WO2014201599A1 - Method and system for information authentication authorization and secure use - Google Patents

Method and system for information authentication authorization and secure use Download PDF

Info

Publication number
WO2014201599A1
WO2014201599A1 PCT/CN2013/077290 CN2013077290W WO2014201599A1 WO 2014201599 A1 WO2014201599 A1 WO 2014201599A1 CN 2013077290 W CN2013077290 W CN 2013077290W WO 2014201599 A1 WO2014201599 A1 WO 2014201599A1
Authority
WO
WIPO (PCT)
Prior art keywords
medical record
doctor
patient
authorization
medical
Prior art date
Application number
PCT/CN2013/077290
Other languages
French (fr)
Chinese (zh)
Inventor
郑磊
Original Assignee
上海华和得易信息技术发展有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海华和得易信息技术发展有限公司 filed Critical 上海华和得易信息技术发展有限公司
Priority to PCT/CN2013/077290 priority Critical patent/WO2014201599A1/en
Publication of WO2014201599A1 publication Critical patent/WO2014201599A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/88Medical equipments

Definitions

  • the present invention relates to a method and system for authentication and authorization and secure use of information, and more particularly to a method and system for remote authentication and security use of medical information over a period of time. Background technique
  • Telemedicine and regional collaborative medical care are guided by the experts of higher-level medical institutions to guide the diagnosis and treatment of grassroots doctors, so that grassroots patients can enjoy the diagnosis and treatment services of higher-level doctors while "seeing nearby doctors". The most effective way to sink the system.
  • Remote authorization and temporary reauthorization During the visit, the attending doctor will invite other doctors (different medical institutions, different regions) to participate, which requires more than one batch and multiple authorizations, and this may be followed by authorization. The patient is no longer in the hospital, which requires the patient to be able to remotely authorize or grant the patient a temporary reauthorization permit; 2) Authorization for a period of time: The doctor's analysis, communication and diagnosis of the patient may not be completed in a short period of time. It takes a period of time (for example, a few days), then the doctor is required to be authorized for a period of time. The patient information can be accessed;
  • the purpose of the present invention is to solve the above-mentioned private medical information for patients, and to realize the authorization and safe transmission and use for different hospitals, multiple doctors, time spans, and the like in remote consultation, regional collaborative diagnosis and the like.
  • the patient first grants the attending doctor permission to view the medical record, which is encrypted by the patient's personal key and stored in the network server data storage.
  • the attending doctor obtains and reads the patient's authorized medical record
  • the second authorized collaborative doctor reads the patient's medical record, and then the collaborative doctor views the patient's medical record.
  • medical record information and related information are transmitted in an encrypted manner in the network.
  • a system for remote authentication and secure use of medical information over a period of time includes a terminal device, a user terminal system, a server terminal system, and data storage.
  • the terminal device includes an authentication and authorization device and a display device
  • the user terminal system includes an authorization module and a medical record reading module
  • the server terminal system includes the identification
  • the data storage includes the patient library, the medical record information, the hospital doctor's library, the temporary cache medical record, the authorization information, and the doctor key pool.
  • the attending physician and the remote collaborative doctor can conveniently access and use the medical data while ensuring the security of the data.
  • FIG. 1 is a general flow diagram of a method for authentication authorization and secure use of medical information of the present invention.
  • Figure 2 is a sub-flow diagram of patient authorization in the flow of Figure 1.
  • Figure 3 is a sub-flowchart of the attending doctor reading the medical record in the flow of Figure 1.
  • Figure 4 is a sub-flow diagram of the secondary authorization of the attending physician in the flow of Figure 1.
  • Figure 5 is a sub-flow diagram of the collaborative doctor viewing the medical record in the flow of Figure 1.
  • FIG. 6 is a block diagram of a system for authentication authorization and secure use of medical information of the present invention. detailed description
  • the patient's private medical record information is stored in the data storage of the network server after being encrypted by the personal key in various forms such as a database, a file, a graphic, etc., and may be stored in one server or in different servers.
  • the medical record information can only be decrypted by using the patient's personal key, and the patient's personal key is stored at the patient, which may be a medical card, a USB key disk, a CD or the like.
  • the on-site doctor can directly authorize the attending doctor to access his/her medical record information.
  • the authorized method can be through physical media, such as brushing medical cards; or through biological means, such as fingerprinting; or by entering a password; If you are a doctor in the network, you can authorize multiple doctors at the same time.
  • the patient's authorization to the attending physician can be specified for a period of time, for example, from then on. 10 days; and, the patient can grant the attending doctor the power of secondary authorization, so that the attending doctor can authorize the collaborative doctor to read the patient's medical record.
  • FIG. 1 there is shown a general flow diagram of a method for authentication authorization and secure use of medical information of the present invention.
  • the patient After confirming the patient identity by the medical record card, photo, social security card number, etc. in step 101, the patient is granted the permission of the attending doctor to view the medical record and the secondary authorization in step 102.
  • the attending doctor acquires and reads the patient-authorized medical record in step 103, the step is performed.
  • the second authorized collaborative doctor reads the medical record of the patient, and at step 105, the medical record of the patient is viewed by the collaborative doctor.
  • Figure 2 is a sub-flow diagram of patient authorization in the flow of Figure 1.
  • the authorized content is specified by the patient A2:
  • the patient's medical record may include the contents of the patient's different diseases in different hospitals in various periods.
  • the patient may specify a partial medical record range, for example:
  • the disease type such as only the medical record related to the disease of the current visit
  • the authorized attending physician is designated by the patient: in the on-site visit, the designated doctor is usually the doctor on the spot; and in the case of an off-site visit, such as booking a doctor via the Internet or by telephone, the patient may select one or more Attending a doctor and authorizing to view his medical history;
  • the authorization period is specified by the patient: the authorized time range, such as 10 days from today;
  • the patient is allowed to perform a secondary authorization by the patient: that is, the patient may grant the doctor the power of secondary authorization, thereby making The attending doctor may authorize other collaborative doctors to read the patient's medical record;
  • step 205 the authorization information is saved: the information set in the above steps 201-204 is saved in the data storage, and the submission manner can be submitted through the PC client; or can be submitted by using the mobile phone short message/mobile terminal program, which can be understood by those skilled in the art.
  • the implementation of specific submissions can be varied.
  • the authorization information may also include a secondary key, which may be used to assist in decrypting the medical record data, that is, the key cannot be decrypted by the key alone, which is only half of the key; the authorization information is authorized by the authorized doctor's public key Encryption, all doctor's public keys are uniformly stored in the data store.
  • 3 is a sub-flowchart of the attending doctor reading the medical record in the flow of FIG. 1.
  • the patient medical record information is obtained from the data storage according to the patient identification (such as the medical record card number, the social security card number, and the identification number).
  • the medical record information is encrypted, and only the patient's personal key can be used for decryption. .
  • step 302 it is confirmed from the authorization information in the data store whether the doctor is authorized to access the medical record contents.
  • the patient's personal key is used for decryption.
  • the patient decrypts the medical record using the personal key.
  • the personal key is stored at the patient (eg medical card, USB key disk, CD); when the patient is not in front of the doctor, the patient The personal key can be used to generate a temporary ciphertext, which is submitted to the system, and the system can use the temporary ciphertext and the aforementioned auxiliary key obtained from the authorization information to decrypt the patient's medical record.
  • step 304 the decrypted patient medical record is encrypted by the doctor's public key, which is from the doctor's key store stored in the data store, and the temporary medical record encrypted by the public key is stored in a temporary cache in the data store. For doctors to check at any time, if the doctor only needs to read it once, this step is not needed.
  • step 305 the patient medical record is obtained from the temporary cache, and the authorization information in the data storage is confirmed whether it is still within the authorized time range. If yes, the doctor can decrypt it with his own key and read it.
  • Fig. 4 is a sub-flowchart of the second authorized medical doctor of the doctor in the process of Fig. 1 reading the medical record.
  • step 401 the attending doctor selects a collaboration doctor from the hospital and the doctor's library in the data storage to help him diagnose the diagnosis;
  • step 402 the authorization information in the data storage is used to verify whether the attending doctor has the right of secondary authorization, and whether it is within the authorized time range, and if so, the attending doctor authorizes the collaborative doctor to read the patient's medical record;
  • the attending physician creates a temporary key for each authorized collaboration doctor, and encrypts it with the key of each collaboration doctor, and transmits it to each collaboration doctor through the doctor key pool.
  • Figure 5 is a sub-flow diagram of a collaborative doctor viewing a medical record in the flow of Figure 1.
  • the collaboration doctor obtains a temporary key encrypted by the doctor's key from the doctor's key through the doctor's key pool;
  • step 502 the collaboration doctor decrypts with his own key to obtain a temporary key
  • the cooperating physician obtains the patient's medical record from the temporary cache and decrypts with the temporary key to read the patient's medical record and assist in the diagnosis.
  • 6 is a block diagram of a system for authentication authorization and secure use of medical information of the present invention.
  • the system includes terminal equipment, a user terminal system, a server terminal system, and data storage.
  • the terminal device includes:
  • Authentication/authorization of the terminal device A device that can authenticate the patient and save the user's key, and can use this device for authorization.
  • the device can be one or a whole set. It can be: health card/card reader; mobile device (such as mobile phone); biometric device such as fingerprint reader;
  • Medical record display terminal device used to display the authorized patient medical record, which can be a PC, a mobile phone or a tablet computer, or other video equipment such as a television.
  • the user terminal system is a software system for the user, and the user here includes the patient, the attending doctor, and the cooperative doctor.
  • the system can be deployed in different locations, such as hospitals, patients' homes, telemedicine centers, etc., accessing the server over a local area network, a wide area network (such as the Internet), or a mobile network.
  • the user terminal system includes:
  • a) Authorization module Provides a user interface to realize the function of “patient authorization to the attending physician and attending doctor to other doctors”;
  • Medical record reading module The medical record is displayed on the corresponding display device in the form of graphics, text, voice, video, etc., and is read by the user.
  • Server terminal system It can be deployed centrally in hospitals, data centers, or distributed, and deployed in a "cloud” manner.
  • the server terminal system includes:
  • Authentication module Authenticate the patient and doctor; and implement unified management of patient data through MPI (main index) service;
  • Authorization module Realize the patient's authorization to the doctor of the attending doctor and the attending doctor, and record all authorization procedures;
  • c) Medical record access module Unified management of the medical records of all patients, to achieve the function of reading, modifying and querying the medical records, the patient's medical records can be stored in different servers; d) Encryption and transmission module: According to the authorization and the visitor, the corresponding key and encryption algorithm are used for encryption and transmission.
  • Data Storage Implement physical storage of primary data, either centralized or distributed, including:
  • Patient bank Save all patient information, including basic information of the patient (such as ID number, residential address, household registration, social security card number); patient card information in each hospital; and system authentication information for patients;
  • Patient medical record information including the index of the medical records of the patients in each hospital and the original information, including prescription, examination, medication, surgery, nursing, etc.; these data are encrypted and stored by the patient's key, where the medical record is permanent Saved, will not be deleted;
  • Temporary cache medical records Medical records that need to be temporarily saved during the diagnosis and treatment process. These medical record data are partially copied from the “patient medical record information”, and the time limit can be defined. After completing the medical treatment or exceeding the time limit, The cached medical record will be deleted;
  • Authorization information Record the patient's authorization information to the doctor, the authorized doctor, the authorized person, the authorized content, the authorization level, the authorization period, the auxiliary key, etc.;

Landscapes

  • Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Epidemiology (AREA)
  • Medical Informatics (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

Provided are a method and system for remote cross-time-period authentication authorization and secure use of medical information in the present invention. A patient authorizes an attending doctor to check a medical record encrypted by a personal secret key of the patient, and gives him secondary authorization permission; after acquiring and reading the medical record authorized by the patient, the attending doctor secondarily authorizes a cooperation doctor to read the medical record of the patient, and then the cooperation doctor checks the medical record of the patient and diagnoses in an assisting manner. The system for remote cross-time-period authentication authorization and secure use of medical information comprises a terminal device, a user terminal sub-system, a server terminal sub-system and data storage.

Description

一种用于信息的认证授权和安全使用的方法与系统 技术领域  Method and system for authentication, authorization and safe use of information
本发明涉及一种用于信息的认证授权和安全使用的方法与系统, 尤其涉及一种用于 医疗信息的远程跨时间段的认证授权和安全使用的方法与系统。 背景技术  The present invention relates to a method and system for authentication and authorization and secure use of information, and more particularly to a method and system for remote authentication and security use of medical information over a period of time. Background technique
我国的新医改的目标是 "让人人享有基本医疗卫生服务" , 而我国绝大多数基层医 疗机构, 缺少有经验的医生, 导致医疗服务能力相对较差, 针对这种情况, 卫生部提出 借助信息系统, 构筑 "优质医疗资源下沉" 的渠道。  The goal of China's new medical reform is to "enable people to enjoy basic medical and health services". However, most of China's primary medical institutions lack experienced doctors, resulting in relatively poor medical service capabilities. In response to this situation, the Ministry of Health has proposed Information system, building a channel for "quality medical resources sinking."
远程医疗、 区域协同医疗, 正是通过上级医疗机构专家对基层医生的诊疗行为进行 指导, 使得基层患者在 "就近看病" 的同时, 也能享受上级医生的诊疗服务, 是目前构 筑 "优质医疗资源下沉"体系的最有效的方法。  Telemedicine and regional collaborative medical care are guided by the experts of higher-level medical institutions to guide the diagnosis and treatment of grassroots doctors, so that grassroots patients can enjoy the diagnosis and treatment services of higher-level doctors while "seeing nearby doctors". The most effective way to sink the system.
在这种跨地区、 跨医疗机构、 开放的服务体系中, 患者的诊疗信息保存在不同的医 疗机构以及 "云"数据中心, 需要通过网络进行频繁的数据访问和传输。 一方面, 医生 需要能够方便地访问和使用这些医疗数据, 另一方面又要保证这些医疗信息的安全, 保 证患者诊疗信息不被非法访问和使用, 这是一个重大的课题, 而现有的信息系统和技术 方案, 还未能有效地解决这个问题, 这也是, 远程医疗、 区域医疗、 医疗 "云"无法大 规模实施推广的一个重要原因。  In this cross-regional, cross-medical, and open service system, patient information is stored in different medical institutions and “cloud” data centers, requiring frequent data access and transmission over the network. On the one hand, doctors need to be able to easily access and use these medical data, on the other hand, to ensure the safety of these medical information, to ensure that patient information is not illegally accessed and used, this is a major issue, and existing information System and technical solutions have not been able to effectively solve this problem. This is also an important reason why telemedicine, regional medical care, and medical “cloud” cannot be implemented on a large scale.
目前已经存在很多针对医疗信息安全使用和授权认证的技术, 但仅仅解决了传统的 在一个医院内部、 患者和医生面对面的看病过程中的授权与信息安全传输问题, 而针对 目前跨区域、 跨医疗机构、 多个医生参与的新型医疗服务行为, 如远程医疗、 区域医 疗、 协同医疗等带来的新的需求, 就无法满足了, 这些新的需求包括:  At present, there are many technologies for the safe use and authorization of medical information, but only solve the problem of authorization and information security transmission in the face-to-face process of a hospital, patients and doctors, but for the current cross-regional and cross-medical The new needs of institutions, multiple doctors involved in new medical services, such as telemedicine, regional medical care, and collaborative medical care, cannot be met. These new needs include:
1 ) 远程授权和临时再授权: 一次就诊过程, 主治医生会邀请其它医生 (不同医疗 机构, 不同地区) 来参与, 这需要多点多批次、 不同时间的授权, 而且后面的授权时可 能这个患者已经不在医院了, 这需要患者能够远程授权或者患者赋予主治医生临时再授 权的许可; 2) 持续一个时间段的授权: 医生对于患者的分析、 交流和诊断可能不是短时间内 完成的, 需要一个时间段 (例如几天) , 那么, 就要求医生能够被授权在一个时间段内 都可以访问该患者信息; 1) Remote authorization and temporary reauthorization: During the visit, the attending doctor will invite other doctors (different medical institutions, different regions) to participate, which requires more than one batch and multiple authorizations, and this may be followed by authorization. The patient is no longer in the hospital, which requires the patient to be able to remotely authorize or grant the patient a temporary reauthorization permit; 2) Authorization for a period of time: The doctor's analysis, communication and diagnosis of the patient may not be completed in a short period of time. It takes a period of time (for example, a few days), then the doctor is required to be authorized for a period of time. The patient information can be accessed;
3 ) 部分信息的授权: 患者通常会在不同的医院看病, 因此, 患者的医疗信息有些 可能会保存在各个医院内部的系统中, 或者位于不同地区的数据中心服务器中, 在某些 时候, 患者只想授权医生查看部分病史, 而这些病史数据只是存储在一个或者少数系统 中;  3) Authorization of partial information: Patients usually see a doctor in different hospitals. Therefore, some of the patient's medical information may be stored in a system within each hospital, or in a data center server in a different region. In some cases, patients Just want to authorize the doctor to view part of the medical history, and these medical history data are only stored in one or a few systems;
4) 信息传输中的安全问题: 在云的医疗服务模式和信息环境下, 患者的医疗信息 必须通过公共网络传递给指定的医生查看, 这就需要保证数据传输的安全性, 只有该指 定的医生才能看信息, 其它人获取不到这些数据, 即使获取到了也无法查看到实际信 息。  4) Security issues in information transmission: In the cloud medical service mode and information environment, the patient's medical information must be transmitted to the designated doctor through the public network, which requires the security of data transmission, only the designated doctor In order to see the information, other people can't get the data, even if they get it, they can't see the actual information.
本发明的目的就是为解决上述针对患者的私密医疗信息, 在远程会诊、 区域协同诊 疗等诊疗模式下, 实现面向不同医院、 多个医生、 跨越时间段的授权以及安全传输和使 用的问题, 提供一套完善的针对远程医疗、 区域医疗、 协同医疗等诊疗服务方式, 建立 患者医疗信息安全使用和授权认证体系。 发明内容  The purpose of the present invention is to solve the above-mentioned private medical information for patients, and to realize the authorization and safe transmission and use for different hospitals, multiple doctors, time spans, and the like in remote consultation, regional collaborative diagnosis and the like. A comprehensive set of diagnosis and treatment services for telemedicine, regional medical care, and collaborative medical care, and establish a system for the safe use and authorization of patients' medical information. Summary of the invention
提供本发明内容以便以简化的形式介绍将在以下的具体实施方式中进一步描述的一 些概念。 本发明内容并不旨在专门标识所要求保护的主题的关键特征或必要特征, 也不 旨在用于帮助确定所要求保护的主题的范围。  This Summary is provided to introduce a selection of concepts in the <RTIgt; The summary is not intended to identify key features or essential features of the claimed subject matter.
根据本发明的用于医疗信息的远程跨时间段的认证授权和安全使用的方法, 首先由 患者授予主治医生查看病历的许可, 该病历是采用患者个人密钥加密后存储在网络服务 器数据存储中的, 主治医生获取并阅读患者授权的病历后, 二次授权协作医生阅读该患 者的病历, 随后由协作医生查看该患者的病历。 根据本发明, 病历信息和相关信息在网 络中都是以加密的方式传输的。  According to the method for remote authentication and secure use of medical information over a period of time, the patient first grants the attending doctor permission to view the medical record, which is encrypted by the patient's personal key and stored in the network server data storage. After the attending doctor obtains and reads the patient's authorized medical record, the second authorized collaborative doctor reads the patient's medical record, and then the collaborative doctor views the patient's medical record. According to the present invention, medical record information and related information are transmitted in an encrypted manner in the network.
根据本发明的用于医疗信息的远程跨时间段的认证授权和安全使用的系统, 包括终 端设备、 用户端子系统、 服务器端子系统, 以及数据存储。 其中终端设备包括认证授权 设备和显示设备, 用户端子系统包括授权模块和病历阅读模块, 服务器端子系统包括认 证模块、 授权模块、 病历访问模块、 加密与传输模块等, 数据存储则包含患者库、 病历 信息、 医院医生库、 临时缓存病历、 授权信息和医生密钥库。 A system for remote authentication and secure use of medical information over a period of time according to the present invention includes a terminal device, a user terminal system, a server terminal system, and data storage. The terminal device includes an authentication and authorization device and a display device, and the user terminal system includes an authorization module and a medical record reading module, and the server terminal system includes the identification The certificate module, the authorization module, the medical record access module, the encryption and transmission module, etc., the data storage includes the patient library, the medical record information, the hospital doctor's library, the temporary cache medical record, the authorization information, and the doctor key pool.
通过本发明, 主治医生和远程协作医生能够方便地访问和使用医疗数据, 同时又确 保的数据的安全。 为实现跨区域、 跨医疗机构、 多个医生参与的新型医疗服务提供技术 支持。  With the present invention, the attending physician and the remote collaborative doctor can conveniently access and use the medical data while ensuring the security of the data. Provide technical support for new medical services involving multiple regions, across medical institutions, and multiple physicians.
通过阅读下面的具体实施方式并参考相关附图, 本发明的特点和优点将显而易见。 可以理解, 前述发明内容和以下的具体实施方式都是说明性的, 并不限制所要求保护的 各方面。 附图说明  The features and advantages of the present invention will be apparent from the description of the appended claims. It is to be understood that the foregoing summary of the invention and the invention DRAWINGS
图 1是本发明的用于医疗信息的认证授权和安全使用的方法的总体流程图。  1 is a general flow diagram of a method for authentication authorization and secure use of medical information of the present invention.
图 2是图 1流程中患者授权的子流程图。  Figure 2 is a sub-flow diagram of patient authorization in the flow of Figure 1.
图 3是图 1流程中主治医生阅读病历的子流程图。  Figure 3 is a sub-flowchart of the attending doctor reading the medical record in the flow of Figure 1.
图 4是图 1流程中主治医生二次授权的子流程图。  Figure 4 is a sub-flow diagram of the secondary authorization of the attending physician in the flow of Figure 1.
图 5是图 1流程中协作医生查看病历的子流程图。  Figure 5 is a sub-flow diagram of the collaborative doctor viewing the medical record in the flow of Figure 1.
图 6是本发明的用于医疗信息的认证授权和安全使用的系统的框图。 具体实施方式  6 is a block diagram of a system for authentication authorization and secure use of medical information of the present invention. detailed description
下面结合附图提供的详细描述旨在作为对本发明各示例的描述, 而非表示用于解释 或利用本发明各示例的唯一形式。  The detailed description provided below with reference to the drawings is intended to be illustrative of the embodiments of the invention.
根据本发明, 患者的私密病历信息以诸如数据库、 文件、 图形等各种形式在采用个 人密钥加密后存储在网络服务器的数据存储中, 可以保存在一个服务器中, 也可以保存 在不同的服务器上, 病历信息只有使用患者的个人密钥才能解密, 而患者的个人密钥保 存在患者处, 可以是医疗卡、 USB钥匙盘、 光盘等媒介。  According to the present invention, the patient's private medical record information is stored in the data storage of the network server after being encrypted by the personal key in various forms such as a database, a file, a graphic, etc., and may be stored in one server or in different servers. In the above, the medical record information can only be decrypted by using the patient's personal key, and the patient's personal key is stored at the patient, which may be a medical card, a USB key disk, a CD or the like.
患者在医院就医过程中, 现场可直接授权主治医生访问自己的病历信息, 授权的方 式可以通过物理介质, 如刷医疗卡; 也可以通过生物方式, 如刷指纹; 或者通过输入密 码的方式完成; 如果是网络方式的就医, 可以同时授权多个主治医生。  During the hospital visit, the on-site doctor can directly authorize the attending doctor to access his/her medical record information. The authorized method can be through physical media, such as brushing medical cards; or through biological means, such as fingerprinting; or by entering a password; If you are a doctor in the network, you can authorize multiple doctors at the same time.
如果诊疗过程需要多个位于不同地域的医生 (称为协作医生) 的参与, 并且持续一 段时间才能完成, 那么, 患者对主治医生的授权可以指定一个时间段, 例如, 从当时起 10 天时间; 并且, 患者可以授予主治医生二次授权的权力, 使得主治医生能够授权协作 医生阅读该患者病历。 If the treatment process requires the participation of multiple doctors (called collaborative doctors) located in different regions and it takes a while to complete, then the patient's authorization to the attending physician can be specified for a period of time, for example, from then on. 10 days; and, the patient can grant the attending doctor the power of secondary authorization, so that the attending doctor can authorize the collaborative doctor to read the patient's medical record.
本发明中, 病历信息和相关信息在网络中都是以加密的方式传输的。 参见图 1, 为本发明的用于医疗信息的认证授权和安全使用的方法的总体流程图。 在步骤 101通过病历卡、 照片、 社保卡号等确认患者身份之后, 在步骤 102由患者授予 主治医生查看病历和二次授权的许可, 主治医生在步骤 103获取并阅读患者授权的病历 后, 在步骤 104二次授权协作医生阅读该患者的病历, 在步骤 105由协作医生查看该患 者的病历。 图 2是图 1流程中患者授权的子流程图。  In the present invention, medical record information and related information are transmitted in an encrypted manner in the network. Referring to Figure 1, there is shown a general flow diagram of a method for authentication authorization and secure use of medical information of the present invention. After confirming the patient identity by the medical record card, photo, social security card number, etc. in step 101, the patient is granted the permission of the attending doctor to view the medical record and the secondary authorization in step 102. After the attending doctor acquires and reads the patient-authorized medical record in step 103, the step is performed. 104. The second authorized collaborative doctor reads the medical record of the patient, and at step 105, the medical record of the patient is viewed by the collaborative doctor. Figure 2 is a sub-flow diagram of patient authorization in the flow of Figure 1.
在步骤 201, 由患者 A2指定授权内容: 患者的病历可能包括各种时期患者在不同 医院看不同的病的内容, 针对本次就诊的主治医生 M3, 患者可以指定授权部分病历范 围, 例如:  In step 201, the authorized content is specified by the patient A2: The patient's medical record may include the contents of the patient's different diseases in different hospitals in various periods. For the attending doctor M3 of the current visit, the patient may specify a partial medical record range, for example:
一根据时间段, 如对近 3年的病历授权;  According to the time period, such as the authorization of medical records for the past 3 years;
一根据病种, 如仅对与本次就诊的病种相关的病历授权;  According to the disease type, such as only the medical record related to the disease of the current visit;
一根据医院, 仅对患者在某些医院就诊的病历授权;  According to the hospital, only the medical records of patients in certain hospitals are authorized;
在步骤 202, 由患者指定被授权的主治医生: 在现场就诊中, 指定的通常就是当场 的医生; 而在非现场就诊的情况下, 如通过网络或者电话预约医生, 患者可以选择一个 或者多个主治医生并且授权查看自己的病历;  At step 202, the authorized attending physician is designated by the patient: in the on-site visit, the designated doctor is usually the doctor on the spot; and in the case of an off-site visit, such as booking a doctor via the Internet or by telephone, the patient may select one or more Attending a doctor and authorizing to view his medical history;
在步骤 203, 由患者指定授权期间: 授权的时间范围, 如从今天起的 10天内; 在步骤 204, 由患者允许主治医生进行二次授权: 即患者可以授予医生二次授权的 权力, 从而使得主治医生可以授权其它协作医生阅读该患者病历;  In step 203, the authorization period is specified by the patient: the authorized time range, such as 10 days from today; at step 204, the patient is allowed to perform a secondary authorization by the patient: that is, the patient may grant the doctor the power of secondary authorization, thereby making The attending doctor may authorize other collaborative doctors to read the patient's medical record;
在步骤 205, 保存授权信息: 将上面步骤 201— 204设置的信息保存到数据存储 中, 提交的方式可以通过 PC客户端提交; 也可以用手机短信 /手机端程序提交, 本领域 技术人员可以理解, 具体提交的实现方式可以多种多样。  In step 205, the authorization information is saved: the information set in the above steps 201-204 is saved in the data storage, and the submission manner can be submitted through the PC client; or can be submitted by using the mobile phone short message/mobile terminal program, which can be understood by those skilled in the art. The implementation of specific submissions can be varied.
授权信息中还可以包括一段辅助密钥, 该辅助密钥可以用来辅助解密病历数据, 即, 单凭这个密钥无法解密, 其仅仅是一半的钥匙; 授权信息用被授权主治医生的公钥 加密, 所有医生的公钥是统一保存在数据存储中。 图 3是图 1流程中主治医生阅读病历的子流程图。 The authorization information may also include a secondary key, which may be used to assist in decrypting the medical record data, that is, the key cannot be decrypted by the key alone, which is only half of the key; the authorization information is authorized by the authorized doctor's public key Encryption, all doctor's public keys are uniformly stored in the data store. 3 is a sub-flowchart of the attending doctor reading the medical record in the flow of FIG. 1.
在步骤 301中, 根据患者标识 (如病历卡号、 社保卡号、 身份证号) 从数据存储中 获取患者病历信息, 如前所述, 病历信息都是加密的, 只有使用患者的个人密钥才能解 密。  In step 301, the patient medical record information is obtained from the data storage according to the patient identification (such as the medical record card number, the social security card number, and the identification number). As described above, the medical record information is encrypted, and only the patient's personal key can be used for decryption. .
在步骤 302中, 从数据存储中的授权信息确认医生是否得到授权可以访问这些病历 内容。  In step 302, it is confirmed from the authorization information in the data store whether the doctor is authorized to access the medical record contents.
如果可以访问, 则在步骤 303中, 用患者的个人密钥进行解密。 当患者就在医生面 前时, 患者使用个人密钥对病历进行解密, 如前所述, 个人密钥保存在患者处 (如医疗 卡、 USB钥匙盘、 光盘) ; 当患者不在医生面前时, 患者可利用个人密钥生成一个临时 密文, 提交给系统, 系统可以使用这个临时密文以及从授权信息中获取的前述辅助密钥 即可以解密患者的病历。  If it is accessible, then in step 303, the patient's personal key is used for decryption. When the patient is in front of the doctor, the patient decrypts the medical record using the personal key. As mentioned earlier, the personal key is stored at the patient (eg medical card, USB key disk, CD); when the patient is not in front of the doctor, the patient The personal key can be used to generate a temporary ciphertext, which is submitted to the system, and the system can use the temporary ciphertext and the aforementioned auxiliary key obtained from the authorization information to decrypt the patient's medical record.
在步骤 304, 解密后的患者病历再用医生的公钥加密, 该公钥来自存储在数据存储 中的医生密钥库, 用公钥加密后的临时病历存储在数据存储中的临时缓存中, 以供医生 随时查阅, 如果医生只需要一次性阅读, 则不需要这个步骤。  In step 304, the decrypted patient medical record is encrypted by the doctor's public key, which is from the doctor's key store stored in the data store, and the temporary medical record encrypted by the public key is stored in a temporary cache in the data store. For doctors to check at any time, if the doctor only needs to read it once, this step is not needed.
在步骤 305, 从临时缓存中获取患者病历, 从数据存储中的授权信息确认是否还在 授权的时间范围内, 若是, 医生可用自己的密钥解密后阅读。 图 4是图 1流程中主治医生二次授权协作医生阅读病历的子流程图。  In step 305, the patient medical record is obtained from the temporary cache, and the authorization information in the data storage is confirmed whether it is still within the authorized time range. If yes, the doctor can decrypt it with his own key and read it. Fig. 4 is a sub-flowchart of the second authorized medical doctor of the doctor in the process of Fig. 1 reading the medical record.
在步骤 401, 主治医生从数据存储中的医院、 医生库中选择协作医生, 来帮助自己 进行诊断;  In step 401, the attending doctor selects a collaboration doctor from the hospital and the doctor's library in the data storage to help him diagnose the diagnosis;
在步骤 402, 通过数据存储中的授权信息验证该主治医生是否具备二次授权的权 限, 以及是否在授权的时间范围内, 如果是, 该主治医生向协作医生授权阅读该病人的 病历;  In step 402, the authorization information in the data storage is used to verify whether the attending doctor has the right of secondary authorization, and whether it is within the authorized time range, and if so, the attending doctor authorizes the collaborative doctor to read the patient's medical record;
在步骤 403, 主治医生为各授权的协作医生制作临时密钥, 并且用各协作医生的密 钥加密, 并且通过医生密钥库传输给各协作医生。 图 5是图 1流程中协作医生查看病历的子流程图。 在步骤 501, 协作医生通过医生密钥库获取主治医生发过来的以协作医生的密钥加 密的临时密钥; At step 403, the attending physician creates a temporary key for each authorized collaboration doctor, and encrypts it with the key of each collaboration doctor, and transmits it to each collaboration doctor through the doctor key pool. Figure 5 is a sub-flow diagram of a collaborative doctor viewing a medical record in the flow of Figure 1. In step 501, the collaboration doctor obtains a temporary key encrypted by the doctor's key from the doctor's key through the doctor's key pool;
在步骤 502, 协作医生用自己的密钥进行解密, 获得临时密钥;  In step 502, the collaboration doctor decrypts with his own key to obtain a temporary key;
在步骤 503, 协作医生从临时缓存中获取患者病历, 并且利用临时密钥解密, 以阅 读患者病历并协助诊断。 图 6是本发明的用于医疗信息的认证授权和安全使用的系统的框图。  At step 503, the cooperating physician obtains the patient's medical record from the temporary cache and decrypts with the temporary key to read the patient's medical record and assist in the diagnosis. 6 is a block diagram of a system for authentication authorization and secure use of medical information of the present invention.
该系统包括终端设备、 用户端子系统、 服务器端子系统, 以及数据存储。  The system includes terminal equipment, a user terminal system, a server terminal system, and data storage.
其中, 终端设备包括:  The terminal device includes:
a)认证 /授权终端设备: 可以认证患者的身份, 并且保存用户密钥的设备, 同时可以 使用这个设备进行授权。 该设备可以是一个, 也可以是一整套。 可以是: 健康卡 /读卡 器; 移动设备 (如手机) ; 指纹识别器等生物设备;  a) Authentication/authorization of the terminal device: A device that can authenticate the patient and save the user's key, and can use this device for authorization. The device can be one or a whole set. It can be: health card/card reader; mobile device (such as mobile phone); biometric device such as fingerprint reader;
b)病历显示终端设备: 用以显示经过授权的患者病历, 可以是 PC机, 也可以是手 机或者平板电脑、 或者电视机等其它视频设备。  b) Medical record display terminal device: used to display the authorized patient medical record, which can be a PC, a mobile phone or a tablet computer, or other video equipment such as a television.
用户端子系统是给用户使用的软件系统, 这里的用户包括患者、 主治医生、 协作医 生。 系统可以部署在不同的地点, 如医院、 患者家中、 远程医疗中心等, 通过局域网、 广域网 (如 Internet) 或移动网络访问服务器。 用户端子系统包括:  The user terminal system is a software system for the user, and the user here includes the patient, the attending doctor, and the cooperative doctor. The system can be deployed in different locations, such as hospitals, patients' homes, telemedicine centers, etc., accessing the server over a local area network, a wide area network (such as the Internet), or a mobile network. The user terminal system includes:
a)授权模块: 提供用户界面, 实现 "患者向主治医生授权, 主治医生向其它医生授 权" 的功能;  a) Authorization module: Provides a user interface to realize the function of “patient authorization to the attending physician and attending doctor to other doctors”;
b)病历阅读模块: 将病历以图形、 文字、 语音、 视频等形式在相应的显示设备上展 现出来, 以方面用户阅读。  b) Medical record reading module: The medical record is displayed on the corresponding display device in the form of graphics, text, voice, video, etc., and is read by the user.
服务器端子系统: 可以集中部署在医院、 数据中心, 也可以是分布式, 以 "云" 的 方式部署在网络中。 服务器端子系统包括:  Server terminal system: It can be deployed centrally in hospitals, data centers, or distributed, and deployed in a "cloud" manner. The server terminal system includes:
a)认证模块: 对患者、 医生身份进行认证; 并且通过 MPI (主索引) 服务, 实现患 者数据一元化管理;  a) Authentication module: Authenticate the patient and doctor; and implement unified management of patient data through MPI (main index) service;
b)授权模块: 实现患者对主治医生、 主治医生对协作医生的授权, 记录所有的授权 过程;  b) Authorization module: Realize the patient's authorization to the doctor of the attending doctor and the attending doctor, and record all authorization procedures;
c)病历访问模块: 对所有患者的病历进行统一管理, 实现对病历读取、 修改、 查询 功能, 患者的病历可以保存在不同的服务器中; d)加密和传输模块: 根据授权和访问者, 采用对应的密钥和加密算法进行加密和传 输。 c) Medical record access module: Unified management of the medical records of all patients, to achieve the function of reading, modifying and querying the medical records, the patient's medical records can be stored in different servers; d) Encryption and transmission module: According to the authorization and the visitor, the corresponding key and encryption algorithm are used for encryption and transmission.
数据存储: 实现对主要数据的物理存储, 可以是集中式存储, 也可以是分布式存 储, 包括:  Data Storage: Implement physical storage of primary data, either centralized or distributed, including:
a)患者库: 保存所有的患者信息, 包括患者的基本信息 (如身份证号、 居住地址、 户籍、 社保卡号) ; 患者在各个医院的病历卡信息; 以及系统对患者的认证信息;  a) Patient bank: Save all patient information, including basic information of the patient (such as ID number, residential address, household registration, social security card number); patient card information in each hospital; and system authentication information for patients;
b)患者病历信息: 包括患者在各个医院就诊的病历的索引以及原始信息, 包括处 方、 检查、 用药、 手术、 护理等信息; 这些数据是以患者的密钥加密存储的, 这里的病 历是永久保存的, 不会被删除;  b) Patient medical record information: including the index of the medical records of the patients in each hospital and the original information, including prescription, examination, medication, surgery, nursing, etc.; these data are encrypted and stored by the patient's key, where the medical record is permanent Saved, will not be deleted;
c)医院、 医生库: 保存医院信息, 以及可以使用本系统的医生的信息;  c) hospital, doctor's library: save hospital information, and information about doctors who can use the system;
d)临时缓存病历: 用来诊疗过程中, 需要临时保存的病历数据, 这些病历数据是从 "患者病历信息" 中部分复制出来的, 可以定义时间期限, 在完成诊疗或者超出时间期 限后, 该缓存病历会被删除;  d) Temporary cache medical records: Medical records that need to be temporarily saved during the diagnosis and treatment process. These medical record data are partially copied from the “patient medical record information”, and the time limit can be defined. After completing the medical treatment or exceeding the time limit, The cached medical record will be deleted;
e)授权信息: 记录患者对主治医生, 主治医生对协作医生的授权信息, 包括授权 人、 被授权人、 授权内容、 授权级别、 授权期限、 辅助密钥等;  e) Authorization information: Record the patient's authorization information to the doctor, the authorized doctor, the authorized person, the authorized content, the authorization level, the authorization period, the auxiliary key, etc.;
0医生密钥库: 主要记录医生的密钥, 用来将经过授权的患者信息加密传递给对应 的协作医生使用。 以上详细描述了本发明 "一种用于信息的认证授权和安全使用的方法与系统" 。 以 上描述是以示例的形式来提供的, 并且不旨在限制本发明要求保护的范围。 本领域的技 术人员可以理解所描述的本发明技术的实施例的变型以及依据本发明技术的不同组合的 实施例。  0 Doctor Key Library: The key of the doctor is recorded, which is used to encrypt the authorized patient information and transmit it to the corresponding collaboration doctor. The present invention "a method and system for authentication and authorization and secure use of information" has been described in detail above. The above description is provided by way of example and is not intended to limit the scope of the claimed invention. Variations of the described embodiments of the present technology and embodiments of different combinations in accordance with the teachings of the present invention will be apparent to those skilled in the art.

Claims

1、 一种用于医疗信息的认证授权和安全使用的方法, 包括: 1. A method for authentication, authorization and safe use of medical information, including:
主治医生被授权访问病历信息并被授权进行二次授权 (102) ; The attending physician is authorized to access medical record information and is authorized to perform secondary authorization (102);
在确认所述主治医生得到授权之后, 由所述主治医生访问所述病历信息 (103 ) , 并二次授权协作医生 (104) 。 After confirming that the attending doctor is authorized, the attending doctor accesses the medical record information (103) and authorizes the collaborating doctor for the second time (104).
2、 如权利要求 1所述的方法, 其特征在于, 还包括: 2. The method of claim 1, further comprising:
由所述协作医生访问所述病历信息 (105 ) 。 The medical record information is accessed by the collaborating physician (105).
3、 如权利要求 1所述的方法, 其特征在于, 所述病历信息用患者个人密钥进行加 密, 对所述主治医生的授权产生的授权信息中包括辅助密钥, 结合利用所述患者个人密 钥生成的临时密文, 供主治医生解密所述病历信息。 3. The method of claim 1, wherein the medical record information is encrypted with the patient's personal key, and the authorization information generated by the attending physician's authorization includes an auxiliary key, combined with the patient's personal key. The temporary ciphertext generated by the key is used by the attending physician to decrypt the medical record information.
4、 如权利要求 1所述的方法, 其特征在于, 在所述主治医生访问所述病历信息之 后, 将已解密的所述病历信息用医生公钥加密后存储为临时缓存病历, 并为所述协作医 生制作临时密钥。 4. The method of claim 1, wherein after the attending doctor accesses the medical record information, the decrypted medical record information is encrypted with the doctor's public key and stored as a temporary cached medical record, and is stored as a temporary cached medical record. The collaborating doctors create a temporary key.
5、 如权利要求 4所述的方法, 其特征在于, 所述协作医生获取所述临时密钥, 并 使用所述临时密钥解密所述临时缓存病历。 5. The method of claim 4, wherein the collaborating doctor obtains the temporary key and uses the temporary key to decrypt the temporary cached medical record.
6、 如权利要求 1所述的方法, 其特征在于, 所述病历信息的授权内容能够根据时 间段、 病种、 医院的至少一个指定。 6. The method of claim 1, wherein the authorized content of the medical record information can be specified based on at least one of time period, disease type, and hospital.
7、 一种用于医疗信息的认证授权和安全使用的系统, 包括: 7. A system for authentication, authorization and safe use of medical information, including:
用于认证患者身份和显示病历的终端设备; Terminal equipment used to authenticate patient identity and display medical records;
与所述终端设备连接的各用户端子系统; 与所述各用户端子系统连接的, 用于授权、 访问、 加密和传输的服务器端子系统, 以及 Each user terminal subsystem connected to the terminal equipment; A server terminal subsystem connected to each of the user terminal subsystems for authorization, access, encryption and transmission, and
与所述服务器端子系统连接的, 用于实现数据物理存储的数据存储。 Data storage connected to the server terminal subsystem for physical storage of data.
8、 如权利要求 7所述的系统, 其特征在于, 所述服务器端子系统进一步包括: 认 证模块、 授权模块、 病历访问模块、 加密与传输模块。 8. The system of claim 7, wherein the server terminal subsystem further includes: an authentication module, an authorization module, a medical record access module, and an encryption and transmission module.
9、 如权利要求 7所述的系统, 其特征在于, 所述用户端子系统进一步包括授权模 块和病历阅读模块。 9. The system of claim 7, wherein the user terminal subsystem further includes an authorization module and a medical record reading module.
10、 如权利要求 7所述的系统, 其特征在于, 所述数据存储为集中式或分布式。 10. The system of claim 7, wherein the data storage is centralized or distributed.
PCT/CN2013/077290 2013-06-17 2013-06-17 Method and system for information authentication authorization and secure use WO2014201599A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/077290 WO2014201599A1 (en) 2013-06-17 2013-06-17 Method and system for information authentication authorization and secure use

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/077290 WO2014201599A1 (en) 2013-06-17 2013-06-17 Method and system for information authentication authorization and secure use

Publications (1)

Publication Number Publication Date
WO2014201599A1 true WO2014201599A1 (en) 2014-12-24

Family

ID=52103774

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/077290 WO2014201599A1 (en) 2013-06-17 2013-06-17 Method and system for information authentication authorization and secure use

Country Status (1)

Country Link
WO (1) WO2014201599A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113053481A (en) * 2021-03-29 2021-06-29 郑静 Medical information identity authentication method and system
CN113726520A (en) * 2021-08-19 2021-11-30 广东工业大学 Multi-authority revocable encrypted two-dimensional code electronic medical record based on block chain
CN115662657A (en) * 2022-10-31 2023-01-31 海南星捷安科技集团股份有限公司 Online inquiry system based on internet hospital
CN116153451A (en) * 2023-04-18 2023-05-23 中国人民解放军总医院 Disease receiving and curing seed analysis system based on data processing
CN116743513A (en) * 2023-08-16 2023-09-12 成都中医药大学附属医院(四川省中医医院) Safe operation method and system for remotely retrieving electronic medical records

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080126729A1 (en) * 2006-11-28 2008-05-29 Yigang Cai Systems and methods for controlling access by a third party to a patient's medical records on a medical information card
CN102331998A (en) * 2011-07-22 2012-01-25 大连亿创天地科技发展有限公司 Method and system for downloading video electronic case history under authorization

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080126729A1 (en) * 2006-11-28 2008-05-29 Yigang Cai Systems and methods for controlling access by a third party to a patient's medical records on a medical information card
CN102331998A (en) * 2011-07-22 2012-01-25 大连亿创天地科技发展有限公司 Method and system for downloading video electronic case history under authorization

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LIU, JIANQI ET AL.: "Improvement and Application of Access Control Mode Based on RBAC", JOURNAL OF COMPUTER APPLICATIONS, vol. 28, no. 9, September 2008 (2008-09-01), pages 2449 - 2451 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113053481A (en) * 2021-03-29 2021-06-29 郑静 Medical information identity authentication method and system
CN113053481B (en) * 2021-03-29 2023-12-12 郑静 Medical information identity authentication system
CN113726520A (en) * 2021-08-19 2021-11-30 广东工业大学 Multi-authority revocable encrypted two-dimensional code electronic medical record based on block chain
CN115662657A (en) * 2022-10-31 2023-01-31 海南星捷安科技集团股份有限公司 Online inquiry system based on internet hospital
CN115662657B (en) * 2022-10-31 2024-02-02 海南星捷安科技集团股份有限公司 Online inquiry system based on internet hospital
CN116153451A (en) * 2023-04-18 2023-05-23 中国人民解放军总医院 Disease receiving and curing seed analysis system based on data processing
CN116743513A (en) * 2023-08-16 2023-09-12 成都中医药大学附属医院(四川省中医医院) Safe operation method and system for remotely retrieving electronic medical records
CN116743513B (en) * 2023-08-16 2023-10-20 成都中医药大学附属医院(四川省中医医院) Safe operation method and system for remotely retrieving electronic medical records

Similar Documents

Publication Publication Date Title
US11887705B2 (en) Apparatus, system and method for patient-authorized secure and time-limited access to patient medical records utilizing key encryption
TWI784092B (en) Method and system for sharing electronic medical and health records
Chen et al. A secure EHR system based on hybrid clouds
Flores Zuniga et al. Biometrics for electronic health records
US10841286B1 (en) Apparatus, system and method for secure universal exchange of patient medical records utilizing key encryption technology
US8725536B2 (en) Establishing a patient-provider consent relationship for data sharing
WO2020000825A1 (en) Medical treatment data processing method and system, computer device and readable storage medium
US20040054657A1 (en) Medical information management system
US11521720B2 (en) User medical record transport using mobile identification credential
CN103338196A (en) Information certificate authority and safety use method and system
Hupperich et al. Flexible patient-controlled security for electronic health records
JP2005505863A (en) Data processing system for patient data
TW202020891A (en) Method and system for retrieving electronic medical and health records by blockchain
WO2018225746A1 (en) System login method
CN102160060A (en) Process for accessing nominative data such as customised medical file from local generation agent
WO2014201599A1 (en) Method and system for information authentication authorization and secure use
KR20170135332A (en) A medical records management and tranferring system by the trusted third party and the method thereof
KR20180076911A (en) A system of transferring medical records to the third part by using one-time password
JP6032396B2 (en) Private information browsing method and private information browsing system
TWM569002U (en) Medical record sharing system
JP2000331101A (en) System and method for managing information related to medical care
Gardner et al. Securing medical records on smart phones
JP2009301131A (en) Medical data management system and medical data management method
JP2002279062A (en) System and method for managing personal information
Santos-Pereira et al. A mobile based authorization mechanism for patient managed role based access control

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13887396

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13887396

Country of ref document: EP

Kind code of ref document: A1