value is added to the record as a check code (1 0 70). Is it stored in the diagnosis and treatment layer? (1 0 75) Recalculate the seal value of the diagnosis layer record (1 0 8 0) instead of the seal value originally stored in the system (1 0 8 5) Recalculate the protection seal value of the patient layer record 200535746 (1 0 9 0 ) Instead of the original stored in the system (1 0 95) successfully stored (1 1 0 0) the system will take out all the medical records of a patient according to the medical record number for inspection and protection seal value

(1110) Medical file layer records (11 2 0) Inspection of medical records (11 3 0) Inspection of medical records (11 4 0) Notify the system administrator (1 3 0 0) — a copy of the records of the medical layer (1 3 0 1) Is the check code of the changed member record correct? Is the horse right? All member records for subsequent processing

(1 3 02) A graphic showing the “link” function (13〇3) The joint value of the identification of the stone horse and the message summary of each member record (1 3 04)-a check code calculation function-a one-way Hertzian function (1 3 05) enough to represent the message summary of the diagnosis and treatment layer records (1 3 06) — a kind of check code calculation function — digital signature method (1 3 07) represents the obtained check code (digital signature) 彳 (1 4 0 0) — all member records (1 4 0 1) in the patient level records are changed (1 4 02) (1 4 03) (1 4 04) (1 4 05) (1406) means “link "The function of the ID of each member record and the connection value of the message digest a check code calculation function-a one-way Hertzian function is sufficient to represent the message digest of the patient layer record a cryptographic algorithm (1 4 0 7) represents Obtained check code (protection seal) (1 500) — all member records (1 50 1) in the medical record (1 50 1) The icon (1 50 2) of each member record And the value of the message digest 56 200535746 • (1 5 0 3) —A one-way Hertzian function (1 5 04) is sufficient to represent the diagnosis and treatment The message digest (1 5 0 5) of the digital signature function (1 5 0 6) of the asymmetric cryptography method (1 5 0 7) represents the obtained digital signature ( 1600) -copy (1601) shows the icon of the function of “unlinking” all member records in a patient-level record.

Face protection: Seals (1 6 02) each (1603) (1 6 0 4) is enough (1605)-the secret of the medical institution used by Marfa Jin Yu (1606) vs. (1607) ^ 57

Claims (1)

200535746. 10. Scope of patent application: 1. A data integrity method for protecting digital documents, including: 隹 1 combining multiple digital documents into a composite document;: combining the combined digital documents into the above-mentioned compound Documents = member files = check code for each-member Wen Libei file belonging to the above-mentioned sequential member file; &gt; 2 calculation-a compound file check code belonging to the compound file to store each member file above to provide individual Persistent memory is stored as a file check code; Check for a persistent memory space to store the above composite code ^ 'All member file check codes and composite files mentioned here can be used to provide verification Information is changed with more efficient data. I political sheep land debt test Asia to find out ► i &gt; applied for the protection of digital texts described in the first paragraph of the patent Qianwei: 70 "Methods of health and correctness, where 'unauthorized data changes Including the deletion of a member file without permission. —3. The method for protecting digital texts as described in item i of the scope of patent application 2: Integrity and correctness, in which unauthorized data becomes unauthorized. Adding new member documents with permission. As described in item 1 of the scope of patent application for the protection of the integrity and correctness of digital documents, where 'unauthorized data has been modified without permission, Contents: 5 As stated in the first patent scope, the method used to protect the digital sequence k is protected by the document, the more inclusive, the more inclusive, and the more inclusive 58 200535746 • Data integrity And correctness methods, where unauthorized data changes include unauthorized changes to the order among member files. 6. The integrity and correctness of data used to protect digital files as described in item 1 of the scope of patent applications. Fang Method, which includes: adding a new member file to the composite file; calculating the member file check code belonging to the new member file; providing persistent memory space for storing the new member file check code; updating the file Said composite document check code. • 7. The method for protecting the integrity and correctness of data of digital documents as described in item 1 of the scope of patent application, wherein a member file check code of a member file is calculated, including The following steps: Select a one-way Hertzian function to calculate the digital fingerprint value of the member file; use the signature private key in the public key cryptosystem to encrypt the digital fingerprint value to generate a digital signature; use the encryption obtained above The digital signature serves as the member 0 file check code of the member file. 8. The method for protecting the integrity and correctness of the data of the digital file as described in item 1 of the scope of patent application, wherein the composite file is calculated Check code, including the following steps: Calculate a temporary check code for each member file individually; The temporary check codes of all the member files obtained are aggregated into a temporary record; the above-mentioned temporary records are used to calculate the composite file check code. 9. Information for protecting digital files as described in item 8 of the scope of patent applications A method for completeness and correctness, in which a temporary 200535746 temporal check code for a member file is calculated, including using the aforementioned member file check code as a temporary check code for the member file. For the method for protecting the integrity and correctness of the data of a digital document as described in item 1, the temporary check code of a member document may be the digital fingerprint value of the document. 11. As described in item 8 of the scope of patent application In the method of protecting the integrity and correctness of the data of a digital file, the temporary check code of a member file can be a set of values composed of the digital fingerprint value of the file and its serial number. 1 2. According to the method for protecting the integrity and correctness of data of digital documents as described in item 8 of the scope of patent application, the temporary inspection of a member document may be the digital signature value of the document. … 1 3. According to the method for protecting the integrity and correctness of data of digital documents as described in item 8 of the scope of patent application, the temporary check code of a member document may be the digital signature value of the document plus the Its serial number is composed of two values. 14. The method for protecting the integrity and correctness of data of digital documents as described in item 8 of the scope of patent application, the temporary inspection of a member document may be the value of the protection seal of the document. I ... 15. The method used to protect the integrity and correctness of digital data as described in item 8 of the scope of patent application t, first, 7 / V ^ ^ ± Note Note, temporary inspection of damaged documents Ma can be made up of the value of the protection seal of the document plus its serial number: a value. . 16. The method for protecting the integrity and correctness of digital data as described in Item 8 of the Chinese Patent Application 'where' is to aggregate the censorship check codes of all member files into-temporary storage records, Including: Aggregating the data bits of the cardinal sex check code of all member documents into a set of bit strings: 60 200535746 According to each member document in the composite text 17 7. If the information in the patent application scope is complete The check code of the party member file for correctness and correctness includes the following steps to select a one-way Hertzian function value; the order arranged in the file is used to generate the link. The item described in item 1 for protecting digital files, wherein the step of calculating a member file is as follows: The digital fingerprint for distinguishing member files is used to check the code. The above-mentioned digital fingerprint value is used for the protection of the digital file as described in the member file check item of the member file. Calculate the digital fingerprint of a member file that is derived from a different member file. The method of completeness and correctness, the file check code, includes the following steps: Select a one-way Hertzian function to use a symmetric dense Shima μ 1 value to generate a protective seal / ... "㈣ Encrypt the above digital fingerprint code. Use the above The protection seal is used as the member file check of the member file. 19. If the scope of patent application and the correctness of the protection method, the composite document check code of the electronic medical record data integrity, including the following: using the temporary storage Records to calculate the following steps: Select a one-way Hieroglyphic function to the value; Use the digital fingerprint value in the public key cryptosystem to calculate the digital fingerprint of the temporary record to generate a digital signature. 佥 Early private key Digital signatures and inspection codes generated by the use of encrypted temporary records. ~ Μ compound files of the following 5 files, 20 Patent application scope No. 8: Method for protecting the integrity and correctness of digital documents 61, 200535746, in which the composite document check code is calculated, including: columns ... temporary records to value; choose a one-way The ordinal function is used to calculate the digital fingerprint of the temporary record. The above digital fingerprint value is used as the check code for this piece of work. 彳 Thousands of compound texts 2 1. As described in item 8 of the scope of patent application, the method of data integrity and correctness Among them ,; the calculation of the two digital files differs from the combined file check code, and the next step is to record the next one / ΓΊ 卩. The steps include the following steps: k Choose an early Hertzian function for evaluation; The digital fingerprint of the different temporary storage records uses the &amp; value in the symmetric cryptosystem to generate a protective seal; `` Catch the key to encrypt the digital fingerprint. Use the above protective seal as the check code.。 Dry k-combination File 22. A method of storing electronic medical records. The electronic medical care records of farmers are combined and the care process is derived from a higher-level, multi-level structure. Individual brother level and at least the other 7th, and the combination of wooden structure literati 2 3, such as the patent application scope No. 22, * 〇 method, in which the composite document of the person ^ &quot; &quot; storage In the two-level structure of the electronic medical record, a copy of the first: 0, the wooden structure can be a two-level; here the first-level document is an individual electronic medical treatment in Puyi therapy and related information. It refers to the collection of all the flutes of the same patient-5 Jilu, a second-level document. , 24, as described in the 23rd Patent Application, which includes: 'The party that stores electronic medical records is each first-level file # file K solid file identification code; 62 200535746 is Each patient designates a patient-level file can use a patient's ^ 1 code. Therefore, each-treats a file of a first-level file as its identification code; when a first-level file is a certain ~ 4 horses added to the file of cattle protection records, and added this patient identification code to the ...-an electronically provided memory space of the patient to store a level file; the first level file of the identification code. 77 Attached Document ID Second The 22nd method of Xun Jiaqing's patent scope is placed in the storage electronics of Φ, Xi, and Α τ 疋. In the structure of the electric file hierarchy of the composite file collection, the first and second files can be three layers and related information ... The file refers to the individual electronic medical care records of the record-position "" glycosides. The collection of multiple copies belongs to the same patient and the 77-g .6 ,..狂 A. It's a compound file;-a set of first-level files that all belong to the same patient: a compound file composed of files. j 26. The method as described in item 25 of the scope of patent application, which comprises: two children's disease designating a file identification code for each first-level document; specifying a diagnosis identification code for each second-level document ; Specify an identification code for each patient, therefore, every one document can use the identification code of a patient as its identification code; add a file identification code of the first-level document to the file as a A first-level document is an electronic nursing record of a patient, and the patient identification code is added to the first-level document. The medical photo and patient history are the three medical documents. If the first-level document is a member of the second-level document, then the diagnosis and treatment identification code of the second-level document is added to the first to the middle; S second-level, &amp; 医 照 i Chengcheng &amp; Document 63 200535746 Provides memory space to store 1st level documents with attached Document ID, Diagnostic ID and Patient ID. Identification Law 27. The foundry electronics as described in item 24 of the scope of patent application, which includes: · Retrieving according to the document identification code-a first-level document; Retrieving all the patient's first —Hierarchical documents. Retrieve the hierarchical documents that belong to the patient and the restriction conditions according to the patient's identification code and restrictions. The so-called restriction data can be: hospital period, outpatient time or visiting department. 28. The method as described in item 26 of the scope of patent application, which includes: <The party who misstored the electronic medical record retrieves a first-level document according to the file identification code. • The return according to the diagnosis identification code belongs to @ 一 ， 部The first level files of the · All the level and level files are retrieved according to the patient's identification. All the first level files of the patient are retrieved. According to the patient identification number and restrictions, θ 'Constraints M-level, files, this The premises may be in hospital and meet the limit of the period, material room or visit ^. The hospitalization can include 2: 9, a method to protect the integrity and correctness of the electronic medical record data. A composite electronic medical record related to the disease; 蜃 ..., record combination is a combined electronic medical care record constructed as ± if; ^ person * + sequential member record of the medical record; restructured as a top-cut electronic. Calculate the check code for each record that belongs to the above sequential member records individually; use the check records for all member records obtained from the above calculation to calculate a composite record check code that belongs to the above-mentioned composite electronic medical record of 64 200535746; Each of the above member records provides a separate persistent memory space to store the member record check code; and, a persistent redundant memory space to store the composite record check code described above; and all member record check codes to The composite record check code can be used to provide & /, &quot; sister Gongxun to more efficiently detect and find unauthorized data changes. 30. The method for protecting the integrity and courtesy of a material as described in item 29 of the scope of the patent application, which includes: The new member of the Jiazhi Jiazhi is recorded in the composite electronic medical record; Member record check code for member records; Provide persistent memory and beauty code M check code ^ ^ Poetry stores the above new record check code to update the composite record check code. 31. As for the completeness and correctness as expected in item 29 of the scope of patent application +., To protect the poor electronic medical records ..., you can :: law, where 'member records check Ma-part of the sub-king can be based on the following Calculated from the steps, including: selecting a one-way Hertzian function for. Value; the digital fingerprint of the 乂 shell record uses the above digital fingerprint value as the 杳 code, &lt; or | 帛,. Recorded member record check Checks the member record for this member record. , ‘. Chengbei record identification code is 32, as described in item 29 of the scope of patent application for completeness and correctness of the method, 1 in ^ obtained electronic medical records 4 Quan Qiu, 矸 α shot missing "", Chengbei brother A part of the second check 4 of the check code can be calculated according to the following steps, including ... Selecting a one-way Hertzian function for the digital fingerprint 200535746 of the digital fingerprint that was redundantly recorded Protection code, &lt; 者 # 用 t ^ $ member record &amp; I use the above protection seal. The member record of f is g BM, and the number of members is 10, and the digital fingerprint is checked. The member record is checked by the member record. 3. If the protection of electronic diseases or all of the "the integrity and correctness of the Fang Yuanzheng" described in item 29 of the scope of the application for patent can be based on: the choice of the check code-a one-way check: Xu's function includes: The W function is used to calculate the digital fingerprint of the member 5 recorded using the asymmetrical drink system texture value to generate a digital signature; * The above-mentioned digital signature is encrypted by the fish key using the digital signature described above. The point of the member record ... code, or use the above number, / recorded to check the member record of the member record check ^ 5 The recorded code of the record is used as the 3 4 as claimed in the patent scope if + material integrity And the correctness of the code for protecting the electronic medical records described by the member, including the following steps, in which the calculation of the composite record check gathers the check codes of all member records into a temporary record; use it Return the temporary record to calculate the composite record check code. 35. The method for protecting the integrity and correctness of electronic medical records as described in the scope of application patent No. 29 顼, wherein the check code I of all member records is a temporary record, including: The data of the check codes of the member records are collected as a set of bit strings, and the bit strings are connected and generated according to the order in which each member record is arranged in the 4 set electronic medical record. The recorded identification code is used as the value; 66