WO2022190778A1 - Anonymous medical information management system - Google Patents
Anonymous medical information management system Download PDFInfo
- Publication number
- WO2022190778A1 WO2022190778A1 PCT/JP2022/005769 JP2022005769W WO2022190778A1 WO 2022190778 A1 WO2022190778 A1 WO 2022190778A1 JP 2022005769 W JP2022005769 W JP 2022005769W WO 2022190778 A1 WO2022190778 A1 WO 2022190778A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- medical information
- anonymous
- medical
- patient
- Prior art date
Links
- 238000000605 extraction Methods 0.000 claims description 16
- 230000010365 information processing Effects 0.000 claims description 14
- 239000000284 extract Substances 0.000 claims description 13
- 239000000126 substance Substances 0.000 claims 1
- 238000007726 management method Methods 0.000 description 69
- 238000012360 testing method Methods 0.000 description 27
- 238000010586 diagram Methods 0.000 description 13
- 238000000034 method Methods 0.000 description 12
- 239000008280 blood Substances 0.000 description 11
- 210000004369 blood Anatomy 0.000 description 11
- 239000003814 drug Substances 0.000 description 11
- 229940079593 drug Drugs 0.000 description 11
- 201000010099 disease Diseases 0.000 description 7
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 7
- 238000001356 surgical procedure Methods 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 6
- 238000003745 diagnosis Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 230000000474 nursing effect Effects 0.000 description 6
- 206010020751 Hypersensitivity Diseases 0.000 description 5
- 230000007815 allergy Effects 0.000 description 5
- 238000003384 imaging method Methods 0.000 description 5
- 238000007689 inspection Methods 0.000 description 5
- 235000012054 meals Nutrition 0.000 description 5
- 235000016709 nutrition Nutrition 0.000 description 5
- 208000026935 allergic disease Diseases 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 4
- 230000036541 health Effects 0.000 description 4
- 230000001575 pathological effect Effects 0.000 description 4
- 206010002091 Anaesthesia Diseases 0.000 description 3
- 241000894006 Bacteria Species 0.000 description 3
- 230000037005 anaesthesia Effects 0.000 description 3
- 238000000502 dialysis Methods 0.000 description 3
- 235000013305 food Nutrition 0.000 description 3
- 238000002347 injection Methods 0.000 description 3
- 239000007924 injection Substances 0.000 description 3
- 241000725303 Human immunodeficiency virus Species 0.000 description 2
- 206010028980 Neoplasm Diseases 0.000 description 2
- 201000011510 cancer Diseases 0.000 description 2
- 235000020805 dietary restrictions Nutrition 0.000 description 2
- 238000001839 endoscopy Methods 0.000 description 2
- 238000001631 haemodialysis Methods 0.000 description 2
- 230000000322 hemodialysis Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000000746 purification Methods 0.000 description 2
- 210000002700 urine Anatomy 0.000 description 2
- 208000035473 Communicable disease Diseases 0.000 description 1
- 206010010774 Constipation Diseases 0.000 description 1
- 208000018035 Dental disease Diseases 0.000 description 1
- 206010012735 Diarrhoea Diseases 0.000 description 1
- 206010019799 Hepatitis viral Diseases 0.000 description 1
- 208000020764 Sensation disease Diseases 0.000 description 1
- 208000014151 Stomatognathic disease Diseases 0.000 description 1
- 210000000436 anus Anatomy 0.000 description 1
- 230000001580 bacterial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000009104 chemotherapy regimen Methods 0.000 description 1
- 230000035606 childbirth Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000002059 diagnostic imaging Methods 0.000 description 1
- 210000002249 digestive system Anatomy 0.000 description 1
- 230000035622 drinking Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000029142 excretion Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000003862 health status Effects 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000008774 maternal effect Effects 0.000 description 1
- 230000003340 mental effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000000491 multivariate analysis Methods 0.000 description 1
- 230000035764 nutrition Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 210000002826 placenta Anatomy 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 238000002601 radiography Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000000391 smoking effect Effects 0.000 description 1
- 208000024891 symptom Diseases 0.000 description 1
- 208000006379 syphilis Diseases 0.000 description 1
- 201000008827 tuberculosis Diseases 0.000 description 1
- 201000001862 viral hepatitis Diseases 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/22—Social work or social welfare, e.g. community support activities or counselling services
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H10/00—ICT specially adapted for the handling or processing of patient-related medical or healthcare data
- G16H10/60—ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
Definitions
- the present invention anonymizes medical information created in association with medical treatment performed at a medical institution, stores it in an externally installed anonymous medical information management server, and facilitates the use of the anonymized medical information. It relates to an anonymous medical information management system that can.
- patient's medical information as a typical example of personal information, has been strictly managed so as not to leak outside the medical institution where medical care was provided.
- Patent Literature 1 describes a plurality of information processing apparatuses each having a reference viewer for data display installed in a plurality of departments in a medical institution, an electronic medical chart system having a data warehouse, and the plurality of an information processing device; and a structured medical data integrated management database server computer connected to the data warehouse of the electronic medical record system so that data can be sent and received, wherein the structured medical data integrated management database server computer is operated by a user to perform patient
- An anonymized ID assigning means is provided for automatically assigning an anonymized ID when the ID is registered, and the patient's personal information is assigned as basic patient information together with the patient ID, and other information is assigned an anonymized ID.
- An anonymized medical information search support system is disclosed. This anonymized medical information search support system can be used as an integrated database in clinical practice for diagnosis and treatment of patients. A variety of cases can be examined efficiently.
- Patent Document 2 discloses an electronic medical record input/output terminal that electronically records patient diagnosis or treatment information, and electronic medical record information that is connected to the electronic medical record input/output terminal via a network and input/output through the input/output terminal.
- the server extracts personal information from the electronic medical record information, encrypts the extracted personal information; and encrypts the encrypted personal information.
- An electronic medical record system is disclosed comprising means for performing. As a result, it is possible to provide an electronic medical chart system that clarifies the range of use of personal information.
- JP 2019-133540 A Japanese Patent Application Laid-Open No. 2007-80041
- the conventional technology as described above has a problem that even if the medical information is anonymized or encrypted, the medical information is not provided outside the medical institution. As a result, there is a problem that the medical information cannot be used by medical institutions other than the medical institution.
- medical institutions may need medical information from other medical institutions.
- medical institution to which the patient is transported can obtain the medical information of the patient, an appropriate treatment can be quickly selected.
- the following procedures are taken to obtain patient medical information held by other medical institutions.
- a doctor (first doctor) belonging to a medical institution contacts a doctor (second doctor) belonging to another medical institution that holds the patient's medical information.
- the second doctor collects the patient's medical information and records the medical information on a medium such as a CD-ROM or a USB memory.
- the doctor 2 delivers the medium to the first doctor using mail or the like.
- the present invention anonymizes medical information created in association with medical treatment performed at a medical institution, stores it in an externally installed anonymous medical information management server, and stores the anonymized medical information.
- the purpose is to provide an anonymous medical information management system in which information can be used easily.
- the inventors of the present invention as a result of diligent research and development on the above-mentioned problems, have found the following epoch-making anonymous medical information management system.
- a first aspect of the present invention for solving the above problems is a medical institution terminal under the management of a medical institution, and an anonymous medical institution terminal under the management of the medical institution and connected to the medical institution terminal.
- An anonymous medical information management system comprising an anonymization device and an anonymous medical information management server connected to the anonymization device via a network, wherein the medical institution terminal includes patient identification information that can identify a patient and the patient's medical treatment information.
- the anonymization device has an input unit for inputting information, and an anonymized ID creation unit that creates an anonymized patient ID that is different from the patient identification information based on the patient identification information transmitted from the medical institution terminal.
- the anonymous medical information management server has an anonymous medical information database that stores anonymized IDs and anonymous medical information.
- medical institution refers to an individual or organization (including corporations) that provides medical care, and includes, for example, hospitals (including dental clinics) and clinics.
- “Placed under the control of a medical institution” means to be placed (installed) in a place that can be managed by the medical institution, and may be in the facility of the medical institution, or be substantially managed by the medical institution. It may be built in a facility of a company outsourced by a medical institution or in a so-called cloud server, as long as it can be done.
- Patient identification information means information that can identify a specific individual (patient). Examples of patient identification information include My Number (personal number), passport or driver's license number in Japan, and Social Security Number in the United States. "Patient identification information” corresponds to personal information defined in the so-called Personal Information Protection Law in Japan, and is information that requires strict management.
- Medical information refers to information created in association with a medical practice performed at a medical institution, and includes, for example, at least part of the following information. ⁇ Patient basic information>
- Prescription/injection order content test (specimen/bacteria) order content, blood transfusion order content, pathological test order content, imaging physiological test order content, rehabilitation order content, meal order content, nutritional guidance order content, surgery order content, dialysis order content Contents, disease name order content, general order content, path order content ⁇ nursing support plan information> Treatment problems, nursing decisions, daily life support plan, patient's condition confirmation plan, results ⁇ nursing record information> Measured values and observation results of nursing order items, performance records of daily life support items, patient reactions, details of instructions and implementation from doctors ⁇ prescription/injection order information> Prescription content, injection drug content, contraindication information ⁇ medication guidance order information> Contents of medication instructions ⁇ Information on drug contraindications> Allergy information ⁇ chemotherapy regimen information> Disease name information, prescription information, protocol information, sample test information ⁇ Test order information for sample/bacterial test> Contents of inspection, type of sample, inspection method Inspection details, tube type ⁇ Information on specimen/bacteria test results> Test
- Specific information is information necessary for identifying the patient among the information included in the medical information.
- Specific information includes, for example, name, gender, date of birth, occupation, phone number (mobile phone number), address, health insurance card number, contact information (phone number, name, relationship, cohabitation), and the like.
- the anonymous medical information management server installed outside the control of the medical institution. Therefore, medical information itself, which is personal information, is not provided outside the medical institution, and leakage of personal information can be prevented. Also, since the anonymous medical information management server stores a large amount of anonymous medical information provided by a plurality of medical institutions, it can easily handle a large amount of anonymous medical information.
- the anonymous medical information management server extracts anonymous medical information associated with the anonymized ID from the anonymous medical information database based on the anonymized ID, and transmits the anonymous medical information to the anonymization device.
- the anonymizing device decrypts at least part of the patient's medical information from the anonymous medical information based on the patient identification information, the anonymized ID, and the anonymous medical information.
- Anonymous medical care according to the first aspect, characterized in that it has a decryption unit, and the medical institution terminal has a display unit that displays at least part of the patient's medical information decrypted by the decryption unit. It is in the information management system.
- decrypting at least part of the medical information is a concept that includes not only restoring the medical information completely, but also partially decrypting the medical information. This is because, as mentioned above, anonymous medical information does not contain specific information, so if a medical institution does not possess patient specific information or specific information associated with an anonymized ID, the medical information will not be completely preserved. This is because it cannot be restored. If there is patient identification information and associated anonymous medical information (part of medical information), the medical institution can fully use the information as medical information.
- the patient's medical information (created by another medical institution) ) can be displayed on the display unit in real time.
- the medical institution can display the medical information of the patient in real time on the display unit when necessary without owning the medical information.
- an anonymous medical information management system is connected via a network to an information processing terminal that receives anonymous medical information, and an anonymous medical information management server receives a predetermined medical information from an anonymous medical information database.
- the anonymous medical information management system according to the first or second aspect is characterized by having a second anonymous medical information extraction unit that extracts anonymous medical information that satisfies a condition and transmits it to the information processing terminal.
- a large amount of anonymous medical information that satisfies a predetermined condition can be extracted and transmitted to the information processing terminal, so that analysis using anonymous medical information can be easily performed.
- an anonymous medical information management server extracts a plurality of pieces of anonymous medical information associated with the same anonymized ID, creates one piece of anonymous medical information, and stores it in an anonymous medical information database.
- the anonymous medical information management system according to any one of the first to third aspects, characterized by having a name identification unit for storing.
- one piece of anonymous medical information associated with one anonymized ID is stored in the anonymous medical information database. That is, one piece of anonymous medical information is stored in the anonymous medical information database for each anonymized ID. As a result, anonymous medical information can be extracted more quickly from the anonymous medical information database.
- the terms “database”, “system”, and “department” do not simply mean physical means. including cases where the functions of one "database”, “system” or “department” are realized by two or more physical means or devices, two or more "databases”, “systems” or “departments” Functions may be realized by one physical means or device.
- FIG. 1 is a conceptual diagram of an anonymous medical information management system according to Embodiment 1.
- FIG. FIG. 2 is a conceptual diagram of the medical institution terminal according to the first embodiment.
- FIG. 3 is a conceptual diagram of an anonymization device according to Embodiment 1.
- FIG. 4 is a conceptual diagram showing an example of procedures for decryption and encryption.
- FIG. 5 is a conceptual diagram showing an example of procedures for decryption and encryption.
- FIG. 6 is a conceptual diagram of an anonymous medical information management server according to the first embodiment.
- FIG. 7 is a flow chart showing the operation of the anonymous medical information management system (anonymized ID/anonymous medical information storage) according to the first embodiment.
- FIG. 8 is a flow chart showing the operation (medical information acquisition) of the anonymous medical information management system according to the first embodiment.
- FIG. 9 is a conceptual diagram of an anonymous medical information management system according to the second embodiment.
- FIG. 10 is a conceptual diagram of an anonymous medical information management server according to the second embodiment.
- FIG. 11 is a conceptual diagram of an anonymous medical information management system according to the third embodiment.
- FIG. 1 is a conceptual diagram of an anonymous medical information management system according to this embodiment.
- the anonymous medical information management system 1 includes medical institution terminals 10a and 10b installed under the control of a medical institution M (within the facility of the medical institution), and medical institution terminals 10a and 10b. It is composed of an anonymization device 20 connected via an internal network 15 and an anonymous medical information management server 30 connected to the anonymization device 20 via a network 40 .
- the number of medical institution terminals may be one or three or more.
- a plurality of medical institutions in which medical institution terminals and anonymization devices are installed may be connected via the network 40. Needless to say.
- a plurality of anonymous medical information management servers 30 may be connected.
- FIG. 2 is a conceptual diagram of the medical institution terminal 10a.
- the medical institution terminals 10a and 10b include an input unit 11 for inputting patient identification information that can identify a patient and the patient's medical information, and the patient's medical information decrypted by a decryption unit 23 of the anonymization device 20, which will be described later. is not particularly limited as long as it has a display unit 12 that displays at least a part of.
- the medical institution terminal 10a and the medical institution terminal 10b may be the same or different.
- the input unit 11 is not particularly limited as long as it can input patient identification information that can identify a patient and the patient's medical information.
- Examples of the input unit 11 include a keyboard, touch panel, voice input device, and the like.
- the display unit 12 is not particularly limited as long as it can display patient's medical information or the like.
- Examples of the display unit 12 include a liquid crystal panel and an organic EL panel.
- the medical institution terminals 10a and 10b are not particularly limited as long as they have the functions described above.
- Examples of the medical institution terminals 10a and 10b include personal computers (including notebook personal computers), tablet computers, smartphones, and the like.
- the medical institution network 15 is not particularly limited as long as it can connect the medical institution terminals 10 a and 10 b and the anonymization device 20 .
- the network 15 within the medical institution includes, for example, an intranet.
- FIG. 3 is a conceptual diagram of the anonymization device 20. As shown in FIG. As shown in this figure, the anonymization device 20 has an anonymization ID creation section 21 , an anonymization section 22 and a decryption section 23 .
- the anonymized ID creation unit 21 is not particularly limited as long as it can create a patient's anonymized ID that differs from the patient identification information based on the patient identification information.
- An example of the anonymized ID creation unit 21 is a program that creates an anonymized patient ID that differs from the patient identification information based on the patient identification information.
- FIG. there is an encoding/decoding program as shown in FIG.
- 10 character strings patient identification information
- “0123456789” are converted to the first ASCII code (30, 31, 32, 33, 34, 35, 36, 37, 38, 39) for each character.
- this first ASCII code is converted into the first bit string (00110000, 00110001, 00110010, 00110011, 00110100, 00110101, 00110110, 00110111, 00111000, 00111001).
- the exclusive OR operation of the Bit string is performed to convert to the second Bit string (01100101, 01100100, 01100111, 01100110, 01100001, 01100000, 01100011, 01100010, 01101101, 0110110) do.
- each character string in the second Bit string is converted into the second ASCII code (65, 64, 67, 66, 61, 60, 63, 62, 6D, 6E).
- the second ASCII code is converted into a character string (anonymized ID) (edgfa_cbmn).
- an anonymized ID of a patient different from the patient identification information can be created based on the patient identification information.
- the encryption key string in this program must be kept secret at a very high level so as not to be leaked to the outside.
- the anonymized ID creating unit 21 the following programs can be mentioned. First, as shown in FIG. 5(a), the product (6, 10, 12, 12 , 35, 36, 35, 32, 27, 0, 1, 18). Then, the sum (224) of these products is calculated, and the remainder (8) obtained by dividing the sum by 9 is calculated. This remainder (8) is used as a check digit.
- a sequence is created by adding a check digit (8) to the final part of my number (123456789012). Then, the sum (calculation 1) of each digit of my number (123456789012) other than the check digit and the 12-digit calculation key (654376543219) is performed, and the sequence (7, 7, 7, 7, 12, 12, 12 , 12, 12, 2, 2, 11, 8) are calculated (the 13th check digit (8) is transcribed as it is).
- an anonymized ID of a patient different from the patient identification information can be created based on the patient identification information.
- the calculation key in this program must be kept secret at a very high level so as not to be leaked to the outside.
- the anonymized ID created in this manner can be decoded into patient identification information by the anonymization unit 22, which will be described later.
- the anonymization unit 22 deletes the specific information necessary to identify the patient from the medical information, and creates an anonymous medical treatment associated with the patient's anonymized ID created by the anonymized ID creation unit 21. It is not particularly limited as long as it can create information.
- the specific information is information necessary for identifying the patient among the information included in the medical information. Specific information includes, for example, name, gender, date of birth, occupation, phone number (mobile phone number), address, health insurance card number, contact information (phone number, name, relationship, cohabitation), and the like.
- “associated” means that the patient's anonymized ID and the patient's medical information (with the specific information deleted) are linked, and the medical treatment linked from the anonymized ID to the anonymized ID. This is a concept that includes making information (with specific information deleted) available for extraction.
- the anonymization unit 22 deletes the specific information required to identify the patient, and creates anonymous medical information associated with the patient's anonymized ID created by the anonymized ID creation unit 21. can be created.
- the decryption unit 23 is not particularly limited as long as it can decrypt at least part of the patient's medical information from the anonymous medical information based on the patient identification information, the anonymized ID, and the anonymous medical information. .
- a program such as the following, which decrypts at least part of the patient's medical information from the anonymous medical information based on the patient identification information, the anonymized ID, and the anonymous medical information. are mentioned.
- FIG. 4 there is a program or the like that reverses the process of creating an anonymized ID from the patient identification information described above. In this manner, patient identification information can be created (decrypted) based on the anonymized ID.
- the decryption unit 23 there is a program for decrypting My Number, which is the patient identification information, from the anonymized ID. Specifically, first, the difference (calculation 2) between each digit of the calculation key (654376543219) is taken from the 12-digit sequence (7777222222218) excluding the check digit (8), which is the last digit of the anonymized ID, and the sequence Create (1,2,3,4,-5,-4,-3,-2,-1,0,1,-8). Next, by adding 10 to the number of digits having a value less than 0 (negative value) in these sequences, my number (123456789012), which is the patient identification information, can be restored. The check digit (8), which is the last digit of the anonymized ID, performs the same calculation as described in FIG. It is possible to determine whether the My Number has been correctly decrypted.
- the medical information of the patient can be obtained.
- the anonymization device 20 is not particularly limited as long as it has the above-described anonymization ID creation unit 21, anonymization unit 22, and decryption unit 23.
- FIG. Examples of the anonymization device 20 include a commercially available personal computer, a dedicated device incorporating the functions described above, and the like.
- FIG. 6 is a schematic diagram of the anonymous medical information management server 30. As shown in FIG. As shown in this figure, the anonymous medical information management server 30 has an anonymous medical information database 31 and a first anonymous medical information extractor 32 .
- the anonymous medical information database 31 is not particularly limited as long as it can store anonymized IDs 311 and anonymous medical information 312 .
- Examples of the anonymous medical information database 31 include commercially available relational database systems.
- the first anonymous medical information extraction unit 32 can extract anonymous medical information 312 associated with the anonymized ID 311 from the anonymous medical information database 31 based on the anonymized ID, and transmit the information to the anonymization device 20 . It is not particularly limited as long as it can be used. As the first anonymous medical information extraction unit 32, for example, based on the anonymized ID 311, the anonymous medical information 312 associated with the anonymized ID 311 is extracted from the anonymous medical information database 31 and transmitted to the anonymization device 20. programs that
- the anonymous medical information management server 30 is not particularly limited as long as it has the anonymous medical information database 31 and the first anonymous medical information extraction unit 32 described above.
- Examples of the anonymous medical information management server 30 include commercially available personal computers and dedicated servers.
- FIG. 7 is a flow chart showing the operation of the anonymous medical information management system 1 (anonymized ID/anonymous medical information storage). Below, a case where patient identification information and the like are input from the medical institution terminal 10a will be described.
- the anonymous medical information management system 1 when the anonymous medical information management system 1 is started, first, the patient identification information and the patient's medical information are input to the input unit 11 of the medical institution terminal 10a (S1). These pieces of information are then sent to the anonymization device 20 via the intra-medical institution network 15 .
- the anonymization device 20 that has received these pieces of information creates an anonymization ID 311 based on the transmitted patient identification information, creates anonymous medical information 312 from medical information (S2), and transmits these information via the network 40. to the anonymous medical information management server 30.
- the transmitted anonymized ID 311 and anonymous medical information 312 are then stored in the anonymous medical information database 31 (S3), and the operation ends.
- the anonymized ID 311 and the anonymous medical information 312 created based on the patient identification information and the patient's medical information input to the medical institution terminal 10a are stored in the anonymous medical information database 31.
- FIG. 8 is a flow chart showing the operation of the anonymous medical information management system 1 (obtaining medical information).
- the anonymous medical information management system 1 is started, first, patient identification information is input to the input unit 11 of the medical institution terminal 10a (s1). Then, this patient identification information is transmitted to the anonymization device 20 via the intra-medical institution network 15 .
- the anonymization device 20 that has received this information creates an anonymization ID 311 based on the patient identification information (s2), and transmits this anonymization ID 311 to the anonymous medical information management server 30 via the network 40 .
- the anonymous medical information management server 30 that has received this anonymized ID 311 extracts the anonymous medical information 312 associated with this anonymized ID 311 from the anonymous medical information database 31 by the first anonymous medical information extraction unit 32 (s3 ), to the anonymization device 20 .
- the first anonymous medical information extraction unit 32 may transmit the anonymous medical information 312 together with the anonymized ID 311 associated with the anonymous medical information 312 to the anonymization device 20 .
- the anonymization device 20 that has received this anonymous medical information 312 decrypts at least part of the medical information using the decryption unit 23 (s4), and transmits the decrypted medical information to the medical institution terminal 10a.
- the medical institution terminal 10a which has received at least part of the medical information, displays the information together with the patient identification information on the display unit 12 (s5), and terminates the operation.
- the anonymous medical information management system 1 As described above, according to the anonymous medical information management system 1 according to this embodiment, a large amount of anonymous medical information that does not correspond to personal information can be collected and stored in the anonymous medical information database 31 . In addition, at least part of medical information created by other medical institutions can be obtained in real time. (Embodiment 2)
- the anonymous medical information management system 1 includes medical institution terminals 10a and 10b, an anonymization device 20 connected to them via the medical institution network 15, and anonymization device 20 and network 40. and an anonymous medical information management server 30 connected via a network, but the present invention is not limited to this.
- an information processing terminal 50 is further connected, and the anonymous medical information management server 30A has a second anonymous medical information extraction unit 35 as shown in FIG.
- a medical information management system 1A may be configured.
- the second anonymous medical information extraction unit 35 is not particularly limited as long as it extracts the anonymous medical information 312 that satisfies a predetermined condition from the anonymous medical information database 31 and transmits it to the information processing terminal 50 .
- Examples of the second anonymous medical information extraction unit 35 include a program that extracts anonymous medical information 312 that satisfies a predetermined condition and transmits the information to the information processing terminal 50 .
- the information processing terminal 50 is not particularly limited as long as it can process the anonymous medical information 312 that satisfies a predetermined condition and is transmitted from the anonymous medical information management server 30 .
- the information processing terminal 50 for example, a personal computer or the like installed with a program for performing multivariate analysis for analyzing the cause of the onset of a disease or a program for performing logistic analysis for predicting the probability of developing a certain disease is installed. mentioned.
- Other components are the same as in the first embodiment.
- the anonymous medical information database 31 may store a plurality of pieces of anonymous medical information for one anonymized ID, but the present invention is not limited to this.
- the anonymous medical information management system may be configured such that the anonymous medical information management server 30B has a name matching unit 37.
- FIG. 11 the anonymous medical information management system may be configured such that the anonymous medical information management server 30B has a name matching unit 37.
- the name identification unit 37 extracts multiple pieces of anonymous medical information associated with the same anonymized ID, creates one piece of anonymous medical information, and stores it in the anonymous medical information database. is not particularly limited. Examples of the name identification unit 37 include a program that extracts a plurality of pieces of anonymous medical information associated with the same anonymized ID, creates one piece of anonymous medical information, and stores it in an anonymous medical information database. Other components are the same as in the first embodiment.
- one piece of anonymous medical information associated with one anonymized ID is stored in the anonymous medical information database 31 . That is, one anonymous medical information 312 is stored in the anonymous medical information database 31 for each anonymized ID. As a result, anonymous medical information can be extracted from the anonymous medical information database 31 more quickly.
- the first anonymous medical information extracting unit and the second anonymous medical information extracting unit were explained as separate units.
- the anonymous medical information management system may be configured to have the function, or the anonymous medical information management system may be configured so that the second anonymous medical information extraction unit has the same function as the first anonymous medical information extraction unit. It goes without saying that it is good.
- the anonymous medical information management system is configured such that the decryption unit decrypts at least part of the medical information, but the present invention is not limited to this.
- a terminal for a medical institution stores specific information associated with each patient specific information, and when the medical information of the patient is displayed on the display unit, the specific information is also displayed.
- An information management system may be configured.
- the anonymization device stores the specific information associated with at least one of the patient specific information and the anonymized ID, and stores the specific information associated with the anonymized ID together with part of the decrypted medical information. You may make it transmit to the terminal for medical institutions.
- the method of storing the specific information is not particularly limited, and the specific information may be stored in a storage medium such as a memory or a hard disk.
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Business, Economics & Management (AREA)
- Tourism & Hospitality (AREA)
- General Physics & Mathematics (AREA)
- Primary Health Care (AREA)
- Physics & Mathematics (AREA)
- Marketing (AREA)
- Medical Informatics (AREA)
- Human Resources & Organizations (AREA)
- Child & Adolescent Psychology (AREA)
- Strategic Management (AREA)
- Public Health (AREA)
- General Business, Economics & Management (AREA)
- Economics (AREA)
- Epidemiology (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Medical Treatment And Welfare Office Work (AREA)
Abstract
[Problem] To provide an anonymous medical information management system that anonymizes medical information created along with a medical examination performed at a medical institution, stores the anonymized medical information in an externally provided anonymous medical information management server, and can readily use the anonymized medical information. [Solution] Each of medical institution terminals 10a, 10b has an input unit for inputting patient identification information that can identify a patient, and medical information about the patient. An anonymization device 20 has: an anonymized ID creation unit that creates, on the basis of the patient identification information transmitted from the medical institution terminal, anonymized ID of a patient different from the patient identification information; and an anonymization unit that removes from the medical information about the patient transmitted from the medical institution terminal, the identification information necessary for identifying the patient, and creates anonymous medical information associated with the anonymized ID of the patient. An anonymous medical information management server 30 has an anonymous medical information database storing the anonymized ID and the anonymous medical information.
Description
本発明は、医療機関で行われる診療行為に伴って作成される医療情報を匿名化して、外部に設置された匿名医療情報管理サーバに格納すると共に、その匿名化された医療情報を容易に利用できる匿名医療情報管理システムに関する。
The present invention anonymizes medical information created in association with medical treatment performed at a medical institution, stores it in an externally installed anonymous medical information management server, and facilitates the use of the anonymized medical information. It relates to an anonymous medical information management system that can.
従来から、患者の医療情報は、個人情報の典型的な代表例として、診療を受けた医療機関外に流出しないように厳密に管理されてきた。
Conventionally, patient's medical information, as a typical example of personal information, has been strictly managed so as not to leak outside the medical institution where medical care was provided.
例えば、特許文献1には、医療機関内の複数の部門にそれぞれ設置されるデータ表示用の参照ビューアを備えた複数の情報処理装置と、データウエアハウスを備えた電子カルテシステムと、前記複数の情報処理装置、及び前記電子カルテシステムのデータウエアハウスとデータ送受信可能に接続された構造化診療データ統合管理データベースサーバコンピュータとを備え、前記構造化診療データ統合管理データベースサーバコンピュータは、利用者によって患者IDが登録されると、自動的に匿名化IDを付与する匿名化ID付与手段を備えており、患者の個人情報は患者IDとともに患者基本情報として、その他の情報は匿名化IDが付与された拡張患者情報としてサーバ記憶部に記録され、構造化診療データ統合管理データベースに蓄積され、各診療科において特定患者の診断・治療を行う場合には、前記構造化診療データ統合管理データベースに格納された情報は患者IDとともに表示され、診療情報を検索する検索画面に切り替えて検索する場合には、患者情報は患者個人情報が含まれる患者IDと切り離されて匿名化IDによって処理されることを特徴とする匿名化医療情報検索支援システムが開示されている。この匿名化医療情報検索支援システムでは、実臨床における統合データベースとして患者の診断・治療に役立てるとともに、類似症例の検討を行う場合の検索作業を行う際には、個人情報を漏洩する心配がなく、多様な症例について効率的に検討することができる。
For example, Patent Literature 1 describes a plurality of information processing apparatuses each having a reference viewer for data display installed in a plurality of departments in a medical institution, an electronic medical chart system having a data warehouse, and the plurality of an information processing device; and a structured medical data integrated management database server computer connected to the data warehouse of the electronic medical record system so that data can be sent and received, wherein the structured medical data integrated management database server computer is operated by a user to perform patient An anonymized ID assigning means is provided for automatically assigning an anonymized ID when the ID is registered, and the patient's personal information is assigned as basic patient information together with the patient ID, and other information is assigned an anonymized ID. It is recorded in the server storage unit as extended patient information, accumulated in the structured medical data integrated management database, and stored in the structured medical data integrated management database when diagnosing and treating a specific patient in each clinical department The information is displayed together with the patient ID, and when switching to a search screen for searching medical information and searching, the patient information is separated from the patient ID containing the patient's personal information and processed by the anonymized ID. An anonymized medical information search support system is disclosed. This anonymized medical information search support system can be used as an integrated database in clinical practice for diagnosis and treatment of patients. A variety of cases can be examined efficiently.
また、特許文献2には、患者の診断又は治療の情報を電子的に記録する電子カルテ入出力端末と、この電子カルテ入出力端末とネットワーク接続されその入出力端末により入出力される電子カルテ情報を管理するサーバとを備えた電子カルテシステムにおいて、前記サーバは、前記電子カルテ情報のうちの個人情報を抽出し、その抽出された個人情報を暗号化する手段と、前記暗号化された個人情報についての暗号鍵情報を生成する手段と、前記個人情報の利用に関しての利用基準を記憶する手段と、前記記憶された個人情報の利用基準を参照し、前記生成された暗号鍵情報による復号を制限する手段を備えることを特徴とする電子カルテシステムが開示されている。これにより、個人情報の利用範囲を明確化した電子カルテシステムを提供することができる。
In addition, Patent Document 2 discloses an electronic medical record input/output terminal that electronically records patient diagnosis or treatment information, and electronic medical record information that is connected to the electronic medical record input/output terminal via a network and input/output through the input/output terminal. , wherein the server extracts personal information from the electronic medical record information, encrypts the extracted personal information; and encrypts the encrypted personal information. Means for generating encryption key information for, means for storing usage criteria for use of the personal information, and referring to the stored usage criteria for personal information to restrict decryption by the generated encryption key information An electronic medical record system is disclosed comprising means for performing. As a result, it is possible to provide an electronic medical chart system that clarifies the range of use of personal information.
しかしながら、上述したような従来技術では、例え医療情報が匿名化されたり、暗号化されたとしても、その医療情報をその医療機関外に提供されることはないという問題点があった。その結果、その医療機関以外の医療機関等では医療情報を利用することができないという問題点があった。
However, the conventional technology as described above has a problem that even if the medical information is anonymized or encrypted, the medical information is not provided outside the medical institution. As a result, there is a problem that the medical information cannot be used by medical institutions other than the medical institution.
一方で、学会や製薬企業等では、個人を特定できる情報以外の医療情報を収集し、それらを分析等して臨床試験や治療方法に役立てたいというニーズはあるが、それらの医療情報を容易に入手することができないという問題点があった。
On the other hand, academic societies and pharmaceutical companies have a need to collect medical information other than information that can identify individuals, analyze it, and use it for clinical trials and treatment methods. There was a problem that it was not possible to obtain it.
さらに、医療機関であっても、他の医療機関での医療情報を必要とする場合がある。例えば患者が緊急搬送された場合は、搬送された医療機関がその患者の医療情報を入手できれば、素早く適切な治療行為を選択することができる。しかし、現時点では、他の医療機関が保有する患者の医療情報を入手するには、次のような手続が行われている。
Furthermore, even medical institutions may need medical information from other medical institutions. For example, when a patient is urgently transported, if the medical institution to which the patient is transported can obtain the medical information of the patient, an appropriate treatment can be quickly selected. However, at present, the following procedures are taken to obtain patient medical information held by other medical institutions.
まず、医療機関に所属する医師(第1医師)が、その患者の医療情報を保有する他の医療機関に所属する医師(第2医師)に連絡を取る。その後、第2医師がその患者の医療情報を収集し、それらの医療情報をCD-ROMやUSBメモリ等の媒体に記録する。そして、その媒体を医師2が郵便等を利用して第1医師に届ける。
First, a doctor (first doctor) belonging to a medical institution contacts a doctor (second doctor) belonging to another medical institution that holds the patient's medical information. After that, the second doctor collects the patient's medical information and records the medical information on a medium such as a CD-ROM or a USB memory. Then, the doctor 2 delivers the medium to the first doctor using mail or the like.
このような手続きが必要になるため、他の医療機関が保有する患者の医療情報を入手するには、早くても1カ月程度の期間が必要となり、早期に患者の医療情報を入手することができないという問題点があった。
Because such procedures are necessary, it takes at least one month to obtain the patient's medical information held by other medical institutions. I had a problem that I couldn't.
また、医療機関同士で、患者の医療情報を共有していないため、医療機関ごとに、同一患者に対して同様の検査を行う必要があるという問題点があった。その結果、日本の国民皆保険制度への財政的な圧迫につながってしまうという問題点があった。なお、例え医療情報を共有するシステムを構築したとしても、そのシステムの維持にかかる費用を誰が負担するのかという点は解決されていない。匿名化されていない医療情報は、個人情報であり、日本の個人情報保護法を遵守しつつ、そのシステムを維持するには、相当の費用がかかると考えられる。
In addition, since medical institutions do not share patient medical information, there is a problem that each medical institution needs to perform the same examination for the same patient. As a result, there was a problem that it would lead to financial pressure on Japan's universal health insurance system. Even if a system for sharing medical information is built, the question of who should bear the costs of maintaining the system remains unresolved. Medical information that has not been anonymized is personal information, and maintaining the system while complying with the Personal Information Protection Law in Japan would require considerable costs.
さらに、一部の学会は、匿名化された医療情報を保有しているが、その医療情報の数は少なく、様々な分析に用いることができないという問題点があった。一方で、これらの学会が保有する匿名化された医療情報を合わせて、匿名化された多数の医療情報を集めることも考えられる。しかし、各学会の医療情報には、同一人物の医療情報がそれぞれ含まれている可能性がある。したがって、それらの匿名化された医療情報をそのまま纏めると、同一人物の医療情報が複数含まれる可能性があるので、これらの匿名化された医療情報を分析に利用することができないという問題点があった。
Furthermore, some academic societies have anonymized medical information, but there is a problem that the amount of medical information is small and cannot be used for various analyses. On the other hand, it is also conceivable to collect a large amount of anonymized medical information by combining the anonymized medical information held by these societies. However, medical information of each academic society may contain medical information of the same person. Therefore, if the anonymized medical information is compiled as it is, there is a possibility that multiple medical information of the same person will be included, so there is a problem that this anonymized medical information cannot be used for analysis. there were.
本発明は上述した事情に鑑み、医療機関で行われる診療行為に伴って作成される医療情報を匿名化して、外部に設置された匿名医療情報管理サーバに格納すると共に、その匿名化された医療情報を容易に利用できる匿名医療情報管理システムを提供することを目的とする。
In view of the above-mentioned circumstances, the present invention anonymizes medical information created in association with medical treatment performed at a medical institution, stores it in an externally installed anonymous medical information management server, and stores the anonymized medical information. The purpose is to provide an anonymous medical information management system in which information can be used easily.
本発明の発明者は、上述した問題点に関して鋭意研究・開発を続けた結果、以下のような画期的な匿名医療情報管理システムを見出した。
The inventors of the present invention, as a result of diligent research and development on the above-mentioned problems, have found the following epoch-making anonymous medical information management system.
上記課題を解決するための本発明の第1の態様は、医療機関の管理下に置かれた医療機関用端末と、医療機関の管理下に置かれ、かつ医療機関用端末と接続された匿名化装置と、匿名化装置とネットワークを介して接続された匿名医療情報管理サーバとを具備する匿名医療情報管理システムであって、医療機関用端末は、患者を特定できる患者特定情報および患者の医療情報を入力する入力部を有し、匿名化装置は、医療機関用端末から送信された患者特定情報に基づいて、患者特定情報とは異なる患者の匿名化IDを作成する匿名化ID作成部と、医療機関用端末から送信された患者の医療情報から患者を特定するために必要となる特定情報を削除すると共に、患者の匿名化IDとを関連付けた匿名医療情報を作成する匿名化部とを有し、匿名医療情報管理サーバは、匿名化IDおよび匿名医療情報を格納する匿名医療情報データベースを有することを特徴とする匿名医療情報管理システムにある。
A first aspect of the present invention for solving the above problems is a medical institution terminal under the management of a medical institution, and an anonymous medical institution terminal under the management of the medical institution and connected to the medical institution terminal. An anonymous medical information management system comprising an anonymization device and an anonymous medical information management server connected to the anonymization device via a network, wherein the medical institution terminal includes patient identification information that can identify a patient and the patient's medical treatment information. The anonymization device has an input unit for inputting information, and an anonymized ID creation unit that creates an anonymized patient ID that is different from the patient identification information based on the patient identification information transmitted from the medical institution terminal. and an anonymization unit that deletes specific information necessary to identify the patient from the patient's medical information transmitted from the medical institution terminal and creates anonymous medical information associated with the patient's anonymized ID. and the anonymous medical information management server has an anonymous medical information database that stores anonymized IDs and anonymous medical information.
ここで、「医療機関」とは、医療行為を行う個人または組織(法人等を含む)をいい、例えば、病院(歯科病院を含む)、診療所等が挙げられる。
Here, the term "medical institution" refers to an individual or organization (including corporations) that provides medical care, and includes, for example, hospitals (including dental clinics) and clinics.
「医療機関の管理下に置く」とは、医療機関が管理できる場所に配置(設置)されることをいい、医療機関の施設内であってもよいし、医療機関が実質的に管理することができるところであれば、医療機関が委託した企業の施設内や、いわゆるクラウドサーバー内に構築されていてもよい。
"Placed under the control of a medical institution" means to be placed (installed) in a place that can be managed by the medical institution, and may be in the facility of the medical institution, or be substantially managed by the medical institution. It may be built in a facility of a company outsourced by a medical institution or in a so-called cloud server, as long as it can be done.
「患者特定情報」とは、特定の個人(患者)を識別することができる情報をいう。患者特定情報としては、例えば、日本においてはマイナンバー(個人番号)や、パスポートまたは運転免許証の番号等であり、米国においては社会保障番号(Social Security Number)等が挙げられる。なお、「患者特定情報」は、日本において、いわゆる個人情報保護法に規定される個人情報に該当するものであり、厳重な管理が必要とされる情報である。
"Patient identification information" means information that can identify a specific individual (patient). Examples of patient identification information include My Number (personal number), passport or driver's license number in Japan, and Social Security Number in the United States. "Patient identification information" corresponds to personal information defined in the so-called Personal Information Protection Law in Japan, and is information that requires strict management.
「医療情報」とは、医療機関で行われる診療行為に伴って作成される情報をいい、例えば、次のような情報の少なくとも一部を含むものである。
<患者基本情報> "Medical information" refers to information created in association with a medical practice performed at a medical institution, and includes, for example, at least part of the following information.
<Patient basic information>
<患者基本情報> "Medical information" refers to information created in association with a medical practice performed at a medical institution, and includes, for example, at least part of the following information.
<Patient basic information>
患者ID、氏名、性別、生年月日、職業、電話番号(携帯電話番号)、住所、保険証番号、連絡先(電話番号、氏名、続柄、同居の有無)、身長、体重、腹囲、居宅の状況、生活状況、食事状況(食事時間、食事内容、嗜好、食事制限の有無)、嗜好品(喫煙状況、飲酒状況、常備薬の有無、歯の状態(義歯の有無、口の中の状態)、排泄状況(尿の回数、尿の性状、便秘・下痢の有無、人工肛門の有無)、感覚器障害(視力、眼鏡の有無、補聴器使用の有無)、その他(国籍等)
<既往歴>
年齢、年月日、期間、診断名・手術名、入院の有無・病院名・治療期間
<主訴情報>
主訴、症状
<現病履歴>
<転帰(治療前との病状の変化)>
<家族歴情報>
続柄、性別、年齢、同居区分、病歴、二親等以内の家系図
<診療記録>
病名、病状、治療内容、経過記録、指導記録-服薬・栄養・リハビリ・療養、退院サマリー(入院要約)
<感染症情報>
結核、梅毒、ウイルス性肝炎、HIV(human immunodeficiency virus)
<一般アレルギー情報>
薬・食品に関するアレルギーの有無
<介護情報>
介護度、かかりつけ医、かかりつけ訪問看護ステーション、受けている介護サービスの内容、介護者の有無、介護者の健康状態
<社会保障情報>
身体障碍者手帳、精神障害者保健福祉手帳、療育手帳等の種類と級
<紹介情報>
かかりつけ医から提供される診療情報、転院先・かかりつけ医へ提供する診療情報
<外来患者情報>
診療科、予約日時、来院日時、診察の進捗状況
<入院患者情報>
診療科、入院予定日、入院日、退院予定日、退院日
<各種オーダ情報> Patient ID, name, gender, date of birth, occupation, phone number (mobile phone number), address, health insurance card number, contact information (phone number, name, relationship, cohabitation), height, weight, waist circumference, residence Situation, living situation, meal situation (meal time, meal content, preferences, presence or absence of dietary restrictions), luxury goods (smoking status, drinking status, presence or absence of regular medicines, dental condition (presence of dentures, oral condition), Excretion status (frequency of urine, nature of urine, presence or absence of constipation/diarrhea, presence or absence of artificial anus), sensory disorders (vision, presence of glasses, use of hearing aids), other (nationality, etc.)
<Medical history>
Age, date, period, name of diagnosis/surgery, presence/absence of hospitalization/name of hospital/treatment period <chief complaint information>
Chief Complaint, Symptom <Present Disease History>
<Outcome (change in condition from before treatment)>
<Family history information>
Relationship, gender, age, cohabitation classification, medical history, family tree within the second degree <medical record>
Disease name, medical condition, treatment details, progress record, guidance record - medication, nutrition, rehabilitation, medical treatment, hospital discharge summary (hospitalization summary)
<Infectious disease information>
tuberculosis, syphilis, viral hepatitis, HIV (human immunodeficiency virus)
<General Allergy Information>
Presence or absence of allergies to medicines and foods <nursing care information>
Level of care, primary care doctor, primary home-visit nursing station, details of care services received, presence or absence of caregiver, health status of caregiver <social security information>
Types and grades of physical disability certificate, mental disability certificate, rehabilitation certificate, etc. <Introduction information>
Medical information provided by primary care physicians, medical information provided to referral destinations and primary physicians <outpatient information>
Clinical department, reservation date and time, visit date and time, progress status of examination <Inpatient information>
Clinical department, expected date of admission, date of admission, expected date of discharge, date of discharge <Various order information>
<既往歴>
年齢、年月日、期間、診断名・手術名、入院の有無・病院名・治療期間
<主訴情報>
主訴、症状
<現病履歴>
<転帰(治療前との病状の変化)>
<家族歴情報>
続柄、性別、年齢、同居区分、病歴、二親等以内の家系図
<診療記録>
病名、病状、治療内容、経過記録、指導記録-服薬・栄養・リハビリ・療養、退院サマリー(入院要約)
<感染症情報>
結核、梅毒、ウイルス性肝炎、HIV(human immunodeficiency virus)
<一般アレルギー情報>
薬・食品に関するアレルギーの有無
<介護情報>
介護度、かかりつけ医、かかりつけ訪問看護ステーション、受けている介護サービスの内容、介護者の有無、介護者の健康状態
<社会保障情報>
身体障碍者手帳、精神障害者保健福祉手帳、療育手帳等の種類と級
<紹介情報>
かかりつけ医から提供される診療情報、転院先・かかりつけ医へ提供する診療情報
<外来患者情報>
診療科、予約日時、来院日時、診察の進捗状況
<入院患者情報>
診療科、入院予定日、入院日、退院予定日、退院日
<各種オーダ情報> Patient ID, name, gender, date of birth, occupation, phone number (mobile phone number), address, health insurance card number, contact information (phone number, name, relationship, cohabitation), height, weight, waist circumference, residence Situation, living situation, meal situation (meal time, meal content, preferences, presence or absence of dietary restrictions), luxury goods (smoking status, drinking status, presence or absence of regular medicines, dental condition (presence of dentures, oral condition), Excretion status (frequency of urine, nature of urine, presence or absence of constipation/diarrhea, presence or absence of artificial anus), sensory disorders (vision, presence of glasses, use of hearing aids), other (nationality, etc.)
<Medical history>
Age, date, period, name of diagnosis/surgery, presence/absence of hospitalization/name of hospital/treatment period <chief complaint information>
Chief Complaint, Symptom <Present Disease History>
<Outcome (change in condition from before treatment)>
<Family history information>
Relationship, gender, age, cohabitation classification, medical history, family tree within the second degree <medical record>
Disease name, medical condition, treatment details, progress record, guidance record - medication, nutrition, rehabilitation, medical treatment, hospital discharge summary (hospitalization summary)
<Infectious disease information>
tuberculosis, syphilis, viral hepatitis, HIV (human immunodeficiency virus)
<General Allergy Information>
Presence or absence of allergies to medicines and foods <nursing care information>
Level of care, primary care doctor, primary home-visit nursing station, details of care services received, presence or absence of caregiver, health status of caregiver <social security information>
Types and grades of physical disability certificate, mental disability certificate, rehabilitation certificate, etc. <Introduction information>
Medical information provided by primary care physicians, medical information provided to referral destinations and primary physicians <outpatient information>
Clinical department, reservation date and time, visit date and time, progress status of examination <Inpatient information>
Clinical department, expected date of admission, date of admission, expected date of discharge, date of discharge <Various order information>
処方・注射オーダ内容、検査(検体・細菌)オーダ内容、輸血オーダ内容、病理検査オーダ内容、画像生理検査オーダ内容、リハビリオーダ内容、食事オーダ内容、栄養指導オーダ内容、手術オーダ内容、人工透析オーダ内容、病名オーダ内容、汎用オーダ内容、パスオーダ内容
<看護支援計画情報>
療養上の問題点、看護判断内容、日常生活援助計画、患者の病状確認計画、結果
<看護記録情報>
看護オーダ項目の測定値・観察結果、日常生活援助項目の実施記録、患者の反応、医師の指示実施内容
<処方・注射オーダ情報>
処方内容、注射薬内容、配合禁忌情報
<服薬指導オーダ情報>
服薬指導指示内容
<薬剤禁忌情報>
アレルギー情報
<化学療法レジメン情報>
病名情報、処方情報、プロトコル情報、検体検査情報
<検体・細菌検査の検査オーダ情報>
検査内容、検体の種類、検査方法
<検体・細菌検査の採血管情報>
検査内容、管種
<検体・細菌検査の検査結果情報>
検査名、検査結果数値、検査結果画像
<検体・細菌検査の検査結果レポート情報>
検査結果、診断結果
<生理検査オーダ>
検査内容、検査方法
<生理検査結果情報>
検査名、検査結果数値、検査結果画像
<生理検査結果レポート情報>
検査結果、診断結果
<輸血オーダ情報>
血液型、抗体情報、輸血歴、オーダ血液種類と単位数
<輸血記録情報>
輸血実施情報、副作用情報
<病理検査の検査オーダ情報>
検査内容、材料の部位・種類、検査方法
<病理検査の検査結果情報>
検査名、検査結果、検査結果画像
<病理検査の検査結果レポート情報>
検査結果、診断結果
<放射線撮影の撮影オーダ情報>
撮影部位、撮影目的、撮影内容、使用薬剤
<放射線撮影の撮影結果情報>
撮影枚数、撮影画像
<放射線画像保管>
<放射線画像の所見レポート情報>
画像診断結果
<消化器系内視鏡検査結果情報>
内視鏡検査画像、検査所見
<リハビリオーダ情報>
リハビリ種類、リハビリ内容、リハビリ目標、リハビリ関連検査の内容
<リハビリ記録情報>
リハビリ計画、リハビリ実施情報、リハビリ結果、リハビリ関連検査結果
<食事オーダ情報>
食種、食事制限内容、アレルギー情報
<栄養指導オーダ情報>
栄養指導指示内容、栄養指導実施内容
<食物禁忌情報>
アレルギー情報、内服薬との禁忌情報
<各診療科単独検査結果情報>
検査名、結果数値、結果画像
<各診療科発生文書情報>
患者署名文書、要保存患者文書
<手術オーダ情報>
手術名、手術予定時間、麻酔方法、使用材料、使用機器、術中検査、術中放射線検査、輸血予定
<手術記録情報>
麻酔内容、手術内容、生体情報モニター情報、出血量、輸血量、術中検査結果、麻酔覚醒情報、体内挿入物名・部位、手術後身体状況
<人工透析オーダ情報>
血液透析・血液浄化名、使用機材、使用薬剤、実施時間・回数
<人工透析記録情報>
血液透析・血液浄化実施記録
<分娩記録情報>
分娩歴、分娩監視モニター情報、分娩進捗状況、使用薬剤、使用機器、出生時間、出生児体重、胎盤情報、母体情報
<歯科診察支援情報>
歯式情報、歯科診察情報、歯科病名情報
<歯科検査結果情報>
歯科検査名、結果数値、結果画像
<病歴情報>
退院患者情報、疾病分類情報、悪性新生物情報、退院サマリー情報
<外来情報>
患者受診科情報、患者来院歴情報
<がん登録情報>
患者基本情報、身体情報、予後情報 Prescription/injection order content, test (specimen/bacteria) order content, blood transfusion order content, pathological test order content, imaging physiological test order content, rehabilitation order content, meal order content, nutritional guidance order content, surgery order content, dialysis order content Contents, disease name order content, general order content, path order content <nursing support plan information>
Treatment problems, nursing decisions, daily life support plan, patient's condition confirmation plan, results <nursing record information>
Measured values and observation results of nursing order items, performance records of daily life support items, patient reactions, details of instructions and implementation from doctors <prescription/injection order information>
Prescription content, injection drug content, contraindication information <medication guidance order information>
Contents of medication instructions <Information on drug contraindications>
Allergy information <chemotherapy regimen information>
Disease name information, prescription information, protocol information, sample test information <Test order information for sample/bacterial test>
Contents of inspection, type of sample, inspection method
Inspection details, tube type <Information on specimen/bacteria test results>
Test name, test result value, test result image <test result report information for specimen/bacteria test>
Test results, diagnosis results <physiological test order>
Examination content, examination method <Physiological examination result information>
Test name, test result value, test result image <physiological test result report information>
Test results, diagnosis results <blood transfusion order information>
Blood type, antibody information, blood transfusion history, ordered blood type and number of units <transfusion record information>
Blood transfusion implementation information, side effect information <examination order information for pathological examination>
Details of inspection, part/type of material, inspection method <Information on pathological examination results>
Test name, test result, test result image <pathological test result report information>
Examination results, diagnosis results <Radiography imaging order information>
Location to be imaged, purpose of imaging, content of imaging, drugs used <Information on radiographic imaging results>
Number of shots, shot images <Radiation image storage>
<Radiographic image findings report information>
Diagnostic imaging results <Digestive system endoscopy result information>
Endoscopy images, examination findings <rehabilitation order information>
Rehabilitation type, rehabilitation details, rehabilitation goals, details of rehabilitation-related examination <rehabilitation record information>
Rehabilitation plan, rehabilitation implementation information, rehabilitation results, rehabilitation-related test results <meal order information>
Type of food, dietary restrictions, allergy information <Nutritional Guidance Order Information>
Nutritional Guidance Instruction Contents, Nutritional Guidance Implementation Contents <Food Contraindication Information>
Allergy information, contraindication information with oral medicines <Individual test result information for each clinical department>
Test name, result value, result image <Document information generated by each clinical department>
Patient Signature Document, Patient Document Requiring Retention <Surgical Order Information>
Surgery name, scheduled surgery time, anesthesia method, materials used, equipment used, intraoperative examination, intraoperative radiological examination, blood transfusion schedule <Surgery record information>
Details of anesthesia, details of surgery, monitoring information on vital signs, amount of blood loss, amount of blood transfusion, intraoperative test results, information on awakening from anesthesia, names and locations of body inserts, physical conditions after surgery <dialysis order information>
Hemodialysis/blood purification name, equipment used, drugs used, implementation time/number <dialysis record information>
Hemodialysis/blood purification record <delivery record information>
Childbirth history, delivery monitor information, delivery progress, drugs used, equipment used, birth time, birth weight, placenta information, maternal information <dental examination support information>
Dental formula information, dental examination information, dental disease name information <dental examination result information>
Dental examination name, result value, result image <Medical history information>
Discharged patient information, disease classification information, malignant neoplasm information, discharge summary information <outpatient information>
Patient consultation department information, patient visit history information <cancer registration information>
Basic patient information, physical information, prognostic information
<看護支援計画情報>
療養上の問題点、看護判断内容、日常生活援助計画、患者の病状確認計画、結果
<看護記録情報>
看護オーダ項目の測定値・観察結果、日常生活援助項目の実施記録、患者の反応、医師の指示実施内容
<処方・注射オーダ情報>
処方内容、注射薬内容、配合禁忌情報
<服薬指導オーダ情報>
服薬指導指示内容
<薬剤禁忌情報>
アレルギー情報
<化学療法レジメン情報>
病名情報、処方情報、プロトコル情報、検体検査情報
<検体・細菌検査の検査オーダ情報>
検査内容、検体の種類、検査方法
<検体・細菌検査の採血管情報>
検査内容、管種
<検体・細菌検査の検査結果情報>
検査名、検査結果数値、検査結果画像
<検体・細菌検査の検査結果レポート情報>
検査結果、診断結果
<生理検査オーダ>
検査内容、検査方法
<生理検査結果情報>
検査名、検査結果数値、検査結果画像
<生理検査結果レポート情報>
検査結果、診断結果
<輸血オーダ情報>
血液型、抗体情報、輸血歴、オーダ血液種類と単位数
<輸血記録情報>
輸血実施情報、副作用情報
<病理検査の検査オーダ情報>
検査内容、材料の部位・種類、検査方法
<病理検査の検査結果情報>
検査名、検査結果、検査結果画像
<病理検査の検査結果レポート情報>
検査結果、診断結果
<放射線撮影の撮影オーダ情報>
撮影部位、撮影目的、撮影内容、使用薬剤
<放射線撮影の撮影結果情報>
撮影枚数、撮影画像
<放射線画像保管>
<放射線画像の所見レポート情報>
画像診断結果
<消化器系内視鏡検査結果情報>
内視鏡検査画像、検査所見
<リハビリオーダ情報>
リハビリ種類、リハビリ内容、リハビリ目標、リハビリ関連検査の内容
<リハビリ記録情報>
リハビリ計画、リハビリ実施情報、リハビリ結果、リハビリ関連検査結果
<食事オーダ情報>
食種、食事制限内容、アレルギー情報
<栄養指導オーダ情報>
栄養指導指示内容、栄養指導実施内容
<食物禁忌情報>
アレルギー情報、内服薬との禁忌情報
<各診療科単独検査結果情報>
検査名、結果数値、結果画像
<各診療科発生文書情報>
患者署名文書、要保存患者文書
<手術オーダ情報>
手術名、手術予定時間、麻酔方法、使用材料、使用機器、術中検査、術中放射線検査、輸血予定
<手術記録情報>
麻酔内容、手術内容、生体情報モニター情報、出血量、輸血量、術中検査結果、麻酔覚醒情報、体内挿入物名・部位、手術後身体状況
<人工透析オーダ情報>
血液透析・血液浄化名、使用機材、使用薬剤、実施時間・回数
<人工透析記録情報>
血液透析・血液浄化実施記録
<分娩記録情報>
分娩歴、分娩監視モニター情報、分娩進捗状況、使用薬剤、使用機器、出生時間、出生児体重、胎盤情報、母体情報
<歯科診察支援情報>
歯式情報、歯科診察情報、歯科病名情報
<歯科検査結果情報>
歯科検査名、結果数値、結果画像
<病歴情報>
退院患者情報、疾病分類情報、悪性新生物情報、退院サマリー情報
<外来情報>
患者受診科情報、患者来院歴情報
<がん登録情報>
患者基本情報、身体情報、予後情報 Prescription/injection order content, test (specimen/bacteria) order content, blood transfusion order content, pathological test order content, imaging physiological test order content, rehabilitation order content, meal order content, nutritional guidance order content, surgery order content, dialysis order content Contents, disease name order content, general order content, path order content <nursing support plan information>
Treatment problems, nursing decisions, daily life support plan, patient's condition confirmation plan, results <nursing record information>
Measured values and observation results of nursing order items, performance records of daily life support items, patient reactions, details of instructions and implementation from doctors <prescription/injection order information>
Prescription content, injection drug content, contraindication information <medication guidance order information>
Contents of medication instructions <Information on drug contraindications>
Allergy information <chemotherapy regimen information>
Disease name information, prescription information, protocol information, sample test information <Test order information for sample/bacterial test>
Contents of inspection, type of sample, inspection method
Inspection details, tube type <Information on specimen/bacteria test results>
Test name, test result value, test result image <test result report information for specimen/bacteria test>
Test results, diagnosis results <physiological test order>
Examination content, examination method <Physiological examination result information>
Test name, test result value, test result image <physiological test result report information>
Test results, diagnosis results <blood transfusion order information>
Blood type, antibody information, blood transfusion history, ordered blood type and number of units <transfusion record information>
Blood transfusion implementation information, side effect information <examination order information for pathological examination>
Details of inspection, part/type of material, inspection method <Information on pathological examination results>
Test name, test result, test result image <pathological test result report information>
Examination results, diagnosis results <Radiography imaging order information>
Location to be imaged, purpose of imaging, content of imaging, drugs used <Information on radiographic imaging results>
Number of shots, shot images <Radiation image storage>
<Radiographic image findings report information>
Diagnostic imaging results <Digestive system endoscopy result information>
Endoscopy images, examination findings <rehabilitation order information>
Rehabilitation type, rehabilitation details, rehabilitation goals, details of rehabilitation-related examination <rehabilitation record information>
Rehabilitation plan, rehabilitation implementation information, rehabilitation results, rehabilitation-related test results <meal order information>
Type of food, dietary restrictions, allergy information <Nutritional Guidance Order Information>
Nutritional Guidance Instruction Contents, Nutritional Guidance Implementation Contents <Food Contraindication Information>
Allergy information, contraindication information with oral medicines <Individual test result information for each clinical department>
Test name, result value, result image <Document information generated by each clinical department>
Patient Signature Document, Patient Document Requiring Retention <Surgical Order Information>
Surgery name, scheduled surgery time, anesthesia method, materials used, equipment used, intraoperative examination, intraoperative radiological examination, blood transfusion schedule <Surgery record information>
Details of anesthesia, details of surgery, monitoring information on vital signs, amount of blood loss, amount of blood transfusion, intraoperative test results, information on awakening from anesthesia, names and locations of body inserts, physical conditions after surgery <dialysis order information>
Hemodialysis/blood purification name, equipment used, drugs used, implementation time/number <dialysis record information>
Hemodialysis/blood purification record <delivery record information>
Childbirth history, delivery monitor information, delivery progress, drugs used, equipment used, birth time, birth weight, placenta information, maternal information <dental examination support information>
Dental formula information, dental examination information, dental disease name information <dental examination result information>
Dental examination name, result value, result image <Medical history information>
Discharged patient information, disease classification information, malignant neoplasm information, discharge summary information <outpatient information>
Patient consultation department information, patient visit history information <cancer registration information>
Basic patient information, physical information, prognostic information
また、「特定情報」とは、医療情報に含まれる情報のうち、その患者を特定するために必要となる情報である。特定情報としては、例えば、氏名、性別、生年月日、職業、電話番号(携帯電話番号)、住所、保険証番号、連絡先(電話番号、氏名、続柄、同居の有無)等である。医療情報から特定情報を削除することにより、作成された匿名医療情報だけでは、その患者を特定することができなくなる。
Further, “specific information” is information necessary for identifying the patient among the information included in the medical information. Specific information includes, for example, name, gender, date of birth, occupation, phone number (mobile phone number), address, health insurance card number, contact information (phone number, name, relationship, cohabitation), and the like. By deleting the specific information from the medical information, the patient cannot be identified only with the created anonymous medical information.
なお、医療情報も、患者を特定できるような状態(特定情報が削除されていない場合)であれば、日本において、いわゆる個人情報保護法に規定される個人情報に該当するものであり、厳重な管理が必要とされる情報である。したがって、特定情報が削除されている匿名医療情報は、日本において、いわゆる個人情報保護法に規定される個人情報に該当しないものである。
In addition, medical information, as long as it can identify a patient (if the specific information has not been deleted), falls under the so-called personal information protection law in Japan, and is strictly prohibited. Information that requires management. Therefore, anonymous medical information from which specific information has been deleted does not correspond to personal information as stipulated in the so-called Personal Information Protection Law in Japan.
かかる第1の態様によれば、患者の医療情報からその患者の個人情報を削除して作成された匿名医療情報のみを、医療機関の管理外に設置された匿名医療情報管理サーバに格納することができるので、個人情報である医療情報自体がその医療機関外に提供されることはなく、個人情報の漏洩を防止することができる。また、匿名医療情報管理サーバは、複数の医療機関から提供された大量の匿名医療情報を格納することになるので、大量の匿名医療情報を容易に取り扱うことができる。
According to the first aspect, only the anonymous medical information created by deleting the patient's personal information from the patient's medical information is stored in the anonymous medical information management server installed outside the control of the medical institution. Therefore, medical information itself, which is personal information, is not provided outside the medical institution, and leakage of personal information can be prevented. Also, since the anonymous medical information management server stores a large amount of anonymous medical information provided by a plurality of medical institutions, it can easily handle a large amount of anonymous medical information.
本発明の第2の態様は、匿名医療情報管理サーバは、匿名化IDに基づいて、匿名医療情報データベースから、匿名化IDに関連付けられた匿名医療情報を抽出して、匿名化装置に送信する第1匿名医療情報抽出部を有し、匿名化装置は、患者特定情報と、匿名化IDと、匿名医療情報とに基づいて、匿名医療情報から患者の医療情報の少なくとも一部を復号化する復号化部を有し、医療機関用端末は、復号化部により復号化された患者の医療情報の少なくとも一部を表示する表示部を有することを特徴とする第1の態様に記載の匿名医療情報管理システムにある。
In a second aspect of the present invention, the anonymous medical information management server extracts anonymous medical information associated with the anonymized ID from the anonymous medical information database based on the anonymized ID, and transmits the anonymous medical information to the anonymization device. Having a first anonymous medical information extractor, the anonymizing device decrypts at least part of the patient's medical information from the anonymous medical information based on the patient identification information, the anonymized ID, and the anonymous medical information. Anonymous medical care according to the first aspect, characterized in that it has a decryption unit, and the medical institution terminal has a display unit that displays at least part of the patient's medical information decrypted by the decryption unit. It is in the information management system.
ここで、「医療情報の少なくとも一部を復号化」とは、医療情報を完全に復元することも含まれるが、医療情報の一部が復号化されることも含まれる概念である。これは、上述したように、匿名医療情報には特定情報が含まれていないので、医療機関が患者特定情報または匿名化IDに関連付けられた特定情報を保有していないと、医療情報を完全に復元することができないためである。なお、患者特定情報と、それに関連付けられた匿名医療情報(医療情報の一部)があれば、医療機関は、医療情報としてその情報を十分に利用することができる。
Here, "decrypting at least part of the medical information" is a concept that includes not only restoring the medical information completely, but also partially decrypting the medical information. This is because, as mentioned above, anonymous medical information does not contain specific information, so if a medical institution does not possess patient specific information or specific information associated with an anonymized ID, the medical information will not be completely preserved. This is because it cannot be restored. If there is patient identification information and associated anonymous medical information (part of medical information), the medical institution can fully use the information as medical information.
かかる第2の態様によれば、匿名医療情報管理サーバの匿名医療情報データベースに格納された匿名医療データから、患者の個人特定情報に基づいて、その患者の医療情報(他の医療機関で作成されたものを含む)を、リアルタイムで表示部に表示させることができる。すなわち、他の医療機関が保有する患者の医療情報を、個人情報の漏洩を気にすることなく、スムーズに入手することができる。また、医療機関が、独自に医療情報を保有することなく、必要な時にその患者の医療情報をリアルタイムで表示部に表示させることができる。
According to the second aspect, from the anonymous medical data stored in the anonymous medical information database of the anonymous medical information management server, based on the patient's personal identification information, the patient's medical information (created by another medical institution) ) can be displayed on the display unit in real time. In other words, patients' medical information held by other medical institutions can be obtained smoothly without worrying about leakage of personal information. In addition, the medical institution can display the medical information of the patient in real time on the display unit when necessary without owning the medical information.
本発明の第3の態様は、匿名医療情報管理システムは、ネットワークを介して、匿名医療情報を受信する情報処理用端末に接続され、匿名医療情報管理サーバは、匿名医療情報データベースから、所定の条件を満たす匿名医療情報を抽出して、情報処理用端末に送信する第2匿名医療情報抽出部を有することを特徴とする第1または第2の態様に記載の匿名医療情報管理システムにある。
In a third aspect of the present invention, an anonymous medical information management system is connected via a network to an information processing terminal that receives anonymous medical information, and an anonymous medical information management server receives a predetermined medical information from an anonymous medical information database. The anonymous medical information management system according to the first or second aspect is characterized by having a second anonymous medical information extraction unit that extracts anonymous medical information that satisfies a condition and transmits it to the information processing terminal.
かかる第3の態様によれば、所定の条件を満たす匿名医療情報を多量に抽出して、情報処理用端末に送信することができるので、匿名医療情報を利用した分析を容易に行うことができる。
According to the third aspect, a large amount of anonymous medical information that satisfies a predetermined condition can be extracted and transmitted to the information processing terminal, so that analysis using anonymous medical information can be easily performed. .
本発明の第4の態様は、匿名医療情報管理サーバは、同一の匿名化IDに関連付けられた複数の匿名医療情報を抽出して、1つの匿名医療情報を作成して、匿名医療情報データベースに格納する名寄せ部を有することを特徴とする第1~第3の態様の何れか1つに記載の匿名医療情報管理システムにある。
In a fourth aspect of the present invention, an anonymous medical information management server extracts a plurality of pieces of anonymous medical information associated with the same anonymized ID, creates one piece of anonymous medical information, and stores it in an anonymous medical information database. The anonymous medical information management system according to any one of the first to third aspects, characterized by having a name identification unit for storing.
かかる第4の態様によれば、同一の匿名化IDの医療情報を名寄せすることにより、1つの匿名化IDに関連付けられた1つの匿名医療情報が匿名医療情報データベースに格納されることになる。すなわち、匿名医療情報データベースには、各匿名化IDに対して、1つの匿名医療情報が格納されることになる。その結果、匿名医療情報データベースから、より早く匿名医療情報を抽出することができる
According to the fourth aspect, by collating medical information with the same anonymized ID, one piece of anonymous medical information associated with one anonymized ID is stored in the anonymous medical information database. That is, one piece of anonymous medical information is stored in the anonymous medical information database for each anonymized ID. As a result, anonymous medical information can be extracted more quickly from the anonymous medical information database.
なお、本発明において、「データベース」、「システム」、「部」とは、単に物理的手段を意味するものではなく、その「データベース」、「部」、「システム」が有する機能をソフトウェアによって実現する場合も含む。また、1つの「データベース」、「システム」、「部」が有する機能が2つ以上の物理的手段や装置により実現されても、2つ以上の「データベース」、「システム」、「部」の機能が1つの物理的手段や装置により実現されてもよい。
In the present invention, the terms "database", "system", and "department" do not simply mean physical means. including cases where In addition, even if the functions of one "database", "system" or "department" are realized by two or more physical means or devices, two or more "databases", "systems" or "departments" Functions may be realized by one physical means or device.
以下に添付図面を参照して、本発明に係る匿名医療情報管理システムの実施形態を説明する。なお、本発明は、以下の実施形態に限定されるものではない。
(実施形態1) An embodiment of an anonymous medical information management system according to the present invention will be described below with reference to the accompanying drawings. In addition, this invention is not limited to the following embodiment.
(Embodiment 1)
(実施形態1) An embodiment of an anonymous medical information management system according to the present invention will be described below with reference to the accompanying drawings. In addition, this invention is not limited to the following embodiment.
(Embodiment 1)
図1は、本実施形態に係る匿名医療情報管理システムの概念図である。この図に示すように、本実施形態に係る匿名医療情報管理システム1は、医療機関Mの管理下(医療機関の施設内)に設置された医療機関用端末10a、10bと、それらに医療機関内ネットワーク15を介して接続された匿名化装置20と、匿名化装置20とネットワーク40を介して接続された匿名医療情報管理サーバ30とで構成されている。
FIG. 1 is a conceptual diagram of an anonymous medical information management system according to this embodiment. As shown in this figure, the anonymous medical information management system 1 according to this embodiment includes medical institution terminals 10a and 10b installed under the control of a medical institution M (within the facility of the medical institution), and medical institution terminals 10a and 10b. It is composed of an anonymization device 20 connected via an internal network 15 and an anonymous medical information management server 30 connected to the anonymization device 20 via a network 40 .
なお、本実施形態では、2つの医療機関用端末10a、10bを例示しているが、医療機関用端末は1つであっても、3つ以上であってもよいのは言うまでもない。また、本実施形態では、医療機関Mとして1つしか例示していないが、医療機関用端末および匿名化装置が設置された医療機関が、ネットワーク40を介して複数接続されていてもよいのは言うまでもない。さらに、匿名医療情報管理サーバ30が複数接続されていてもよい。
Although two medical institution terminals 10a and 10b are exemplified in this embodiment, the number of medical institution terminals may be one or three or more. In addition, although only one medical institution M is illustrated in this embodiment, a plurality of medical institutions in which medical institution terminals and anonymization devices are installed may be connected via the network 40. Needless to say. Furthermore, a plurality of anonymous medical information management servers 30 may be connected.
まず、医療機関用端末10a、10bについて説明する。図2は、医療機関用端末10aの概念図である。医療機関用端末10a、10bは、患者を特定できる患者特定情報およびその患者の医療情報を入力する入力部11と、後述する匿名化装置20の復号化部23により復号化された患者の医療情報の少なくとも一部を表示する表示部12を有するものであれば特に限定されない。なお、医療機関用端末10aと医療機関用端末10bとは同じものであってもよいし、異なるものであってもよい。
First, the medical institution terminals 10a and 10b will be described. FIG. 2 is a conceptual diagram of the medical institution terminal 10a. The medical institution terminals 10a and 10b include an input unit 11 for inputting patient identification information that can identify a patient and the patient's medical information, and the patient's medical information decrypted by a decryption unit 23 of the anonymization device 20, which will be described later. is not particularly limited as long as it has a display unit 12 that displays at least a part of. The medical institution terminal 10a and the medical institution terminal 10b may be the same or different.
入力部11は、患者を特定できる患者特定情報およびその患者の医療情報を入力することができるものであれば特に限定されない。入力部11としては、例えばキーボード、タッチパネルまたは音声入力装置等が挙げられる。
The input unit 11 is not particularly limited as long as it can input patient identification information that can identify a patient and the patient's medical information. Examples of the input unit 11 include a keyboard, touch panel, voice input device, and the like.
また、表示部12は、患者の医療情報等を表示することができるものであれば特に限定されない。表示部12としては、例えば、液晶パネルや有機ELパネル等が挙げられる。
Moreover, the display unit 12 is not particularly limited as long as it can display patient's medical information or the like. Examples of the display unit 12 include a liquid crystal panel and an organic EL panel.
なお、医療機関用端末10a、10bは、上記のような機能を有するものであれば特に限定されない。医療機関用端末10a、10bとしては、例えば、パーソナルコンピュータ(ノートブック型パーソナルコンピュータを含む)、タブレット型コンピュータまたはスマートフォン等が挙げられる。
The medical institution terminals 10a and 10b are not particularly limited as long as they have the functions described above. Examples of the medical institution terminals 10a and 10b include personal computers (including notebook personal computers), tablet computers, smartphones, and the like.
また、医療機関内ネットワーク15は、医療機関用端末10a、10bと匿名化装置20とを接続することができるものであれば特に限定されない。医療機関内ネットワーク15としては、例えばイントラネット等が挙げられる。
In addition, the medical institution network 15 is not particularly limited as long as it can connect the medical institution terminals 10 a and 10 b and the anonymization device 20 . The network 15 within the medical institution includes, for example, an intranet.
次に、匿名化装置20について説明する。図3は、匿名化装置20の概念図である。この図に示されるように、匿名化装置20は、匿名化ID作成部21と、匿名化部22と、復号化部23とを有している。
Next, the anonymization device 20 is described. FIG. 3 is a conceptual diagram of the anonymization device 20. As shown in FIG. As shown in this figure, the anonymization device 20 has an anonymization ID creation section 21 , an anonymization section 22 and a decryption section 23 .
匿名化ID作成部21は、患者特定情報に基づいて、患者特定情報とは異なる患者の匿名化IDを作成することができるものであれば特に限定されない。匿名化ID作成部21としては、例えば、患者特定情報に基づいて、患者特定情報とは異なる患者の匿名化IDを作成するプログラムが挙げられる。
The anonymized ID creation unit 21 is not particularly limited as long as it can create a patient's anonymized ID that differs from the patient identification information based on the patient identification information. An example of the anonymized ID creation unit 21 is a program that creates an anonymized patient ID that differs from the patient identification information based on the patient identification information.
具体的には、例えば、図4に示すような符号化・復号化プログラムが挙げられる。この図に示すように、まず「0123456789」という10の文字列(患者特定情報)を、各文字ごとに第1ASCIIコード(30,31,32,33,34,35,36,37,38,39)に変換する。次に、この第1ASCIIコードを第1Bit列(00110000,00110001,00110010,00110011,00110100,00110101,00110110,00110111,00111000,00111001)に変換する。
Specifically, for example, there is an encoding/decoding program as shown in FIG. As shown in this figure, first, 10 character strings (patient identification information) "0123456789" are converted to the first ASCII code (30, 31, 32, 33, 34, 35, 36, 37, 38, 39) for each character. ). Next, this first ASCII code is converted into the first bit string (00110000, 00110001, 00110010, 00110011, 00110100, 00110101, 00110110, 00110111, 00111000, 00111001).
さらに、暗号鍵列「01010101」を用いて、そのBit列の排他的論理和演算を行い、第2Bit列(01100101,01100100,01100111,01100110,01100001,01100000,01100011,01100010,01101101,01101110)に変換する。次に、第2Bit列の各文字列を第2ASCIIコード(65,64,67,66,61,60,63,62,6D,6E)に変換する。その後、第2ASCIIコードを文字列(匿名化ID)(edgfa_cbmn)に変換する。
Furthermore, using the encryption key string "01010101", the exclusive OR operation of the Bit string is performed to convert to the second Bit string (01100101, 01100100, 01100111, 01100110, 01100001, 01100000, 01100011, 01100010, 01101101, 0110110) do. Next, each character string in the second Bit string is converted into the second ASCII code (65, 64, 67, 66, 61, 60, 63, 62, 6D, 6E). After that, the second ASCII code is converted into a character string (anonymized ID) (edgfa_cbmn).
このようにして、患者特定情報に基づいて、患者特定情報とは異なる患者の匿名化IDを作成することができる。なお、このプログラムにおける暗号鍵列については、外部に漏れないように非常に高いレベルで秘匿しておく必要があるのは言うまでもない。
In this way, an anonymized ID of a patient different from the patient identification information can be created based on the patient identification information. Needless to say, the encryption key string in this program must be kept secret at a very high level so as not to be leaked to the outside.
また、匿名化ID作成部21として、次のようなプログラムが挙げられる。まず、図5(a)に示すように、患者特定情報である12桁のマイナンバー(123456789012)と、12桁の計算キー(654376543219)との各桁同士の積(6,10,12,12,35,36,35,32,27,0,1,18)を計算する。そして、それらの積の和(224)を計算し、その和を9で除した余り(8)を計算しておく。この余り(8)は、チェックディジットとして用いる。
Also, as the anonymized ID creating unit 21, the following programs can be mentioned. First, as shown in FIG. 5(a), the product (6, 10, 12, 12 , 35, 36, 35, 32, 27, 0, 1, 18). Then, the sum (224) of these products is calculated, and the remainder (8) obtained by dividing the sum by 9 is calculated. This remainder (8) is used as a check digit.
次に、図5(b)の上段に示すように、マイナンバー(123456789012)の最終部にチェックディジット(8)を付けた数列を作成する。そして、チェックディジット以外のマイナンバー(123456789012)と、12桁の計算キー(654376543219)との各桁同士の和(計算1)を行い、数列(7,7,7,7,12,12,12,12,12,2,2,11,8)を算出する(13桁目のチェックディジット(8)はそのままの数字を転記する)。そして、各桁の1の位の数字(7,7,7,7,2,2,2,2,2,2,2,1)を抽出した後、最終部にチェックディジット(8)を追加することで、個人情報が特定されないが患者識別が可能な13ケタの匿名化ID(7777222222218)を作成することができる。
Next, as shown in the upper part of FIG. 5(b), a sequence is created by adding a check digit (8) to the final part of my number (123456789012). Then, the sum (calculation 1) of each digit of my number (123456789012) other than the check digit and the 12-digit calculation key (654376543219) is performed, and the sequence (7, 7, 7, 7, 12, 12, 12 , 12, 12, 2, 2, 11, 8) are calculated (the 13th check digit (8) is transcribed as it is). Then, after extracting the ones digits of each digit (7, 7, 7, 7, 2, 2, 2, 2, 2, 2, 2, 1), add the check digit (8) at the end By doing so, it is possible to create a 13-digit anonymized ID (7777222222218) that does not specify personal information but allows patient identification.
このようにしても、患者特定情報に基づいて、患者特定情報とは異なる患者の匿名化IDを作成することができる。なお、このプログラムにおける計算キーについては、外部に漏れないように非常に高いレベルで秘匿しておく必要があるのは言うまでもない。
Also in this way, an anonymized ID of a patient different from the patient identification information can be created based on the patient identification information. Needless to say, the calculation key in this program must be kept secret at a very high level so as not to be leaked to the outside.
なお、このように作成された匿名化IDは、後述する匿名化部22により、患者特定情報に復号できるものとなっている。
The anonymized ID created in this manner can be decoded into patient identification information by the anonymization unit 22, which will be described later.
匿名化部22は、医療情報から、その患者を特定するために必要となる特定情報を削除すると共に、匿名化ID作成部21により作成された、その患者の匿名化IDとを関連付けた匿名医療情報を作成することができるものであれば特に限定されない。ここで、特定情報とは、医療情報に含まれる情報のうち、その患者を特定するために必要となる情報である。特定情報としては、例えば、氏名、性別、生年月日、職業、電話番号(携帯電話番号)、住所、保険証番号、連絡先(電話番号、氏名、続柄、同居の有無)等である。なお、「関連付けた」とは、その患者の匿名化IDと、その患者の医療情報(特定情報が削除されたもの)とを結び付けて、匿名化IDから、その匿名化IDに結び付けられた医療情報(特定情報が削除されたもの)を抽出できるような状態にすることを含む概念である。
The anonymization unit 22 deletes the specific information necessary to identify the patient from the medical information, and creates an anonymous medical treatment associated with the patient's anonymized ID created by the anonymized ID creation unit 21. It is not particularly limited as long as it can create information. Here, the specific information is information necessary for identifying the patient among the information included in the medical information. Specific information includes, for example, name, gender, date of birth, occupation, phone number (mobile phone number), address, health insurance card number, contact information (phone number, name, relationship, cohabitation), and the like. It should be noted that "associated" means that the patient's anonymized ID and the patient's medical information (with the specific information deleted) are linked, and the medical treatment linked from the anonymized ID to the anonymized ID. This is a concept that includes making information (with specific information deleted) available for extraction.
匿名化部22としては、例えば、その患者を特定するために必要となる特定情報を削除すると共に、匿名化ID作成部21により作成された、その患者の匿名化IDとを関連付けた匿名医療情報を作成することができるプログラム等が挙げられる。
For example, the anonymization unit 22 deletes the specific information required to identify the patient, and creates anonymous medical information associated with the patient's anonymized ID created by the anonymized ID creation unit 21. can be created.
復号化部23は、患者特定情報と、匿名化IDと、匿名医療情報とに基づいて、匿名医療情報から患者の医療情報の少なくとも一部を復号化することができるものであれば特に限定されない。復号化部23としては、例えば、患者特定情報と、匿名化IDと、匿名医療情報とに基づいて、匿名医療情報から患者の医療情報の少なくとも一部を復号化する、次のようなプログラム等が挙げられる。
The decryption unit 23 is not particularly limited as long as it can decrypt at least part of the patient's medical information from the anonymous medical information based on the patient identification information, the anonymized ID, and the anonymous medical information. . As the decryption unit 23, for example, a program such as the following, which decrypts at least part of the patient's medical information from the anonymous medical information based on the patient identification information, the anonymized ID, and the anonymous medical information. are mentioned.
具体的には、図4を参照しながら、上述した患者特定情報から匿名化IDを作成するプロセスを逆にたどるプログラム等が挙げられる。このようにして、匿名化IDに基づいて、患者特定情報を作成(復号化)することができる。
Specifically, referring to FIG. 4, there is a program or the like that reverses the process of creating an anonymized ID from the patient identification information described above. In this manner, patient identification information can be created (decrypted) based on the anonymized ID.
また、復号化部23としては、図5(b)の下段に示すように、匿名化IDから患者特定情報であるマイナンバーを復号化するプログラムが挙げられる。具体的には、まず匿名化IDの最終桁であるチェックディジット(8)を除いた12ケタの数列(7777222222218)から計算キー(654376543219)との各桁同士の差(計算2)をとり、数列(1,2,3,4,-5,-4,-3,-2,-1,0,1,-8)を作成する。次に、これらの数列のうち、0より小さい値(マイナスの値)となっている桁の数に10を加算することで、患者特定情報であるマイナンバー(123456789012)を復元することができる。なお、匿名化IDの最終桁であるチェックディジット(8)は、このようにして算出されたマイナンバーが正しいか、図5(a)で説明した同様の計算を行い、その結果が同じとなるかで、マイナンバーが正しく復号化されたかを判断することができる。
Further, as the decryption unit 23, as shown in the lower part of FIG. 5(b), there is a program for decrypting My Number, which is the patient identification information, from the anonymized ID. Specifically, first, the difference (calculation 2) between each digit of the calculation key (654376543219) is taken from the 12-digit sequence (7777222222218) excluding the check digit (8), which is the last digit of the anonymized ID, and the sequence Create (1,2,3,4,-5,-4,-3,-2,-1,0,1,-8). Next, by adding 10 to the number of digits having a value less than 0 (negative value) in these sequences, my number (123456789012), which is the patient identification information, can be restored. The check digit (8), which is the last digit of the anonymized ID, performs the same calculation as described in FIG. It is possible to determine whether the My Number has been correctly decrypted.
そして、このようにして得られた患者特定情報と、匿名医療情報とを関連付けることによって、その患者の医療情報を得ることができる。
By associating the patient identification information thus obtained with the anonymous medical information, the medical information of the patient can be obtained.
なお、匿名化装置20は、上述した匿名化ID作成部21と、匿名化部22と、復号化部23とを有するものであれば特に限定されない。匿名化装置20としては、市販のパーソナルコンピュータや上述した機能を組み込んだ専用装置等が挙げられる。
The anonymization device 20 is not particularly limited as long as it has the above-described anonymization ID creation unit 21, anonymization unit 22, and decryption unit 23. FIG. Examples of the anonymization device 20 include a commercially available personal computer, a dedicated device incorporating the functions described above, and the like.
さらに、匿名医療情報管理サーバ30について説明する。図6は、匿名医療情報管理サーバ30の概略図である。この図に示すように、匿名医療情報管理サーバ30は、匿名医療情報データベース31と、第1匿名医療情報抽出部32とを有している。
Furthermore, the anonymous medical information management server 30 will be explained. FIG. 6 is a schematic diagram of the anonymous medical information management server 30. As shown in FIG. As shown in this figure, the anonymous medical information management server 30 has an anonymous medical information database 31 and a first anonymous medical information extractor 32 .
匿名医療情報データベース31は、匿名化ID311および匿名医療情報312を格納することができるものであれば特に限定されない。匿名医療情報データベース31としては、例えば市販のリレーショナルデータベースシステム等が挙げられる。
The anonymous medical information database 31 is not particularly limited as long as it can store anonymized IDs 311 and anonymous medical information 312 . Examples of the anonymous medical information database 31 include commercially available relational database systems.
第1匿名医療情報抽出部32は、匿名化IDに基づいて、匿名医療情報データベース31から、その匿名化ID311に関連付けられた匿名医療情報312を抽出して、匿名化装置20に送信することができるものであれば特に限定されない。第1匿名医療情報抽出部32としては、例えば、匿名化ID311に基づいて、匿名医療情報データベース31から、その匿名化ID311に関連付けられた匿名医療情報312を抽出して、匿名化装置20に送信するプログラム等が挙げられる。
The first anonymous medical information extraction unit 32 can extract anonymous medical information 312 associated with the anonymized ID 311 from the anonymous medical information database 31 based on the anonymized ID, and transmit the information to the anonymization device 20 . It is not particularly limited as long as it can be used. As the first anonymous medical information extraction unit 32, for example, based on the anonymized ID 311, the anonymous medical information 312 associated with the anonymized ID 311 is extracted from the anonymous medical information database 31 and transmitted to the anonymization device 20. programs that
なお、匿名医療情報管理サーバ30は、上述した匿名医療情報データベース31と、第1匿名医療情報抽出部32とを有するものであれば特に限定されない。匿名医療情報管理サーバ30としては、例えば、市販のパーソナルコンピュータや専用サーバ等が挙げられる。
The anonymous medical information management server 30 is not particularly limited as long as it has the anonymous medical information database 31 and the first anonymous medical information extraction unit 32 described above. Examples of the anonymous medical information management server 30 include commercially available personal computers and dedicated servers.
次に、匿名医療情報管理システム1の動作(匿名化ID・匿名医療情報格納)について説明する。図7は、匿名医療情報管理システム1の動作(匿名化ID・匿名医療情報格納)を示すフローチャートである。以下では、医療機関用端末10aから患者特定情報等が入力された場合について説明する。
Next, the operation of the anonymous medical information management system 1 (anonymized ID/anonymous medical information storage) will be described. FIG. 7 is a flow chart showing the operation of the anonymous medical information management system 1 (anonymized ID/anonymous medical information storage). Below, a case where patient identification information and the like are input from the medical institution terminal 10a will be described.
この図に示すように、匿名医療情報管理システム1が始動すると、まず医療機関用端末10aの入力部11に患者特定情報およびその患者の医療情報が入力される(S1)。すると、これらの情報は医療機関内ネットワーク15を介して匿名化装置20に送信される。
As shown in this figure, when the anonymous medical information management system 1 is started, first, the patient identification information and the patient's medical information are input to the input unit 11 of the medical institution terminal 10a (S1). These pieces of information are then sent to the anonymization device 20 via the intra-medical institution network 15 .
これらの情報を受信した匿名化装置20は、送信された患者特定情報に基づいて匿名化ID311を作成すると共に、医療情報から匿名医療情報312を作成し(S2)、ネットワーク40を介して、これらの情報を匿名医療情報管理サーバ30に送信する。そして、送信された匿名化ID311および匿名医療情報312は、匿名医療情報データベース31に格納し(S3)、動作を終了する。
The anonymization device 20 that has received these pieces of information creates an anonymization ID 311 based on the transmitted patient identification information, creates anonymous medical information 312 from medical information (S2), and transmits these information via the network 40. to the anonymous medical information management server 30. The transmitted anonymized ID 311 and anonymous medical information 312 are then stored in the anonymous medical information database 31 (S3), and the operation ends.
このようにして、医療機関用端末10aに入力された患者特定情報およびその患者の医療情報に基づいて作成された匿名化ID311および匿名医療情報312が、匿名医療情報データベース31に格納されることになる。このような動作が、複数の医療機関で行われるので、匿名医療情報データベース31には、匿名化IDおよびそれに関連付けられた匿名医療情報312が大量に格納されることになる。
In this way, the anonymized ID 311 and the anonymous medical information 312 created based on the patient identification information and the patient's medical information input to the medical institution terminal 10a are stored in the anonymous medical information database 31. Become. Since such operations are performed at a plurality of medical institutions, a large amount of anonymized IDs and associated anonymous medical information 312 are stored in the anonymous medical information database 31 .
さらに、匿名医療情報管理システム1の動作(医療情報入手)について説明する。図8は、匿名医療情報管理システム1の動作(医療情報入手)を示すフローチャートである。以下では、医療機関用端末10aから患者特定情報が入力された場合について説明する。この図に示すように、匿名医療情報管理システム1が始動すると、まず医療機関用端末10aの入力部11に患者特定情報が入力される(s1)。すると、この患者特定情報は医療機関内ネットワーク15を介して匿名化装置20に送信される。
Furthermore, the operation of the anonymous medical information management system 1 (obtaining medical information) will be described. FIG. 8 is a flow chart showing the operation of the anonymous medical information management system 1 (obtaining medical information). Below, the case where the patient identification information is input from the medical institution terminal 10a will be described. As shown in this figure, when the anonymous medical information management system 1 is started, first, patient identification information is input to the input unit 11 of the medical institution terminal 10a (s1). Then, this patient identification information is transmitted to the anonymization device 20 via the intra-medical institution network 15 .
この情報を受信した匿名化装置20は、その患者特定情報に基づいて匿名化ID311を作成し(s2)、ネットワーク40を介して、この匿名化ID311を匿名医療情報管理サーバ30に送信する。
The anonymization device 20 that has received this information creates an anonymization ID 311 based on the patient identification information (s2), and transmits this anonymization ID 311 to the anonymous medical information management server 30 via the network 40 .
この匿名化ID311を受信した匿名医療情報管理サーバ30は、第1匿名医療情報抽出部32により、匿名医療情報データベース31から、この匿名化ID311に関連付けられた匿名医療情報312を抽出して(s3)、匿名化装置20に送信する。なお、第1匿名医療情報抽出部32は、匿名医療情報312と共に、その匿名医療情報312に関連付けられる匿名化ID311を匿名化装置20に送信するようにしてもよい。
The anonymous medical information management server 30 that has received this anonymized ID 311 extracts the anonymous medical information 312 associated with this anonymized ID 311 from the anonymous medical information database 31 by the first anonymous medical information extraction unit 32 (s3 ), to the anonymization device 20 . The first anonymous medical information extraction unit 32 may transmit the anonymous medical information 312 together with the anonymized ID 311 associated with the anonymous medical information 312 to the anonymization device 20 .
この匿名医療情報312を受信した匿名化装置20は、復号化部23により、医療情報の少なくとも一部を復号化し(s4)、医療機関用端末10aに送信する。その医療情報の少なくとも一部を受信した医療機関用端末10aは、その情報を患者特定情報と共に表示部12に表示し(s5)、動作を終了する。
The anonymization device 20 that has received this anonymous medical information 312 decrypts at least part of the medical information using the decryption unit 23 (s4), and transmits the decrypted medical information to the medical institution terminal 10a. The medical institution terminal 10a, which has received at least part of the medical information, displays the information together with the patient identification information on the display unit 12 (s5), and terminates the operation.
以上説明したように、本実施形態に係る匿名医療情報管理システム1によれば、個人情報に該当しない匿名医療情報を大量に収集し、匿名医療情報データベース31に格納することができる。また、他の医療機関で作成された医療情報の少なくとも一部を、リアルタイムに入手することができる。
(実施形態2) As described above, according to the anonymous medicalinformation management system 1 according to this embodiment, a large amount of anonymous medical information that does not correspond to personal information can be collected and stored in the anonymous medical information database 31 . In addition, at least part of medical information created by other medical institutions can be obtained in real time.
(Embodiment 2)
(実施形態2) As described above, according to the anonymous medical
(Embodiment 2)
実施形態1では、匿名医療情報管理システム1は、医療機関用端末10a、10bと、それらに医療機関内ネットワーク15を介して接続された匿名化装置20と、匿名化装置20とネットワーク40を介して接続された匿名医療情報管理サーバ30とで構成されているが、本発明はこれに限定されない。
In the first embodiment, the anonymous medical information management system 1 includes medical institution terminals 10a and 10b, an anonymization device 20 connected to them via the medical institution network 15, and anonymization device 20 and network 40. and an anonymous medical information management server 30 connected via a network, but the present invention is not limited to this.
例えば、図9に示すように、情報処理用端末50がさらに接続されるようにし、匿名医療情報管理サーバ30Aは、図10に示すように、第2匿名医療情報抽出部35を有するように匿名医療情報管理システム1Aを構成してもよい。
For example, as shown in FIG. 9, an information processing terminal 50 is further connected, and the anonymous medical information management server 30A has a second anonymous medical information extraction unit 35 as shown in FIG. A medical information management system 1A may be configured.
ここで、第2匿名医療情報抽出部35は、匿名医療情報データベース31から、所定の条件を満たす匿名医療情報312を抽出して、情報処理用端末50に送信するものであれば特に限定されない。第2匿名医療情報抽出部35としては、例えば、所定の条件を満たす匿名医療情報312を抽出して、情報処理用端末50に送信するプログラム等が挙げられる。
Here, the second anonymous medical information extraction unit 35 is not particularly limited as long as it extracts the anonymous medical information 312 that satisfies a predetermined condition from the anonymous medical information database 31 and transmits it to the information processing terminal 50 . Examples of the second anonymous medical information extraction unit 35 include a program that extracts anonymous medical information 312 that satisfies a predetermined condition and transmits the information to the information processing terminal 50 .
また、情報処理用端末50は、匿名医療情報管理サーバ30から送信された、所定の条件を満たす匿名医療情報312を情報処理することができるものであれば特に限定されない。情報処理用端末50としては、例えば、ある疾患の発症の原因を分析するために多変量解析を行うプログラムや、何らかの疾患の発症確率を予測するロジスティックス解析を行うプログラムがインストールされたパーソナルコンピュータ等が挙げられる。なお、この他の構成要素については、実施形態1と同様である。
The information processing terminal 50 is not particularly limited as long as it can process the anonymous medical information 312 that satisfies a predetermined condition and is transmitted from the anonymous medical information management server 30 . As the information processing terminal 50, for example, a personal computer or the like installed with a program for performing multivariate analysis for analyzing the cause of the onset of a disease or a program for performing logistic analysis for predicting the probability of developing a certain disease is installed. mentioned. Other components are the same as in the first embodiment.
このように匿名医療情報管理システム1Aを構成することにより、所定の条件を満たす匿名医療情報を多量に抽出して、情報処理用端末に送信することができるので、匿名医療情報を利用した分析を容易に行うことができる。
(実施形態3) By configuring the anonymous medicalinformation management system 1A in this way, it is possible to extract a large amount of anonymous medical information that satisfies a predetermined condition and transmit it to the information processing terminal. can be easily done.
(Embodiment 3)
(実施形態3) By configuring the anonymous medical
(Embodiment 3)
上述した実施形態では、匿名医療情報データベース31には、1つの匿名化IDに対して、複数の匿名医療情報が格納される可能性があるが、本発明はこれに限定されない。
In the above-described embodiment, the anonymous medical information database 31 may store a plurality of pieces of anonymous medical information for one anonymized ID, but the present invention is not limited to this.
例えば、図11に示すように、匿名医療情報管理サーバ30Bが、名寄せ部37を有するように匿名医療情報管理システムを構成してもよい。
For example, as shown in FIG. 11, the anonymous medical information management system may be configured such that the anonymous medical information management server 30B has a name matching unit 37. FIG.
ここで、名寄せ部37は、同一の匿名化IDに関連付けられた複数の匿名医療情報を抽出して、1つの匿名医療情報を作成して、匿名医療情報データベースに格納することができるものであれば特に限定されない。名寄せ部37としては、例えば、同一の匿名化IDに関連付けられた複数の匿名医療情報を抽出して、1つの匿名医療情報を作成して、匿名医療情報データベースに格納するプログラム等が挙げられる。なお、この他の構成要素については、実施形態1と同様である。
Here, the name identification unit 37 extracts multiple pieces of anonymous medical information associated with the same anonymized ID, creates one piece of anonymous medical information, and stores it in the anonymous medical information database. is not particularly limited. Examples of the name identification unit 37 include a program that extracts a plurality of pieces of anonymous medical information associated with the same anonymized ID, creates one piece of anonymous medical information, and stores it in an anonymous medical information database. Other components are the same as in the first embodiment.
このように匿名医療情報管理システム1Aを構成することにより、1つの匿名化IDに関連付けられた1つの匿名医療情報が匿名医療情報データベース31に格納されることになる。すなわち、匿名医療情報データベース31には、各匿名化IDに対して、1つの匿名医療情報312が格納されることになる。その結果、匿名医療情報データベース31から、より早く匿名医療情報を抽出することができる。
(他の実施形態) By configuring the anonymous medicalinformation management system 1</b>A in this way, one piece of anonymous medical information associated with one anonymized ID is stored in the anonymous medical information database 31 . That is, one anonymous medical information 312 is stored in the anonymous medical information database 31 for each anonymized ID. As a result, anonymous medical information can be extracted from the anonymous medical information database 31 more quickly.
(Other embodiments)
(他の実施形態) By configuring the anonymous medical
(Other embodiments)
上述した実施形態では、第1匿名医療情報抽出部と、第2匿名医療情報抽出部とを別のものとして説明したが、第1匿名医療情報抽出部が第2匿名医療情報抽出部と同様の機能を有するように匿名医療情報管理システムを構成してもよいし、第2匿名医療情報抽出部が第1匿名医療情報抽出部と同様の機能を有するように匿名医療情報管理システムを構成してもよいのは言うまでもない。
In the above-described embodiment, the first anonymous medical information extracting unit and the second anonymous medical information extracting unit were explained as separate units. The anonymous medical information management system may be configured to have the function, or the anonymous medical information management system may be configured so that the second anonymous medical information extraction unit has the same function as the first anonymous medical information extraction unit. It goes without saying that it is good.
また、上述した実施形態では、復号化部により、医療情報の少なくとも一部を復号化するように、匿名医療情報管理システムを構成したが、本発明はこれに限定されない。
Moreover, in the above-described embodiment, the anonymous medical information management system is configured such that the decryption unit decrypts at least part of the medical information, but the present invention is not limited to this.
例えば、医療機関用端末に、各患者特定情報に関連付けられた特定情報を記憶させておき、その患者の医療情報を表示部に表示させる際に、その特定情報も併せて表示させるように匿名医療情報管理システムを構成してもよい。また、匿名化装置に、患者特定情報および匿名化IDの少なくとも一方に関連付けられた特定情報を記憶させておき、復号化された医療情報の一部と共に、匿名化IDに関連付けられた特定情報を医療機関用端末に送信するようにしてもよい。なお、特定情報の記憶方法は特に限定されず、メモリやハードディスク等の記憶媒体に記憶させておいてもよい。
For example, a terminal for a medical institution stores specific information associated with each patient specific information, and when the medical information of the patient is displayed on the display unit, the specific information is also displayed. An information management system may be configured. Further, the anonymization device stores the specific information associated with at least one of the patient specific information and the anonymized ID, and stores the specific information associated with the anonymized ID together with part of the decrypted medical information. You may make it transmit to the terminal for medical institutions. Note that the method of storing the specific information is not particularly limited, and the specific information may be stored in a storage medium such as a memory or a hard disk.
このように、匿名医療情報管理システムを構成することにより、匿名医療情報から完全な医療情報を復号化し、医療機関用端末に表示させることができる。
By configuring the anonymous medical information management system in this way, complete medical information can be decoded from anonymous medical information and displayed on the medical institution terminal.
1、1A 匿名医療情報管理システム
10a、10b 医療機関用端末
11 入力部
12 表示部
15 医療機関内ネットワーク
20 匿名化装置
21 匿名化ID作成部
22 匿名化部
23 復号化部
30、30A、30B 匿名医療情報管理サーバ
31 匿名医療情報データベース
32 第1匿名医療情報抽出部
35 第2匿名医療情報抽出部
37 名寄せ部
40 ネットワーク
50 情報処理用端末
311 匿名化ID
312 匿名医療情報
M 医療機関
1, 1A Anonymous medical information management system 10a, 10b Terminal for medical institution 11 Input unit 12 Display unit 15 Internal network of medical institution 20 Anonymization device 21 Anonymization ID creation unit 22 Anonymization unit 23 Decryption unit 30, 30A, 30B Anonymity Medical information management server 31 Anonymous medical information database 32 First anonymous medical information extraction unit 35 Second anonymous medical information extraction unit 37 Name matching unit 40 Network 50 Information processing terminal 311 Anonymization ID
312 Anonymous medical information M Medical institution
10a、10b 医療機関用端末
11 入力部
12 表示部
15 医療機関内ネットワーク
20 匿名化装置
21 匿名化ID作成部
22 匿名化部
23 復号化部
30、30A、30B 匿名医療情報管理サーバ
31 匿名医療情報データベース
32 第1匿名医療情報抽出部
35 第2匿名医療情報抽出部
37 名寄せ部
40 ネットワーク
50 情報処理用端末
311 匿名化ID
312 匿名医療情報
M 医療機関
1, 1A Anonymous medical
312 Anonymous medical information M Medical institution
Claims (4)
- 医療機関の管理下に置かれた医療機関用端末と、
前記医療機関の管理下に置かれ、かつ前記医療機関用端末と接続された匿名化装置と、
前記匿名化装置とネットワークを介して接続された匿名医療情報管理サーバとを具備する匿名医療情報管理システムであって、
医療機関用端末は、
患者を特定できる患者特定情報および前記患者の医療情報を入力する入力部を有し、
前記匿名化装置は、
前記医療機関用端末から送信された前記患者特定情報に基づいて、前記患者特定情報とは異なる前記患者の匿名化IDを作成する匿名化ID作成部と、
前記医療機関用端末から送信された前記患者の医療情報から前記患者を特定するために必要となる特定情報を削除すると共に、前記患者の前記匿名化IDとを関連付けた匿名医療情報を作成する匿名化部とを有し、
前記匿名医療情報管理サーバは、
前記匿名化IDおよび前記匿名医療情報を格納する匿名医療情報データベースを有する
ことを特徴とする匿名医療情報管理システム。 a medical institution terminal under the control of a medical institution;
an anonymization device under the control of the medical institution and connected to the medical institution terminal;
An anonymous medical information management system comprising the anonymization device and an anonymous medical information management server connected via a network,
Terminals for medical institutions are
an input unit for inputting patient identification information that can identify a patient and medical information of the patient;
The anonymization device is
an anonymized ID creation unit that creates an anonymized ID of the patient that is different from the patient identification information based on the patient identification information transmitted from the medical institution terminal;
Anonymization for creating anonymous medical information associated with the anonymized ID of the patient while deleting the specific information required to identify the patient from the patient's medical information transmitted from the medical institution terminal having a chemical part,
The anonymous medical information management server
An anonymous medical information management system, comprising an anonymous medical information database that stores the anonymized ID and the anonymous medical information. - 前記匿名医療情報管理サーバは、前記匿名化IDに基づいて、前記匿名医療情報データベースから、前記匿名化IDに関連付けられた前記匿名医療情報を抽出して、前記匿名化装置に送信する第1匿名医療情報抽出部を有し、
前記匿名化装置は、前記患者特定情報と、前記匿名化IDと、前記匿名医療情報とに基づいて、前記匿名医療情報から前記患者の医療情報の少なくとも一部を復号化する復号化部を有し、
前記医療機関用端末は、前記復号化部により復号化された前記患者の医療情報の少なくとも一部を表示する表示部を有する
ことを特徴とする請求項1に記載の匿名医療情報管理システム。 The anonymous medical information management server extracts the anonymous medical information associated with the anonymized ID from the anonymous medical information database based on the anonymized ID, and transmits the anonymous medical information to the anonymization device. having a medical information extraction unit,
The anonymization device has a decryption unit that decrypts at least part of the patient's medical information from the anonymous medical information based on the patient identification information, the anonymized ID, and the anonymous medical information. death,
2. An anonymous medical information management system according to claim 1, wherein said terminal for medical institutions has a display section for displaying at least part of said patient's medical information decrypted by said decryption section. - 前記匿名医療情報管理システムは、前記ネットワークを介して、前記匿名医療情報を受信する情報処理用端末に接続され、
前記匿名医療情報管理サーバは、前記匿名医療情報データベースから、所定の条件を満たす匿名医療情報を抽出して、前記情報処理用端末に送信する第2匿名医療情報抽出部を有することを特徴とする請求項1または2に記載の匿名医療情報管理システム。 The anonymous medical information management system is connected via the network to an information processing terminal that receives the anonymous medical information,
The anonymous medical information management server is characterized by comprising a second anonymous medical information extraction unit that extracts anonymous medical information that satisfies a predetermined condition from the anonymous medical information database and transmits the information to the information processing terminal. The anonymous medical information management system according to claim 1 or 2. - 前記匿名医療情報管理サーバは、同一の前記匿名化IDに関連付けられた複数の前記匿名医療情報を抽出して、1つの匿名医療情報を作成して、前記匿名医療情報データベースに格納する名寄せ部を有することを特徴とする請求項1~3の何れか1項に記載の匿名医療情報管理システム。
The anonymous medical information management server extracts a plurality of the anonymous medical information associated with the same anonymized ID, creates one piece of anonymous medical information, and includes a name identification unit that stores the information in the anonymous medical information database. The anonymous medical information management system according to any one of claims 1 to 3, characterized by comprising:
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2021-037620 | 2021-03-09 | ||
| JP2021037620A JP2024065121A (en) | 2021-03-09 | 2021-03-09 | Anonymous medical information management system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2022190778A1 true WO2022190778A1 (en) | 2022-09-15 |
Family
ID=83227622
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/JP2022/005769 WO2022190778A1 (en) | 2021-03-09 | 2022-02-14 | Anonymous medical information management system |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP2024065121A (en) |
| WO (1) | WO2022190778A1 (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016185887A1 (en) * | 2015-05-19 | 2016-11-24 | 株式会社医療情報技術研究所 | Integrated multi-facility electronic medical chart system |
| JP2019133540A (en) * | 2018-02-02 | 2019-08-08 | 公益財団法人がん研究会 | System for supporting search of anonymized medical information, using integration and management database for structuralized diagnosis data |
| JP2019160273A (en) * | 2018-03-15 | 2019-09-19 | 株式会社トプコン | Medical information processing system and medical information processing method |
| JP2019185403A (en) * | 2018-04-10 | 2019-10-24 | 公立大学法人奈良県立医科大学 | Patient matching method and device in receipt information/specific medical examination information database |
-
2021
- 2021-03-09 JP JP2021037620A patent/JP2024065121A/en active Pending
-
2022
- 2022-02-14 WO PCT/JP2022/005769 patent/WO2022190778A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016185887A1 (en) * | 2015-05-19 | 2016-11-24 | 株式会社医療情報技術研究所 | Integrated multi-facility electronic medical chart system |
| JP2019133540A (en) * | 2018-02-02 | 2019-08-08 | 公益財団法人がん研究会 | System for supporting search of anonymized medical information, using integration and management database for structuralized diagnosis data |
| JP2019160273A (en) * | 2018-03-15 | 2019-09-19 | 株式会社トプコン | Medical information processing system and medical information processing method |
| JP2019185403A (en) * | 2018-04-10 | 2019-10-24 | 公立大学法人奈良県立医科大学 | Patient matching method and device in receipt information/specific medical examination information database |
Non-Patent Citations (1)
| Title |
|---|
| ANONYMOUS: "Anonymity Number Creation System ancs.", INTEROP TOKYO 2019, 12 June 2019 (2019-06-12), pages 2 - 4 * |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2024065121A (en) | 2024-05-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Racine et al. | Healthcare uses of artificial intelligence: Challenges and opportunities for growth | |
| US9141758B2 (en) | System and method for encrypting provider identifiers on medical service claim transactions | |
| Hunt et al. | Do women consult more than men? A review of gender and consultation for back pain and headache | |
| Lopez et al. | Risk factors for mild cognitive impairment in the Cardiovascular Health Study Cognition Study: part 2 | |
| Ahmadi et al. | Development a minimum data set of the information management system for burns | |
| Hornbrook et al. | Building a virtual cancer research organization | |
| US20210193319A1 (en) | Enhanced Decision Support for Systems, Methods, and Media for Laboratory Benefit Services | |
| US11056229B2 (en) | Systems, methods, and media for laboratory benefit services | |
| Ahmadi et al. | Developing a minimum data set of the information management system for orthopedic injuries in Iran | |
| US20120173285A1 (en) | Proactive Clinical Evidence at Point of Care and Genomic Data Integration through Cloud EMR Media | |
| West et al. | The challenges of linking health insurer claims with electronic medical records | |
| Gostin et al. | Reforming the HIPAA privacy rule: safeguarding privacy and promoting research | |
| Pantazos et al. | Preserving medical correctness, readability and consistency in de-identified health records | |
| Moeil Tabaghdehi et al. | Designing a minimum data set for major thalassemia patients: Towards electronic personal health record | |
| JP2005346248A (en) | Information mediation method and device | |
| US20190103177A1 (en) | Medical personal data card and system | |
| Bello et al. | Colorectal Cancer Screening in the US—Still Putting the Cart Before the Horse? | |
| Rahmouni et al. | Enhanced privacy governance in Health Information Systems throughbusiness process modelling and HL7 | |
| Jayathissa et al. | Development of Minimum Clinical Data Set for Master Patient index for Sri Lankan Context | |
| WO2022190778A1 (en) | Anonymous medical information management system | |
| Apriani et al. | Mycobacterium tuberculosis infection and disease in healthcare workers in a tertiary referral hospital in Bandung, Indonesia | |
| JP2008108069A (en) | Information management system | |
| Keikha et al. | Development of hospital-based data sets as a vehicle for implementation of a national electronic health record | |
| Mitka | New HIPAA rule aims to improve privacy and security of patient records | |
| Ganiat et al. | Ethical issues in interoperability of electronic healthcare systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22766743 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 22766743 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: JP |