WO2021085519A1 - パーソナルデータ流通管理システム及びその方法 - Google Patents

パーソナルデータ流通管理システム及びその方法 Download PDF

Info

Publication number
WO2021085519A1
WO2021085519A1 PCT/JP2020/040568 JP2020040568W WO2021085519A1 WO 2021085519 A1 WO2021085519 A1 WO 2021085519A1 JP 2020040568 W JP2020040568 W JP 2020040568W WO 2021085519 A1 WO2021085519 A1 WO 2021085519A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
management device
personal
distribution management
individual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2020/040568
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
八木 康史
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Osaka NUC
Original Assignee
Osaka University NUC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Osaka University NUC filed Critical Osaka University NUC
Priority to JP2021553675A priority Critical patent/JP7578291B2/ja
Priority to EP20882660.2A priority patent/EP4053780A4/en
Priority to US17/771,834 priority patent/US12124613B2/en
Priority to CN202080074046.1A priority patent/CN114600107A/zh
Publication of WO2021085519A1 publication Critical patent/WO2021085519A1/ja
Anticipated expiration legal-status Critical
Priority to JP2024180652A priority patent/JP2025013850A/ja
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/40Business processes related to social networking or social networking services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/18Legal services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/26Government or public services
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/63ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for local operation

Definitions

  • the present invention relates to a personal data distribution management technique for managing the distribution of personal data collected from a plurality of individuals.
  • Utilization of big data is the key to the realization of data-led economic growth and social change.
  • big data especially personal data is attracting attention.
  • personal data for example, it is possible to benefit various people such as medical progress and health promotion, and services for each individual can also be provided by using the personal data of the target individual. It is expected that high-quality services that match more individuals can be constructed, and that highly effective marketing can be achieved by using personal data.
  • the Cabinet decided to promote three concrete measures to promote data distribution and utilization across industries and industries in Japan.
  • the measures are (1) cooperation and utilization of industrial data, (2) utilization of personal data, and (3) promotion of digital transformation in the field of private enterprises.
  • mechanisms such as personal data stores (PDS), information banks, and data trading markets have been proposed in order to properly utilize and protect personal data and to handle them in a balanced manner. ..
  • PDS and information banks are mechanisms that promote personal consent and big data conversion of personal data, and the data trading market is positioned as an important mechanism for matching to promote distribution and utilization.
  • the PDS itself is a systematic realization of personal consent and does not include a mechanism for data distribution. For companies, it is costly to obtain and collect consent for the utilization of personal data from each individual.
  • An information bank is a mechanism in which an individual sets conditions for utilizing his / her own personal data in advance, and then entrusts a part or all of the data to a business operator that operates the information bank.
  • Information banks can provide third parties by negotiating the offer price and joining different data.
  • the "data trading market” is an individual who manages personal data directly with the PDS at hand, an information bank that entrusts and manages data from the individual, and personal for the purpose of effective utilization of the company's industrial data. It is a data trading mechanism that matches the supply and demand of companies (and platforms that are a collection of multiple companies) that have data collection needs. The functions of this market are expected to include price formation / presentation associated with data trading, refinement of transaction conditions, standardization of transaction targets, and credit guarantee of transactions. In the distribution of personal data, it is useful to look around the world and create a data trading market mechanism that includes a re-consent process in a format that complies with the revised Personal Information Protection Law and GDPR.
  • Patent Document 1 the business operator who acquires personal personal data, the purchaser, and the business operator and the purchaser intervene to mediate the application from the purchaser and the provision of the personal data to be applied.
  • a personal data providing system equipped with an intermediary is described, and anonymity can be ensured for the intermediary and the purchaser by giving a temporary ID to the individual.
  • Patent Document 2 describes an intermediary device that is interposed between a plurality of information banking devices that store personal data and a data utilization device to support a usage data request from the data utilization device.
  • Patent Document 3 describes a personal data management system including a management server provided with a user information storage unit and a requesting server for requesting user information.
  • a personal data management system including a management server equipped with a user information storage unit and a requesting server that requests user information is described.
  • the data management system, data providing system, and intermediary device described in Patent Documents 1 to 3 include a provider data storage unit for storing personal data, while creating and storing a catalog for promoting the distribution of personal data. It is not equipped with a distribution control device that performs the above. Moreover, when adopting a system configuration in which a data distribution management device and a plurality of provider data storage units are individually arranged, the information security of personal data as a whole system, GDPR compliance, and protection of personal information should be satisfied. It's not easy to design.
  • the present invention has been made in view of the above, and provides a personal data distribution management system and a method for performing data distribution management that can reduce the risk of information leakage of personal data.
  • the present invention also provides a personal data distribution management system and a method thereof that protects personal information such as a real name and enables data distribution management while complying with the GDPR.
  • the personal data distribution management system individually includes at least one provider data management device, a data distribution management device, and a relay processing device connected on a network.
  • the provider data management device includes a database that stores personal data of an individual measured by a measuring instrument, attribute information related to the individual and the measurement as original data associated with the real name information of the individual.
  • the data distribution management device includes a usage request receiving means for receiving a data usage request from a data user terminal. Based on the data usage request received by the usage request receiving means, the relay processing device selects and responds to personal data of an individual corresponding to the data usage request from the database of each provider data management device. It is output to the data user terminal excluding the personal real name information.
  • the personal data distribution management system individually includes at least one provider data management device and a data distribution management device connected on the network.
  • the provider data management device includes a database that stores personal data of an individual measured by a measuring instrument, attribute information related to the individual and the measurement as original data associated with the real name information of the individual.
  • the data distribution management device is a catalog management means for generating a data catalog by taking in the original data other than the personal data stored in the database of each provider data management device, centralizing the data, and editing the data. To be equipped.
  • the personal data distribution management method individually includes at least one provider data management device, a data distribution management device, and a relay processing device connected on a network.
  • the usage request receiving means of the data distribution management device generates and stores personal data of an individual measured by a measuring instrument and attribute information related to the individual and the measurement as original data associated with the real name information of the individual. To do.
  • the data distribution management device receives a data use request from a data user terminal. Based on the data usage request received by the data distribution management device, the relay processing device selects and responds to personal data of an individual corresponding to the data usage request from the database of each provider data management device. It is output to the data user terminal excluding the personal real name information.
  • the personal data distribution management method individually includes at least one provider data management device and a data distribution management device connected on the network.
  • the provider data management device creates personal data of an individual measured by a measuring instrument, attribute information related to the individual and the measurement as original data associated with the real name information of the individual, and stores it in a database.
  • the catalog management means of the data distribution management device takes in the original data other than the personal data stored in the database of each provider data management device, unifies, and edits to generate a data catalog. To do.
  • the data distribution management device takes in the original data excluding the personal data and generates a data catalog. Further, the relay processing device outputs data excluding personal real name information from the database of each provider data management device to the data user terminal based on the data usage request received from the outside. These enable data distribution management that reduces the risk of information leakage of personal data and personal real name information from the database of each provider data management device to the outside.
  • FIG. 1 It is a block diagram which shows one Embodiment of the personal data distribution management system which concerns on this invention. It is a block diagram which shows one Embodiment of the provider data management apparatus. It is a block diagram which shows one Embodiment of the data distribution management apparatus. It is a block diagram which shows one Embodiment of a user terminal.
  • the memory map diagram showing an example of the item of the original data (A) is the item of the data provider and the item of the e-mail address, and (B) includes the item of the real name of the individual and the item of the attribute information of the individual.
  • (A) is a name identification table
  • (B) is a secondary kana table.
  • (A) is a comprehensive data catalog
  • (B) is an edited catalog. It is a chart which shows an example of the selection item of a data use request.
  • (A) shows a data catalog
  • (B) shows an example of reassignment
  • (C) shows data for provision.
  • FIG. 1 is a configuration diagram showing an embodiment of a personal data distribution management system according to the present invention.
  • the personal data distribution management system 1 includes a data provider 10, a data distribution management device 30, and a relay processing device 40 that functions as a platform, and each of them enables data communication via a network 50 such as the Internet. Has been done.
  • the personal data distribution management system 1 can be connected to the user terminal 100 via the network 50.
  • the data provider 10 includes at least one provider data management device 11, 12, 13, ... As a provider data management device that is a unit for collecting and storing a group of data sets.
  • provider data management devices 11, 12, 13, ..., Corporations, companies, university corporations, groups, and individuals are assumed, and in the present embodiment, each is a hospital unit, or a medical office unit may be included.
  • the individual or diagnostic personal data in the present embodiment may include, for example, various vital data such as heart rate, blood pressure, and data types such as purchase history information in the hospital.
  • each entity of the data providing side 10 and the user terminal 100 is a member who has joined the organization of this system, but it is not always essential. Members are given an ID and password, and based on this, they can receive data viewing and usage request services.
  • the provider data management devices 11, 12, 13, ... Constituting the data provider 10 each collect personal data from a plurality of individuals (for example, a patient and a examinee). Various types of personal data are assumed. The collected personal data of each type is stored in association with the real name information in units of each provider data management device 11, 12, 13, ... Of the data provider 10.
  • the data distribution management device 30 functions as a data transaction market, creates a data catalog for promotion for promoting data distribution (buying and selling of personal personal data), and provides it so that it can be viewed on the network 50. To do.
  • the data distribution management device 30 receives a data usage request from a third party via the network 50, it searches for personal data corresponding to the content of the usage request and performs re-consent procedure processing for related parties and individuals. After that, the data is provided to the user under the predetermined conditions (benefits). Benefits may include money, points, various services, and other consideration.
  • the first and second pseudonyms are performed, and when the personal data is provided, further reassignment (substitution anonymization) is performed so that the personal data cannot be restored. Make it anonymous and provide it to a third party along with the actual data.
  • a third party if it is necessary to obtain re-consent from the individual who provided the personal data as a predetermined condition, including those involved in data collection, in the case of obtaining re-consent, in the prescribed priority. Perform efficient re-consent procedure processing. The details will be described below.
  • FIG. 2 is a configuration diagram showing an embodiment of the provider data management device 11. Since the provider data management devices 11, 12, 13, ... Have the same configuration, the provider data management device 11 will be described as a representative below.
  • the provider data management device 11 includes a control unit 110 composed of a processor (CPU).
  • the control unit 110 is connected to a display unit 1101 for displaying an image, an operation unit 1102 for inputting and instructing information from the outside, and a provider data DB 1103 for storing predetermined data.
  • the measuring instrument 21 measures various vital data from an individual as personal data.
  • the measuring device 21 includes, for example, a heart rate monitor, a sphygmomanometer, or various sensors, devices, and devices such as an MRI for measuring (imaging) the inside of a living body.
  • the personal terminal 22 includes a personal computer, a smartphone, and various other mobile information and communication terminals, and exchanges information by using SNS (Social Network System), SMS (Short Message Service), or e-mail.
  • SNS Social Network System
  • SMS Short Message Service
  • the provider data DB 1103 stores a control program that controls the provider data management process performed by the control unit 110, and also stores original data including personal data that is actual data of a plurality of individuals measured by the measuring instrument 21. ..
  • FIG. 5 is a memory map showing an example of items of the original data.
  • FIG. 5 (A) shows the item of the data provider, that is, one of the data set units in the present embodiment, for example, the hospital “A”. Next, there is an item of e-mail address in this embodiment of hospital A. Further, as shown in FIG. 5 (B), following the item of the individual's real name, the items of the individual's gender, age, e-mail address, address, primary pseudonym, information account, and actual data (personal data) are the individual.
  • the primary pseudonym refers to identification information that is automatically given according to an individual's real name, typically according to an appropriate rule, when the original data is created at the hospital "A".
  • the information account is an account for managing an individual on the system and includes location information. This information account refers to the accumulation of benefits that are updated each time an individual's personal data is provided.
  • other information items are provided in the original data as needed.
  • there are items of attribute information of measurement participants such as a concessionaire, a collector, and their e-mail addresses.
  • Information account items may also be prepared for concessionaires and collectors.
  • the concessionaire corresponds to, for example, the provider of the measuring instrument or the measuring place
  • the collector corresponds to the person engaged in the measuring work.
  • a data type, a measuring instrument (model name, etc.), and various other measurement conditions for example, measurement date and time, measurement location
  • the benefits shall be borne by the data user, but the data distribution management device 30 may partially bear the benefits or pay in advance.
  • the content of the benefit may be set in advance, or may be determined through negotiations or the like each time an application for data use is made.
  • the control unit 110 functions as a data reception unit 111, a data management unit 112, and a re-consent processing unit 113 when the control program is executed by the processor.
  • the data reception unit 111 performs a process of automatically registering various types of data in the original data table for each individual as shown in FIG. 5 via the operation unit 1102 or depending on the item.
  • the personal data may be associated with an individual's primary pseudonym and the measurement result of the measuring instrument 21 may be automatically input.
  • the consent of each individual and, if necessary, the concessionaire and collector regarding the utilization (primary use) of personal data at the data provider 10 or at the hospital "A" shall be obtained. ..
  • the data management unit 112 manages the following data based on the original data illustrated in FIG.
  • the provider data (primary pseudonym, personal data) may be provided by the relay processing device 40 or may be provided by the provider data management device 11.
  • the data management unit 112 creates a name identification table (primary pseudonym, real name) composed of a set of a primary pseudonym and a real name as data to be submitted to the data distribution management device 30 except for personal data.
  • the data management unit 112 includes a data catalog (provider and data type, which includes a set of a provider, a data type, attribute information, and a number of data, excluding personal data, as data to be submitted to the data distribution management device 30. Attribute information including measuring instruments and other measurement conditions, and the number of data) are created by associating with the primary pseudonym.
  • the data management unit 112 creates data at the time of starting up the provider data management device 11 or at any other appropriate timing, and sends each of the created data to the data distribution management device 30.
  • the name identification table is stored in the name identification data DB 341 of the data distribution management device 30.
  • the data catalog is stored in the data catalog DB 342 of the data distribution management device 30.
  • the re-consent processing unit 113 executes the re-consent process in charge of the provider data management device 11.
  • the re-agreement process when there is a data use request from the user terminal 100, which is a third party, the individual of the personal data corresponding to the request content, and if necessary, the right of interest in the provider and attribute information. It is a procedure process to obtain a consent form for data use (secondary use) from a person and a collector.
  • the re-agreement process is performed by an instruction from the data distribution management device 30 as described later, and is typically performed electronically and via the network 50, but in some cases, some other communication means may be used. It may be applied in some cases.
  • the re-agreement procedure is performed according to a preset priority. That is, the order of priority is provider, concessionaire and collector, and finally individual.
  • the re-agreement processing unit 113 displays the check boxes for consent and disagreement in the re-agreement application, which are provided for each required unit. Operate the operation unit 1102 to enter a mark and give a reply instruction.
  • the re-agreement processing unit 113 ends the re-agreement process, while in the case of consent, the re-agreement for the concessionaire and the collector transmitted at the same time.
  • the application form is sent by e-mail to the relevant concessionaire and collector, and a reply (reply) is awaited.
  • the re-consent processing unit 113 finishes the work if the response from the concessionaire and the collector disagrees, and sends a personal re-consent application to the relevant individual by e-mail for the consent. And wait for a reply (reply). By setting such a priority, the re-consent procedure can be carried out efficiently.
  • FIG. 3 is a configuration diagram showing an embodiment of the data distribution management device 30.
  • the data distribution management device 30 includes a control unit 31 composed of a processor (CPU).
  • the control unit 31 is connected to a display unit 32 for displaying an image, an operation unit 33 for inputting and instructing information from the outside, a name identification data DB 341 for storing name identification data, and a data catalog DB 342 for storing a data catalog. Has been done.
  • the control program for data distribution management may be written in the program storage area in these memories.
  • the control unit 31 functions as a name identification processing unit 311, a catalog management unit 312, a usage request reception unit 313, and a pseudonymization processing unit 314 for provision by executing a control program by the processor.
  • the name identification processing unit 311 creates a secondary pseudonym from the name identification table (primary pseudonym, real name) stored in the name identification data DB 341 and stores it in the name identification data DB 341. More specifically, the name identification processing unit 311 unifies (integrates) the name identification tables (primary pseudonyms, real names) from the provider data management devices 11, 12, 13, ... (See FIG. 6 (A)), and the real names. A name identification process is performed to match the primary kana with the primary kana, a secondary kana integrated from the primary kana is created, and the created secondary kana table (see FIG. 6B) is stored in the name identification data DB 341.
  • this name identification table (primary pseudonym, real name) is transmitted to the data distribution management device 30, the provider data management devices 11, 12, 13, ... Via a network other than the network 50, or another communication method.
  • the risk of leakage of real name data during communication is suppressed by using.
  • the real names of the primary pseudonym ID-a1 of the individual who treated the hospital "A" and the primary pseudonym ID-b5 of the individual who treated the hospital B are the same person, and FIG. Then, it has been replaced with the common secondary pseudonym ID1.
  • the secondary pseudonym may be, for example, a continuous personal number.
  • the secondary pseudonym table of FIG. 6B may be the table of (secondary pseudonym, real name).
  • the catalog management unit 312 unifies and integrates the data catalogs from the respective provider data management devices 11, 12, 13, ... Stored in the data catalog DB 342 to create a comprehensive data catalog. ..
  • the data catalog (attribute information including provider, data type, etc., number of data) associated with the primary pseudonym is associated with the secondary pseudonym with reference to FIG. 6 (B), and the data type. It is edited based on the item of (see FIG. 7B).
  • the part of the comprehensive data catalog is provided on the network 50 and is to be browsed.
  • the data catalog can be sorted based on a part or all of the data items in the browsing range, which is convenient for the user to select the items. Further, instead of the business form in which the data catalog is provided on the network 50, a mode in which the data catalog is used for sales by a person or placed on another medium can be adopted.
  • the usage request reception unit 313 receives the usage request from the user terminal 100 and executes processing according to the content of the request.
  • the request content is specified based on the data items, for example, as shown in FIG. In the example of FIG. 8, other attribute information including a data type, a data provider, a measuring instrument, and the like is assumed. As an example of requesting other attribute information, the gender and age group of the individual attribute information may be included.
  • the usage request reception unit 313 selects a target person who requests re-agreement from the contents of the request. For example, if the request content includes a data provider, the re-agreement process may be executed only for the provider data management device. If not specified, all will be targeted.
  • the usage request reception unit 313 transmits the information of the request content to the target provider data management device via the relay processing device 40 in this example, and instructs the re-agreement process.
  • the re-agreement processing unit 113 described above may execute the selection, or the usage request reception unit 313 processes the selection and responds to the instructions for the re-agreement processing. You may send it with it.
  • the provision pseudonymization processing unit 314 associates the provision data to be provided to the user who has requested the use with the secondary pseudonym, which is uploaded to the relay processing device 40 described later, excluding the item of the real name. Create by editing from the original data. More specifically, the provision kana processing unit 314 deletes the person who disagrees with the re-consent application from the primary and secondary kana tables in FIG. 6B, and the secondary that remains after the deletion. The process of reassigning the pseudonym to the report pseudonym and the process of extracting the secondary pseudonym associated with the report pseudonym from the original data uploaded to the relay processing device 40 and creating the provision data are executed.
  • the reassignment process to the reporting kana is performed on the secondary kana associated with the data catalog, which remains after the deletion.
  • the individual identification information is replaced in order from the top (see the table in FIG. 9B).
  • a character code assigned according to a predetermined rule for example, a serial number is assumed.
  • the person to whom the secondary pseudonym ID 2 (having “attribute information: a, c, ...”) is given is the person who disagrees (see FIG. 9 (A), answer result:).
  • FIG. 4 is a configuration diagram showing an embodiment of the user terminal 100.
  • the user terminal 100 includes a control unit 101 composed of a processor (CPU).
  • the control unit 101 is connected to a display unit 1001 for displaying an image, an operation unit 1002 for inputting and instructing information from the outside, and a storage unit 1003 for temporarily storing data for provision.
  • the storage unit 1003 stores a control program (installed application program) for personal data utilization processing.
  • the user terminal 100 does not have to be a dedicated machine for this system, and can be applied to a general-purpose personal computer device by installing the application program as long as it can communicate via the network 50. It may also be a mobile terminal.
  • the control unit 101 functions as a browsing processing unit 102 and a usage request processing unit 103 when the control program is executed by the processor.
  • the browsing processing unit 102 transmits a browsing request for the data catalog to the relay processing device 40 or the data distribution management device 30, and receives the data catalog so that it can be browsed under predetermined conditions (for example, being a member). ..
  • the usage request processing unit 103 transmits an electronic usage request form (usage application form) including the selected items related to the personal data to be used to the data distribution management device 30 via the relay processing device 40. Since the browsing process for the provision data returned from the system 1 by e-mail or the like in response to the usage request is the same as the handling of general e-mail, the description thereof will be omitted.
  • FIG. 10 is a flowchart showing an example of name identification processing performed by the control unit 31 of the data distribution management device 30.
  • the provider data primary pseudonym
  • Real name and data catalog (primary pseudonym, data type, attribute information, number of data) are received (step S1).
  • the control unit 31 unifies the provider data (primary pseudonym, real name) from all the data providers, and assigns the same secondary pseudonym to each primary pseudonym having the same real name according to a predetermined rule (step). S3).
  • the control unit 31 creates and saves a secondary kana table (secondary kana, primary kana) as shown in FIG. 6B based on the given secondary kana (step S5).
  • FIG. 11 is a flowchart showing an example of the re-agreement process performed by the control unit 31 of the data distribution management device 30.
  • the control unit 31 determines whether or not there is a usage request (step S11), exits this flow if there is no usage request, and if there is a usage request, from the usage request form, the corresponding data provider, data type, and so on. Attribute information is extracted and a procedure instruction is given to the data provider (step S13). At this point, data providers that are no longer covered are excluded.
  • control unit 31 determines whether or not there is a response to the usage request from the corresponding data provider (step S15). Then, the control unit 31 deletes the disagreement for use with reference to the secondary kana table, and reassigns the provision kana to the remaining secondary kana (step S17).
  • the provision pseudonym By reassigning to the provision pseudonym, the individual of the provision data is anonymized. In addition, by reassigning to the provisional pseudonym, there is no guarantee that the individual with the same provisional pseudonym is the same person for each usage request, so even if the data is used multiple times, the individual can be identified. Can't. If the data provider itself responds with disagreement, all subsequent interest holders, collectors and individuals will be treated as disagreement.
  • FIG. 12 is a flowchart showing an example of the re-consent procedure process I performed by the control unit 110 of the provider data management device 11.
  • the control unit 110 agrees or disagrees with the re-agreement application form for its own data provider via the operation unit 1102. Enter. If you disagree, we will return it as it is and will not enter this flow.
  • the control unit 110 determines whether or not the data type selected at the time of the usage request includes the concessionaire and the collector in the attribute information of the measurement participants (step # 1). ). If there is no applicable person, the control unit 110 exits this flow, and if there is a corresponding person, the control unit 110 sends a re-consent document to the applicable concessionaire and collector by e-mail (step # 3).
  • control unit 110 determines whether or not all the applicable concessionaires and collectors have responded (step # 5).
  • the control unit 110 waits for the answers from all the applicable concessionaires and collectors, and sends the re-consent document by e-mail to the remaining applicable individuals except for the disagreement of the answers (step). # 7).
  • the control unit 110 determines whether or not all the relevant individuals have responded (step # 9). Then, the control unit 110 returns the response result to the data distribution management device 30 (step # 11).
  • the above-described embodiment is a method of treating re-consent as re-consent each time and deciding whether or not to consent in response to a usage request from a user, but the present invention is not limited to this, and the present invention is not limited to this. You may adopt the form of comprehensive re-agreement in the form of permission to.
  • the comprehensive re-agreement may include a partial comprehensive re-agreement and a partial batch re-agreement.
  • Comprehensive re-agreement means to grant (set) re-agreement in advance for all data items (including items such as attribute information) of the original data shown in FIG.
  • Partial comprehensive re-agreement means granting re-agreement in advance for a specific one or more data items in the original data.
  • Partial batch re-agreement refers to granting re-agreement in advance as a group for a plurality of specific data items in the original data.
  • the items for which comprehensive re-agreement can be set correspond to the target data items of the usage request by the user among the original data.
  • data type and “actual data”
  • “gender”, “age”, “measuring instrument”, and various items in “other measuring conditions” are included. It can be.
  • the "data provider” may be included.
  • an item of "re-agreement” is set in association with each of the target data items and the like.
  • the item of "re-agreement” is set by alternately switching between "comprehensive” and "every time”.
  • the re-agreement processing unit 113 of the provider data management device 11 refers to the setting contents of each of these comprehensive re-agreement items when requesting re-agreement. Details will be described with reference to FIG.
  • items of comprehensive re-agreement, partial comprehensive re-agreement, and partial batch re-agreement are prepared individually, comprehensive re-agreement is an alternative format, and partial comprehensive re-agreement is input.
  • the desired items may be ORed, and the partial batch reagreement may be an embodiment in which the input desired items are set by a logical product.
  • the data management unit 112 of the provider data management device 11 receives and responds to "comprehensive” and "every time” (including cancellation from “comprehensive") requests for comprehensive reconsent from individuals, interest holders, and collectors. Select “Comprehensive” or “Every time” for the "Re-agreement” item. Each comprehensive re-agreement item may be set at the time of acquisition of the actual data, or may be changed at any time thereafter.
  • the data management unit 112 of the provider data management device 11 assigns an ID or the like to an individual, a concessionaire, or a collector in advance, or gives an authority to accept rewriting of the setting contents from the person's e-mail address.
  • the item of comprehensive re-agreement about the person may be made rewritable.
  • FIG. 13 is a flowchart showing an example of the re-consent procedure process II performed by the control unit 110 of the provider data management device 11.
  • FIG. 13 shows a re-agreement procedure in which a process corresponding to the setting content of the comprehensive re-agreement item is added to the flowchart of FIG. 12, and specifically, steps # 23 to # 37 are added. It differs in that it has been modified, and the other processes are the same.
  • step # 23 the concessionaires and collectors who have consented to comprehensive re-agreement, partial comprehensive re-agreement, and partial batch re-agreement are searched for the data type for which the usage request has been made. Then, the searched one or more applicable persons pass through step # 25 and step # 27, proceed to step # 29, and the searched applicable persons are processed as having consent. On the other hand, in step # 25, a re-consent document is sent to the re-consent concessionaire and the collector each time, and a reply is awaited (step # 27). Then, the person who re-agrees comprehensively and the person who re-agrees each time are put together and proceeds to step # 31.
  • step # 31 the corresponding individual searches for a person who has consented to comprehensive re-agreement, partial comprehensive re-agreement, and partial batch re-agreement for the requested data type, except for the disagreement. To do. Then, the searched one or more individuals pass through step # 33 and step # 35, proceed to step # 37, and the searched corresponding person is processed as having consent. On the other hand, each time in step # 33, a re-consent document is sent to the individual who re-consents and waits for a reply (step # 35). Then, the individual who re-agrees comprehensively and the individual who re-agrees each time are put together and proceeds to step # 39. By giving comprehensive re-agreement in advance in this way, it is possible to omit the work of sending and returning the consent form to the person, and the procedure becomes smoother.
  • provider data is not limited to (provided pseudonym, personal data), but may include items corresponding to the usage request, some attribute information of the individual, such as gender and age.
  • the real name information and the real data are possessed only by the respective providers data management devices 11, 12, 13, ..., And the data distribution management device 30 corresponding to the transaction market does not possess the real data and relays.
  • the processing device 40 does not have the real name information.
  • the security risk is greatly reduced as compared with the case where the original data is possessed in one place and information is leaked.
  • the data distribution management device 30 nor the relay processing device 40 possesses the real name information and the real data at the same time, the personal data of each individual is not specified from these devices. Also, if each device is managed by a separate organization, individual legal damage can be suppressed.
  • the personal data distribution management system individually includes at least one provider data management device, a data distribution management device, and a relay processing device connected on a network.
  • the provider data management device includes a database that stores personal data of an individual measured by a measuring instrument, attribute information related to the individual and the measurement as original data associated with the real name information of the individual.
  • the data distribution management device includes a usage request receiving means for receiving a data usage request from a data user terminal. Based on the data usage request received by the usage request receiving means, the relay processing device selects and responds to personal data of an individual corresponding to the data usage request from the database of each provider data management device. It is output to the data user terminal excluding the personal real name information.
  • the personal data distribution management system individually includes at least one provider data management device and a data distribution management device connected on the network.
  • the provider data management device includes a database that stores personal data of an individual measured by a measuring instrument, attribute information related to the individual and the measurement as original data associated with the real name information of the individual.
  • the data distribution management device is a catalog management means for generating a data catalog by taking in the original data other than the personal data stored in the database of each provider data management device, centralizing the data, and editing the data. To be equipped.
  • the personal data distribution management method individually includes at least one provider data management device, a data distribution management device, and a relay processing device connected on a network.
  • the usage request receiving means of the data distribution management device generates and stores personal data of an individual measured by a measuring instrument and attribute information related to the individual and the measurement as original data associated with the real name information of the individual. To do.
  • the data distribution management device receives a data use request from a data user terminal. Based on the data usage request received by the data distribution management device, the relay processing device selects and responds to personal data of an individual corresponding to the data usage request from the database of each provider data management device. It is output to the data user terminal excluding the personal real name information.
  • the personal data distribution management method individually includes at least one provider data management device and a data distribution management device connected on the network.
  • the provider data management device creates personal data of an individual measured by a measuring instrument, attribute information related to the individual and the measurement as original data associated with the real name information of the individual, and stores it in a database.
  • the catalog management means of the data distribution management device takes in the original data other than the personal data stored in the database of each provider data management device, unifies, and edits to generate a data catalog. To do.
  • the data distribution management device takes in the original data excluding the personal data and generates a data catalog. Further, the relay processing device outputs data excluding personal real name information from the database of each provider data management device to the data user terminal based on the data usage request received from the outside. These enable data distribution management that reduces the risk of information leakage of personal data and personal real name information from the database of each provider data management device to the outside.
  • the catalog management means makes the generated data catalog viewable on the network. With this configuration, the catalog is published efficiently.
  • the provider data management device identifies an individual having personal data to be requested according to an instruction from the data distribution management device in response to the acceptance of the data use request, and information communication of the individual.
  • the data distribution management device is provided with a re-agreement processing means for transmitting data provision permission / rejection inquiry information to the terminal and receiving a provision permission / rejection response, and the data distribution management device controls the output of personal data of an individual who responded to the data provision disapproval. It is preferable to provide data output control means. According to this configuration, the provision of personal data is controlled based on the permission or disapproval of the data provision. Further, since the real name information is excluded when the personal data is provided to the user side, the real name information and the personal data are not linked on the user side.
  • the re-consent processing means is a first inquiry process for instructing an information communication terminal of a person involved in the measurement to inquire about permission or disapproval of data provision, and a response to the data provision consent in the first inquiry process. It is preferable to perform the second inquiry process of instructing the personal information communication terminal of the personal information measured by the measuring instrument in which the person concerned is involved to inquire whether or not to provide the data.
  • the first inquiry processing an inquiry is executed to the person involved in the measurement, and to the individual of the personal data measured by the person who has answered the data provision consent in the first inquiry processing.
  • the second inquiry process is performed.
  • the provider data management device has a plurality of provider data management devices on the network. According to this configuration, the distributed arrangement of the original data is performed more effectively.
  • the provider data management device assigns a primary pseudonym in association with the real name of each individual, and the data distribution management device is stored for each provider data management device. It is preferable to provide a name identification processing means for executing a name identification process that unifies the real names of each individual and assigns a common secondary pseudonym to the common real name. According to this configuration, when each source data of each data provider management device is unified, a unified pseudonym, that is, a secondary pseudonym is set at the same time.
  • the name identification processing means obtains the real name and the primary pseudonym from each of the provider data management devices, performs name identification processing by matching the real name with the primary pseudonym, and is unified from the primary pseudonym. It is preferable to generate the secondary pseudonym. According to this configuration, a unified secondary kana is generated from the primary kana by the name identification process by matching the real name and the primary kana.
  • the data output control means deletes the person who disagrees with the re-consent application from the secondary kana table, and reassigns the secondary kana remaining after the deletion to the reporting kana. Is preferable. According to this configuration, even for the same data item, the reporting pseudonym changes depending on the situation of disagreement at the time of request for use, and the same reporting pseudonym is not necessarily the same person, and anonymity is maintained.
  • the database includes comprehensive re-agreement items that can be selected and set as comprehensive re-agreement or re-agreement each time for a predetermined data item among the original data
  • the provider data management device includes A data management unit that accepts settings for the comprehensive re-agreement item and changes the setting contents is provided, and the re-agreement processing unit is licensed for the setting contents of the comprehensive re-agreement item corresponding to the data item requested to be used.
  • the data distribution management device makes the generated data catalog visible on the network. This allows the catalog to be published efficiently.
  • Control unit 113 Reagreement processing unit 1103 Data DB (database) for provision 21 Measuring instrument 22 Personal terminal 30 Data distribution management device 31 Control unit 311 Name identification processing unit 312 Catalog management unit (catalog management means) 313 Usage Request Reception Department (Usage Request Reception Means) 314 Pseudonymization processing unit for provision (data output control means) 341 Data DB for name identification 342 Data Catalog DB 40 Relay processing device 50 Network 100 User terminal (data user terminal)

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Human Resources & Organizations (AREA)
  • Economics (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Marketing (AREA)
  • Medical Informatics (AREA)
  • Primary Health Care (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Bioethics (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Public Health (AREA)
  • Epidemiology (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Databases & Information Systems (AREA)
  • Accounting & Taxation (AREA)
  • Game Theory and Decision Science (AREA)
  • Biomedical Technology (AREA)
  • Educational Administration (AREA)
  • Finance (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Medical Treatment And Welfare Office Work (AREA)
PCT/JP2020/040568 2019-10-31 2020-10-29 パーソナルデータ流通管理システム及びその方法 Ceased WO2021085519A1 (ja)

Priority Applications (5)

Application Number Priority Date Filing Date Title
JP2021553675A JP7578291B2 (ja) 2019-10-31 2020-10-29 パーソナルデータ流通管理システム
EP20882660.2A EP4053780A4 (en) 2019-10-31 2020-10-29 PERSONAL DATA DISTRIBUTION SYSTEM AND PROCEDURES
US17/771,834 US12124613B2 (en) 2019-10-31 2020-10-29 Personal data distribution management system and personal data distribution management method
CN202080074046.1A CN114600107A (zh) 2019-10-31 2020-10-29 个人数据流通管理系统及其方法
JP2024180652A JP2025013850A (ja) 2019-10-31 2024-10-16 パーソナルデータ流通管理システム及びその方法

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2019198139 2019-10-31
JP2019-198139 2019-10-31

Publications (1)

Publication Number Publication Date
WO2021085519A1 true WO2021085519A1 (ja) 2021-05-06

Family

ID=75716025

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/040568 Ceased WO2021085519A1 (ja) 2019-10-31 2020-10-29 パーソナルデータ流通管理システム及びその方法

Country Status (5)

Country Link
US (1) US12124613B2 (https=)
EP (1) EP4053780A4 (https=)
JP (2) JP7578291B2 (https=)
CN (1) CN114600107A (https=)
WO (1) WO2021085519A1 (https=)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2023019795A (ja) * 2021-07-29 2023-02-09 株式会社日立製作所 データ流通仲介装置およびデータ流通仲介方法
JP2023075816A (ja) * 2021-11-19 2023-05-31 東芝データ株式会社 データサービス提供方法およびデータサービス提供システム
JP2024158881A (ja) * 2023-04-28 2024-11-08 トヨタ自動車株式会社 実証実験管理システム
JP2025114179A (ja) * 2024-01-24 2025-08-05 株式会社サンクスネット 健康医療情報管理システム
US12518058B2 (en) 2023-03-20 2026-01-06 Sharp Kabushiki Kaisha Method of managing device, recording medium, and system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12130944B2 (en) * 2019-10-31 2024-10-29 Nec Corporation Information transaction device, information transaction method, and program
JP2025112741A (ja) * 2024-01-22 2025-08-01 富士フイルム株式会社 情報管理装置及び情報管理装置の作動方法並びに情報管理プログラム

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005346248A (ja) * 2004-06-01 2005-12-15 Mpo:Kk 情報仲介方法及び装置
JP2007141192A (ja) * 2005-11-15 2007-06-07 Japan Medical Information Research Institute Inc データ処理制御装置
JP2007264827A (ja) * 2006-03-27 2007-10-11 Matsushita Electric Ind Co Ltd 個人情報保護装置
JP2011034223A (ja) * 2009-07-30 2011-02-17 Ntt Docomo Inc 情報提供システム
JP2013054732A (ja) * 2011-08-31 2013-03-21 Nhn Corp ユーザ端末で取得したアプリケーションの使用情報をベースとしたサービスシステム及びその方法
JP2014199589A (ja) * 2013-03-29 2014-10-23 ニフティ株式会社 匿名情報配信システム、匿名情報配信方法及び匿名情報配信プログラム
JP2018128884A (ja) 2017-02-09 2018-08-16 富士通株式会社 パーソナルデータ提供システム、パーソナルデータ提供方法及び情報処理装置
JP2019128681A (ja) * 2018-01-22 2019-08-01 富士通株式会社 情報提供装置、情報提供プログラム、情報提供方法、及び情報提供システム
JP6566278B1 (ja) 2018-08-08 2019-08-28 株式会社DataSign パーソナルデータ管理システム
JP6592213B1 (ja) 2019-03-11 2019-10-16 株式会社博報堂Dyホールディングス 仲介装置及びコンピュータプログラム

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5758257A (en) * 1994-11-29 1998-05-26 Herz; Frederick System and method for scheduling broadcast of and access to video programs and other data using customer profiles
US6460036B1 (en) * 1994-11-29 2002-10-01 Pinpoint Incorporated System and method for providing customized electronic newspapers and target advertisements
US6029195A (en) * 1994-11-29 2000-02-22 Herz; Frederick S. M. System for customized electronic identification of desirable objects
US7630986B1 (en) * 1999-10-27 2009-12-08 Pinpoint, Incorporated Secure data interchange
US20030158960A1 (en) * 2000-05-22 2003-08-21 Engberg Stephan J. System and method for establishing a privacy communication path
US20050138659A1 (en) * 2003-12-17 2005-06-23 Gilles Boccon-Gibod Personal video recorders with automated buffering
IL161263A0 (en) * 2004-04-02 2004-09-27 Crossix Solutions Llc A privacy preserving data-mining protocol
EP1774744A2 (en) * 2004-07-09 2007-04-18 Matsushita Electric Industrial Co., Ltd. System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces
WO2007148562A1 (ja) * 2006-06-22 2007-12-27 Nec Corporation 共有管理システム、共有管理方法およびプログラム
KR20070044413A (ko) * 2007-03-28 2007-04-27 안석희 광고 시청 및 채팅에 대한 대가를 이용하여 전자 상거래를수행하는 시스템 및 전자 상거래 방법
US8571519B2 (en) * 2009-05-07 2013-10-29 Nokia Corporation Method and apparatus for using pseudonyms
WO2011000417A1 (en) * 2009-06-30 2011-01-06 Nokia Siemens Networks Oy System for protecting personal data
JP5090425B2 (ja) * 2009-11-12 2012-12-05 日本電信電話株式会社 情報アクセス制御システム及び方法
US20110295988A1 (en) * 2010-05-28 2011-12-01 Le Jouan Herve Managing data on computer and telecommunications networks
CA2999104A1 (en) * 2015-10-16 2017-04-20 Deutsche Telekom Ag Method and system for the protection of confidential electronic data
EP3477527A1 (en) * 2017-10-31 2019-05-01 Twinpeek Privacy management
US10936749B2 (en) * 2018-09-27 2021-03-02 Amber Solutions, Inc. Privacy enhancement using derived data disclosure

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005346248A (ja) * 2004-06-01 2005-12-15 Mpo:Kk 情報仲介方法及び装置
JP2007141192A (ja) * 2005-11-15 2007-06-07 Japan Medical Information Research Institute Inc データ処理制御装置
JP2007264827A (ja) * 2006-03-27 2007-10-11 Matsushita Electric Ind Co Ltd 個人情報保護装置
JP2011034223A (ja) * 2009-07-30 2011-02-17 Ntt Docomo Inc 情報提供システム
JP2013054732A (ja) * 2011-08-31 2013-03-21 Nhn Corp ユーザ端末で取得したアプリケーションの使用情報をベースとしたサービスシステム及びその方法
JP2014199589A (ja) * 2013-03-29 2014-10-23 ニフティ株式会社 匿名情報配信システム、匿名情報配信方法及び匿名情報配信プログラム
JP2018128884A (ja) 2017-02-09 2018-08-16 富士通株式会社 パーソナルデータ提供システム、パーソナルデータ提供方法及び情報処理装置
JP2019128681A (ja) * 2018-01-22 2019-08-01 富士通株式会社 情報提供装置、情報提供プログラム、情報提供方法、及び情報提供システム
JP6566278B1 (ja) 2018-08-08 2019-08-28 株式会社DataSign パーソナルデータ管理システム
JP6592213B1 (ja) 2019-03-11 2019-10-16 株式会社博報堂Dyホールディングス 仲介装置及びコンピュータプログラム

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
RYOSUKE WATANABE: "Passage; Utilization and management of personal information and privacy information in companies", UTILIZATION AND MANAGEMENT OF PERSONAL INFORMATION AND PRIVACY INFORMATION IN COMPANIES: FROM IOT, AI, LOCATION INFORMATION, CAMERA IMAGES TO MANAGEMENT OF EMPLOYEE INFORMATION, 2 May 2018 (2018-05-02), JP, pages 106, XP009536770, ISBN: 978-4-417-01735-6 *
See also references of EP4053780A4

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2023019795A (ja) * 2021-07-29 2023-02-09 株式会社日立製作所 データ流通仲介装置およびデータ流通仲介方法
JP7599387B2 (ja) 2021-07-29 2024-12-13 株式会社日立製作所 データ流通仲介装置およびデータ流通仲介方法
JP2023075816A (ja) * 2021-11-19 2023-05-31 東芝データ株式会社 データサービス提供方法およびデータサービス提供システム
JP7739152B2 (ja) 2021-11-19 2025-09-16 東芝データ株式会社 データサービス提供方法およびデータサービス提供システム
US12518058B2 (en) 2023-03-20 2026-01-06 Sharp Kabushiki Kaisha Method of managing device, recording medium, and system
JP2024158881A (ja) * 2023-04-28 2024-11-08 トヨタ自動車株式会社 実証実験管理システム
JP7722409B2 (ja) 2023-04-28 2025-08-13 トヨタ自動車株式会社 実証実験管理システム
JP2025114179A (ja) * 2024-01-24 2025-08-05 株式会社サンクスネット 健康医療情報管理システム

Also Published As

Publication number Publication date
EP4053780A4 (en) 2023-01-11
US20220374550A1 (en) 2022-11-24
EP4053780A1 (en) 2022-09-07
JP7578291B2 (ja) 2024-11-06
US12124613B2 (en) 2024-10-22
JP2025013850A (ja) 2025-01-28
JPWO2021085519A1 (https=) 2021-05-06
CN114600107A (zh) 2022-06-07

Similar Documents

Publication Publication Date Title
WO2021085519A1 (ja) パーソナルデータ流通管理システム及びその方法
JP4514783B2 (ja) 健康管理データ通信システム
US20120197657A1 (en) Systems and methods to facilitate medical services
JP2003067506A (ja) 医療・健康情報共有利用システム、データ管理センタ、端末、医療・健康情報共有利用方法、医療・健康情報共有利用プログラムを記録した記録媒体、医療・健康情報検索プログラム及びその記録媒体
Colliers et al. Improving Care And Research Electronic Data Trust Antwerp (iCAREdata): a research database of linked data on out-of-hours primary care
JP2004133727A (ja) 医療支援システム
US20120296668A1 (en) System and methods of automated patient check-in, scheduling and prepayment
US11923077B2 (en) Resource efficient computer-implemented surgical resource allocation system and method
US20140136221A1 (en) Online matching system between patient and curer
US20200020440A1 (en) Computer-assist method using distributed ledger technology for operating and managing an enterprise
Batlle et al. Data sharing of imaging in an evolving health care world: report of the ACR Data Sharing Workgroup, part 1: data ethics of privacy, consent, and anonymization
US20230317224A1 (en) Patient specified health record on blockchain
US12074979B2 (en) Secure digital information infrastructure
US20220351162A1 (en) Personalized Out-of-Pocket Cost for Healthcare Service Bundles
Ford et al. Characteristics of telemedicine workflows in nursing homes during the COVID-19 pandemic
JP2018120384A (ja) 文書閲覧システム及びプログラム
JP5602782B2 (ja) 情報提供者端末、及び情報取引方法
Terrizzi et al. Extending the technology acceptance model in healthcare: Identifying the role of trust and shared information
JP2010250756A (ja) 医療情報管理システム
KR102794427B1 (ko) 치과분야 개인데이터 활성화를 위한 마이 치과 데이터 플랫폼시스템
Altinkemer et al. Information Systems and Health Care XII: Toward a Consumer-to-Healthcare Provider (C2H) Electronic Marketplace
Kovach et al. MyMEDIS: a new medical data storage and access system
JP7782677B2 (ja) システム
JP7761146B2 (ja) システム及び方法
JP2026513434A (ja) ヘルスケアサービスおよびネットワークを管理するシステム並びに方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20882660

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021553675

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2020882660

Country of ref document: EP

Effective date: 20220531