WO2020212609A1 - Secure medical data analysis for mobile devices - Google Patents

Secure medical data analysis for mobile devices Download PDF

Info

Publication number
WO2020212609A1
WO2020212609A1 PCT/EP2020/060925 EP2020060925W WO2020212609A1 WO 2020212609 A1 WO2020212609 A1 WO 2020212609A1 EP 2020060925 W EP2020060925 W EP 2020060925W WO 2020212609 A1 WO2020212609 A1 WO 2020212609A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
computer device
user
application
end user
Prior art date
Application number
PCT/EP2020/060925
Other languages
French (fr)
Inventor
Baher AL HAKIM
Bassel ALKHATIB
Hazem ATAYA
Makram SALEH
Mouhamad KAWAS
Rafael VARTIAN
Firas ATAYA
Original Assignee
Medicus Ai Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Medicus Ai Gmbh filed Critical Medicus Ai Gmbh
Publication of WO2020212609A1 publication Critical patent/WO2020212609A1/en

Links

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/20ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the management or administration of healthcare resources or facilities, e.g. managing hospital staff or surgery rooms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H80/00ICT specially adapted for facilitating communication between medical practitioners or patients, e.g. for collaborative diagnosis, therapy or health monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/07User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
    • H04L51/10Multimedia information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Definitions

  • the present invention lies in the field of medical data analysis for mobile devices and particularly to privacy-preserving data analysis for privacy-sensitive or otherwise confidential data.
  • Medical data can include data concerning the medical state of a human being. It may contain data that is stated in a technical way which may therefore not obvious to the ordinary person.
  • Medical data can consist e.g. in a patient's medical history, the patient's medical diagnoses, in the results of analyses of stool, blood, urine or other body fluids, in the observations of a physician examining a patient's condition etc.
  • the overall data as well as elements thereof may contain or allow to deduce information about a patient's current medical condition as well as it may allow to deduce medical advice e.g. concerning medication, helpful activities for improved wellbeing or advantageous nutrition.
  • Medical data may allow to inform the user about possible incompatibilities of medical treatments, especially when those are not prescribed by a physician, such as over the counter (OTC) drugs, or when they are prescribed by several physicians.
  • OTC over the counter
  • medical data are already used by physicians as well as other medical personnel to propose and chose appropriate therapies for a patient or to provide advice to the patient.
  • a patient's medical data may furthermore be used to provide her or him with further information.
  • medical data are interpreted by a physician, a pharmacist or by trained medical personnel, such as nurses, paramedics or doctor's assistants.
  • Medical information is usually stored in those personnel's technical language and with regard to their needs, but without direct meaning for an end user, considering e.g. the measurements from a blood analysis. This limits the extraction of medical information that is understandable to the ordinary user to the availability of the aforementioned trained personnel.
  • the medical input data may be the current patient's medical data, but it may also comprise the patient's medical record or information about his environment, e.g. whether the patient does usually perform sedentary work.
  • those devices are not configured to preserve the patient's privacy. Furthermore, said devices do usually not conduct an analysis of the overall patient data, but are configured to be operated for the specific monitoring application by trained personnel. At least, their output data are usually foreseen to be analysed by trained personnel.
  • US20090177495A1 discloses a system for personal medical care, intelligent analysis and diagnosis that may include: at least one source of medical information; at least one source of personal medical data for at least one patient; and one or more servers, where the medical information and the personal medical data are accessible to the server(s).
  • the server(s) may include: an artificial intelligence (AI) component for analysing the personal medical data with the medical information and identifying at least one issue requiring follow-up by the patient or by at least one external authorized entity; and at least one real-time communication link for bi-directional communication with at least one external authorized entity.
  • AI artificial intelligence
  • DE200520012454 discloses an information system that has a database to which data can be written or from which data can be read via a mobile terminal unit, e.g. a PDA or laptop, with a wireless communications module.
  • the mobile terminal unit has a medical expert system that is at least partially stored in a memory of the mobile unit. Information can be input to the system or called up from it and transmitted or received via the communications module.
  • US20030225597A1 discloses methods and systems for the creation and use of medical information comprising a record system and a healthcare professional network.
  • the inventive record system comprises an expert system and a database system for the collection, storage, manipulation and output of various record system data including member patient electronic medical records, treatment information, patient appointment information, medical definitions, research, condition matrix and network professional information.
  • the various data in the record system may be used in the functions of the record system and expert system, said functions comprising data collection, storage, manipulation and output; call centre functionality; providing appointment reminders; controlling medical professional, patient and third party access to record system data; providing for analysis of data for clinical trial applications; providing for research; providing education and training; and providing patient medical record analysis.
  • the professional network comprises leading medical professionals, who may be primarily or exclusively physicians from academic and private institutions throughout the world.
  • the network includes an advisory board of professionals selected from the network population.
  • the network functions comprise providing various data to the record system, treating local patients, treating traveling member patients, responding to emergency needs of patients, assisting in providing information to and enrolling their non-member patient base.
  • US20090326981A1 provides a system and/or a method that facilitates collecting a portion of health data from a collection of users.
  • An interface component can receive health data communicated from a collection of users, wherein each user within the collection is associated with a respective portion of health data.
  • a verification component can authenticate at least one transmission source of the portion of health data, an ownership between a portion of health data and a user, an integrity level associated with the portion of health data, or a user submitting the portion of health data.
  • a collection component can aggregate authenticated health data into a semantic data store in which the health data are indicative of a raw and unmolested source of health information from the collection of users. The collection component can further organize the health data to facilitate identification of a medical related trend.
  • US20150359489A1 discloses is a smart patient monitoring system.
  • a sensor is coupled to a patient and configured to detect biometric data associated with the patient.
  • a mobile computing device includes a memory that stores computer-executable instructions and a processor executes the computer-executable instructions. The mobile computing device receives the biometric data from the sensor; processes the biometric data to monitor a health status of the patient; and provides therapeutic feedback related to the health status.
  • US5660176A discloses a system and method for providing computerized, knowledge- based medical diagnostic and treatment advice.
  • the medical advice is provided to the general public over a telephone network.
  • Two new authoring languages, interactive voice response and speech recognition are used to enable expert and general practitioner knowledge to be encoded for access by the public.
  • "Meta" functions for time-density analysis of a number of factors regarding the number of medical complaints per unit of time are an integral part of the system.
  • a semantic discrepancy evaluator routine along with a mental status examination are used to detect the consciousness level of a user of the system.
  • a re-enter feature monitors the user's changing condition over time.
  • a symptom severity analysis helps to respond to the changing conditions.
  • System sensitivity factors may be changed at a global level or other levels to adjust the system advice as necessary.
  • US7433853B2 discloses a plurality of chronic sensors are used to facilitate diagnosis and medical decision making for an individual patient.
  • An expert system evaluates the sensor data, combines the sensor data with stored probability data and provides an output signal for notification or medical intervention.
  • US20050015352A1 discloses an expert system, in particular for medical diagnosis, the expert system includes a memory for storing a plurality of hypotheses. The hypotheses are arranged in a first and second disjoint group of hypotheses. The memory stores questions for rejecting hypotheses of the second group. An output is used for supplying questions to a user. A input is used for receiving initial data and answers to questions. A processor is programmed to select questions from the stored questions for those hypotheses from the second group that are possible in dependence on the initial data. The processor also determines from answer(s) received in response to outputting the selected questions whether at least one of the hypotheses of the second group is possible. In response to determining that no hypothesis of the second group is possible, the processor supplies a most likely hypothesis of the first group.
  • Server-based expert systems require at least the transmission of the patient's data to a server, as well as its processing at this server, even if the patient data are saved locally. This brings the inherent risk of compromising the user's privacy on the server or during the data transmission. Furthermore, the processing system does necessarily have access to the data at the server, so the user has to trust the operator of the expert system on the server.
  • a method for processing data on an end user computer device can comprise processing user data by an application that can be executed by the end user computer device.
  • the end user computer device can be configured to be at least most of the time used by one user at a time, such as a laptop PC, desktop PC or a smart phone.
  • the end user computer device can also be a medical computer device satisfying the aforementioned condition.
  • the method can comprise a user data storing step that can comprise storing at least a part of the user data on the end user computer device.
  • the data storing step can comprise storing medical data. That is, the data storing step can comprise storing data regarding a user's health condition, his/her DNA, information about diseases, diseases in the family, a nutrition of the user or the like.
  • the user data storing step can comprise a technical user data storing step that comprises storing technical user data in a machine-interpretable form.
  • a machine-interpretable form is a form that renders a data treatable to a computer, such as by a formatting convention of data in files, by defining standard units or by applying standards regarding a naming of one, a plurality or all fields that the computer is supposed to interpret.
  • the technical user data can comprise medical user data.
  • the technical user data storing step can comprise storing technical user data that are encoded with at least a homogenous naming for fields. That is, there is a common naming of values that correspond to the same variable, such as a blood pressure. Such a naming is for example the LOINC-standard. The naming can nevertheless also follow any other standard, as long it is consistently applied.
  • the technical user data storing step can comprise for each field encoding values with a same dimension unit, such as a weight in kg.
  • the technical user data storing step can comprise furthermore storing at least partially automatically generated medical data.
  • These at least partially automatically generated medical data can comprise at least one medical image, such as an image obtained by X- ray radiography, ultrasound imaging, magnetic resonance imaging and/or a computed tomography scan.
  • the image can comprise a visual representation of at least a part of a user's body.
  • the medical data can also comprise at least one result of a laboratory analysis of material originating from or expelled by the human body.
  • material can comprise tissue samples and/or body fluids, such as blood or urine.
  • the laboratory analysis can comprise analysis data from a medical and/or a clinical laboratory.
  • the medical data can also comprise from a sensing device that senses biometrical or medical data of the user.
  • the medical data that are at least partially automatically generated can also be automatically generated. These data can also be at least partially automatically be transmitted to the user device.
  • processing user data by the application can comprise processing the technical user data. That is, the method can comprise processing the technical user data by the application, the method does not need to comprise processing other parts of the user data in such embodiments.
  • processing the technical user data can comprise an information deriving step that can comprise deriving information from the technical user data by the application.
  • the information deriving step can comprise generating derived information by this.
  • the information deriving step can comprise deriving medical information from the technical user data by the application.
  • the application can comprise a machine learning model.
  • the information deriving step can comprise deriving the information based on the machine learning model.
  • This disclosure considers machine learning models to comprise neural networks.
  • the machine learning model can be a supervised machine learning model, and it can be a classifier.
  • the machine learning model can be such as a decision tree, a random forest model, a k-NN-model.
  • the machine learning model can optionally advantageously be configured to accept the medical data in the machine interpretable form and to output a diagnosis or another reference to corresponding output data.
  • An optional advantage of such models can be that their training may be less cumbersome than generating a program based on medical rules or medical knowledge that are translated into a computer code.
  • the application can comprise an expert system and the information deriving step can comprise deriving the information based on the expert system.
  • the expert system can comprise a model built for medical questions or medical problems.
  • the expert system can be a medical expert system. That is, the expert system can be configured to solve medical questions.
  • the expert system can comprise medical knowledge.
  • the medical expert system can comprise at least a part of a rule- based inference engine.
  • the medical expert system can also comprise the rule-based inference engine. That is, the medical expert system can also be implemented by a rule- based inference engine with appropriate data, as will be detailed later on.
  • An optional advantage of implementing the medical expert system using a rule-based inference engine is that the inference engine's operation is a deterministic algorithm and that furthermore, for every result, at least one rule indicates the reason for the result. In a context of analysis of medical data, this can be an optional advantage over algorithms where it is harder to deduce the causal relation between input and output.
  • the application or a part thereof can derive information from the technical user data using their machine-interpretable form or at least one property of this machine-interpretable form.
  • the part of the application can for example be the machine learning model or the rule-based inference engine.
  • Using said machine-interpretable form comprises using at least one property of the machine-interpretable form, such as one of the detailed properties described above.
  • An optional advantage of using the machine- interpretable form can be that the application of rules by the rule-based inference engine yields correct results with a higher probability as a risk of wrong interpretation of input data due to their form is lowered.
  • the application can be specified by application data.
  • the application data can specify to a processor or to a computer device which steps to perform when running the application.
  • the application data can comprise display data.
  • the display data can comprise data that are configured to be outputted to a user. They can for example comprise media data, such as sound data, text data, video data or image data. They can also comprise other data that is configured to be outputted to a user, such as data that is displayed by activating luminous elements corresponding to certain states of operation or to certain results.
  • the application data can comprise knowledge base.
  • the knowledge base data can comprise at least a part of data that are configured to specify a relation between input data and output data of the application.
  • the knowledge base data can comprise, for example, rules in case of a rule-based inference engine, or a trained model in case that the application comprises the machine learning model.
  • the application data can comprise inference engine data.
  • the inference engine data can comprise at least a of data that specify an evaluation of the input data using the knowledge base data.
  • data that specify the evaluation can for example be data that specify the evaluation of rules from the knowledge base data.
  • the user data storing step can comprise storing the derived information or indicators thereof. That is, at least a part of the derived information is stored at least indirectly with the user data. This can have an advantage, as this derived information can be user-specific and may therefore need a same treatment, such as an encryption or a backup-routine, as other user data.
  • storing the derived information or the indicators thereof can comprise storing at least one reference to at least one part of the display data. This can be optionally advantageous as it can allow to save data storage capacity on the user device as well as on a backup of the user data.
  • Storing the derived information or the indicators thereof can also comprise copying at least one part of display data.
  • Copying the display data can comprise copying the display data to the user data. This can be optionally advantageous as the corresponding parts of the display data can be outputted without accessing the display data, which may bring advantages for example if the display data are encrypted and accessing them therefore consumes computational capacities or if the derived information is transmitted to another device that cannot access the display data. This option can also be advantageous because of a lower complexity of an implementation of the application, in particular if the display data are encrypted.
  • Storing the derived information or the indicators thereof can also comprise generating data at least based on display data. This can comprise for example generating personalised data. This can also comprise adding user specific data to a template that can be part of the display data. The user specific data can be a part of the user data or of the derived information or the indicators thereof or both.
  • the method can comprise a data outputting step.
  • the data outputting step can comprise outputting at least a part of the user data by the end user computer device.
  • the data outputting step can also comprise outputting at least a part of the display data by the end user computer device.
  • the former can be optionally advantageous if the derived information or the indicators thereof are stored at least by copying at least one part of the display data, in particular if the at least one part of the display data is stored with the user data.
  • the former can also be advantageous if the derived information or the indicators thereof are at least stored by generating data at least based on display data, in particular if those are stored with the user data.
  • the latter can be optionally advantageous if storing the derived information of the indicators thereof comprises at least storing at least one reference to at least one part of the display data, as in this case, at least the at least one part of the display data can be foreseen to be outputted.
  • the data outputting step can comprise outputting at least a part of the derived information or the indicators thereof that are stored on the end user computer device.
  • data on the end user computer device can comprise encrypted data. That is, at least a part of the data on the end user computer device can be encrypted. This can optionally be advantageous if at least a part of the data on the device are considered to be confidential or if they should be protected for another reason. This can in particular apply to the application data, the display data, the user data or parts of any of the aforementioned, as detailed above.
  • the method can comprise encrypting at least a part of the user data.
  • This can comprise encrypting data that are configured to identify a user, such as his e-mail address, name, date of birth or the like.
  • This can also comprise applying a particular encryption that is required by a regulation for a particular type of data only to the corresponding parts of the user data that comprise said particular type of data.
  • An example would be medical data.
  • encrypting at least a part of the user data can comprise encrypting at least a part of the technical user data.
  • the encrypted data can further comprise at least a part of the application data.
  • the encrypted data can also comprise at least a part of the display data.
  • the encrypted data can also comprise the display data. This can be optionally advantageous, as the display data can be the most vulnerable part of the application data from a business perspective, as detailed above.
  • the method can comprise a data adding step.
  • the data adding step can comprise adding data to the user data on the end user computer device.
  • the method can comprise providing an interface for adding data to the user data by manual input.
  • Said interface can be an interface configured to enable a user to input data, such as a microphone, a keyboard, a touch-sensitive screen or a camera.
  • the data adding step can comprise using an optical input device, such as a camera.
  • the optical input device can be connected at least indirectly to the end user computer device.
  • the optical input device can be remote from the end user computer device, such as a scanner that is connected to the end user computer device, for example via WLAN or via internet.
  • the optical input device, such as the camera can also be connected to the end user computer device directly, such as a webcam that is connected to a desktop computer via USB.
  • the optical input device can also be mounted to the end user computer device, such as a camera in a smartphone.
  • the data adding step can comprise adding text data to the user data.
  • Adding the text data to the user data can comprise using the optical input device, such as the camera for adding at least a part of the text data.
  • the method can comprise applying at least optical character recognition to the data captured by the optical input device, such as images captured with a camera.
  • This can be optionally advantageous in cases where at least a part of data that are added are available as text, in particular as text printed on paper.
  • this can be furthermore optionally advantageous as it renders a human interaction unnecessary and as the human interaction might inflict disadvantages, e.g. introduce errors or be more cumbersome, as a machine-interpretable form is not necessarily optimised for treatment by a human operator.
  • the data adding step can also comprise receiving input data from a data server and adding at least a part of the input data to the user data.
  • a data server can also comprise receiving input data from a data server and adding at least a part of the input data to the user data.
  • This can be optionally advantageous in a case where the input data are already stored in a computer system, such as in case of a health care provider who keeps digital patient records or in case of a medical or clinical laboratory that provides results of at least one or a plurality of analyses in a digital form, as it saves a supplementary interaction step for a user and/or medical personnel.
  • the data adding step can also comprise receiving data from at least one sensing device.
  • the at least one sensing device can be configured to sense data related to a user.
  • an accelerometer-sensor can be adding the motion data of the user
  • a dosimeter could measure a dose of radiation
  • a location sensing device such as a GPS-receiver with appropriate calculation unit could measure a user's position.
  • At least one of the at least one sensing device can also be configured to sense physiological data related to the user, such as a pulse of the user, a blood pressure of the user or another measure for condition of the user.
  • the method can comprise an updating step.
  • the updating step can comprise sending at least a part of update data from the server and receiving at least the part of the update data by the end user computer device.
  • the updating step can be optionally advantageous for changes in the application data from a technical point of view, but also for updates of the knowledge base data in case of new medical findings or rules and for updates of the display data in the respective case or in case of new display data that is for example better accepted by users, e.g. in case of new findings of research or if the users' taste shifts over time or is just better known to the provider of the display data.
  • the updating step can comprise adapting at least a part of the application data on the end user computer device according to the received update data. That is, the update data can comprise data to replace at least one part of the application data.
  • the update data can also comprise data that indicate changes to be performed to at least one part of the application data.
  • the update data can comprise an instruction to receive or download data from another data source to replace at least one part of the application data.
  • the method can also comprise repeating at least a part of the information deriving step after the updating step. This can be optionally advantageous if the display data changed, as the user might get another output for a set of same derived information after the updating step is performed, or if the knowledge base data are modified, as the application might derive different information from a same set of user data after performing the updating step.
  • the method can further comprise sending at least an indicator of the updating step or a result thereof.
  • the method can also comprise sending an indicator of the application data, such as a version of the application data or a hash of the application data or of a part thereof, in particular after performing an updating step.
  • the method can also comprise sending at least an indicator of the end user computer device or of technical features thereof.
  • the sending of at least an indicator can be performed from the end user device to another device such as the server.
  • Sending said data can be optionally advantageous to for a provider of the application to adapt the application or to ensure an identity of the application data on the end user computer device to a version of the application data that is foreseen by the provider of the application data.
  • This sending step may also be advantageous to detect a malicious or at least unforeseen modification of the application data.
  • the method can comprise sending a part of the user data to another device, such as the server, a third party's server or a device configured to generate a backup of said part of the user data, such as a printer or a data storage device or system.
  • another device such as the server, a third party's server or a device configured to generate a backup of said part of the user data, such as a printer or a data storage device or system.
  • the method can comprise sending a part of the user data to another device only if at least one transfer condition of a transfer condition set is matched.
  • the another device can be a device such as the server, a third party's server or a device configured to generate a backup of said part of the user data, such as a printer or a data storage device or system.
  • the transfer condition set comprises at least one transfer condition, wherein the method can comprise requiring only matching one of the at least one transfer condition. Different transfer conditions can refer to at least one same element.
  • the transfer condition set can comprise at least one transfer condition. At least one of the at least one transfer condition can refer to an anonymisation of at least a part of the user data that is sent.
  • At least one of the at least one transfer condition can also refer to an authorization by the user or an authorized third party.
  • the anonymisation can comprise removing or concealing at least a part of information before or while sending it to the server.
  • the anonymisation can also comprise limiting a precision of at least a part of information that is sent.
  • the anonymisation can also comprise adding random data to the data that is sent or at least a part thereof.
  • the authorized third party may be for example an emergency medical physician, a paramedic, a hospital, a coroner's office or the like.
  • the method can also comprise preventing sending the user data from the end user computer device if none of the transfer conditions of the transfer conditions set are satisfied. This can be optionally advantageous to ensure a confidentiality of data on the end user computer device and in particular of the user data or parts thereof.
  • the method can also comprise preventing sending the user data from the end user computer device. That is, the method can comprise preventing sending the user data from the end user computer device at all. This can be optionally advantageous if the user wants a high level of privacy, if data transmission networks to which the end user computer device is connected or can be connected cannot be trusted or the like.
  • At least a part of information deriving step is performed only on the end user computer device.
  • running the expert system or the rule-based inference engine can be performed only on the end user computer device.
  • the method can also comprise performing the information deriving step only on the end user computer device.
  • the features described in the preceding two paragraphs can be optionally advantageous as the user data do not need to be shared with another entity, such as an analysis server. This can optionally advantageously reduce systems that can be attacked by a malicious third party in order to obtain a part of the user data. It can furthermore optionally advantageously reduce the need of computer system resources for the operating party.
  • the present invention is also directed to a system for analysing medical data. All features described before and specified in he claims with respect to method steps are also embraced by the invention in terms of a system, even without being explicitly mentioned. In particular, the explanations regarding terms and expressions as well as advantages and optional advantages are to be understood as applicable to the entire document where appropriate.
  • the system comprises an end user computer device and a server.
  • the end user computer device can comprise a data storage component and a data processing component.
  • the data processing component can be a component configured to process data, it can comprise units such as a processor with the necessary periphery, hardware accelerators and/or microcontrollers.
  • the data storage component can be a component configured to store data.
  • the data storage component can be configured to be send and receive data from the data processing component.
  • the data storage component can comprise at least one data storage unit, such as an SD-card, a flash memory element, a hard disk, RAM or the like.
  • the end user computer device can comprise a communication component.
  • the communication component can be configured to communicate data.
  • the communication component can comprise at least one communication component unit.
  • the communication component can be configured for wired or wireless connection.
  • the communication component can be configured for communication to the server via a connection configured for data transfer.
  • Said connection for data transfer can be for example a WLAN-connection, a connection via internet, a connection via a cellular data network, such as via 3G, 4G or 5G, a USB-connection, or the like.
  • the communication component can comprise for example an antenna configured for data-transfer in a mobile cellular network and/or an antenna configured for communication in a Wifi-network.
  • the end user computer device can also comprise at least one network interface card that can be configured to connect the end user computer device to a network, such as, to the Internet.
  • the end user computer device can comprise user interfaces, such as: an output user interface, such as: o a screen or monitor configured to display visual data, o a speaker configured to communicate audio data (e.g. playing audio data to the user), input user interface, such as: o a camera configured to capture visual data (e.g. capturing images and/or videos of the user), o a microphone configured to capture audio data (e.g. recording audio from the user), o a keyboard configured to allow the insertion of text and/or other keyboard commands and/or o a trackpad, a mouse, a touchscreen, and/or a joystick.
  • an output user interface such as: o a screen or monitor configured to display visual data, o a speaker configured to communicate audio data (e.g. playing audio data to the user)
  • input user interface such as: o a camera configured to capture visual data (e.g. capturing images and/or videos of the user), o a microphone configured to capture audio data (e.g. recording audio from the user
  • the end user computer device can be a processing unit configured to carry out instructions of a program.
  • the end user computer device can be a system-on- chip comprising processing units, memory components and busses.
  • the end user computer device can be a smartphone, a tablet computer, a laptop or a personal computer.
  • the server can comprise means of data processing, such as, processor units, hardware accelerators and/or microcontrollers.
  • the server can comprise memory components, such as, main memory (e.g. RAM), cache memory (e.g. SRAM) and/or secondary memory (e.g. HDD, SDD).
  • the server can comprise busses configured to facilitate data exchange between components of the server, such as, the communication between the memory components and the processing components of the server.
  • the server can comprise network interface cards that can be configured to connect the server to a network, such as, to the Internet.
  • the server can comprise user interfaces, such as: output user interface, such as screens or monitors configured to display visual data and/or speakers configured to communicate audio data, input user interface, such as a camera, a microphone configured to capture audio data, a keyboard, a trackpad, mouse, touchscreen and/or joystick.
  • output user interface such as screens or monitors configured to display visual data and/or speakers configured to communicate audio data
  • input user interface such as a camera, a microphone configured to capture audio data
  • keyboard a trackpad, mouse, touchscreen and/or joystick.
  • the server can also be configured to be controlled from another computer system, such as via a remote-desktop connection, via a secure shell connection (SSH) or the like.
  • SSH secure shell connection
  • the server can be a processing unit configured to carry out instructions of a program.
  • the server can be a system-on-chip comprising processing units, memory components and busses.
  • the server can be a processing unit or a system-on-chip that can be interfaced with a personal computer, a laptop, a pocket computer, a smartphone, a tablet computer and/or user interfaces (such as the upper-mentioned user interfaces).
  • the server can be a server system or a portion thereof.
  • the server can also be implemented as a cloud system.
  • the end user computer device can be configured for communication to at least one medical sensing device.
  • the medical sensing device can be according to the at least one sensing device that is configured to sense data related to a user.
  • the medical sensing device can be furthermore according to the at least one of the at least one sensing device that is configured to sense physiological data related to the user.
  • the at least one medical sensing device can be a plurality of medical sensing devices.
  • the end user computer device can comprise an input interface component.
  • the input interface component can be according to the interface for adding data to the user data by manual input that can be provided in the respective optional part of the method.
  • the end user computer device can comprise application data and user data.
  • the application data can be configured to specify an application that derives information from the user data once the application is run by the end user computer device.
  • the application data can be configured for performing the functionality of an expert system by the application, once the application data are executed.
  • the explanations from the method embodiments apply accordingly.
  • the expert system can be a medical expert system.
  • the medical expert system can comprise at least a part of a rule-based inference engine.
  • the medical expert system can also comprise the rule-based inference engine. That is, the medical expert system can be implemented by a rule-based inference engine. Furthermore, also the expert system can be implemented by a rule-based inference engine.
  • the application data can comprise display data.
  • the application data can comprise knowledge base data and inference engine data.
  • the user data can comprise medical data.
  • the medical data can be in particular according to any of the preceding explanations regarding medical data or medical user data.
  • the user data can comprise technical user data.
  • the technical user data can comprise medical user data that are at least in part encoded in a machine-interpretable form.
  • the machine-interpretable form can be according to any of the explanations regarding the machine-interpretable form in the preceding parts of the document.
  • the medical user data that are at least in part encoded in a machine- interpretable form are preferably configured for being processed by the expert system and still more preferably, they are configured for being processed by the rule-based inference engine. That is, the form of the data can for example reflect a method of evaluating rules of the rule-based inference engine.
  • the technical user data can furthermore comprise information derived from an analysis of at least a part of the user data by the application, wherein the application is according to the application data or parts of the application data.
  • the user data can comprise personalised display data.
  • the personalised display data can comprise personalised output data.
  • the personalised output data can be generated based at least on the results of the analysis of the user data by the application, wherein the analysis is preferably performed by the expert system, more preferably by the medical expert system and still more preferably by the rule-based inference engine.
  • At least a part of at least one of the user data and the application data can be kept on at least a portion of the data storage component in an encrypted form. That is, at least a part of the user data can be encrypted, at least a part of the application data can be encrypted, or at least a part of each of them can be encrypted.
  • the encryption does not need to be the same for each part.
  • the application data can be kept on at least the portion of the data storage component in an encrypted form. That is, the application data can be entirely encrypted.
  • the user data can be kept on at least the portion of the data storage component in an encrypted form. That is, the user data can be entirely encrypted.
  • the personalised display data can be kept on at least the portion of the data storage component in an encrypted form.
  • the data storage component can comprise at least one non-volatile memory unit.
  • the portion of the data storage component on which at least a part of some data is kept in an encrypted form can comprise at least one of the at least one non-volatile memory unit.
  • the data storage component can comprise at least one secondary storage unit.
  • the portion of the data storage component on which at least a part of some data is kept in an encrypted form can comprise at least one of the at least one secondary storage memory unit.
  • At least one of the at least one secondary storage memory unit can be a non-volatile memory unit or vice versa.
  • the end user computer device can be configured for outputting data.
  • the end user computer device can be configured for encrypting data. This feature is particularly advantageous if at least a part of some data on the device is kept in an encrypted form.
  • the end user computer device can be configured to run the application specified by the application data. That is, the end user device can be configured to execute the application data.
  • the end user computer device can be configured to be connected to at least one server, such as the server, at least at some points in time. This feature can be optionally advantageous at least for downloading the application data.
  • the end user computer device can be configured to receive update data from the server.
  • update data Regarding particularly the update data, the explanations from the paragraphs regarding the disclosed method apply respectively as far as applicable.
  • the end user computer device can be configured to adapt the application data on the end user computer device according to the update data that the end user computer device received.
  • the end user computer device can be configured to prevent sending the medical user data to the server or to a third device unless at least one transfer condition of a transfer condition set is satisfied.
  • the transfer condition set can comprise at least one transfer condition. At least one of the at least one transfer condition can comprise a condition relating to an anonymisation of at least a part of the user data that is sent, and/or to an authorization by a user or an authorized third party.
  • the server can be connected to at least one end user computer device.
  • a server can be a server computer.
  • a server can also be a server computer system comprising a plurality of computers or devices.
  • a server can also be a system emulating the function of a server, such as a software running on a cloud computer system or the like.
  • the server can be configured to send the update data to the end user computer device.
  • the end user computer device can be configured to receive the update data.
  • the end user computer device can furthermore be configured to receive the update data in particular from the server, for example by requiring a corresponding cryptographic signature of the server.
  • An optional aspect of the invention is a computer program product comprising
  • the end user computer device is according to any of the preceding embodiments comprising an end user device.
  • the end user computer device can be according to any embodiment of the system.
  • the end user device can be compatible to the respective embodiment of the method.
  • Another optional aspect of the invention is a computer program product comprising instructions, which, when the program is executed by a server, cause the server to perform the method steps according to any embodiment of the method, which have to be executed on the server, wherein the server is according to any embodiment that comprises the server.
  • the server can be according to any system embodiment that comprises the server.
  • the server can be compatible to said method embodiment.
  • a user data storing step that comprises storing at least a part of the user data (20) on the end user computer device (10).
  • the user data storing step comprises storing medical data.
  • the user data storing step comprises a technical user data storing step that comprises storing technical user data (21) in a machine-interpretable form.
  • the technical user data storing step comprises
  • the technical user data storing step comprises
  • processing user data (20) by the application (30) that is executed by the end user computer device (10) comprises
  • processing the technical user data (21) comprises
  • an information deriving step that comprises deriving information from the technical user data (21) by the application (30) and thus generating derived information.
  • the information deriving step comprises deriving medical information from the technical user data (21) by the application (30).
  • the application (30) comprises a machine learning model and the information deriving step comprises deriving the information based on the machine learning model.
  • the application (30) comprises an expert system and the information deriving step comprises deriving the information based on the expert system.
  • the medical expert system comprises at least a part of a rule-based inference engine.
  • the application (30) or a part thereof derives information from the technical user data (21) using their machine-interpretable form or at least one property of this machine-interpretable form.
  • application data (36) comprise display data (33).
  • application data (36) comprise knowledge base data (31) that comprise at least a part of data that are configured to specify a relation between input data and output data of the application (30).
  • application data (36) comprise inference engine data (32) that comprise at least a part of data that specify an evaluation of the input data using the knowledge base data (31).
  • the user data storing step comprises storing the derived information or indicators thereof.
  • storing the derived information or the indicators thereof comprises at least one of
  • the method comprises a data outputting step that comprises outputting at least a part of the user data (20) and/or of the display data (33) by the end user computer device (10).
  • outputting at least a part of user data (20) by the end user computer device (10) comprises outputting at least a part of the derived information or the indicators thereof that are stored on the end user computer device (10).
  • data on the end user computer device (10) comprises encrypted data.
  • encrypting at least a part of the user data (20) comprises encrypting at least a part of the technical user data (21).
  • the encrypted data comprise at least a part of the application data (36).
  • the encrypted data comprise the display data (33).
  • the method comprises a data adding step that comprises adding data to the user data (20) on the end user computer device (10).
  • the method comprises providing an interface for adding data to the user data (20) by manual input.
  • the data adding step comprises using a camera that is connected at least indirectly to the end user computer device (10).
  • the data adding step comprises adding text data to the user data (20) and wherein using the camera comprises using the camera for adding at least a part of the text data.
  • adding the text data to the user data (20) comprises furthermore applying at least optical character recognition to data captured by the camera.
  • the data adding step comprises receiving input data from a data server and adding at least a part of the input data to the user data (20).
  • the data adding step comprises receiving data from at least one sensing device that is configured to sense data related to a user.
  • At least one of the at least one sensing device that is configured to sense data related to the user is configured to sense physiological data related to the user.
  • the method comprises an updating step that comprises sending at least a part of update data from the server (1) and receiving at least the part of the update data by the end user computer device (10).
  • the updating step comprises adapting at least a part of the application data (36) on the end user computer device (10) according to the received update data.
  • the method comprises furthermore repeating at least a part of the information deriving step after the updating step.
  • the method comprises sending at least an indicator of at least one of (a) the updating step or a result thereof, (b) the application data (36) and (c) the end user computer device (10) or of technical features thereof from the end user device (10) to another device.
  • the transfer condition set comprises at least one transfer condition (35) and wherein at least one of the at least one transfer condition (35) comprises
  • the method comprises preventing sending the user data (20) from the end user computer device (10) if none of the transfer conditions (35) of the transfer condition set is satisfied.
  • M48 The method according to any of the preceding method embodiments, wherein the method comprises preventing sending the user data (20) from the end user computer device (10).
  • the end user computer device (10) comprises a data storage component (11) and a data processing component (12).
  • the end user device (10) comprises a communication component (13).
  • the communication component (13) is configured for communication to the server (1) via a connection configured for data transfer (2).
  • end user computer device (10) is configured for communication to at least one medical sensing device (14).
  • the at least one medical sensing device (14) is a plurality of medical sensing devices (14).
  • the end user computer device (10) comprises an input interface component.
  • the end user device (10) comprises application data (36) and user data (20), wherein the application data (36) are configured to specify an application (30) that derives information from the user data (20) once it is run by the end user device (10).
  • application data (36) are configured for performing the functionality of an expert system (34) by the application (30) once the application data (36) are executed.
  • the expert system (34) is a medical expert system.
  • the medical expert system comprises at least a part of a rule-based inference engine.
  • application data (36) comprises display data (33).
  • application data (36) comprises knowledge base data (31) and inference engine data (32).
  • application data (36) comprises knowledge base data (31) and inference engine data (32).
  • user data (20) comprise technical user data (21).
  • the technical user data (21) comprise medical user data that are at least in part encoded in a machine-interpretable form that are preferably configured for being processed by the expert system (34), and that is still more preferably configured for being processed by the rule-based inference engine.
  • the technical user data (21) furthermore comprise information derived from an analysis of at least a part of the user data (20) by the application (30) according to the application data (36) or parts thereof.
  • the user data (20) comprise personalised display data (22).
  • personalised display data (22) comprise personalised output data.
  • the data storage component (11) comprises at least one non-volatile memory unit and the portion of the data storage component (11) comprises at least one of the at least one non-volatile memory unit.
  • the data storage component comprises at least one secondary storage unit and the portion of the data storage component (11) comprises at least one of the at least one secondary storage unit.
  • end user computer device (10) is configured to run the application specified by the application data (36).
  • end user computer device (10) is configured to be connected to at least one server (1) at least at some points in time.
  • server (1) is configured to be connected to at least one server (1) at least at some points in time.
  • the end user computer device (10) is configured to receive update data from the server (1).
  • end user computer device (10) is configured to prevent sending the medical user data to the server (1) or to a third device unless at least one transfer condition (35) of a transfer condition set is satisfied.
  • the transfer condition set comprises at least one transfer condition (35) and wherein at least one of the at least one transfer condition (35) comprises
  • server (1) is configured to be connected to at least one end user computer device (10).
  • server (1) is configured to send the update data to the end user computer device (10).
  • end user computer device (10) is configured to receive the update data.
  • end user computer device (10) is according to any system embodiment that comprises an end user computer device (10) that is compatible to said method embodiment.
  • P2 A computer program product comprising instructions, which,
  • server (1) is according to any system embodiment that comprises a server (1) that is compatible to said method embodiment.
  • steps are recited in the appended claims, it should be noted that the order in which the steps are recited in this text may be the preferred order, but it may not be mandatory to carry out the steps in the recited order. That is, unless otherwise specified or unless clear to the skilled person, the orders in which steps are recited may not be mandatory. That is, when the present document states, e.g., that a method comprises steps (A) and (B), this does not necessarily mean that step (A) precedes step (B), but it is also possible that step (A) is performed (at least partly) simultaneously with step (B) or that step (B) precedes step (A).
  • step (X) preceding step (Z) encompasses the situation that step (X) is performed directly before step (Z), but also the situation that (X) is performed before one or more steps (Yl), ..., followed by step (Z).
  • step (X) preceding step (Z) encompasses the situation that step (X) is performed directly before step (Z), but also the situation that (X) is performed before one or more steps (Yl), ..., followed by step (Z).
  • Figure 1 shows the end user computer device 10, the server 1 and data on the end user computer device.
  • Figure 2 shows data storage and data access on the end user computer device 1.
  • Figure 3 shows an analysis of data and interactions with the end user computer device 10.
  • Figure 1 shows an end user computer device 10, a server 1 and a connection configured for data transfer 2.
  • User data 20 and application data 36 are stored on the end user computer device 10.
  • the application data 36 can comprise knowledge base data 31, inference engine data 32 and display data 33.
  • the application data 36 allow to run an application 30 that delivers the functionality of an expert system.
  • the expert system is configured to analyse the user data 20 on the end user computer device 10, whereas the application data 36 is stored separately from the user data 20.
  • One or both data types or parts thereof can be encrypted.
  • the two data types can be differently encrypted, as they are stored separately from each other, wherein "separately" refers to logically separated storage.
  • all four types of data, the user data 20, the knowledge base data 31, the inference engine data 32 and the display data 33 can be stored separately and can be differently encrypted.
  • the server 1 has a connection configured for data transfer 2 to the end user computer device 10 or to a plurality of end user computer devices 10 according to the visualised end user computer device 10.
  • the server 1 can be configured update the application data 36 or parts thereof on the end user computer device 10.
  • the server can also be configured to verify or install the application data 36 or parts thereof on the end user computer device 10.
  • the application 30 according to the application data 36 does not need a connection to the server in order to analyse the user data 20.
  • the display data 33 belong to the application data 36, which can be sent by the server 1 using the connection configured to transfer data 2.
  • the application data 30 can be the same for all end user computer devices 10, whereas application data 30 can also be specific to the type of the end user computer device 10.
  • the application data 36 can be the same for a same version of application data 36 on a same type of end user computer devices 10.
  • display data 33 can be the same for all end user computer devices 10 which received the display data 33 in a same period of time from the server 1.
  • Figure 2 details the method and possible data separations the end user computer device 10.
  • the user data 20 can be split in two parts: Technical user data 21 and personalised display data 22.
  • the technical user data 21 are comprise data that are stated in a standardized form, such as medical information in a medical for a medical expert system.
  • the standardized form may be according to a proprietary or public standard.
  • the technical user data 21 may be stated in a machine-interpretable form. That is, they can be stated with an encoding that uses a standardized identifier for each value or for each set of values, such as in the case of timestamped values.
  • the values may have a common dimension unit type, such as liter/I for volumes, or they may at least be stated in directly convertible dimension unit types, such as ml and I for volumes. They may furthermore be stated with fuzzy values, such as "high”, “medium” and “low” or “painful” and "not painful".
  • the personalised display data are display data that are personalised by the application 30 according to the information derived from the user data 20.
  • the display data 33 can be identical for each version of the application data 36, so that the display data 33 do not vary depending on the user data 20.
  • the display data 33 that should be outputted by the end user computer device 10 can be stored by reference to respective parts of the display data 33. At least a part of the display data 33 can also be copied to another data group, such as to the personalised display data 22.
  • the application 30 can also generate at least a part of the personalised display data 22 based on the display data 33 and the user data 20, in particular the technical user data 21, such as by using templates from the display data 33.
  • Personal display data 22 can therefore be part of the user data 20 and can be stored with said user data 20. If encryption is applied to the user data 20, then the personal display data 22 can also be encrypted accordingly.
  • the application 30 needs to access the technical user data 21 to derive information and to thus generate derived information.
  • the derived information can be added to the technical user data 21.
  • the derived information may be suitable to refer to relevant elements of the display data 33, for example in a case where the display data 33 are ordered by the respective derived information or its encoding in a standard form.
  • the application 30 according to the application data 36 may be an expert system.
  • the expert system may be implemented by an inference engine, in particular by a rule-based inference engine.
  • the expert system may be a medical expert system, i.e. an expert system treating at least partially medical data.
  • the medical expert system may be based on medical rules.
  • the application 30 may also comprise evaluating model obtained from machine learning, such as a model that is trained with patient records and corresponding diagnoses or other output data corresponding to the patient record.
  • the knowledge base data 31 can comprise the data that specify the trained model or characterising data thereof, e.g. zones attributed to classes in case of a k-nearest- neighbours-model with a defined parameter k.
  • the inference engine data 32 can specify an evaluation of input data based on the knowledge base data 31. The result can then indicate which part of the display data 33 should be outputted.
  • Figure 3 details an embodiment of the method for processing data on an end user computer device.
  • Step SI comprises to downloading data from the server 1 to the end user computer device 10 via the connection configured for data transfer 2.
  • Said data can comprise the application data 36, but they can also comprise only a part of the application data 36 or data that trigger the end user computer device 10 to adapt the application data 36 or a part thereof on the end user computer device 10, such as by indicating changes that need to be performed.
  • the application data 36 or parts thereof are optionally encrypted, optionally, parts of the application data are differently encrypted, wherein this difference may be caused by at least partially different encryption keys and/or at least partially different encryption methods.
  • the display data 33 can be encrypted, and the knowledge base data 31 can be encrypted differently.
  • An advantage of encrypting the display data 33 can optionally be that the display data 33 are the most valuable part of the application data 36 regarding their value for potential competitors, especially if they comprise further non-technical information. Encrypting at least the display data 33 will in this case lower a risk of theft of trade secrets.
  • Step S2 comprises adding technical user data 21 from a data source that is indicated by DS in figure 3.
  • This data source can for example be a manual input by the user, a camera taking images, such as an image of a medical report or a medical record or a data server, such as a server operated by a health care provider who provides his patients with digital copies of their records or parts thereof. If the technical user data 21 is encrypted, then the added technical user data can also be encrypted.
  • Step S3 comprises accessing and analysing the user data 20.
  • the application 30 according to the application data 36, in particular according to the inference engine data 32, accesses the technical user data 21, if necessary, after or while decrypting the technical user data's relevant parts, and generates findings based on knowledge from the knowledge base data 31.
  • Step S4 comprises storing results of the step of analysing the user data 20.
  • the application 30 stores the results, preferably in a machine-interpretable form, as well as references to corresponding parts of the display data 33 to the technical user data 21. These results can optionally be stored in an encrypted form.
  • the results of the analysis may be stated in a format that implies the reference to the portions of display data so that the reference does not need to be stated separately.
  • Step S5 is entirely optional. It comprises generating personalised display data.
  • the application 30 optionally generates personalised display data 22 based on the results of the analysis of the user data 20 and in particular of the technical user data 21.
  • the application data 36 can comprise data that specifies a generation of the personalised display data 22, such as templates that are stored with the display data.
  • the application stores the personalised display data 22 with the user data 20, optionally in an encrypted form.
  • Step S6 comprises displaying at least a part of the results of the analysis. Portions of display data 33 that are indicated by references and/or implicitly by analysis results stored with the technical user data 21 and/or that are stored with the personalized display data 22 are outputted by the end user computer device 10 via one or more user interface elements that are indicated by "UI" in figure 3.

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Epidemiology (AREA)
  • Public Health (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Primary Health Care (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Pathology (AREA)
  • Multimedia (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Measuring And Recording Apparatus For Diagnosis (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are a method and system for processing data on an end user computer device. The method comprises processing user data by an application that is executed by the end user computer device, and a user data storing step. The user data storing step comprises storing at least a part of the user data on the end user computer device, wherein the user data storing step comprises storing medical data and a technical user data storing step that comprises storing technical user data in a machine-interpretable form. The system comprises an end user computer device and a server, wherein the end user computer device comprises a data storage component, a data processing component, an input interface component, application data and user data. The application data are configured to specify an application that derives information from user data once it is executed by the end user device. The application data are furthermore configured for performing the functionality of an expert system by the application once the application data are executed. The invention relates to a corresponding computer program product.

Description

Secure medical data analysis for mobile devices
Field
The present invention lies in the field of medical data analysis for mobile devices and particularly to privacy-preserving data analysis for privacy-sensitive or otherwise confidential data.
Background
Medical data can include data concerning the medical state of a human being. It may contain data that is stated in a technical way which may therefore not obvious to the ordinary person.
Medical data can consist e.g. in a patient's medical history, the patient's medical diagnoses, in the results of analyses of stool, blood, urine or other body fluids, in the observations of a physician examining a patient's condition etc.
The overall data as well as elements thereof may contain or allow to deduce information about a patient's current medical condition as well as it may allow to deduce medical advice e.g. concerning medication, helpful activities for improved wellbeing or advantageous nutrition. Medical data may allow to inform the user about possible incompatibilities of medical treatments, especially when those are not prescribed by a physician, such as over the counter (OTC) drugs, or when they are prescribed by several physicians. Of course, medical data are already used by physicians as well as other medical personnel to propose and chose appropriate therapies for a patient or to provide advice to the patient. Furthermore, a patient's medical data may furthermore be used to provide her or him with further information.
Typically, medical data are interpreted by a physician, a pharmacist or by trained medical personnel, such as nurses, paramedics or doctor's assistants. Medical information is usually stored in those personnel's technical language and with regard to their needs, but without direct meaning for an end user, considering e.g. the measurements from a blood analysis. This limits the extraction of medical information that is understandable to the ordinary user to the availability of the aforementioned trained personnel.
Furthermore, reports that are handed to the patients are often written for the other medical practitioners treating the patient, therefore also those reports are usually not optimised for the patient's understanding. There are several approaches from the field of artificial intelligence to extract or generate the human-understandable information from input data in general: Expert systems generate human-understandable statements from input data, where this data may be fuzzy data, it may be numerical, e.g. from measurements or examinations, but it may also be non-numerical, such as "the car's front left tire is flat" or the "the patient is pregnant". The expert system may be realized by an inference engine coupled to a knowledge base. A usual way to implement inference engines are rule-based systems. There are also other techniques known to attribute statements to input data : E.g. decision trees or agglomerations thereof, such as random forests, are known to be suitable to assign information to input data, furthermore, neural networks and other algorithms for labelling-purpose are described in the art.
The medical input data may be the current patient's medical data, but it may also comprise the patient's medical record or information about his environment, e.g. whether the patient does usually perform sedentary work.
Many countries provide standardized rules for medical examination as well as the understanding of medical data, beneath others to train their medical students.
To extract generally understandable medical information from medical data, different procedures and systems are known.
The traditional way is to consult a physician (or similarly trained or skilled personnel). This does often happen by personal visit, but it could also happen via phone, via a video connection, e-mail or the like. Privacy protection is realised by an obligation to confidentiality, implemented by the professional discretion of medical practitioners. Nevertheless, the patient's medical data has to be securely communicated (as far as the patient does not physically consult the medical professional) to the medical expert. Even if this communication is entirely secure, the medical professional must obviously access the patient's medical data as well as the information derived thereof to provide advice and to treat the patient. Therefore, at least the medical professional and possibly also his employees have knowledge of the patient's medical data.
In the recent past, expert systems that run centrally, e.g. on a server - creating an analysis or a recommendation for medical professionals or for patients were discussed. Those systems can be accessed by different means, such as phone, via a PC or mobile applications, a terminal of the expert system or the like. In these cases, the central expert system needs access to the medical data. So, the medical data are most probably at least temporarily stored at the expert system or the computer that is running this expert system. In a simplified way, devices that track the output of medical sensors that monitor a patient's condition, e.g. his pulse, breathing rate or the like or a combination of them, provide a similar functionality. Those devices can for example be configured to alert medical personal in case of an anomaly or emergency. Usually, also those devices are not configured to preserve the patient's privacy. Furthermore, said devices do usually not conduct an analysis of the overall patient data, but are configured to be operated for the specific monitoring application by trained personnel. At least, their output data are usually foreseen to be analysed by trained personnel.
US20090177495A1 discloses a system for personal medical care, intelligent analysis and diagnosis that may include: at least one source of medical information; at least one source of personal medical data for at least one patient; and one or more servers, where the medical information and the personal medical data are accessible to the server(s). The server(s) may include: an artificial intelligence (AI) component for analysing the personal medical data with the medical information and identifying at least one issue requiring follow-up by the patient or by at least one external authorized entity; and at least one real-time communication link for bi-directional communication with at least one external authorized entity.
DE200520012454 discloses an information system that has a database to which data can be written or from which data can be read via a mobile terminal unit, e.g. a PDA or laptop, with a wireless communications module. The mobile terminal unit has a medical expert system that is at least partially stored in a memory of the mobile unit. Information can be input to the system or called up from it and transmitted or received via the communications module.
US20030225597A1 discloses methods and systems for the creation and use of medical information comprising a record system and a healthcare professional network. The inventive record system comprises an expert system and a database system for the collection, storage, manipulation and output of various record system data including member patient electronic medical records, treatment information, patient appointment information, medical definitions, research, condition matrix and network professional information. The various data in the record system may be used in the functions of the record system and expert system, said functions comprising data collection, storage, manipulation and output; call centre functionality; providing appointment reminders; controlling medical professional, patient and third party access to record system data; providing for analysis of data for clinical trial applications; providing for research; providing education and training; and providing patient medical record analysis. The professional network comprises leading medical professionals, who may be primarily or exclusively physicians from academic and private institutions throughout the world. The network includes an advisory board of professionals selected from the network population. The network functions comprise providing various data to the record system, treating local patients, treating traveling member patients, responding to emergency needs of patients, assisting in providing information to and enrolling their non-member patient base.
US20090326981A1 provides a system and/or a method that facilitates collecting a portion of health data from a collection of users. An interface component can receive health data communicated from a collection of users, wherein each user within the collection is associated with a respective portion of health data. A verification component can authenticate at least one transmission source of the portion of health data, an ownership between a portion of health data and a user, an integrity level associated with the portion of health data, or a user submitting the portion of health data. A collection component can aggregate authenticated health data into a semantic data store in which the health data are indicative of a raw and unmolested source of health information from the collection of users. The collection component can further organize the health data to facilitate identification of a medical related trend.
US20150359489A1 discloses is a smart patient monitoring system. A sensor is coupled to a patient and configured to detect biometric data associated with the patient. A mobile computing device includes a memory that stores computer-executable instructions and a processor executes the computer-executable instructions. The mobile computing device receives the biometric data from the sensor; processes the biometric data to monitor a health status of the patient; and provides therapeutic feedback related to the health status.
US5660176A discloses a system and method for providing computerized, knowledge- based medical diagnostic and treatment advice. The medical advice is provided to the general public over a telephone network. Two new authoring languages, interactive voice response and speech recognition are used to enable expert and general practitioner knowledge to be encoded for access by the public. "Meta" functions for time-density analysis of a number of factors regarding the number of medical complaints per unit of time are an integral part of the system. A semantic discrepancy evaluator routine along with a mental status examination are used to detect the consciousness level of a user of the system. A re-enter feature monitors the user's changing condition over time. A symptom severity analysis helps to respond to the changing conditions. System sensitivity factors may be changed at a global level or other levels to adjust the system advice as necessary.
US7433853B2 discloses a plurality of chronic sensors are used to facilitate diagnosis and medical decision making for an individual patient. An expert system evaluates the sensor data, combines the sensor data with stored probability data and provides an output signal for notification or medical intervention.
US20050015352A1 discloses an expert system, in particular for medical diagnosis, the expert system includes a memory for storing a plurality of hypotheses. The hypotheses are arranged in a first and second disjoint group of hypotheses. The memory stores questions for rejecting hypotheses of the second group. An output is used for supplying questions to a user. A input is used for receiving initial data and answers to questions. A processor is programmed to select questions from the stored questions for those hypotheses from the second group that are possible in dependence on the initial data. The processor also determines from answer(s) received in response to outputting the selected questions whether at least one of the hypotheses of the second group is possible. In response to determining that no hypothesis of the second group is possible, the processor supplies a most likely hypothesis of the first group.
While the prior art approaches may be satisfactory in some regards, they have certain shortcomings and disadvantages.
Server-based expert systems require at least the transmission of the patient's data to a server, as well as its processing at this server, even if the patient data are saved locally. This brings the inherent risk of compromising the user's privacy on the server or during the data transmission. Furthermore, the processing system does necessarily have access to the data at the server, so the user has to trust the operator of the expert system on the server.
The systems that are described which run locally fail to provide appropriate protection of the user data against disclosure to a server side. Especially DE200520012454 provides a system that does beneath other transfer user data back to a central database after at least partially analysing it locally without measures to protect the user's privacy against the server-side (as sharing data with said server/data base is the purpose of the utility model). US20090326981A1 discloses a system that uploads the data for analysis to a server. Therefore, all medical data must be made available to the server. A limitation of the shared data at the user-side would be counterproductive for the function of the system. US20150359489A1 does not provide a device to perform a holistic analysis of the patient's medical data, it does mainly monitor the momentary situation of the patient.
Summary
To overcome the drawbacks of the prior art, we provide a system and method to analyse medical data by an expert system configured to technically ensure the privacy of patient's data.
In a first embodiment, a method for processing data on an end user computer device is disclosed. The method can comprise processing user data by an application that can be executed by the end user computer device. The end user computer device can be configured to be at least most of the time used by one user at a time, such as a laptop PC, desktop PC or a smart phone. The end user computer device can also be a medical computer device satisfying the aforementioned condition.
The method can comprise a user data storing step that can comprise storing at least a part of the user data on the end user computer device.
The data storing step can comprise storing medical data. That is, the data storing step can comprise storing data regarding a user's health condition, his/her DNA, information about diseases, diseases in the family, a nutrition of the user or the like.
The user data storing step can comprise a technical user data storing step that comprises storing technical user data in a machine-interpretable form. A machine-interpretable form is a form that renders a data treatable to a computer, such as by a formatting convention of data in files, by defining standard units or by applying standards regarding a naming of one, a plurality or all fields that the computer is supposed to interpret.
In some embodiments, the technical user data can comprise medical user data.
In some embodiments, the technical user data storing step can comprise storing technical user data that are encoded with at least a homogenous naming for fields. That is, there is a common naming of values that correspond to the same variable, such as a blood pressure. Such a naming is for example the LOINC-standard. The naming can nevertheless also follow any other standard, as long it is consistently applied. In some embodiments, the technical user data storing step can comprise for each field encoding values with a same dimension unit, such as a weight in kg.
The technical user data storing step can comprise furthermore storing at least partially automatically generated medical data. These at least partially automatically generated medical data can comprise at least one medical image, such as an image obtained by X- ray radiography, ultrasound imaging, magnetic resonance imaging and/or a computed tomography scan. The image can comprise a visual representation of at least a part of a user's body.
The medical data can also comprise at least one result of a laboratory analysis of material originating from or expelled by the human body. Such material can comprise tissue samples and/or body fluids, such as blood or urine. The laboratory analysis can comprise analysis data from a medical and/or a clinical laboratory.
The medical data can also comprise from a sensing device that senses biometrical or medical data of the user.
The medical data that are at least partially automatically generated can also be automatically generated. These data can also be at least partially automatically be transmitted to the user device.
In some embodiments, processing user data by the application can comprise processing the technical user data. That is, the method can comprise processing the technical user data by the application, the method does not need to comprise processing other parts of the user data in such embodiments.
In some embodiments, processing the technical user data can comprise an information deriving step that can comprise deriving information from the technical user data by the application. The information deriving step can comprise generating derived information by this.
The information deriving step can comprise deriving medical information from the technical user data by the application.
In some embodiments, the application can comprise a machine learning model. In such embodiments, the information deriving step can comprise deriving the information based on the machine learning model. This disclosure considers machine learning models to comprise neural networks. The machine learning model can be a supervised machine learning model, and it can be a classifier. The machine learning model can be such as a decision tree, a random forest model, a k-NN-model. The machine learning model can optionally advantageously be configured to accept the medical data in the machine interpretable form and to output a diagnosis or another reference to corresponding output data. An optional advantage of such models can be that their training may be less cumbersome than generating a program based on medical rules or medical knowledge that are translated into a computer code.
In some embodiments, the application can comprise an expert system and the information deriving step can comprise deriving the information based on the expert system. The expert system can comprise a model built for medical questions or medical problems.
The expert system can be a medical expert system. That is, the expert system can be configured to solve medical questions. The expert system can comprise medical knowledge.
In some embodiments, the medical expert system can comprise at least a part of a rule- based inference engine. The medical expert system can also comprise the rule-based inference engine. That is, the medical expert system can also be implemented by a rule- based inference engine with appropriate data, as will be detailed later on. An optional advantage of implementing the medical expert system using a rule-based inference engine is that the inference engine's operation is a deterministic algorithm and that furthermore, for every result, at least one rule indicates the reason for the result. In a context of analysis of medical data, this can be an optional advantage over algorithms where it is harder to deduce the causal relation between input and output.
In some embodiments, the application or a part thereof can derive information from the technical user data using their machine-interpretable form or at least one property of this machine-interpretable form. The part of the application can for example be the machine learning model or the rule-based inference engine. Using said machine-interpretable form comprises using at least one property of the machine-interpretable form, such as one of the detailed properties described above. An optional advantage of using the machine- interpretable form can be that the application of rules by the rule-based inference engine yields correct results with a higher probability as a risk of wrong interpretation of input data due to their form is lowered. For the case of a machine-learning model, even though there might be models configured to interpret input in a form that is not machine- interpretable, an at least implicit conversion of input data in a form that is machine- interpretable or that an algorithm can process may introduce errors. In some embodiments, the application can be specified by application data. As an example, the application data can specify to a processor or to a computer device which steps to perform when running the application.
The application data can comprise display data. The display data can comprise data that are configured to be outputted to a user. They can for example comprise media data, such as sound data, text data, video data or image data. They can also comprise other data that is configured to be outputted to a user, such as data that is displayed by activating luminous elements corresponding to certain states of operation or to certain results.
In some embodiments, the application data can comprise knowledge base. The knowledge base data can comprise at least a part of data that are configured to specify a relation between input data and output data of the application. The knowledge base data can comprise, for example, rules in case of a rule-based inference engine, or a trained model in case that the application comprises the machine learning model. In case that the application comprises the machine learning model, the knowledge base data can also be a derivate of the machine learning model after training, such as a decision boundary instead of a k-nearest-neighbours model for classification purpose with k= l.
In some embodiments, the application data can comprise inference engine data. The inference engine data can comprise at least a of data that specify an evaluation of the input data using the knowledge base data. Such data that specify the evaluation can for example be data that specify the evaluation of rules from the knowledge base data.
In some embodiments, the user data storing step can comprise storing the derived information or indicators thereof. That is, at least a part of the derived information is stored at least indirectly with the user data. This can have an advantage, as this derived information can be user-specific and may therefore need a same treatment, such as an encryption or a backup-routine, as other user data.
In some embodiments, storing the derived information or the indicators thereof can comprise storing at least one reference to at least one part of the display data. This can be optionally advantageous as it can allow to save data storage capacity on the user device as well as on a backup of the user data.
Storing the derived information or the indicators thereof can also comprise copying at least one part of display data. Copying the display data can comprise copying the display data to the user data. This can be optionally advantageous as the corresponding parts of the display data can be outputted without accessing the display data, which may bring advantages for example if the display data are encrypted and accessing them therefore consumes computational capacities or if the derived information is transmitted to another device that cannot access the display data. This option can also be advantageous because of a lower complexity of an implementation of the application, in particular if the display data are encrypted.
Storing the derived information or the indicators thereof can also comprise generating data at least based on display data. This can comprise for example generating personalised data. This can also comprise adding user specific data to a template that can be part of the display data. The user specific data can be a part of the user data or of the derived information or the indicators thereof or both.
The method can comprise a data outputting step. The data outputting step can comprise outputting at least a part of the user data by the end user computer device. The data outputting step can also comprise outputting at least a part of the display data by the end user computer device. The former can be optionally advantageous if the derived information or the indicators thereof are stored at least by copying at least one part of the display data, in particular if the at least one part of the display data is stored with the user data. The former can also be advantageous if the derived information or the indicators thereof are at least stored by generating data at least based on display data, in particular if those are stored with the user data. The latter can be optionally advantageous if storing the derived information of the indicators thereof comprises at least storing at least one reference to at least one part of the display data, as in this case, at least the at least one part of the display data can be foreseen to be outputted.
In some embodiments, the data outputting step can comprise outputting at least a part of the derived information or the indicators thereof that are stored on the end user computer device.
In some embodiments, data on the end user computer device can comprise encrypted data. That is, at least a part of the data on the end user computer device can be encrypted. This can optionally be advantageous if at least a part of the data on the device are considered to be confidential or if they should be protected for another reason. This can in particular apply to the application data, the display data, the user data or parts of any of the aforementioned, as detailed above.
In some embodiments, the method can comprise encrypting at least a part of the user data. This can comprise encrypting data that are configured to identify a user, such as his e-mail address, name, date of birth or the like. This can also comprise applying a particular encryption that is required by a regulation for a particular type of data only to the corresponding parts of the user data that comprise said particular type of data. An example would be medical data.
In some embodiments, encrypting at least a part of the user data can comprise encrypting at least a part of the technical user data. The reasoning in the preceding paragraph applies respectively.
The encrypted data can further comprise at least a part of the application data.
The encrypted data can also comprise at least a part of the display data.
The encrypted data can also comprise the display data. This can be optionally advantageous, as the display data can be the most vulnerable part of the application data from a business perspective, as detailed above.
The method can comprise a data adding step. The data adding step can comprise adding data to the user data on the end user computer device.
The method can comprise providing an interface for adding data to the user data by manual input. Said interface can be an interface configured to enable a user to input data, such as a microphone, a keyboard, a touch-sensitive screen or a camera.
In some embodiments, the data adding step can comprise using an optical input device, such as a camera. The optical input device can be connected at least indirectly to the end user computer device. The optical input device can be remote from the end user computer device, such as a scanner that is connected to the end user computer device, for example via WLAN or via internet. The optical input device, such as the camera, can also be connected to the end user computer device directly, such as a webcam that is connected to a desktop computer via USB. The optical input device can also be mounted to the end user computer device, such as a camera in a smartphone.
In some embodiments, the data adding step can comprise adding text data to the user data. Adding the text data to the user data can comprise using the optical input device, such as the camera for adding at least a part of the text data.
In some embodiments, the method can comprise applying at least optical character recognition to the data captured by the optical input device, such as images captured with a camera. This can be optionally advantageous in cases where at least a part of data that are added are available as text, in particular as text printed on paper. In cases where the text is already at least partially in the machine-interpretable form, this can be furthermore optionally advantageous as it renders a human interaction unnecessary and as the human interaction might inflict disadvantages, e.g. introduce errors or be more cumbersome, as a machine-interpretable form is not necessarily optimised for treatment by a human operator.
In some embodiments, the data adding step can also comprise receiving input data from a data server and adding at least a part of the input data to the user data. This can be optionally advantageous in a case where the input data are already stored in a computer system, such as in case of a health care provider who keeps digital patient records or in case of a medical or clinical laboratory that provides results of at least one or a plurality of analyses in a digital form, as it saves a supplementary interaction step for a user and/or medical personnel.
In some embodiments, the data adding step can also comprise receiving data from at least one sensing device. The at least one sensing device can be configured to sense data related to a user. For example, an accelerometer-sensor can be adding the motion data of the user, a dosimeter could measure a dose of radiation and a location sensing device such as a GPS-receiver with appropriate calculation unit could measure a user's position.
At least one of the at least one sensing device can also be configured to sense physiological data related to the user, such as a pulse of the user, a blood pressure of the user or another measure for condition of the user.
In some embodiments, the method can comprise an updating step. The updating step can comprise sending at least a part of update data from the server and receiving at least the part of the update data by the end user computer device. The updating step can be optionally advantageous for changes in the application data from a technical point of view, but also for updates of the knowledge base data in case of new medical findings or rules and for updates of the display data in the respective case or in case of new display data that is for example better accepted by users, e.g. in case of new findings of research or if the users' taste shifts over time or is just better known to the provider of the display data.
In some embodiments, the updating step can comprise adapting at least a part of the application data on the end user computer device according to the received update data. That is, the update data can comprise data to replace at least one part of the application data. The update data can also comprise data that indicate changes to be performed to at least one part of the application data. Furthermore, the update data can comprise an instruction to receive or download data from another data source to replace at least one part of the application data.
In some embodiments, the method can also comprise repeating at least a part of the information deriving step after the updating step. This can be optionally advantageous if the display data changed, as the user might get another output for a set of same derived information after the updating step is performed, or if the knowledge base data are modified, as the application might derive different information from a same set of user data after performing the updating step.
In some embodiments, the method can further comprise sending at least an indicator of the updating step or a result thereof. The method can also comprise sending an indicator of the application data, such as a version of the application data or a hash of the application data or of a part thereof, in particular after performing an updating step. The method can also comprise sending at least an indicator of the end user computer device or of technical features thereof. The sending of at least an indicator can be performed from the end user device to another device such as the server. Sending said data can be optionally advantageous to for a provider of the application to adapt the application or to ensure an identity of the application data on the end user computer device to a version of the application data that is foreseen by the provider of the application data. This sending step may also be advantageous to detect a malicious or at least unforeseen modification of the application data.
In some embodiments, the method can comprise sending a part of the user data to another device, such as the server, a third party's server or a device configured to generate a backup of said part of the user data, such as a printer or a data storage device or system.
In some embodiments, the method can comprise sending a part of the user data to another device only if at least one transfer condition of a transfer condition set is matched. The another device can be a device such as the server, a third party's server or a device configured to generate a backup of said part of the user data, such as a printer or a data storage device or system. The transfer condition set comprises at least one transfer condition, wherein the method can comprise requiring only matching one of the at least one transfer condition. Different transfer conditions can refer to at least one same element. The transfer condition set can comprise at least one transfer condition. At least one of the at least one transfer condition can refer to an anonymisation of at least a part of the user data that is sent. At least one of the at least one transfer condition can also refer to an authorization by the user or an authorized third party. The anonymisation can comprise removing or concealing at least a part of information before or while sending it to the server. The anonymisation can also comprise limiting a precision of at least a part of information that is sent. The anonymisation can also comprise adding random data to the data that is sent or at least a part thereof. The authorized third party may be for example an emergency medical physician, a paramedic, a hospital, a coroner's office or the like.
In some embodiments, the method can also comprise preventing sending the user data from the end user computer device if none of the transfer conditions of the transfer conditions set are satisfied. This can be optionally advantageous to ensure a confidentiality of data on the end user computer device and in particular of the user data or parts thereof.
In some embodiments, the method can also comprise preventing sending the user data from the end user computer device. That is, the method can comprise preventing sending the user data from the end user computer device at all. This can be optionally advantageous if the user wants a high level of privacy, if data transmission networks to which the end user computer device is connected or can be connected cannot be trusted or the like.
In some embodiments at least a part of information deriving step is performed only on the end user computer device. For example, running the expert system or the rule-based inference engine can be performed only on the end user computer device.
The method can also comprise performing the information deriving step only on the end user computer device.
The features described in the preceding two paragraphs can be optionally advantageous as the user data do not need to be shared with another entity, such as an analysis server. This can optionally advantageously reduce systems that can be attacked by a malicious third party in order to obtain a part of the user data. It can furthermore optionally advantageously reduce the need of computer system resources for the operating party. The present invention is also directed to a system for analysing medical data. All features described before and specified in he claims with respect to method steps are also embraced by the invention in terms of a system, even without being explicitly mentioned. In particular, the explanations regarding terms and expressions as well as advantages and optional advantages are to be understood as applicable to the entire document where appropriate.
The system comprises an end user computer device and a server.
The end user computer device can comprise a data storage component and a data processing component. The data processing component can be a component configured to process data, it can comprise units such as a processor with the necessary periphery, hardware accelerators and/or microcontrollers.
The data storage component can be a component configured to store data. The data storage component can be configured to be send and receive data from the data processing component. The data storage component can comprise at least one data storage unit, such as an SD-card, a flash memory element, a hard disk, RAM or the like.
The end user computer device can comprise a communication component. The communication component can be configured to communicate data. The communication component can comprise at least one communication component unit. The communication component can be configured for wired or wireless connection.
The communication component can be configured for communication to the server via a connection configured for data transfer. Said connection for data transfer can be for example a WLAN-connection, a connection via internet, a connection via a cellular data network, such as via 3G, 4G or 5G, a USB-connection, or the like.
The communication component can comprise for example an antenna configured for data-transfer in a mobile cellular network and/or an antenna configured for communication in a Wifi-network.
The end user computer device can also comprise at least one network interface card that can be configured to connect the end user computer device to a network, such as, to the Internet.
The end user computer device can comprise user interfaces, such as: an output user interface, such as: o a screen or monitor configured to display visual data, o a speaker configured to communicate audio data (e.g. playing audio data to the user), input user interface, such as: o a camera configured to capture visual data (e.g. capturing images and/or videos of the user), o a microphone configured to capture audio data (e.g. recording audio from the user), o a keyboard configured to allow the insertion of text and/or other keyboard commands and/or o a trackpad, a mouse, a touchscreen, and/or a joystick.
To put it simply, the end user computer device can be a processing unit configured to carry out instructions of a program. The end user computer device can be a system-on- chip comprising processing units, memory components and busses. The end user computer device can be a smartphone, a tablet computer, a laptop or a personal computer.
The server can comprise means of data processing, such as, processor units, hardware accelerators and/or microcontrollers. The server can comprise memory components, such as, main memory (e.g. RAM), cache memory (e.g. SRAM) and/or secondary memory (e.g. HDD, SDD). The server can comprise busses configured to facilitate data exchange between components of the server, such as, the communication between the memory components and the processing components of the server. The server can comprise network interface cards that can be configured to connect the server to a network, such as, to the Internet. The server can comprise user interfaces, such as: output user interface, such as screens or monitors configured to display visual data and/or speakers configured to communicate audio data, input user interface, such as a camera, a microphone configured to capture audio data, a keyboard, a trackpad, mouse, touchscreen and/or joystick.
The server can also be configured to be controlled from another computer system, such as via a remote-desktop connection, via a secure shell connection (SSH) or the like.
To put it simply, the server can be a processing unit configured to carry out instructions of a program. The server can be a system-on-chip comprising processing units, memory components and busses. The server can be a processing unit or a system-on-chip that can be interfaced with a personal computer, a laptop, a pocket computer, a smartphone, a tablet computer and/or user interfaces (such as the upper-mentioned user interfaces). The server can be a server system or a portion thereof. The server can also be implemented as a cloud system.
The end user computer device can be configured for communication to at least one medical sensing device. The medical sensing device can be according to the at least one sensing device that is configured to sense data related to a user. The medical sensing device can be furthermore according to the at least one of the at least one sensing device that is configured to sense physiological data related to the user.
The at least one medical sensing device can be a plurality of medical sensing devices.
The end user computer device can comprise an input interface component. The input interface component can be according to the interface for adding data to the user data by manual input that can be provided in the respective optional part of the method.
The end user computer device can comprise application data and user data. The application data can be configured to specify an application that derives information from the user data once the application is run by the end user computer device.
The application data can be configured for performing the functionality of an expert system by the application, once the application data are executed. In particular regarding the expert system, the explanations from the method embodiments apply accordingly.
The expert system can be a medical expert system.
The medical expert system can comprise at least a part of a rule-based inference engine. The medical expert system can also comprise the rule-based inference engine. That is, the medical expert system can be implemented by a rule-based inference engine. Furthermore, also the expert system can be implemented by a rule-based inference engine.
The application data can comprise display data.
The application data can comprise knowledge base data and inference engine data. The user data can comprise medical data. The medical data can be in particular according to any of the preceding explanations regarding medical data or medical user data.
The user data can comprise technical user data.
The technical user data can comprise medical user data that are at least in part encoded in a machine-interpretable form. The machine-interpretable form can be according to any of the explanations regarding the machine-interpretable form in the preceding parts of the document. The medical user data that are at least in part encoded in a machine- interpretable form are preferably configured for being processed by the expert system and still more preferably, they are configured for being processed by the rule-based inference engine. That is, the form of the data can for example reflect a method of evaluating rules of the rule-based inference engine.
The technical user data can furthermore comprise information derived from an analysis of at least a part of the user data by the application, wherein the application is according to the application data or parts of the application data.
The user data can comprise personalised display data.
The personalised display data can comprise personalised output data. The personalised output data can be generated based at least on the results of the analysis of the user data by the application, wherein the analysis is preferably performed by the expert system, more preferably by the medical expert system and still more preferably by the rule-based inference engine. The (optional) advantages discussed in the context of the optional part of the method that relates to personalised display data apply respectively.
At least a part of at least one of the user data and the application data can be kept on at least a portion of the data storage component in an encrypted form. That is, at least a part of the user data can be encrypted, at least a part of the application data can be encrypted, or at least a part of each of them can be encrypted. The encryption does not need to be the same for each part.
The application data can be kept on at least the portion of the data storage component in an encrypted form. That is, the application data can be entirely encrypted.
The user data can be kept on at least the portion of the data storage component in an encrypted form. That is, the user data can be entirely encrypted. The personalised display data can be kept on at least the portion of the data storage component in an encrypted form.
The data storage component can comprise at least one non-volatile memory unit. The portion of the data storage component on which at least a part of some data is kept in an encrypted form can comprise at least one of the at least one non-volatile memory unit.
The data storage component can comprise at least one secondary storage unit. The portion of the data storage component on which at least a part of some data is kept in an encrypted form can comprise at least one of the at least one secondary storage memory unit.
At least one of the at least one secondary storage memory unit can be a non-volatile memory unit or vice versa.
The end user computer device can be configured for outputting data.
The end user computer device can be configured for encrypting data. This feature is particularly advantageous if at least a part of some data on the device is kept in an encrypted form.
The end user computer device can be configured to run the application specified by the application data. That is, the end user device can be configured to execute the application data.
The end user computer device can be configured to be connected to at least one server, such as the server, at least at some points in time. This feature can be optionally advantageous at least for downloading the application data.
The end user computer device can be configured to receive update data from the server. Regarding particularly the update data, the explanations from the paragraphs regarding the disclosed method apply respectively as far as applicable.
The end user computer device can be configured to adapt the application data on the end user computer device according to the update data that the end user computer device received. The end user computer device can be configured to prevent sending the medical user data to the server or to a third device unless at least one transfer condition of a transfer condition set is satisfied.
The transfer condition set can comprise at least one transfer condition. At least one of the at least one transfer condition can comprise a condition relating to an anonymisation of at least a part of the user data that is sent, and/or to an authorization by a user or an authorized third party.
Again, regarding terms such as the transfer condition and the transfer condition set, all considerations regarding the optional and non-optional parts of the disclosed method apply accordingly.
The server can be connected to at least one end user computer device. In this disclosure, a server can be a server computer. A server can also be a server computer system comprising a plurality of computers or devices. A server can also be a system emulating the function of a server, such as a software running on a cloud computer system or the like.
The server can be configured to send the update data to the end user computer device.
The end user computer device can be configured to receive the update data. The end user computer device can furthermore be configured to receive the update data in particular from the server, for example by requiring a corresponding cryptographic signature of the server.
An optional aspect of the invention is a computer program product comprising
instructions, which, when the program is executed by the end user computer device, causes the end user computer device to perform the method steps according to any embodiment of the above-described method, which have to be executed on the end user computer device. The end user computer device is according to any of the preceding embodiments comprising an end user device. The end user computer device can be according to any embodiment of the system. The end user device can be compatible to the respective embodiment of the method.
Another optional aspect of the invention is a computer program product comprising instructions, which, when the program is executed by a server, cause the server to perform the method steps according to any embodiment of the method, which have to be executed on the server, wherein the server is according to any embodiment that comprises the server. The server can be according to any system embodiment that comprises the server. The server can be compatible to said method embodiment.
Numbered Embodiments
Below, method embodiments will be discussed. These embodiments are abbreviated by the letter "M" followed by a number. Whenever reference is herein made to "method embodiments", these embodiments are meant.
Ml A method for processing data on an end user computer device (10),
comprising processing user data (20) by an application (30) that is executed by the end user computer device (10).
M2 The method according to the preceding embodiment,
comprising furthermore a user data storing step that comprises storing at least a part of the user data (20) on the end user computer device (10).
M3 The method according to the preceding method embodiment,
wherein the user data storing step comprises storing medical data.
M4 The method according to the any of the two preceding method embodiments, wherein the user data storing step comprises a technical user data storing step that comprises storing technical user data (21) in a machine-interpretable form.
M5 The method according to the preceding embodiment,
wherein the technical user data (21) comprise medical user data.
M6 The method according to any of the two preceding method embodiments,
wherein the technical user data storing step comprises
storing technical user data (21) that are encoded with at least a homogenous naming for fields.
M7 The method according to the preceding three method embodiments,
wherein the technical user data storing step comprises
for each field encoding values with a same dimension unit.
M8 The method according to the any of the four preceding method embodiments, wherein the technical user data storing step comprises
storing at least partially automatically generated medical data that comprise at least one of
(a) at least one medical image,
(b) at least one result of a laboratory analysis of material originating from or expelled by the human body, and
(c) data from a sensing device that senses biometrical or medical data of the user.
M9 The method according to the preceding method embodiment,
wherein the at least partially automatically generated medical data is automatically generated.
M10 The method according to any of the preceding method embodiments with the features of M 4,
wherein processing user data (20) by the application (30) that is executed by the end user computer device (10) comprises
processing the technical user data (21).
Mi l The method according to the preceding method embodiment,
wherein processing the technical user data (21) comprises
an information deriving step that comprises deriving information from the technical user data (21) by the application (30) and thus generating derived information.
M12 The method according to the preceding method embodiment,
wherein the information deriving step comprises deriving medical information from the technical user data (21) by the application (30).
M13 The method according to any of the preceding method embodiments with the features of Mil,
wherein the application (30) comprises a machine learning model and the information deriving step comprises deriving the information based on the machine learning model.
M14 The method according to any of the two preceding method embodiments,
wherein the application (30) comprises an expert system and the information deriving step comprises deriving the information based on the expert system.
M15 The method according to any of the two preceding method embodiments,
wherein the expert system is a medical expert system. M16 The method according to the preceding method embodiment,
wherein the medical expert system comprises at least a part of a rule-based inference engine.
M17 The method according to any of the preceding five method embodiments,
wherein the application (30) or a part thereof derives information from the technical user data (21) using their machine-interpretable form or at least one property of this machine-interpretable form.
M18 The method according to any of the preceding method embodiments,
wherein the application (30) is specified by application data (36).
M19 The method according to the preceding method embodiment,
wherein the application data (36) comprise display data (33).
M20 The method according to any of the preceding method embodiments with the features of M18,
wherein the application data (36) comprise knowledge base data (31) that comprise at least a part of data that are configured to specify a relation between input data and output data of the application (30).
M21 The method according to any of the preceding method embodiments with the features of M20 and M14,
wherein the application data (36) comprise inference engine data (32) that comprise at least a part of data that specify an evaluation of the input data using the knowledge base data (31).
M22 The method according to any of the preceding method embodiments with the features of M2 and Mil,
wherein the user data storing step comprises storing the derived information or indicators thereof.
M23 The method according to the preceding method embodiment,
wherein storing the derived information or the indicators thereof comprises at least one of
(a) storing at least one reference to at least one part of the display data (33),
(b) copying at least one part of display data (33), and
(c) generating data at least based on display data (33), wherein the display data (33) are preferably according to any of the preceding embodiments that comprise display data (33).
M24 The method according to any of the preceding method embodiments,
wherein the method comprises a data outputting step that comprises outputting at least a part of the user data (20) and/or of the display data (33) by the end user computer device (10).
M25 The method according to the preceding method embodiment and with the features of M22,
wherein outputting at least a part of user data (20) by the end user computer device (10) comprises outputting at least a part of the derived information or the indicators thereof that are stored on the end user computer device (10).
M26 The method according to any of the preceding method embodiments,
wherein data on the end user computer device (10) comprises encrypted data.
M27 The method according to any of the preceding method embodiments,
comprising furthermore encrypting at least a part of the user data (20).
M28 The method according to the preceding method embodiment and with the features of M4,
wherein encrypting at least a part of the user data (20) comprises encrypting at least a part of the technical user data (21).
M29 The method according to any of the preceding embodiments with the features of M18 and M26,
wherein the encrypted data comprise at least a part of the application data (36).
M30 The method according to the preceding embodiment and with the features of M19, wherein the encrypted data comprise at least a part of the display data (33).
M31 The method according to the preceding embodiment,
wherein the encrypted data comprise the display data (33).
M32 The method according to any of the preceding method embodiments,
wherein the method comprises a data adding step that comprises adding data to the user data (20) on the end user computer device (10). M33 The method according to the preceding embodiment,
wherein the method comprises providing an interface for adding data to the user data (20) by manual input.
M34 The method according to any of two preceding method embodiments,
wherein the data adding step comprises using a camera that is connected at least indirectly to the end user computer device (10).
M35 The method according to the preceding method embodiment,
wherein the data adding step comprises adding text data to the user data (20) and wherein using the camera comprises using the camera for adding at least a part of the text data.
M36 The method according to the preceding method embodiment,
wherein adding the text data to the user data (20) comprises furthermore applying at least optical character recognition to data captured by the camera.
M37 The method according to any of the preceding method embodiments with the features of M32,
wherein the data adding step comprises receiving input data from a data server and adding at least a part of the input data to the user data (20).
M38 The method according to any of the preceding method embodiments with the features of M32,
wherein the data adding step comprises receiving data from at least one sensing device that is configured to sense data related to a user.
M39 The method according to the preceding method embodiment,
wherein at least one of the at least one sensing device that is configured to sense data related to the user is configured to sense physiological data related to the user.
M40 The method according to any of the preceding method embodiments with the features of M18,
wherein the method comprises an updating step that comprises sending at least a part of update data from the server (1) and receiving at least the part of the update data by the end user computer device (10). M41 The method according to the preceding method embodiment,
wherein the updating step comprises adapting at least a part of the application data (36) on the end user computer device (10) according to the received update data.
M42 The method according to any of the two preceding method embodiments and with the features of Mil,
wherein the method comprises furthermore repeating at least a part of the information deriving step after the updating step.
M43 The method according to any of the preceding method embodiments and with the features of M40,
wherein the method comprises sending at least an indicator of at least one of (a) the updating step or a result thereof, (b) the application data (36) and (c) the end user computer device (10) or of technical features thereof from the end user device (10) to another device.
M44 The method according to any of the preceding method embodiments,
comprising sending at least a part of the user data (20) or an indicator thereof to a third party from the end user computer device (10).
M45 The method according to any of the preceding method embodiments,
comprising furthermore sending at least a part of the user data (20) to another device from the end user computer device (10) only if at least one transfer condition (35) of a transfer condition set is satisfied.
M46 The method according to the preceding method embodiment,
wherein the transfer condition set comprises at least one transfer condition (35) and wherein at least one of the at least one transfer condition (35) comprises
(a) an anonymization of at least a part of the user data (20) that is sent, and
(b) an authorization by the user or an authorized third party.
M47 The method according to any of the two preceding method embodiments,
wherein the method comprises preventing sending the user data (20) from the end user computer device (10) if none of the transfer conditions (35) of the transfer condition set is satisfied. M48 The method according to any of the preceding method embodiments, wherein the method comprises preventing sending the user data (20) from the end user computer device (10).
M49 The method according to any of the preceding method embodiments with the features of Mil,
wherein at least a part of the information deriving step is performed only on the end user computer device (10).
M50 The method according to any of the preceding method embodiments with the features of Mil,
wherein the information deriving step is performed only on the end user computer device (10).
Below, system embodiments will be discussed. These embodiments are abbreviated by the letter "S" followed by a number. Whenever reference is herein made to "system embodiments", these embodiments are meant.
51 A system for analysing medical data,
comprising an end user computer device (10) and a server (1).
52 The system according to the preceding embodiment,
wherein the end user computer device (10) comprises a data storage component (11) and a data processing component (12).
53 The system according to any of the preceding embodiments,
wherein the end user device (10) comprises a communication component (13).
54 The system according to the preceding embodiment,
wherein the communication component (13) is configured for communication to the server (1) via a connection configured for data transfer (2).
55 The system according to any of the two preceding embodiments,
wherein the end user computer device (10) is configured for communication to at least one medical sensing device (14).
56 The system according to the preceding embodiment,
wherein the at least one medical sensing device (14) is a plurality of medical sensing devices (14). The system according to any of the preceding embodiments, wherein the end user computer device (10) comprises an input interface component. The system according to any of the preceding system embodiments,
wherein the end user device (10) comprises application data (36) and user data (20), wherein the application data (36) are configured to specify an application (30) that derives information from the user data (20) once it is run by the end user device (10). The system according to any of the preceding embodiments with the features of S8,
wherein the application data (36) are configured for performing the functionality of an expert system (34) by the application (30) once the application data (36) are executed. The system according to the preceding embodiment,
wherein the expert system (34) is a medical expert system. The system according to the preceding embodiment,
wherein the medical expert system comprises at least a part of a rule-based inference engine. The system according to any of the preceding embodiments with the features of S8,
wherein the application data (36) comprises display data (33). The system according to any of the preceding embodiments with the features of S8,
wherein the application data (36) comprises knowledge base data (31) and inference engine data (32). The system according to any of the preceding embodiments with the features of S8,
wherein the user data (20) comprise medical data. The system according to any of the preceding embodiments with the features of S16,
wherein the user data (20) comprise technical user data (21). The system according to the preceding embodiment,
wherein the technical user data (21) comprise medical user data that are at least in part encoded in a machine-interpretable form that are preferably configured for being processed by the expert system (34), and that is still more preferably configured for being processed by the rule-based inference engine. The system according to the preceding embodiment,
wherein the technical user data (21) furthermore comprise information derived from an analysis of at least a part of the user data (20) by the application (30) according to the application data (36) or parts thereof. The system according to any of the preceding embodiments with the features of S8,
wherein the user data (20) comprise personalised display data (22). The system according to the preceding embodiment,
wherein the personalised display data (22) comprise personalised output data. The system according to any of the preceding embodiments with the features of S2 and S8,
wherein at least a part of at least one of the user data (20) and the application data (36) is kept on at least a portion of the data storage component (11) in an encrypted form. The system according to the preceding embodiment,
wherein the application data (30) are kept on at least the portion of the data storage component (11) in an encrypted form. The system according to any of the preceding two embodiments,
wherein the user data (20) are kept on at least the portion of the data storage component (11) in an encrypted form. The system according to any of the preceding embodiments with the features of S2 and S18, wherein the personalised display data (22) are kept on at least the portion of the data storage component (11) in an encrypted form. The system according to any of the preceding four embodiments,
wherein the data storage component (11) comprises at least one non-volatile memory unit and the portion of the data storage component (11) comprises at least one of the at least one non-volatile memory unit. The system according to any of the preceding five embodiments,
wherein the data storage component comprises at least one secondary storage unit and the portion of the data storage component (11) comprises at least one of the at least one secondary storage unit. The system according to any of the preceding system embodiments,
wherein the end user computer device (10) is configured for outputting data. The system according to any of the preceding system embodiments,
wherein the end user computer device (10) is configured for encrypting data. The system according to any of the preceding system embodiments with the features of S8,
wherein the end user computer device (10) is configured to run the application specified by the application data (36). The system according to any of the preceding embodiments,
wherein the end user computer device (10) is configured to be connected to at least one server (1) at least at some points in time. The system according to any of the preceding embodiments,
wherein the end user computer device (10) is configured to receive update data from the server (1). The system according to the preceding embodiment with the features of S8, wherein the end user computer device (10) is configured to adapt the application data (36) on the end user computer device (10) according to the update data that the end user computer device (10) received. The system according to any of the preceding embodiments,
wherein the end user computer device (10) is configured to prevent sending the medical user data to the server (1) or to a third device unless at least one transfer condition (35) of a transfer condition set is satisfied.
533 The system according to the preceding method embodiment,
wherein the transfer condition set comprises at least one transfer condition (35) and wherein at least one of the at least one transfer condition (35) comprises
(a) an anonymization of at least a part of the user data (20) that is sent,
(b) an authorization by a user or an authorized third party.
534 The system according to any of the preceding embodiments,
wherein the server (1) is configured to be connected to at least one end user computer device (10).
535 The system according to any of the preceding embodiments with the features of S30,
wherein the server (1) is configured to send the update data to the end user computer device (10).
536 The system according to the preceding embodiment,
wherein the end user computer device (10) is configured to receive the update data.
Below, computer program product embodiments will be discussed. These embodiments are abbreviated by the letter "P" followed by a number. Whenever reference is herein made to "program embodiments", these embodiments are meant.
PI A computer program product comprising instructions, which,
when the program is executed by the end user computer device (10),
causes the end user computer device (10) to perform the method steps according to any method embodiment, which have to be executed on the end user computer device (10),
wherein the end user computer device (10) is according to any system embodiment that comprises an end user computer device (10) that is compatible to said method embodiment.
P2 A computer program product comprising instructions, which,
when the program is executed by a server (1), cause the server to perform the method steps according to any method embodiment, which have to be executed on the server (1),
wherein the server (1) is according to any system embodiment that comprises a server (1) that is compatible to said method embodiment.
Whenever a relative term, such as "about", "substantially" or "approximately" is used in this specification, such a term should also be construed to also include the exact term. That is, e.g., "substantially straight" should be construed to also include "(exactly) straight".
Whenever steps are recited in the appended claims, it should be noted that the order in which the steps are recited in this text may be the preferred order, but it may not be mandatory to carry out the steps in the recited order. That is, unless otherwise specified or unless clear to the skilled person, the orders in which steps are recited may not be mandatory. That is, when the present document states, e.g., that a method comprises steps (A) and (B), this does not necessarily mean that step (A) precedes step (B), but it is also possible that step (A) is performed (at least partly) simultaneously with step (B) or that step (B) precedes step (A). Furthermore, when a step (X) is said to precede another step (Z), this does not imply that there is no step between steps (X) and (Z). That is, step (X) preceding step (Z) encompasses the situation that step (X) is performed directly before step (Z), but also the situation that (X) is performed before one or more steps (Yl), ..., followed by step (Z). Corresponding considerations apply when terms like "after" or "before" are used.
Figure description
Brief description of the figures
Figure 1 shows the end user computer device 10, the server 1 and data on the end user computer device.
Figure 2 shows data storage and data access on the end user computer device 1.
Figure 3 shows an analysis of data and interactions with the end user computer device 10.
Figure 1 shows an end user computer device 10, a server 1 and a connection configured for data transfer 2. User data 20 and application data 36 are stored on the end user computer device 10. The application data 36 can comprise knowledge base data 31, inference engine data 32 and display data 33. The application data 36 allow to run an application 30 that delivers the functionality of an expert system. The expert system is configured to analyse the user data 20 on the end user computer device 10, whereas the application data 36 is stored separately from the user data 20. One or both data types or parts thereof can be encrypted. The two data types can be differently encrypted, as they are stored separately from each other, wherein "separately" refers to logically separated storage. Furthermore, all four types of data, the user data 20, the knowledge base data 31, the inference engine data 32 and the display data 33, can be stored separately and can be differently encrypted.
Furthermore, the server 1 has a connection configured for data transfer 2 to the end user computer device 10 or to a plurality of end user computer devices 10 according to the visualised end user computer device 10. The server 1 can be configured update the application data 36 or parts thereof on the end user computer device 10. The server can also be configured to verify or install the application data 36 or parts thereof on the end user computer device 10. The application 30 according to the application data 36 does not need a connection to the server in order to analyse the user data 20.
As the person skilled in the art will understand, the display data 33 belong to the application data 36, which can be sent by the server 1 using the connection configured to transfer data 2. As detailed above, user data 20 do not need to be uploaded to the server. Therefore, the application data 30 can be the same for all end user computer devices 10, whereas application data 30 can also be specific to the type of the end user computer device 10. In such a case, the application data 36 can be the same for a same version of application data 36 on a same type of end user computer devices 10. In particular, display data 33 can be the same for all end user computer devices 10 which received the display data 33 in a same period of time from the server 1.
Figure 2 details the method and possible data separations the end user computer device 10. The user data 20 can be split in two parts: Technical user data 21 and personalised display data 22.
The technical user data 21 are comprise data that are stated in a standardized form, such as medical information in a medical for a medical expert system. The standardized form may be according to a proprietary or public standard. The technical user data 21 may be stated in a machine-interpretable form. That is, they can be stated with an encoding that uses a standardized identifier for each value or for each set of values, such as in the case of timestamped values. The values may have a common dimension unit type, such as liter/I for volumes, or they may at least be stated in directly convertible dimension unit types, such as ml and I for volumes. They may furthermore be stated with fuzzy values, such as "high", "medium" and "low" or "painful" and "not painful".
The personalised display data are display data that are personalised by the application 30 according to the information derived from the user data 20. As stated above, the display data 33 can be identical for each version of the application data 36, so that the display data 33 do not vary depending on the user data 20. The display data 33 that should be outputted by the end user computer device 10 can be stored by reference to respective parts of the display data 33. At least a part of the display data 33 can also be copied to another data group, such as to the personalised display data 22. The application 30 can also generate at least a part of the personalised display data 22 based on the display data 33 and the user data 20, in particular the technical user data 21, such as by using templates from the display data 33.
In contrary to the application data 30, a disclosure of the personal display data 22 compromises a user's privacy. Personal display data 22 can therefore be part of the user data 20 and can be stored with said user data 20. If encryption is applied to the user data 20, then the personal display data 22 can also be encrypted accordingly.
As figure 2 shows, the application 30, needs to access the technical user data 21 to derive information and to thus generate derived information. The derived information can be added to the technical user data 21. The derived information may be suitable to refer to relevant elements of the display data 33, for example in a case where the display data 33 are ordered by the respective derived information or its encoding in a standard form.
The application 30 according to the application data 36 may be an expert system. The expert system may be implemented by an inference engine, in particular by a rule-based inference engine. The expert system may be a medical expert system, i.e. an expert system treating at least partially medical data. The medical expert system may be based on medical rules. The application 30 may also comprise evaluating model obtained from machine learning, such as a model that is trained with patient records and corresponding diagnoses or other output data corresponding to the patient record. In such a case, the knowledge base data 31 can comprise the data that specify the trained model or characterising data thereof, e.g. zones attributed to classes in case of a k-nearest- neighbours-model with a defined parameter k. The inference engine data 32 can specify an evaluation of input data based on the knowledge base data 31. The result can then indicate which part of the display data 33 should be outputted. Figure 3 details an embodiment of the method for processing data on an end user computer device.
The steps numbered for readability, nevertheless, the order of their description or their numbering do not impose an order in which they need to be performed.
Step SI comprises to downloading data from the server 1 to the end user computer device 10 via the connection configured for data transfer 2. Said data can comprise the application data 36, but they can also comprise only a part of the application data 36 or data that trigger the end user computer device 10 to adapt the application data 36 or a part thereof on the end user computer device 10, such as by indicating changes that need to be performed.
The application data 36 or parts thereof are optionally encrypted, optionally, parts of the application data are differently encrypted, wherein this difference may be caused by at least partially different encryption keys and/or at least partially different encryption methods. For example, the display data 33 can be encrypted, and the knowledge base data 31 can be encrypted differently. An advantage of encrypting the display data 33 can optionally be that the display data 33 are the most valuable part of the application data 36 regarding their value for potential competitors, especially if they comprise further non-technical information. Encrypting at least the display data 33 will in this case lower a risk of theft of trade secrets.
Step S2 comprises adding technical user data 21 from a data source that is indicated by DS in figure 3. This data source can for example be a manual input by the user, a camera taking images, such as an image of a medical report or a medical record or a data server, such as a server operated by a health care provider who provides his patients with digital copies of their records or parts thereof. If the technical user data 21 is encrypted, then the added technical user data can also be encrypted.
Step S3 comprises accessing and analysing the user data 20. The application 30 according to the application data 36, in particular according to the inference engine data 32, accesses the technical user data 21, if necessary, after or while decrypting the technical user data's relevant parts, and generates findings based on knowledge from the knowledge base data 31.
Step S4 comprises storing results of the step of analysing the user data 20. The application 30 stores the results, preferably in a machine-interpretable form, as well as references to corresponding parts of the display data 33 to the technical user data 21. These results can optionally be stored in an encrypted form. The results of the analysis may be stated in a format that implies the reference to the portions of display data so that the reference does not need to be stated separately.
Step S5 is entirely optional. It comprises generating personalised display data. The application 30 optionally generates personalised display data 22 based on the results of the analysis of the user data 20 and in particular of the technical user data 21. In such embodiments, the application data 36 can comprise data that specifies a generation of the personalised display data 22, such as templates that are stored with the display data. The application stores the personalised display data 22 with the user data 20, optionally in an encrypted form.
Step S6 comprises displaying at least a part of the results of the analysis. Portions of display data 33 that are indicated by references and/or implicitly by analysis results stored with the technical user data 21 and/or that are stored with the personalized display data 22 are outputted by the end user computer device 10 via one or more user interface elements that are indicated by "UI" in figure 3.
Server 1
Connection configured for data transfer 2
End user computer device 10
Data storage component 11
Data processing component 12
Communication component 13
User data 20
Technical user data 21
Personalised display data 22
Application 30
Knowledge base data 31
Inference engine data 32
Display data 33
Expert system 34
Transfer condition 35
Application data 36

Claims

Claims
1. A method for processing data on an end user computer device (10), comprising processing user data (20) by an application (30) that is executed by the end user computer device (10), and a user data storing step that comprises storing at least a part of the user data (20) on the end user computer device (10), wherein the user data storing step comprises storing medical data and a technical user data storing step that comprises storing technical user data (21) in a machine-interpretable form.
2. The method according to the preceding claim, wherein the technical user data storing step comprises storing technical user data (21) that are encoded with at least a homogenous naming for fields and for each field encoding values with a same dimension unit.
3. The method according to the any of the preceding claims, wherein the technical user data storing step comprises storing at least partially automatically generated medical data that comprise at least one of
(a) at least one medical image,
(b) at least one result of a laboratory analysis of material originating from or expelled by the human body, and
(c) data from a sensing device that senses biometrical or medical data of the user.
4. The method according to any of the preceding claims, wherein processing user data (20) by the application (30) that is executed by the end user computer device (10) comprises processing the technical user data (21), wherein processing the technical user data (21) comprises an information deriving step that comprises deriving information from the technical user data (21) by the application (30) and thus generating derived information, and wherein the information deriving step comprises deriving medical information from the technical user data (21) by the application (30).
5. The method according to the preceding claim, wherein the application (30) comprises an expert system and the information deriving step comprises deriving the information based on an expert system, wherein the expert system comprises a medical expert system and wherein the medical expert system comprises at least a part of a rule-based inference engine.
6. The method according to any of the two preceding claims, wherein the application (30) or a part thereof derives information from the technical user data (21) using their machine-interpretable form or at least one property of this machine-interpretable form.
7. The method according to any of the preceding claims, wherein the application (30) is specified by application data (36), wherein the application data (36) comprise display data (33), and wherein the application data (36) comprise knowledge base data (31) that comprise at least a part of data that are configured to specify a relation between input data and output data of the application (30).
8. The method according to any of the preceding claims with the features of claim 4, wherein the user data storing step comprises storing the derived information or indicators thereof, and wherein storing the derived information or the indicators thereof comprises at least one of (a) storing at least one reference to at least one part of display data (33), (b) copying at least one part of display data (33), and (c) generating data at least based on display data (33), wherein the display data (33) are preferably according to any of the preceding embodiments that comprise display data (33).
9. The method according to the preceding claim, wherein the method comprises a data outputting step that comprises outputting at least a part of the user data (20) by the end user computer device (10), and wherein outputting at least a part of user data (20) by the end user computer device (10) comprises outputting at least a part of the derived information or the indicators thereof that are stored on the end user computer device (10).
10. The method according to any of the preceding claims with the features of claim 7, wherein data on the end user computer device (10) comprises encrypted data, and wherein the encrypted data comprise at least a part of the application data (36).
11. The method according to any of the preceding claims, wherein the method comprises a data adding step that comprises adding data to the user data (20) on the end user computer device (10), wherein the data adding step furthermore comprises at least one of (a) providing an interface for adding data to the user data (20) by manual input, (b) using a camera that is connected at least indirectly to the end user computer device (10) and (c) receiving input data from a data server and adding at least a part of the input data to the user data (20).
12. The method according to the preceding claim, wherein the data adding step comprises receiving data from at least one sensing device that is configured to sense data related to a user and wherein at least one of the at least one sensing device that is configured to sense data related to a user is configured to sense physiological data related to a user.
13. The method according to any of the preceding claims, comprising furthermore sending at least a part of the user data (20) to another device, such as the server (1) or a third party server, from the end user computer device (10) only if at least one transfer condition (35) of a transfer condition set is satisfied, wherein the transfer condition set comprises at least one transfer condition (35) and wherein at least one of the at least one transfer condition (35) is selected from (a) an anonymization of at least a part of the user data (20) that is sent, and (b) an authorization by a user or an authorized third party.
14. The method according to any of the preceding claims with the features of claim 4, wherein the information deriving step is performed only on the end user computer device (10).
15. A system for analysing medical data, comprising an end user computer device (10) and a server (1), wherein the end user computer device (10) comprises a data storage component (11), a data processing component (12), an input interface component, application data (36) and user data (20), wherein the application data (36) are configured to specify an application (30) that derives information from user data (20) once it is executed by the end user device (10), and wherein the application data (36) are configured for performing the functionality of an expert system (34) by the application (30) once the application data (36) are executed.
16. A computer program product comprising instructions, which, when the program is executed by the end user computer device (10), causes the end user computer device (10) to perform the method steps according to any method claim, which have to be executed on the end user computer device (10), wherein the end user computer device (10) is according to any system claim that comprises an end user computer device (10) that is compatible to said method claim.
PCT/EP2020/060925 2019-04-18 2020-04-17 Secure medical data analysis for mobile devices WO2020212609A1 (en)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
EP19170111 2019-04-18
EP19170100 2019-04-18
EP19170111.9 2019-04-18
EP19170096.2 2019-04-18
EP19170091 2019-04-18
EP19170100.2 2019-04-18
EP19170091.3 2019-04-18
EP19170096 2019-04-18

Publications (1)

Publication Number Publication Date
WO2020212609A1 true WO2020212609A1 (en) 2020-10-22

Family

ID=69846023

Family Applications (4)

Application Number Title Priority Date Filing Date
PCT/EP2020/060927 WO2020212611A1 (en) 2019-04-18 2020-04-17 Method and system for transmitting combined parts of distributed data
PCT/EP2020/060925 WO2020212609A1 (en) 2019-04-18 2020-04-17 Secure medical data analysis for mobile devices
PCT/EP2020/060926 WO2020212610A1 (en) 2019-04-18 2020-04-17 Method and system for selective broadcasting
PCT/EP2020/060916 WO2020212604A1 (en) 2019-04-18 2020-04-17 Method and system for selectively transmitting data

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/EP2020/060927 WO2020212611A1 (en) 2019-04-18 2020-04-17 Method and system for transmitting combined parts of distributed data

Family Applications After (2)

Application Number Title Priority Date Filing Date
PCT/EP2020/060926 WO2020212610A1 (en) 2019-04-18 2020-04-17 Method and system for selective broadcasting
PCT/EP2020/060916 WO2020212604A1 (en) 2019-04-18 2020-04-17 Method and system for selectively transmitting data

Country Status (1)

Country Link
WO (4) WO2020212611A1 (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5660176A (en) 1993-12-29 1997-08-26 First Opinion Corporation Computerized medical diagnostic and treatment advice system
US20030225597A1 (en) 2002-05-29 2003-12-04 Levine Joseph H. Methods and systems for the creation and use of medical information
US20050015352A1 (en) 2001-11-01 2005-01-20 Verlinden Stefan Frederic Franciscus Expert system for medical diagnosis
DE202005012454U1 (en) 2005-08-08 2005-10-20 Bitos Gmbh Mobile medical expert system, e.g. a first aid system, comprises a mobile terminal with a medical expert system software application which can connect to a central database via wireless communications for information exchange
US7433853B2 (en) 2004-07-12 2008-10-07 Cardiac Pacemakers, Inc. Expert system for patient medical information analysis
US20090177495A1 (en) 2006-04-14 2009-07-09 Fuzzmed Inc. System, method, and device for personal medical care, intelligent analysis, and diagnosis
US20090326981A1 (en) 2008-06-27 2009-12-31 Microsoft Corporation Universal health data collector and advisor for people
US20150359489A1 (en) 2013-01-25 2015-12-17 Vanderbilt University Smart mobile health monitoring system and related methods
US20180129900A1 (en) * 2016-11-04 2018-05-10 Siemens Healthcare Gmbh Anonymous and Secure Classification Using a Deep Learning Network

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0834227B1 (en) * 1995-06-19 1999-02-03 International Business Machines Corporation Method and system for receiving data packets in a unidirectional broadcasting system
US6397224B1 (en) 1999-12-10 2002-05-28 Gordon W. Romney Anonymously linking a plurality of data records
US20020116227A1 (en) 2000-06-19 2002-08-22 Dick Richard S. Method and apparatus for requesting, retrieving, and obtaining de-identified medical informatiion
US7543149B2 (en) 2003-04-22 2009-06-02 Ge Medical Systems Information Technologies Inc. Method, system and computer product for securing patient identity
US7966368B2 (en) * 2003-05-02 2011-06-21 Microsoft Corporation Communicating messages over transient connections in a peer-to-peer network
US20050086481A1 (en) * 2003-10-15 2005-04-21 Cisco Technology, Inc. Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
IL161263A0 (en) 2004-04-02 2004-09-27 Crossix Solutions Llc A privacy preserving data-mining protocol
US7302611B2 (en) 2004-09-13 2007-11-27 Avaya Technology Corp. Distributed expert system for automated problem resolution in a communication system
US8577933B2 (en) 2006-08-02 2013-11-05 Crossix Solutions Inc. Double blinded privacy-safe distributed data mining protocol
US10231077B2 (en) * 2007-07-03 2019-03-12 Eingot Llc Records access and management
GB2502750A (en) * 2011-03-22 2013-12-04 Nant Holdings Ip Llc Healthcare Management objects
CA2961970A1 (en) * 2014-09-23 2016-03-31 Surgical Safety Technologies Inc. Operating room black-box device, system, method and computer readable medium
US20160357173A1 (en) * 2015-06-08 2016-12-08 Evidation Health Evidence Generation and Data Interpretation Platform
US11616825B2 (en) * 2015-12-18 2023-03-28 Aetna Inc. System and method of aggregating and interpreting data from connected devices

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5660176A (en) 1993-12-29 1997-08-26 First Opinion Corporation Computerized medical diagnostic and treatment advice system
US20050015352A1 (en) 2001-11-01 2005-01-20 Verlinden Stefan Frederic Franciscus Expert system for medical diagnosis
US20030225597A1 (en) 2002-05-29 2003-12-04 Levine Joseph H. Methods and systems for the creation and use of medical information
US7433853B2 (en) 2004-07-12 2008-10-07 Cardiac Pacemakers, Inc. Expert system for patient medical information analysis
DE202005012454U1 (en) 2005-08-08 2005-10-20 Bitos Gmbh Mobile medical expert system, e.g. a first aid system, comprises a mobile terminal with a medical expert system software application which can connect to a central database via wireless communications for information exchange
US20090177495A1 (en) 2006-04-14 2009-07-09 Fuzzmed Inc. System, method, and device for personal medical care, intelligent analysis, and diagnosis
US20090326981A1 (en) 2008-06-27 2009-12-31 Microsoft Corporation Universal health data collector and advisor for people
US20150359489A1 (en) 2013-01-25 2015-12-17 Vanderbilt University Smart mobile health monitoring system and related methods
US20180129900A1 (en) * 2016-11-04 2018-05-10 Siemens Healthcare Gmbh Anonymous and Secure Classification Using a Deep Learning Network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JASON FURMAN ET AL: "Privacy-Preserving Machine Learning Based Data Analytics on Edge Devices", PROCEEDINGS OF THE 2018 AAAI/ACM CONFERENCE ON AI, ETHICS, AND SOCIETY, 27 December 2018 (2018-12-27), New York, NY, USA, pages 341 - 346, XP055704613, ISBN: 978-1-4503-6012-8, DOI: 10.1145/3278721.3278778 *
RICHARD MORTIER ET AL: "Personal Data Management with the Databox : What's Inside the Box?", PROCEEDINGS OF THE 2016 ACM WORKSHOP ON CLOUD-ASSISTED NETWORKING, CAN '16, 1 January 2016 (2016-01-01), New York, New York, USA, pages 49 - 54, XP055704896, ISBN: 978-1-4503-4673-3, DOI: 10.1145/3010079.3010082 *

Also Published As

Publication number Publication date
WO2020212610A1 (en) 2020-10-22
WO2020212611A1 (en) 2020-10-22
WO2020212604A1 (en) 2020-10-22

Similar Documents

Publication Publication Date Title
Wang et al. Deep learning in medicine—promise, progress, and challenges
US8924236B2 (en) Record system
JP5952835B2 (en) Imaging protocol updates and / or recommenders
US20170091391A1 (en) Patient Protected Information De-Identification System and Method
US20220172809A9 (en) Report generating system and methods for use therewith
CN109310317A (en) System and method for automated medical diagnosis
US20210057106A1 (en) System and Method for Digital Therapeutics Implementing a Digital Deep Layer Patient Profile
Shastry et al. An integrated deep learning and natural language processing approach for continuous remote monitoring in digital health
US20110125646A1 (en) Methods and systems for managing personal health records by individuals
Yadav Transformative frontiers: a comprehensive review of emerging technologies in modern healthcare
CN109859837A (en) A kind of pyemia method for early warning, system and storage medium based on medical data
Bilal Unver et al. Role of trust in AI-driven healthcare systems: Discussion from the perspective of patient safety
Al Barazanchi et al. Automated telemedicine and diagnosis system (ATDS) in diagnosing ailments and prescribing drugs
WO2020212609A1 (en) Secure medical data analysis for mobile devices
Aydogan A hybrid deep neural network‐based automated diagnosis system using x‐ray images and clinical findings
Eddie A Review of Medical Data Sources and Advanced Data Analytics in the Medical Sector
Vijayalakshmi et al. Blockchain security for artificial intelligence-based clinical decision support tool
Rao et al. AI-enabled clinical decision support system
Bhambri et al. Managing and Monitoring Patient's Healthcare Using AI and IoT Technologies
US20160364531A1 (en) Physician study manager method, system, and apparatus
GHEORGHE-MOISII et al. Ethical considerations on the use of AI technology in eHealth applications for neurodegenerative diseases
Sittig Clinical Informatics Literacy: 5000 Concepts that Every Informatician Should Know
Psarra Clinical decision support systems–Diagnostic and prognostic attribute-based access control in acute care
Javorník et al. Probabilistic Modelling and Decision Support in Personalized Medicine
Gomez et al. Explainable AI decision support improves accuracy during telehealth strep throat screening

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20718680

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 28/02/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20718680

Country of ref document: EP

Kind code of ref document: A1