WO2014201599A1 - Procédé et système d'authentification, d'autorisation et d'utilisation sécurisée d'informations - Google Patents

Procédé et système d'authentification, d'autorisation et d'utilisation sécurisée d'informations Download PDF

Info

Publication number
WO2014201599A1
WO2014201599A1 PCT/CN2013/077290 CN2013077290W WO2014201599A1 WO 2014201599 A1 WO2014201599 A1 WO 2014201599A1 CN 2013077290 W CN2013077290 W CN 2013077290W WO 2014201599 A1 WO2014201599 A1 WO 2014201599A1
Authority
WO
WIPO (PCT)
Prior art keywords
medical record
doctor
patient
authorization
medical
Prior art date
Application number
PCT/CN2013/077290
Other languages
English (en)
Chinese (zh)
Inventor
郑磊
Original Assignee
上海华和得易信息技术发展有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海华和得易信息技术发展有限公司 filed Critical 上海华和得易信息技术发展有限公司
Priority to PCT/CN2013/077290 priority Critical patent/WO2014201599A1/fr
Publication of WO2014201599A1 publication Critical patent/WO2014201599A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/88Medical equipments

Definitions

  • the present invention relates to a method and system for authentication and authorization and secure use of information, and more particularly to a method and system for remote authentication and security use of medical information over a period of time. Background technique
  • Telemedicine and regional collaborative medical care are guided by the experts of higher-level medical institutions to guide the diagnosis and treatment of grassroots doctors, so that grassroots patients can enjoy the diagnosis and treatment services of higher-level doctors while "seeing nearby doctors". The most effective way to sink the system.
  • Remote authorization and temporary reauthorization During the visit, the attending doctor will invite other doctors (different medical institutions, different regions) to participate, which requires more than one batch and multiple authorizations, and this may be followed by authorization. The patient is no longer in the hospital, which requires the patient to be able to remotely authorize or grant the patient a temporary reauthorization permit; 2) Authorization for a period of time: The doctor's analysis, communication and diagnosis of the patient may not be completed in a short period of time. It takes a period of time (for example, a few days), then the doctor is required to be authorized for a period of time. The patient information can be accessed;
  • the purpose of the present invention is to solve the above-mentioned private medical information for patients, and to realize the authorization and safe transmission and use for different hospitals, multiple doctors, time spans, and the like in remote consultation, regional collaborative diagnosis and the like.
  • the patient first grants the attending doctor permission to view the medical record, which is encrypted by the patient's personal key and stored in the network server data storage.
  • the attending doctor obtains and reads the patient's authorized medical record
  • the second authorized collaborative doctor reads the patient's medical record, and then the collaborative doctor views the patient's medical record.
  • medical record information and related information are transmitted in an encrypted manner in the network.
  • a system for remote authentication and secure use of medical information over a period of time includes a terminal device, a user terminal system, a server terminal system, and data storage.
  • the terminal device includes an authentication and authorization device and a display device
  • the user terminal system includes an authorization module and a medical record reading module
  • the server terminal system includes the identification
  • the data storage includes the patient library, the medical record information, the hospital doctor's library, the temporary cache medical record, the authorization information, and the doctor key pool.
  • the attending physician and the remote collaborative doctor can conveniently access and use the medical data while ensuring the security of the data.
  • FIG. 1 is a general flow diagram of a method for authentication authorization and secure use of medical information of the present invention.
  • Figure 2 is a sub-flow diagram of patient authorization in the flow of Figure 1.
  • Figure 3 is a sub-flowchart of the attending doctor reading the medical record in the flow of Figure 1.
  • Figure 4 is a sub-flow diagram of the secondary authorization of the attending physician in the flow of Figure 1.
  • Figure 5 is a sub-flow diagram of the collaborative doctor viewing the medical record in the flow of Figure 1.
  • FIG. 6 is a block diagram of a system for authentication authorization and secure use of medical information of the present invention. detailed description
  • the patient's private medical record information is stored in the data storage of the network server after being encrypted by the personal key in various forms such as a database, a file, a graphic, etc., and may be stored in one server or in different servers.
  • the medical record information can only be decrypted by using the patient's personal key, and the patient's personal key is stored at the patient, which may be a medical card, a USB key disk, a CD or the like.
  • the on-site doctor can directly authorize the attending doctor to access his/her medical record information.
  • the authorized method can be through physical media, such as brushing medical cards; or through biological means, such as fingerprinting; or by entering a password; If you are a doctor in the network, you can authorize multiple doctors at the same time.
  • the patient's authorization to the attending physician can be specified for a period of time, for example, from then on. 10 days; and, the patient can grant the attending doctor the power of secondary authorization, so that the attending doctor can authorize the collaborative doctor to read the patient's medical record.
  • FIG. 1 there is shown a general flow diagram of a method for authentication authorization and secure use of medical information of the present invention.
  • the patient After confirming the patient identity by the medical record card, photo, social security card number, etc. in step 101, the patient is granted the permission of the attending doctor to view the medical record and the secondary authorization in step 102.
  • the attending doctor acquires and reads the patient-authorized medical record in step 103, the step is performed.
  • the second authorized collaborative doctor reads the medical record of the patient, and at step 105, the medical record of the patient is viewed by the collaborative doctor.
  • Figure 2 is a sub-flow diagram of patient authorization in the flow of Figure 1.
  • the authorized content is specified by the patient A2:
  • the patient's medical record may include the contents of the patient's different diseases in different hospitals in various periods.
  • the patient may specify a partial medical record range, for example:
  • the disease type such as only the medical record related to the disease of the current visit
  • the authorized attending physician is designated by the patient: in the on-site visit, the designated doctor is usually the doctor on the spot; and in the case of an off-site visit, such as booking a doctor via the Internet or by telephone, the patient may select one or more Attending a doctor and authorizing to view his medical history;
  • the authorization period is specified by the patient: the authorized time range, such as 10 days from today;
  • the patient is allowed to perform a secondary authorization by the patient: that is, the patient may grant the doctor the power of secondary authorization, thereby making The attending doctor may authorize other collaborative doctors to read the patient's medical record;
  • step 205 the authorization information is saved: the information set in the above steps 201-204 is saved in the data storage, and the submission manner can be submitted through the PC client; or can be submitted by using the mobile phone short message/mobile terminal program, which can be understood by those skilled in the art.
  • the implementation of specific submissions can be varied.
  • the authorization information may also include a secondary key, which may be used to assist in decrypting the medical record data, that is, the key cannot be decrypted by the key alone, which is only half of the key; the authorization information is authorized by the authorized doctor's public key Encryption, all doctor's public keys are uniformly stored in the data store.
  • 3 is a sub-flowchart of the attending doctor reading the medical record in the flow of FIG. 1.
  • the patient medical record information is obtained from the data storage according to the patient identification (such as the medical record card number, the social security card number, and the identification number).
  • the medical record information is encrypted, and only the patient's personal key can be used for decryption. .
  • step 302 it is confirmed from the authorization information in the data store whether the doctor is authorized to access the medical record contents.
  • the patient's personal key is used for decryption.
  • the patient decrypts the medical record using the personal key.
  • the personal key is stored at the patient (eg medical card, USB key disk, CD); when the patient is not in front of the doctor, the patient The personal key can be used to generate a temporary ciphertext, which is submitted to the system, and the system can use the temporary ciphertext and the aforementioned auxiliary key obtained from the authorization information to decrypt the patient's medical record.
  • step 304 the decrypted patient medical record is encrypted by the doctor's public key, which is from the doctor's key store stored in the data store, and the temporary medical record encrypted by the public key is stored in a temporary cache in the data store. For doctors to check at any time, if the doctor only needs to read it once, this step is not needed.
  • step 305 the patient medical record is obtained from the temporary cache, and the authorization information in the data storage is confirmed whether it is still within the authorized time range. If yes, the doctor can decrypt it with his own key and read it.
  • Fig. 4 is a sub-flowchart of the second authorized medical doctor of the doctor in the process of Fig. 1 reading the medical record.
  • step 401 the attending doctor selects a collaboration doctor from the hospital and the doctor's library in the data storage to help him diagnose the diagnosis;
  • step 402 the authorization information in the data storage is used to verify whether the attending doctor has the right of secondary authorization, and whether it is within the authorized time range, and if so, the attending doctor authorizes the collaborative doctor to read the patient's medical record;
  • the attending physician creates a temporary key for each authorized collaboration doctor, and encrypts it with the key of each collaboration doctor, and transmits it to each collaboration doctor through the doctor key pool.
  • Figure 5 is a sub-flow diagram of a collaborative doctor viewing a medical record in the flow of Figure 1.
  • the collaboration doctor obtains a temporary key encrypted by the doctor's key from the doctor's key through the doctor's key pool;
  • step 502 the collaboration doctor decrypts with his own key to obtain a temporary key
  • the cooperating physician obtains the patient's medical record from the temporary cache and decrypts with the temporary key to read the patient's medical record and assist in the diagnosis.
  • 6 is a block diagram of a system for authentication authorization and secure use of medical information of the present invention.
  • the system includes terminal equipment, a user terminal system, a server terminal system, and data storage.
  • the terminal device includes:
  • Authentication/authorization of the terminal device A device that can authenticate the patient and save the user's key, and can use this device for authorization.
  • the device can be one or a whole set. It can be: health card/card reader; mobile device (such as mobile phone); biometric device such as fingerprint reader;
  • Medical record display terminal device used to display the authorized patient medical record, which can be a PC, a mobile phone or a tablet computer, or other video equipment such as a television.
  • the user terminal system is a software system for the user, and the user here includes the patient, the attending doctor, and the cooperative doctor.
  • the system can be deployed in different locations, such as hospitals, patients' homes, telemedicine centers, etc., accessing the server over a local area network, a wide area network (such as the Internet), or a mobile network.
  • the user terminal system includes:
  • a) Authorization module Provides a user interface to realize the function of “patient authorization to the attending physician and attending doctor to other doctors”;
  • Medical record reading module The medical record is displayed on the corresponding display device in the form of graphics, text, voice, video, etc., and is read by the user.
  • Server terminal system It can be deployed centrally in hospitals, data centers, or distributed, and deployed in a "cloud” manner.
  • the server terminal system includes:
  • Authentication module Authenticate the patient and doctor; and implement unified management of patient data through MPI (main index) service;
  • Authorization module Realize the patient's authorization to the doctor of the attending doctor and the attending doctor, and record all authorization procedures;
  • c) Medical record access module Unified management of the medical records of all patients, to achieve the function of reading, modifying and querying the medical records, the patient's medical records can be stored in different servers; d) Encryption and transmission module: According to the authorization and the visitor, the corresponding key and encryption algorithm are used for encryption and transmission.
  • Data Storage Implement physical storage of primary data, either centralized or distributed, including:
  • Patient bank Save all patient information, including basic information of the patient (such as ID number, residential address, household registration, social security card number); patient card information in each hospital; and system authentication information for patients;
  • Patient medical record information including the index of the medical records of the patients in each hospital and the original information, including prescription, examination, medication, surgery, nursing, etc.; these data are encrypted and stored by the patient's key, where the medical record is permanent Saved, will not be deleted;
  • Temporary cache medical records Medical records that need to be temporarily saved during the diagnosis and treatment process. These medical record data are partially copied from the “patient medical record information”, and the time limit can be defined. After completing the medical treatment or exceeding the time limit, The cached medical record will be deleted;
  • Authorization information Record the patient's authorization information to the doctor, the authorized doctor, the authorized person, the authorized content, the authorization level, the authorization period, the auxiliary key, etc.;

Landscapes

  • Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Epidemiology (AREA)
  • Medical Informatics (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

La présente invention porte sur un procédé et un système d'authentification, d'autorisation et d'utilisation sécurisée d'informations médicales inter-période de temps à distance. Un patient autorise un médecin traitant à contrôler un dossier médical crypté par une clé secrète personnelle du patient, et lui donne une deuxième permission d'autorisation; après avoir acquis et lu le dossier médical autorisé par le patient, le médecin traitant autorise, dans un deuxième temps, un médecin coopérant à lire le dossier médical du patient, et ensuite le médecin coopérant contrôle le dossier médical du patient et effectue un diagnostic en mode d'assistance. Le système d'authentification, d'autorisation et d'utilisation sécurisée d'informations médicales inter-période de temps à distance comprend un dispositif terminal, un sous-système de terminal utilisateur, un sous-système de terminal serveur et un dispositif de stockage de données.
PCT/CN2013/077290 2013-06-17 2013-06-17 Procédé et système d'authentification, d'autorisation et d'utilisation sécurisée d'informations WO2014201599A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/077290 WO2014201599A1 (fr) 2013-06-17 2013-06-17 Procédé et système d'authentification, d'autorisation et d'utilisation sécurisée d'informations

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/077290 WO2014201599A1 (fr) 2013-06-17 2013-06-17 Procédé et système d'authentification, d'autorisation et d'utilisation sécurisée d'informations

Publications (1)

Publication Number Publication Date
WO2014201599A1 true WO2014201599A1 (fr) 2014-12-24

Family

ID=52103774

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/077290 WO2014201599A1 (fr) 2013-06-17 2013-06-17 Procédé et système d'authentification, d'autorisation et d'utilisation sécurisée d'informations

Country Status (1)

Country Link
WO (1) WO2014201599A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113053481A (zh) * 2021-03-29 2021-06-29 郑静 一种医疗信息身份认证方法及系统
CN113726520A (zh) * 2021-08-19 2021-11-30 广东工业大学 一种基于区块链的多权限可撤销加密二维码电子病历
CN115662657A (zh) * 2022-10-31 2023-01-31 海南星捷安科技集团股份有限公司 一种基于互联网医院的在线问诊系统
CN116153451A (zh) * 2023-04-18 2023-05-23 中国人民解放军总医院 基于数据处理的收治病种分析系统
CN116743513A (zh) * 2023-08-16 2023-09-12 成都中医药大学附属医院(四川省中医医院) 一种电子病历远程调阅的安全操作方法及系统

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080126729A1 (en) * 2006-11-28 2008-05-29 Yigang Cai Systems and methods for controlling access by a third party to a patient's medical records on a medical information card
CN102331998A (zh) * 2011-07-22 2012-01-25 大连亿创天地科技发展有限公司 一种视频电子病历授权下载方法及系统

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080126729A1 (en) * 2006-11-28 2008-05-29 Yigang Cai Systems and methods for controlling access by a third party to a patient's medical records on a medical information card
CN102331998A (zh) * 2011-07-22 2012-01-25 大连亿创天地科技发展有限公司 一种视频电子病历授权下载方法及系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LIU, JIANQI ET AL.: "Improvement and Application of Access Control Mode Based on RBAC", JOURNAL OF COMPUTER APPLICATIONS, vol. 28, no. 9, September 2008 (2008-09-01), pages 2449 - 2451 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113053481A (zh) * 2021-03-29 2021-06-29 郑静 一种医疗信息身份认证方法及系统
CN113053481B (zh) * 2021-03-29 2023-12-12 郑静 一种医疗信息身份认证系统
CN113726520A (zh) * 2021-08-19 2021-11-30 广东工业大学 一种基于区块链的多权限可撤销加密二维码电子病历
CN115662657A (zh) * 2022-10-31 2023-01-31 海南星捷安科技集团股份有限公司 一种基于互联网医院的在线问诊系统
CN115662657B (zh) * 2022-10-31 2024-02-02 海南星捷安科技集团股份有限公司 一种基于互联网医院的在线问诊系统
CN116153451A (zh) * 2023-04-18 2023-05-23 中国人民解放军总医院 基于数据处理的收治病种分析系统
CN116743513A (zh) * 2023-08-16 2023-09-12 成都中医药大学附属医院(四川省中医医院) 一种电子病历远程调阅的安全操作方法及系统
CN116743513B (zh) * 2023-08-16 2023-10-20 成都中医药大学附属医院(四川省中医医院) 一种电子病历远程调阅的安全操作方法及系统

Similar Documents

Publication Publication Date Title
US11887705B2 (en) Apparatus, system and method for patient-authorized secure and time-limited access to patient medical records utilizing key encryption
TWI784092B (zh) 分享電子醫療健康記錄的方法與系統
Flores Zuniga et al. Biometrics for electronic health records
WO2020000825A1 (fr) Procédé et système de traitement de données de traitement médical, dispositif informatique et support d'informations lisible
US10841286B1 (en) Apparatus, system and method for secure universal exchange of patient medical records utilizing key encryption technology
US11521720B2 (en) User medical record transport using mobile identification credential
US8024273B2 (en) Establishing patient consent on behalf of a third party
CN103338196A (zh) 一种用于信息的认证授权和安全使用的方法与系统
Hupperich et al. Flexible patient-controlled security for electronic health records
JP2005505863A (ja) 患者データのデータ処理システム
CN101401104A (zh) 用于从服务器取回医疗数据的数字权利管理
TW202020891A (zh) 取得電子醫療健康記錄的方法與系統
WO2018225746A1 (fr) Procédé d'ouverture de session sur un système
CN102160060A (zh) 用于从本地生成代理存取例如定制医疗文件等记名数据的过程
WO2014201599A1 (fr) Procédé et système d'authentification, d'autorisation et d'utilisation sécurisée d'informations
CN111933292A (zh) 基于区块链的医联体及医疗数据交互方法和存储介质
KR20180076911A (ko) 일회용 비밀번호 기반 제3자의 의료정보 열람 시스템
JP6032396B2 (ja) 非公開情報閲覧方法及び非公開情報閲覧システム
JP2009301131A (ja) 医療データ管理システム、及び医療データ管理方法
TWM569002U (zh) Medical record sharing system
Santos-Pereira et al. A mobile based authorization mechanism for patient managed role based access control
Gardner et al. Securing medical records on smart phones
JP2002279062A (ja) 個人情報管理システム及び個人情報管理方法
KR100760955B1 (ko) 전자 의무 기록 관리 시스템 및 전자 의무 기록 생성 방법
JP2005284703A (ja) 医療情報流通システム及びその情報アクセス制御方法、コンピュータプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13887396

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13887396

Country of ref document: EP

Kind code of ref document: A1