WO2024014012A1

WO2024014012A1 - Health/medical information central management system

Info

Publication number: WO2024014012A1
Application number: PCT/JP2022/047347
Authority: WO
Inventors: 崇寛土井; 東一郎桐林
Original assignee: 株式会社サンクスネット
Priority date: 2022-07-15
Filing date: 2022-12-22
Publication date: 2024-01-18
Also published as: JP2024011594A; JP2024012205A

Abstract

Provided is a health/medical-related information central management system that, with respect to approval/denial of publication of health/medical-related information of individuals, provides an incentive to an individual to promote central management of the health/medical-related information.　A health/medical-related information central management system is provided, comprising: a health/medical-related information accumulation unit in which health/medical-related information related to individuals is accumulated for central management; an access control unit for controlling disclosure of the health/medical-related information accumulated in the health/medical-related information accumulation unit to a third party via a network; and an incentive function unit that, with respect to approval/denial of publication of health/medical-related information of individuals, includes at least an incentive management unit for providing an incentive to an individual to promote central management of the health/medical-related information.

Description

Health and medical information unified management system

This application is filed as a basic application for priority rights, and the applicant himself has consented to this application.
The present invention relates to a unified health and medical information management system for accumulating and centrally managing health and medical information that is information related to personal health and medical care.

Recently, systems and services that share patient medical information among multiple medical institutions have begun to be considered.

As an example of such a system, the invention described in Patent Document 1 has been proposed. In this invention, medical information such as electronic medical records created by a predetermined medical institution is disclosed to other doctors and medical institutions only for necessary items, and items that the patient himself/herself does not wish to be disclosed are not disclosed. The aim was to provide a medical information management system for

JP2004-287774

However, the above-mentioned invention has a problem in that it does not disclose whether or not to disclose patient's medical information from the perspective of providing incentives to patients in order to promote unified management of medical information.

In view of the above-mentioned problems, the present invention provides a unified management of health and medical information that provides incentives to individuals in order to promote the unified management of health and medical information regarding whether or not to disclose personal health and medical information. The aim is to provide a system.

Specifically, the present invention provides a health and medical information storage unit for accumulating and centrally managing health and medical information related to individuals, and a network for the health and medical information accumulated in the health and medical information storage unit. In order to promote the unified management of health and medical information, we will provide incentives to individuals, including an access control section to control disclosure to third parties through the An incentive function section including at least an incentive management section for providing health and medical information.

Furthermore, the present invention provides a health and medical related information unified management system which, in addition to the above characteristics, further includes an access authentication processing section that performs authentication for accessing the incentive management section.

Further, in addition to the above characteristics, the present invention further includes a consent information acquisition unit that acquires consent information that is information indicating consent to accept the incentive provided by the incentive management unit after being authenticated by the access authentication processing unit. Provides a unified management system for health and medical information.

In addition to the above-mentioned features, the present invention provides a health care system that further includes an incentive processing section for performing incentive processing, which is processing for providing an incentive when consent information is acquired by the consent information acquisition section. Provides a related information unified management system.

Further, the present invention provides a health and medical related information unified management system that further includes a disclosure permission information holding unit that holds disclosure permission information indicating whether or not an individual is permitted to disclose his or her health and medical information to a third party. I will provide a.

Further, the present invention provides a health care system having a third party identification information holding unit that holds third party identification information for identifying whether a third party is a medical worker or a non-medical worker. Provides a related information unified management system.

Further, the present invention provides that the access control unit determines whether the disclosure permission information held in the disclosure permission information storage unit indicates permission to publish, and the third party identification information held in the third party identification information storage unit is a medical professional. Provided is a unified health and medical information management system that allows medical personnel to view health and medical information stored in a health and medical information storage unit.

Further, the present invention provides that the access control section determines whether the disclosure permission information held in the disclosure permission information storage section indicates permission for disclosure, and the third party identification information held in the third party identification information storage section is non-medical. When indicating that the person is a worker, some (including all) of the health and medical information stored in the health and medical information storage unit, or health and medical information that has been anonymized using a predetermined anonymization method. Provides a unified health and medical information management system that allows non-medical personnel to view related information.

Further, the present invention provides that the anonymization method includes at least k (k is a natural number of 2 or more) anonymization, pseudonymization, generalization, top (bottom) coding, noise (error) addition, swapping (data exchange), The present invention provides a unified management system for health and medical information that is performed using sampling, grouping anonymization methods, or a combination thereof.

In addition, the present invention can be applied to medical professionals such as doctors, dentists, pharmacists, public health nurses, midwives, nurses, associate nurses, physical therapists, occupational therapists, orthoptists, speech therapists, and prosthetics and orthotics. Medical radiologist, medical X-ray technician, clinical laboratory technician, sanitary laboratory technician, clinical engineer, dental hygienist, dental technician, emergency medical technician, anma massage shiatsu therapist, acupuncture therapist, massage therapist, judo therapist, management We provide a unified management system for health and medical information that includes at least one of the following: a dietician, a nutritionist, a mental health worker, a social worker, a certified care worker, a certified psychologist, a clinical psychologist, and a medical administrator.

The present invention also applies to non-medical workers such as life insurance companies, non-life insurance companies, securities companies, pharmaceutical companies, drug discovery venture companies, food companies, health equipment companies, fitness clubs, sports gyms, banks, credit unions, JA (agricultural cooperatives), union health insurance, Kyokai Kenpo, mutual aid associations, municipal national health insurance, national health insurance associations, PR companies, general research institutes, universities and graduate schools (including affiliated research institutes), technical colleges, agriculture, forestry and fisheries companies, fertilizers We provide a unified management system for health and medical information that includes at least one of the following: manufacturers, government offices, local governments, and independent administrative agency employees.
do.

Furthermore, in order to realize the above-mentioned health and medical related information unified management system, there is a method for operating the health and medical related information unified management system, which is a computer, and a system that can be read and executed by the health and medical related information unified management system, which is a computer. An operating program for the described health and medical information unified management system is provided.

Specifically, the present invention is a method executed by a CPU in a health and medical information unified management system, which includes a health and medical information accumulation step for accumulating and centrally managing health and medical information related to individuals; An access control step for controlling the disclosure of health and medical information accumulated in the medical information storage step to a third party via the network, and a health and medical In order to promote unified management of related information, a method is provided having an incentive function step including at least an incentive management step for providing incentives to individuals.

Specifically, the present invention is a method executed by a CPU in a health and medical information unified management system, which includes a health and medical information accumulation step for accumulating and centrally managing health and medical information related to individuals; An access control step for controlling the disclosure of health and medical information accumulated in the medical information storage step to a third party via the network, and a health and medical In order to promote unified management of related information, an incentive function step including at least an incentive management step for providing incentives to individuals; Provides an operating program for a unified health and medical information management system.

As described above, the present invention can provide a unified health and medical information management system that provides incentives to individuals in order to promote the unified management of health and medical information regarding whether or not to disclose health and medical information. .

Diagram showing the hardware configuration applied to the present invention Diagram showing the overall configuration of the unified health and medical information management system according to the present invention A diagram showing the functional configuration of the health and medical related information unified management system in Embodiment 1 A diagram showing the hardware configuration of the health and medical related information unified management system in Embodiment 1 Diagram showing the flow of processing when using the unified health and medical information management system in Embodiment 1 A diagram showing the functional configuration of the health and medical related information unified management system in Embodiment 1 Diagram showing the functional configuration of the health and medical related information unified management system in Embodiment 2 Diagram showing the hardware configuration of the health and medical related information unified management system in Embodiment 2 Diagram showing the flow of processing when using the unified health and medical information management system in Embodiment 2 Diagram showing the functional configuration of a health and medical related information unified management system in Embodiment 3 A diagram showing the hardware configuration of a health and medical related information unified management system in Embodiment 3 Diagram showing the flow of processing when using the unified health and medical information management system in Embodiment 3 Diagram showing the functional configuration of a health and medical related information unified management system in Embodiment 4 Diagram showing the hardware configuration of a health and medical related information unified management system in Embodiment 4 Diagram showing the flow of processing when using the unified health and medical information management system in Embodiment 4 A diagram showing the functional configuration of a health and medical related information unified management system in Embodiment 5 A diagram illustrating an example of the functional configuration of a unified health and medical information management system in Embodiment 5. A diagram showing the hardware configuration of a health and medical related information unified management system in Embodiment 5 Diagram showing the flow of processing when using the unified health and medical information management system in Embodiment 5 A diagram illustrating the functional configuration of a unified health and medical information management system in Embodiment 6 A diagram showing the hardware configuration of a health and medical related information unified management system in Embodiment 6 Diagram showing the flow of processing when using the unified health and medical information management system in Embodiment 6 Diagram showing the functional configuration of a health and medical related information unified management system in Embodiment 7 A diagram showing the hardware configuration of a health and medical related information unified management system in Embodiment 7 Diagram showing the flow of processing when using the unified health and medical information management system in Embodiment 7 Diagram showing the functional configuration of a health and medical related information unified management system in Embodiment 8 A diagram showing the hardware configuration of a health and medical related information unified management system in Embodiment 8 Diagram showing the flow of processing when using the unified health and medical information management system in Embodiment 8 Diagram showing an example of anonymization method Diagram showing an example of anonymization method Diagram showing an example of anonymization method A diagram showing an example of a user interface of the unified health and medical information management system of the present invention A diagram showing an example of a user interface of the unified health and medical information management system of the present invention A diagram showing an example of a user interface of the unified health and medical information management system of the present invention A diagram showing an example of a user interface of the unified health and medical information management system of the present invention A diagram showing an example of a user interface of the unified health and medical information management system of the present invention Diagram showing the user interface of the unified health and medical information management system of the present invention <About the hardware that can constitute the present invention>

FIG. 1 is a diagram showing a hardware configuration applied to the present invention.
The present invention is an invention that basically utilizes an electronic computer, but it is also realized by software, hardware, and cooperation between software and hardware. The hardware that realizes all or part of each component of the present invention is comprised of the basic components of a computer, such as a CPU, memory, bus, input/output devices, various peripheral devices, and a user interface. Various peripheral devices include storage devices, interfaces such as the Internet, devices such as the Internet, displays, keyboards, mice, speakers, cameras, videos, televisions, and various sensors (flow rate sensors, , temperature sensor, weight sensor, liquid level sensor, infrared sensor, shipment counting machine, packaging counting machine, foreign object inspection device, defective product counting machine, radiation inspection device, surface condition inspection device, circuit inspection device, human sensor, Devices for understanding worker work status (video, ID, PC workload, etc.), CD devices, DVD devices, Blu-ray devices, USB memory, USB memory interfaces, removable hard disks, general hard disks, projector devices, This includes SSDs, telephones, faxes, copy machines, printing devices, movie editing devices, various sensor devices, etc. Further, the present system does not necessarily need to be configured by one housing, but may be configured by connecting multiple housings through communication. Further, the communication may be LAN, WAN, Wifi, Bluetooth (registered trademark), infrared communication, or ultrasonic communication, and furthermore, some of the communication may be located across national borders. Furthermore, each of the plurality of cases may be operated by a different entity, or may be operated by one entity. It does not matter whether the system of the present invention is operated by a single entity or a plurality of entities. In addition to this system, the invention can also be configured as a system including a terminal used by a third party, and a terminal used by another third party. Furthermore, these terminals may be installed across national borders. Furthermore, in addition to this system and the above-mentioned terminals, devices used for registering related information of third parties, related persons, and devices used for databases for recording registration contents may also be prepared. good. These may be provided in the present system, or may be provided outside the present system and the present system may be configured so that these information can be used.

As shown in this figure, a computer is configured on a motherboard, including a chipset, CPU, nonvolatile memory, main memory, various buses, BIOS, various interfaces such as USB, HDMI (registered trademark), and LAN, and a real-time clock. Consists of etc. These operate in cooperation with an operating system, device drivers (for embedding various interfaces such as USB and HDMI (registered trademark), and various devices such as cameras, microphones, speakers or headphones, and displays), various programs, and the like. Various programs and various data constituting the present invention are configured to efficiently utilize these hardware resources to execute various processes.
≪Chip set≫

A "chip set" is a set of large-scale integrated circuits (LSI) that are mounted on a computer's motherboard and integrate a bridge function, which is a communication function between the CPU's external bus and a standard bus that connects memory and peripheral devices. . There are cases where a two-chip set configuration is adopted and cases where a one-chip set configuration is adopted. A north bridge is provided on the side closer to the CPU and main memory, and a south bridge is provided on the side that is far away and interfaces with relatively low-speed external I/O.

(North Bridge)
The northbridge includes a CPU interface, memory controller, and graphics interface. Most of the functions of a conventional northbridge may be performed by the CPU. The northbridge is connected to a memory slot of the main memory via a memory bus, and is connected to a graphics card slot of a graphics card via a high-speed graphics bus (AGP, PCI Express).

(South Bridge)
The south bridge is connected to a PCI interface (PCI slot) via a PCI bus, and is responsible for I/O functions and sound functions with ATA (SATA) interface, USB interface, Ethernet interface, etc. Incorporating circuits to support PS/2 ports, floppy disk drives, serial ports, parallel ports, and ISA buses that do not require or are not possible to operate at high speeds will hinder the speeding up of the chipset itself. Therefore, it may be separated from the south bridge chip and placed in another LSI called a super I/O chip. A bus is used to connect the CPU (MPU) with peripheral devices and various control units. The buses are connected by chipsets. The memory bus used for connection with the main memory may alternatively have a channel structure in order to increase speed. A serial bus or parallel bus can be used as the bus. Whereas a serial bus transfers data one bit at a time, a parallel bus bundles the original data itself or multiple bits extracted from the original data and simultaneously transmits them over multiple communication paths. A dedicated line for clock signals is provided in parallel with the data line to synchronize data demodulation on the receiving side. It is also used as a bus to connect the CPU (chip set) and external devices, and includes GPIB, IDE/(parallel) ATA, SCSI, and PCI. Since there is a limit to speeding up, the data line may be a serial bus in PCI Express, an improved version of PCI, and Serial ATA, an improved version of parallel ATA.

<<CPU>>

The CPU sequentially reads, interprets, and executes a sequence of instructions called a program stored in the main memory, and outputs information consisting of signals to the main memory as well. The CPU functions as the center for performing calculations within the computer. Note that a CPU is composed of a CPU core part that is the center of calculations and its peripheral parts, and inside the CPU there are registers, cache memory, an internal bus that connects the cache memory and the CPU core, a DMA controller, a timer, and a north bridge. This includes the connection bus and interface. Note that one CPU (chip) may include a plurality of CPU cores. Further, in addition to the CPU, processing may be performed by a graphic interface (GPU) or FPU. Note that although the description in the embodiment is of a two-core type, the present invention is not limited to this. Moreover, the program can also be built into the CPU.

<<Non-volatile memory>>

(HDD)

The basic structure of a hard disk drive consists of a magnetic disk, a magnetic head, and an arm on which the magnetic head is mounted. The external interface can be SATA (ATA in the past). A sophisticated controller, such as SCSI, is used to support communication between hard disk drives. For example, when copying a file to another hard drive, the controller can read sectors and transfer them to the other hard drive for writing. At this time, the memory of the host CPU is not accessed. Therefore, there is no need to increase the load on the CPU.

<<Main memory>>

The CPU directly accesses and executes various programs on the main memory. The main memory is a volatile memory, and DRAM is used. The program on the main memory is expanded from the non-volatile memory onto the main memory in response to a program activation command. Thereafter, the CPU continues to execute the program according to various execution instructions and execution procedures within the program.

<<Operating system (OS)>>

An operating system is used to manage the resources on a computer so that they can be used by applications, to manage various device drivers, and to manage the computer itself, which is hardware. Small computers sometimes use firmware as an operating system.

<<BIOS>>

The BIOS causes the CPU to execute the steps to start up the computer's hardware and run the operating system, and is most typically the first piece of hardware that the CPU reads when it receives a computer startup command. . The address of the operating system stored on the disk (non-volatile memory) is written here, and the operating system is sequentially loaded into the main memory by the BIOS loaded on the CPU and becomes operational. Note that the BIOS also has a check function that checks the presence or absence of various devices connected to the bus. The results of the check are stored in main memory and made available to the operating system as appropriate. Note that the BIOS may be configured to check external devices and the like. The above is the same in all embodiments.

As shown in the figure, the present invention can basically be configured by a general-purpose computer program and various devices. Basically, a computer operates by loading a program stored in a non-volatile memory into the main memory, and executing the process using the main memory, CPU, and various devices. Communication with devices is performed via an interface connected to a bus line. Possible interfaces include a display interface, a keyboard, and a communication buffer. Embodiments of the present invention will be described below along with illustrated examples.

The present invention functions in cooperation with a computer, communication equipment, and software. Specifically, it is related to a unified health and medical information management system for accumulating and centrally managing health and medical information that is information related to personal health and medical care, and it is possible to collect and centrally manage health and medical information, which is information related to personal health and medical care. Various information and data are exchanged between administrator terminals and the like using hardware resources. Therefore, from this point of view, if the claimed invention is judged based on the matters stated in the claims and specification, as well as the common general knowledge related to these matters, the claimed invention as a whole utilizes the laws of nature. This invention also falls under computer software-related inventions.

The use of natural laws required by the Patent Act refers to the use of natural laws that are industrially useful, from the viewpoint that inventions must have industrial applicability and contribute to the development of industry based on the legal purpose. This is required to ensure that the invention is capable of In other words, it requires that the invention be industrially useful, that is, that the effects of the invention declared at the time of filing the application can be reproduced with a certain degree of certainty by implementing the invention. From this perspective, the usability of natural laws means that the functions of each of the invention specifying matters (invention constituent elements), which are the composition of the invention to achieve the effects of the invention, are achieved by utilizing natural laws. It is interpreted as bayoi. Furthermore, the effectiveness of an invention is defined as the possibility of providing a certain level of usefulness to the users who use the invention, and it is not sufficient to define the effectiveness of an invention as long as it has the potential to provide a certain level of usefulness to the users who use the invention. It should not be viewed from that perspective. Therefore, even if the effect that the user obtains from this system is a psychological effect, that effect itself is a phenomenon that is not subject to the required usability of natural laws.

Embodiments of the present invention will be described below with reference to the accompanying drawings. Note that the mutual relationship between the embodiments and the claims is as follows. Primarily, the description of Embodiment 1 relates to claims 1, 12 and 13, the description of Embodiment 2 relates to claim 2, the description of Embodiment 3 relates to claim 3, the description of Embodiment 4 relates to claim 4, The description of the fifth embodiment is related to claim 5, the description of the sixth embodiment is related to claim 6, the description of embodiment 7 is related to claim 7, and the description of embodiment 8 is related to claim 8. The present invention should not be limited to these embodiments in any way, and may be implemented in various forms without departing from the spirit thereof.

<Overall configuration of the unified health and medical information management system of the present invention>
FIG. 2a is a diagram showing an example of the overall configuration of the health and medical related information unified management system according to the present invention.
The unified health and medical information management system 200 includes electronic medical record information regarding individuals, various test information (which may include medical examinations, medical examinations, etc.), prescription information, drug history information, medication status information, and vital information (for example, body temperature, blood pressure, etc.). , pulse, heart rate, height, weight, blood sugar level, body fat percentage, arterial blood oxygen saturation, electroencephalogram, electrocardiogram, step count, respiratory rate, heart sounds, urine measurement information (e.g., urine sugar, urine protein, urine occult blood, urobilinogen) , pH, bilirubin, ketone bodies, nitrites, etc.), sleep time, etc.), information from medical questionnaires, data from health promotion apps, conversation data from interactive health promotion SNS, etc. The health and medical information storage unit 201 stores health and medical information including one or more pieces of information, and the health and medical information stored in the health and medical information storage unit 201 is disclosed to a third party via a network. an access control unit 202 for controlling the disclosure of personal health and medical information, and an incentive management unit 203 for providing incentives to individuals in order to promote the unified management of health and medical related information regarding permission to disclose personal health and medical information. and an incentive function unit 204 that has functions such as access control to incentive-related information, consent information acquisition, and incentive processing. Further, the health and medical related information unified management system 200 is configured to be electrically connectable to a third party terminal 206 and an administrator terminal 207 via a network 205 (for example, the Internet, WAN, LAN, etc.). . Here, the third party terminal 206 and the administrator terminal 207 are electronic devices (for example, a personal computer, a tablet terminal, etc.) that can be connected to the network 205 via a wired or wireless interface (for example, a communication cable or a WiFi router). , smartphone, etc.). Furthermore, in the present invention, a "third party" refers to an individual (including, but not limited to, the patient himself/herself, his/her family, etc.), a medical worker, a non-medical worker, etc., which will be described later. Furthermore, the term "administrator" may include a person (for example, an individual, or an institution, group, or corporation to which the individual belongs) who is responsible for managing and operating the entire health and medical information unified management system. This may also include employees of government offices and local governments, or institutions, organizations, and corporations commissioned by government offices and local governments. The user may also have the authority to perform deletion.

In addition, "electronic medical record information" includes, for example, basic information about the patient (e.g., patient ID, name, date of birth, contact information, emergency contact information, family history, height/weight, allergy information, smoking and drinking status). , medical history, etc.), medical examination information (e.g., patient's chief complaint (complaints about subjective symptoms and physical condition), various test results, medication information, diagnosis name, treatment policy, doctor's examination records, doctor's instructions, etc.) ), information related to nursing care and progress (e.g., vital information (e.g., body temperature, blood pressure, pulse, heart rate, height, weight, blood sugar level, body fat percentage, arterial blood oxygen saturation, electroencephalogram, electrocardiogram, number of steps, respiratory rate, heart sounds, urine measurement information (e.g., urine sugar, urine protein, urine occult blood, urobilinogen, pH, bilirubin, ketone bodies, nitrites, etc.), sleep time, etc.), observation results, urine and Records of stool, etc., records of meal contents and intake, records of nursing care, etc.), information regarding tests (for example, test instructions, test results, images (partial) obtained from image tests, reports on those images, etc.) , information on treatments and surgeries (e.g. instructions for treatments and surgeries, progress and results of treatments and surgeries, methods and results of pathological diagnoses, etc.), information on medicines (e.g. instructions for drug discovery) , medication date and time, drug, medication results, etc.), post-treatment or post-surgery follow-up observation information, etc. may also be included.

In addition, "prescription information" includes, for example, insurer number, name, date of birth, gender, name of medical institution, contact information, name of prescribing doctor, name of medicine, form of medicine (tablets, capsules). , liquids, powders, granules, etc.), the amount of medicine (amount to take at a time), the number of times you take it per day, the timing of taking it, information about switching to generic drugs, and the number of times you need to split the medication. You can.
In addition, "medication history information" includes, for example, the patient's name, date of birth, gender, My Number information, the symbol number of the insurance card, address, emergency contact information, the name of the insurance medical institution that prescribed the medicine, and the insurance physician. Confirmation of name, prescription date, prescription details, key points for inquiries regarding dispensing date and prescription details, patient's constitution, allergy history, history of side effects, key points of consultation from patients or their families, medication status, status of leftover medication, etc. , changes in physical condition while taking the medication, concomitant medications, past medical history including complications, presence or absence of visits to other departments, presence or absence of symptoms that suggest side effects, status of intake of food and drink (drug interactions), information on generic drugs. The information may include the patient's intention regarding use, the status of information provided in the notebook, key points of medication guidance, and the name of the insurance pharmacist who provided the guidance.

In addition, "dose status information" includes, for example, information regarding the remaining amount of prescribed medicine (e.g., the amount of medicine remaining if the patient accidentally forgets to take it or does not intentionally take it). (including), timing information regarding visits to the hospital/office (e.g., the period required from the scheduled prescription end date (scheduled dosing end date) to the actual visit/office visit (for example, if you come to the hospital/office earlier than planned, patients' complaints about medication (for example, if you keep taking a certain medicine, you get hives, or if you take a certain medicine and it doesn't work). (including complaints about physical condition and subjective symptoms such as feeling light-headed and feeling light-headed).

Further, the "health and medical related information" may include, for example, PHR and the like. Here, PHR is an abbreviation that stands for Personal Health Record, and refers to information regarding personal health, medical care, and nursing care. The aim is for each person to be able to receive excellent services that match their own health status by managing and utilizing information regarding their personal health, medical care, and nursing care in a chronological manner throughout their lifetime. . For example, each citizen has recorded a large amount of health and medical information in paper media such as various notebooks and documents. The medium and location in which these records are kept differ depending on the life stage (milestone of life) at the time. For example, when giving birth, a ``maternal and child health handbook'' is required, when receiving school education, ``school health checkup results'' are required, and when finding a job, ``periodic health checkup results'' are required. Also, depending on your physical condition, you may need to manage your own health using a ``disease management notebook'' or ``medication notebook,'' and if you are an elderly person, it may be recorded in a ``nursing care prevention notebook'' or ``family cooperation notebook.'' become. There is a concept and system that allows people to manage and utilize their own data by digitizing the original "notebook culture" and centralizing it as data, and it is expected that it will become even more popular in the future. ing.

Although the present invention will be described on the assumption that the health and medical information storage unit 201 and the access control unit 202 are configured to function on the same server, the present invention is not limited to this, and they may be configured to function on separate servers. It may be configured to take on a function. Alternatively, a configuration may be adopted in which a plurality of servers are prepared, information and data are exchanged between the servers, and various functions can be executed in coordination or cooperation. For example, the health and medical information storage section 201 and the access control section 202 may be configured as a cloud server.

Similarly, the present invention assumes that the health and medical information storage section 201, the access control section 202, and the incentive function section 204, which includes at least the incentive management section 203, are configured to function as separate servers. Although this will be described, the configuration is not limited to this, and the same server may be configured to perform the respective functions. Alternatively, a configuration may be adopted in which a plurality of servers are prepared, information and data are exchanged between the servers, and various functions can be executed in coordination or cooperation. For example, the health and medical information storage unit 201, the access control unit 202, and the incentive function unit 204 (including at least the incentive management unit 203) may be configured as a cloud server.

<Embodiment 1 (mainly corresponding to claims 1, 12, and 13)>
<Embodiment 1 Overview>
This embodiment includes a health and medical information storage unit for accumulating and centrally managing health and medical information related to individuals, and a health and medical information storage unit that stores the health and medical information accumulated in the health and medical information storage unit through a network. An access control section to control disclosure to third parties, and a system to provide incentives to individuals in order to promote the unified management of health and medical information regarding whether or not to disclose health and medical information related to individuals. An incentive function section including at least an incentive management section. In addition, in order to achieve this, we will explain the method executed by the CPU in the unified health and medical information management system, and the operation of the unified health and medical information management system written in a manner readable and executable by the unified health and medical information management system, which is a computer. Provide programs.

<Embodiment 1 Functional configuration>
FIG. 2b is a diagram showing the functional configuration of the health and medical related information unified management system according to the first embodiment. This embodiment includes a health and medical information storage section, an access control section, and an incentive function section including at least an incentive management section.

<Embodiment 1 Configuration description: Health and medical information storage unit>
The “health and medical information storage unit” 201 stores electronic medical record information related to individuals, various test information (which may include medical examinations, medical examinations, etc.), prescription information, drug history information, medication status information, vital information (for example, body temperature, Blood pressure, pulse, heart rate, height, weight, blood sugar level, body fat percentage, arterial oxygen saturation, electroencephalogram, electrocardiogram, number of steps, breathing rate, heart sounds, urine measurement information (e.g., urine sugar, urine protein, urine occult blood, (including, but not limited to, urobilinogen, pH, bilirubin, ketone bodies, nitrites, etc.), sleep time, etc.), information from medical questionnaires, data from health promotion apps, conversation data from interactive health promotion SNS, etc. The device is configured to have a function of accumulating health and medical related information including one or more of the above information.
"Electronic medical record information" includes, for example, basic information about the patient (e.g., patient ID, name, date of birth, contact information, emergency contact information, family history, height/weight, allergy information, smoking and drinking status, medical history) ), medical examination information (e.g., patient's chief complaint (complaints about subjective symptoms and physical condition), various test results, medication information, diagnosis name, treatment policy, doctor's examination records, doctor's instructions, etc.), nursing care and information regarding progress (e.g., vital information (e.g., body temperature, blood pressure, pulse, heart rate, height, weight, blood sugar level, body fat percentage, arterial blood oxygen saturation, electroencephalogram, electrocardiogram, step count, respiratory rate, heart sounds, urine) Measurement information (e.g., urine sugar, urine protein, urine occult blood, urobilinogen, pH, bilirubin, ketone bodies, nitrite, etc.), including but not limited to sleep time, etc.), observation results, urine and stool, etc. information about the test (e.g., test instructions, test results, some images obtained from an imaging test, reports for those images, etc.), information about the procedure and Information regarding surgery (e.g. instructions for treatment or surgery, progress and results of treatment or surgery, method and results of pathological diagnosis, etc.), information regarding medicines (e.g. instructions for drug discovery, date and time of administration, etc.) It is desirable that the information is configured to include information on information such as medical information, drugs, medication results, etc.), post-treatment or post-surgery follow-up information, etc.
"Prescription information" includes, for example, insurer number, name, date of birth, gender, name of medical institution, contact information, name of prescribing doctor, name of medicine, form of medicine (tablets, capsules, liquid, etc.) It is structured to include information such as the amount of medicine (powders, granules, etc.), the amount of medicine (amount to take at a time), the number of times to take the medicine per day, the timing of taking it, information about switching to generic drugs, and the number of times to split the medication. It is desirable that
"Medication history information" includes, for example, the patient's name, date of birth, gender, My Number information, the symbol number of the insurance card, address, emergency contact information, the name of the insurance medical institution that prescribed the medicine, and the name and prescription of the insurance doctor. day/prescription details, dispensing date/key points for inquiries regarding prescription details, patient's constitution, allergy history, history of side effects, key points for consultation from patients or their families, confirmation of medication status, remaining medication status, medication status, etc. Patients regarding changes in their physical condition, concomitant medications, medical history including complications, whether they have visited other departments, whether they have symptoms suspected of having side effects, intake status of food and drinks (drug interactions), and use of generic drugs. It is desirable to include information such as the patient's intentions, the status of providing information in the notebook, the main points of medication guidance, and the name of the insurance pharmacist who provided the guidance.
"Dose status information" includes, for example, information regarding the remaining amount of prescribed medicine (for example, the amount of medicine remaining if the patient accidentally forgets to take it or does not intentionally take it) , Timing information regarding visits to the hospital/office (e.g., the period required from the scheduled prescription end date (scheduled dosing end date) to the actual visit/office visit (e.g., if you come to the hospital/office earlier than planned, or when you come to the office earlier than planned) patients' complaints about medication (e.g., if you keep taking a certain medicine, you get hives, or if you take a certain medicine and it's too effective) It is desirable that the information is configured to include information regarding symptoms (including complaints about physical condition and subjective symptoms such as feeling dizzy and dizzy).
In addition, in this invention, My Number information or the insured card number of the health insurance that the individual (user) subscribes to is used to identify the individual (user), and the health and medical information related to the individual is used. Related information may be collected and accumulated in association with each other.

<Embodiment 1 Configuration description: Access control unit>
The "access control unit" 202 is configured to have a function of controlling disclosure of the health and medical information stored in the health and medical information storage unit to a third party via the network. For example, as described below, for access from a third party terminal, there is a function to analyze IP packets, a function to determine the destination IP address, a function to obtain the access ID/user ID, access subject/user attributes, etc. It is desirable to have a configuration that has the function of acquiring the information and the function of performing access control based on these.

<Embodiment 1 Configuration description: Incentive management department>
The "incentive management unit" 204 is configured to have a function of providing incentives to individuals in order to promote unified management of health and medical information regarding whether or not to disclose personal health and medical information.
FIG. 2e is a diagram illustrating an example of the functional configuration of the health and medical related information unified management system according to the first embodiment.
In this case, the incentive will be linked to the individual (user) who has accessed using a third party terminal, that is, the individual (user) who owns My Number information "123456789012", and which health and medical related information will be given an incentive. Information indicating whether or not the individual has consented to the provision of information is stored and managed in a list format. If consent is given, the health and medical information will be allowed to be disclosed to a third party, that is, an incentive will be given. In the case of disagreement, the health and medical information will not be disclosed to third parties, that is, no incentives will be given. It is desirable that information regarding these incentives be kept up-to-date by the incentive management department regularly communicating with the health and medical information storage department.
For example, in the case of FIG. 2e, it is stored and managed whether or not the individual has consented to each piece of health and medical related information. The "★" mark indicates the individual's consent. If you click, touch, or tap the display item listed in the health and medical information field (for example, "regular medical checkup results") on the terminal screen, more detailed information will appear on a pop-up screen or other transition screen. may be displayed. Further, by clicking, touching, or tapping the "★" mark in the consent column or disagreement column on the screen of the terminal, the date and time of consent or disagreement may be displayed on a pop-up screen. In particular, it is preferable that health and medical related information marked with a "★" mark in the consent column be stored and managed in association with incentives to be described later. Note that health and medical information for which there is no mark in the consent or non-consent column indicates that the individual (user) has not yet expressed consent or non-consent.

<Embodiment 1 Configuration description: Incentive function section>
The "incentive function unit" 205 includes at least the "incentive management unit" 204, and has functions such as a function to control access to information regarding incentives, a function to obtain consent information, a function to process incentives, etc., as described later. It is composed of
FIG. 2e is a diagram illustrating an example of the functional configuration of the health care-related information unified management system according to the first embodiment.
In this case, the incentive function section allows access when the individual enters My Number information and password information in the corresponding fields and matching information exists in the system.
In the case shown in this figure, the explanation is based on a method in which the user directly inputs the information, but for example, if the user uses a smartphone, they can use the smartphone's IC card reading function to insert the My Number card into the smartphone. It may also be possible to automatically read and input predetermined information such as My Number information by holding it up.
For example, if you fail to enter your My Number information and/or password information three times in a row, it will become locked and you will be asked to go to the local government (municipal office, etc.) and have it unlocked. You may also do so. Alternatively, the terminal may be temporarily locked and a warning such as "Please try again the next day" may be displayed on the terminal, or the user may be notified by voice or warning sound. .
Furthermore, it is desirable that the information be stored and managed in such a way that it can be easily determined which healthcare-related information an individual (user) has consented to or not.
Further, regarding incentive processing, it is desirable to be configured to process how much incentive to give to health and medical related information to which the user has consented.
For example, in the example shown in FIG. 2e, 100p (points) is calculated and awarded based on a predetermined calculation rule for health and medical related information regarding one individual. In addition, regarding the incentive calculation rules, weighting processing is performed in consideration of the importance, urgency, rarity, usefulness, etc. of the health and medical information, and different incentives are calculated for each health and medical information. It may also be processed to give. In particular, we are focusing on infectious diseases, including malignant neoplasms (cancer), which is the leading cause of death in Japan, hypertension, diabetes, dyslipidemia, periodontal disease or eye disease, and new coronavirus infections, which have a large number of patients. Regarding various infectious diseases defined in the ``Treatment Control Act'' and unique diseases with few cases worldwide, it should be considered that the disclosure of health and medical information to third parties can greatly contribute to the advancement of medicine. For example, calculation rules could be set to provide more (higher) incentives than for other diseases.
Furthermore, ``incentive'' simply means ``motivation or reward,'' and it means intentionally providing stimulation with the aim of getting someone to take some action. In this invention, "incentives" include, in addition to the points mentioned above, individual information services and general information services for information providers, provision of individual drugs and supplements, provision of books and other products, and provision of information. Provision of passwords and IDs for various purposes, provision of items that can be used on the network, provision of rights, for example, provision of the right to receive a medical examination, provision of the right to receive a diagnosis, provision of the right to undergo a test, provision of various items on the network This may include providing the right to receive services, providing specific software (e.g., a health management app), providing points for prepaid or postpaid electronic money, providing product coupons, travel coupons, or cash. good.
In addition, in the present invention, the disclosure permission information indicating whether or not to permit disclosure to a third party is already stored and managed in relation to health and medical related information regarding an individual, or when the individual (user) It can be applied in any case where health and medical information related to oneself is newly registered in the health and medical information storage unit, and the disclosure permission information has not yet been associated and stored and managed. . In other words, although health and medical information related to individuals is not held within the unified health and medical information management system, for example, personal health and medical information is held on terminals owned by individuals, and this information cannot be directly accessed. When uploading to the system, if it is determined that the uploaded information can be disclosed as health and medical information through a formal check, incentives will be given according to the results. The incentive function unit can be configured to function in the following manner. In this case, the access control unit of the present system may be configured so as not to deny access to view health and medical information from a third party. However, it may be configured to partially deny or restrict access depending on the type or qualification of the third party. Note that uploading personal health and medical information to this system may be a transfer, and the source of the transfer may not be an individual's terminal but a system that stores other health and medical information. For example, health and medical-related information stored in maternal and child health record information servers, PHRs (Personal Health Records), nursing care information servers, dental care information servers, rehabilitation information servers, etc. can be transferred to this system with the consent of individuals. It can be configured to be forwarded. In this case, the incentive function section can be configured to function when personal health and medical information is uploaded from the maternal and child handbook information server and the formal check is completed.

<Embodiment 1 Health and medical related information unified management system: Hardware configuration>
The hardware configuration of the unified health and medical information management system in this embodiment will be explained using diagrams.

FIG. 2c is a diagram showing the hardware configuration of the health and medical related information unified management system in this embodiment. As shown in this figure, the health and medical related information unified management system in this embodiment includes a "CPU (Central Processing Unit)" 211 that performs various calculation processes, and a "main memory" 212. It also includes a "nonvolatile memory" 213 that holds predetermined information, and a "network I/F (interface)" 214 that sends and receives information to and from a plurality of third party terminals 216 and an administrator terminal 217. These devices are interconnected by a data communication path such as a “bus” 215, and transmit, receive, and process information.

Here, the "main memory" reads out programs for performing various processes in order to be executed by the "CPU", and at the same time provides a work area that is a work area for the programs. In addition, multiple addresses are assigned to each of the "main memory" and "nonvolatile memory," and programs executed by the "CPU" can exchange data with each other by identifying and accessing those addresses. It is possible to carry out and process. In this embodiment, the programs stored in the "main memory" include a health and medical information storage program, an access control program, an incentive management program, and the like. Furthermore, the "main memory" and "nonvolatile memory" store health and medical related information, incentive management information, etc.

The "CPU" executes the health and medical information storage program stored in the "main memory" and collects health and medical information related to the individual sent from a third party terminal through the "network I/F", for example. , electronic medical record information, various test information, prescription information, medication history information, medication status information, vital information (e.g. body temperature, blood pressure, heart rate, etc.) and other health and medical related information is stored in "main memory" and "non-volatile memory". Store in. It also executes an access control program stored in the "main memory" to control access to health and medical related information about the individual. In addition, the incentive management program stored in the "main memory" is executed to grant and manage incentives for the individual's desired health and medical information, and the information regarding those incentives is stored in the "main memory". and stored in "non-volatile memory".

<Embodiment 1 Health and medical related information unified management system: Processing flow>
FIG. 2d is a diagram showing the flow of processing when the unified health and medical information management system in this embodiment is used. As shown in the figure, this processing method includes a health and medical information storage step S221, an access control step S222, and an incentive management step S223.
These processing methods involve a health and medical information storage unit that accumulates and centrally manages health and medical information related to individuals, and a health and medical information storage unit that stores the health and medical information stored in the health and medical information storage unit through a network. To provide incentives to individuals in order to promote the unified management of health and medical information regarding the access control section to control disclosure to third parties and whether or not to disclose health and medical information related to individuals. and an incentive function unit including at least an incentive management unit.

"Health and medical related information accumulation step" S221 refers to health and medical related information about an individual sent from a third party terminal via a network, such as electronic medical record information, various test information, prescription information, drug history information, etc. This is the stage of accumulating medication status information, vital information (for example, body temperature, blood pressure, heart rate, etc.).

"Access control step" S222 is a step of controlling access to the health and medical information related to the individual stored in the health and medical information storage unit.

"Incentive management step" S223 is a stage in which incentives are given and managed for the health and medical related information desired by the individual.

<Summary>
As described above, the present invention provides a unified health and medical information management system that provides incentives to individuals in order to promote unified management of health and medical information regarding whether or not to disclose health and medical information related to individuals. I can do it.
In addition, the present invention increases the opportunity for individuals to disclose health and medical information to third parties by providing incentives to individuals and allowing them to disclose their health and medical information to third parties. This will lead to a reduction in national medical costs, improve the health of the entire population, and reduce the time and costs spent on drug discovery by research institutions and pharmaceutical companies, ultimately contributing to the advancement of medicine. can.
Here, "drug discovery" refers to the process by which compounds and chemical substances (also called seeds) that form the basis of pharmaceuticals are turned into products and sold. Furthermore, the following steps (1) to (5) are essential before a compound or chemical substance can be sold as a drug.
(1) Select candidates for drug discovery targets (compounds/chemical substances) (2) Select candidate substances that will become the basis for pharmaceuticals by screening their effects. There are various types such as high-efficiency screening that utilizes AI robot technology and AI robot technology.
(3) Animal experiments: Detailed investigation and confirmation of safety and effectiveness using animals or cultured cells. Drugs whose safety and effectiveness have been confirmed at this stage are called ``investigational drugs.''
(4) Clinical trial The investigational drug is actually used on humans to investigate its effectiveness and safety in detail, and to confirm whether it is useful for actual treatment.
(5) Approval application and review Drugs that have passed all tests (1) to (4) above are submitted to the Ministry of Health, Labor and Welfare. The drug will then undergo a review by the Pharmaceuticals and Medical Devices Agency and await approval from the Minister of Health, Labor and Welfare. Only after approval can a drug be produced that can be sold as a commercial product.
Generally, drug discovery is said to take approximately 10 to 18 years, and the probability that a compound or chemical substance will become a new drug is approximately 1 in 10,000. Furthermore, the total cost for successful drug discovery is said to be close to 20 billion yen.

<Embodiment 2 (mainly corresponding to claim 2)>
<Embodiment 2 Overview>
In addition to Embodiment 1, this embodiment includes an access authentication processing unit that performs access authentication from a third party terminal via a network to the incentive function unit of the health and medical information unified management system. It has characteristics. From now on, descriptions of functions, hardware configurations, and processing flows that overlap those of the first embodiment will be omitted as appropriate.

<Embodiment 2 Configuration Description: Access Authentication Processing Unit>
FIG. 3a is a diagram illustrating the functional configuration of a unified health and medical information management system. As shown in this figure, an "access authentication processing unit" 301 is included in the incentive function unit and is configured to have a function of authenticating whether or not to permit access by an individual to the incentive management unit. be done.
For example, FIG. 11a is a diagram showing an example of a user interface in the health and medical related information unified management system of the present invention. Here, it is assumed that a third party terminal accesses the health and medical information unified management system using a web browser.
On this login screen, the user (individual) enters his/her own My Number information and password information in the corresponding fields, and if matching information exists in the system, access is permitted.
In the example in the figure, the user inputs the information directly, but if the user uses a smartphone, for example, the user can use the smartphone's IC card reading function to insert the My Number card into the smartphone. It may also be a format in which predetermined information such as My Number information is automatically read and input by holding it up.
For example, if you fail to enter your My Number information and/or password information three times in a row, it will become locked and you will be asked to go to the local government (city, ward, town, or village office, etc.) and have it unlocked. You may also do so. Alternatively, the terminal may be temporarily locked and a warning such as "Please try again the next day" may be displayed on the terminal, or the user may be notified by voice or warning sound. .

<Embodiment 2 Health and medical related information unified management system: Hardware configuration>
The hardware configuration of the health and medical related information unified management system in this embodiment will be explained using diagrams.

FIG. 3b is a diagram showing the hardware configuration of the health and medical related information unified management system in this embodiment. As shown in this figure, the health and medical related information unified management system in this embodiment includes a "CPU (Central Processing Unit)" 311 that performs various calculation processes and a "main memory" 312. It also includes a "nonvolatile memory" 313 that holds predetermined information, and a "network I/F (interface)" 314 that sends and receives information to and from a plurality of third party terminals 316 and an administrator terminal 317. These devices are interconnected by a data communication path such as a “bus” 315, and transmit, receive, and process information.

Here, the "main memory" reads out programs for performing various processes in order to be executed by the "CPU", and at the same time provides a work area that is a work area for the programs. In addition, multiple addresses are assigned to each of the "main memory" and "nonvolatile memory," and programs executed by the "CPU" can exchange data with each other by identifying and accessing those addresses. It is possible to carry out and process. In this embodiment, the program stored in the "main memory" is an access authentication processing program. In addition, "main memory" and "nonvolatile memory" store My Number information, password information, etc.

The "CPU" executes the access authentication processing program stored in the "main memory" and accepts input of My Number information and password information sent from third-party terminals through the "network I/F". , authenticate whether matching information exists. In addition, My Number information and password information are stored in "main memory" and "nonvolatile memory."

<Embodiment 2 Health and medical related information unified management system: Processing flow>
FIG. 3c is a diagram showing the flow of processing when the unified health and medical information management system in this embodiment is used. As shown in the figure, this processing method consists of access authentication processing step S301.

"Access authentication processing step" S301 is a step in which input of My Number information and password information regarding the user sent from a third party terminal is accepted, and it is authenticated whether matching information exists in the system.

<Summary>
As described above, in the present invention, access to incentive-related information can be restricted to the individual (user) by first performing access authentication on the login screen of the unified health and medical information management system.

<Embodiment 3 (mainly corresponding to claim 3)>
<Embodiment 3 Overview>
In addition to the first and second embodiments, the present embodiment includes a consent information acquisition section that acquires consent information that is information indicating consent to accept an incentive provided by the incentive management section. From now on, descriptions of functions, hardware configurations, and processing flows that overlap those of Embodiments 1 and 2 will be omitted as appropriate.

<Embodiment 3 Configuration description: Consent information acquisition unit>
FIG. 4a is a diagram showing the functional configuration of the health and medical related information unified management system. As shown in this figure, the "consent information acquisition unit" 402 is included in the incentive function unit, and after being authenticated by the access authentication processing unit 401, the “consent information acquisition unit” 402 receives information indicating consent to accept the incentive from the incentive management unit. It is configured to have a function to obtain consent information.
FIG. 11b is a diagram showing an example of a user interface in the health care related information unified management system of the present invention.
In this case, the individual (user) enters his or her My Number information and password information in the relevant fields, and after matching information exists in the system and access authentication is performed, the screen moves to the function selection screen. . Then, by clicking, touching, or tapping the OK button corresponding to "(A) Consent Processing", a transition is made to a screen for obtaining consent from the individual (user).
FIG. 11c is a diagram showing an example of a user interface in the health care related information unified management system of the present invention.
In this case, a user interface such as a check box is prepared in the consent or disagreement field, and by clicking, touching, or tapping it, a "★" mark is added, and the user (individual) ) It is preferable to accept the intention of accepting or not accepting the incentive. By clicking, touching, or tapping the OK button, the input consent information will be sent to the incentive management section and will be stored and managed. Note that by clicking, touching, or tapping the end button, it is possible to return to the function selection screen in FIG. 11b.
FIG. 11b is a diagram showing an example of a user interface in the health care related information unified management system of the present invention.
In this case, the individual (user) enters his or her My Number information and password information in the relevant fields, and after matching information exists in the system and access authentication is performed, the screen moves to the function selection screen. By clicking, touching, or tapping the OK button corresponding to "(B) Viewing process," a screen transitions to a screen where the relationship between health and medical related information regarding the individual (user) and the granted incentive can be viewed.
FIG. 11d is a diagram showing an example of a user interface in the health care related information unified management system of the present invention.
In this case, it is preferable to display the health and medical related information of the target individual and the corresponding incentives in an easy-to-understand manner, such as in a list format. As a result, it can be seen at a glance which healthcare-related information the incentive granted at the time of viewing is associated with. Note that by clicking, touching, or tapping the end button, it is possible to return to the function selection screen in FIG. 11b.
FIG. 11b is a diagram showing an example of a user interface in the health care related information unified management system of the present invention.
In this case, the individual (user) enters his or her My Number information and password information in the relevant fields, and after matching information exists in the system and access authentication is performed, the screen moves to the function selection screen. . Then, by clicking, touching or tapping the OK button corresponding to "(C) Maintenance processing", the user can access the health and medical information related to the individual (user) for which consent/disapproval has not yet been made. At the same time, the screen changes to a screen that also displays health and medical information for which you have already consented/disapproved.
FIG. 11f is a diagram showing an example of a user interface in the health and medical related information unified management system of the present invention.
In this case, it is preferable to display the health and medical related information of the individual concerned and the corresponding consent/non-consent status in an easy-to-understand manner, such as in a list format. As a result, for health and medical related information for which consent/disagree has not yet been given at the time of viewing, individuals (users) can enter a "★" mark in the check box format consent/disagree column and click the OK button. By clicking, touching, or tapping, the granting of incentives, etc. is processed. On the other hand, for health and medical related information for which a "★" mark has already been entered in the consent/disagree column, individuals (users) may review it as appropriate and change the information from consent to non-consent, for example. Alternatively, the update process can be performed by changing from disapproval to consent and clicking, touching or tapping the OK button. Note that by clicking, touching, or tapping the end button, it is possible to return to the function selection screen in FIG. 11b.

<Embodiment 3 Health and medical related information unified management system: Hardware configuration>
The hardware configuration of the health and medical related information unified management system in this embodiment will be explained using diagrams.

FIG. 4b is a diagram showing the hardware configuration of the health and medical related information unified management system in this embodiment. As shown in this figure, the health and medical related information unified management system in this embodiment includes a "CPU (Central Processing Unit)" 411 that performs various calculation processes, and a "main memory" 412. It also includes a "nonvolatile memory" 413 that holds predetermined information, and a "network I/F (interface)" 414 that sends and receives information to and from a plurality of third party terminals 416 and an administrator terminal 417. These devices are connected to each other by a data communication path such as a “bus” 415, and transmit, receive, and process information.

Here, the "main memory" reads out programs for performing various processes in order to be executed by the "CPU", and at the same time provides a work area that is a work area for the programs. In addition, multiple addresses are assigned to each of the "main memory" and "nonvolatile memory," and programs executed by the "CPU" can exchange data with each other by identifying and accessing those addresses. It is possible to carry out and process. In this embodiment, the programs stored in the "main memory" are an access authentication processing program and a consent information acquisition program. Additionally, the "main memory" and "nonvolatile memory" store My Number information, password information, consent information, etc.

The "CPU" executes the access authentication processing program stored in the "main memory" and accepts input of My Number information and password information sent from third-party terminals through the "network I/F". , authenticate whether matching information exists. In addition, My Number information and password information are stored in "main memory" and "nonvolatile memory."
In addition, the "CPU" executes the consent information acquisition program stored in the "main memory" and collects each individual's (use consent information indicating the intention of the person) is obtained. Additionally, consent information is stored in "main memory" or "nonvolatile memory."

<Embodiment 3 Health and medical related information unified management system: Processing flow>
FIG. 4c is a diagram showing the flow of processing when the unified health and medical information management system in this embodiment is used. As shown in the figure, this processing method consists of an access authentication processing step S401 and a consent information acquisition step S402.

"Acquisition of consent information step" S402 is a step of acquiring consent information, which is information indicating consent to accept an incentive from the incentive management unit, after being authenticated in the access authentication processing step.

<Summary>
As described above, in the present invention, consent information, which is information indicating consent to accept an incentive, can be acquired from health and medical related information regarding an individual (user).

<Embodiment 4 (mainly corresponding to claim 4)>
<Embodiment 4 Overview>
In addition to Embodiments 1 to 3, this embodiment includes an incentive processing unit for performing incentive processing, which is processing for providing incentives when consent information is acquired by the consent information acquisition unit. At the point. From now on, descriptions of functions, hardware configurations, and processing flows that overlap with those of Embodiments 1 to 3 will be omitted as appropriate.

<Embodiment 4 Configuration description: Incentive processing unit>
FIG. 5a is a diagram showing the functional configuration of the health and medical related information unified management system. As shown in this figure, the "incentive processing unit" 503 is included in the incentive function unit and has a function of performing incentive processing to provide an incentive when consent information is acquired by the consent information acquisition unit. It is configured as follows.
FIG. 11d is a diagram showing an example of a user interface in the health care related information unified management system of the present invention.
In this case, based on predetermined calculation rules, the information will be automatically granted to health and medical related information marked with a "★" in the consent column to indicate permission for disclosure. This shows that the necessary incentives have been calculated and granted. Here, 100 points (points) are calculated and assigned based on a predetermined calculation rule for health and medical related information regarding one individual. In addition, regarding the incentive calculation rules, weighting processing is performed in consideration of the importance, urgency, rarity, usefulness, etc. of the health and medical information, and different incentives are calculated for each health and medical information. It may also be processed to give. In particular, we are focusing on infectious diseases, including malignant neoplasms (cancer), which is the leading cause of death in Japan, hypertension, diabetes, dyslipidemia, periodontal disease or eye disease, and new coronavirus infections, which have a large number of patients. Regarding various infectious diseases defined in the ``Treatment Control Act'' and unique diseases with few cases worldwide, it should be considered that the disclosure of health and medical information to third parties can greatly contribute to the advancement of medicine. For example, calculation rules could be set to provide more (higher) incentives than for other diseases.
Furthermore, ``incentive'' simply means ``motivation or reward,'' and it means intentionally providing stimulation with the aim of getting someone to take some action. In this invention, "incentives" include, in addition to the points mentioned above, individual information services and general information services for information providers, provision of individual drugs and supplements, provision of books and other products, and provision of information. Provision of passwords and IDs for various purposes, provision of items that can be used on the network, provision of rights, for example, provision of the right to receive a medical examination, provision of the right to receive a diagnosis, provision of the right to undergo a test, provision of various items on the network This may include providing the right to receive services, providing specific software (e.g., a health management app), providing points for prepaid or postpaid electronic money, providing product coupons, travel coupons, or cash. good.
In addition, in the present invention, the disclosure permission information indicating whether or not to permit disclosure to a third party is already stored and managed in relation to health and medical related information regarding an individual, or when the individual (user) It can be applied in any case where health and medical information related to oneself is newly registered in the health and medical information storage unit, and the disclosure permission information has not yet been associated and stored and managed. . In other words, although health and medical information related to individuals is not held within the unified health and medical information management system, for example, personal health and medical information is held on terminals owned by individuals, and this information cannot be directly accessed. When uploading to the system, if it is determined that the uploaded information can be disclosed as health and medical information through a formal check, incentives will be given according to the results. The incentive function section described above can be configured to function. In this case, the access control unit of the present system may be configured so as not to deny access to view health and medical information from a third party. However, it may be configured to partially deny or restrict access depending on the type or qualification of the third party. Note that uploading personal health and medical information to this system may be a transfer, and the source of the transfer may not be an individual's terminal but a system that stores other health and medical information. For example, health and medical information stored in maternal and child health record information servers, PHRs (Personal Health Records), nursing care information servers, dental care information servers, rehabilitation information servers, etc. can be transferred to this system with the individual's consent. It can be configured to be forwarded. In this case, the above-mentioned incentive function section can be configured to function when personal health and medical related information is uploaded from the maternal and child handbook information server or the like and a formal check is completed.
FIG. 11b is a diagram showing an example of a user interface in the health care related information unified management system of the present invention.
In this case, the individual (user) enters his or her My Number information and password information in the relevant fields, and after matching information exists in the system and access authentication is performed, the screen moves to the function selection screen. By clicking, touching, or tapping the OK button corresponding to "(B) Viewing process," a screen transitions to a screen where the relationship between health and medical related information regarding the individual (user) and the granted incentive can be viewed.
FIG. 11d is a diagram showing an example of a user interface in the health care related information unified management system of the present invention.
In this case, it is preferable to display the health and medical related information of the target individual and the corresponding incentives in an easy-to-understand manner, such as in a list format. As a result, it can be seen at a glance which healthcare-related information the incentive granted at the time of viewing is associated with. Note that by clicking, touching, or tapping the end button, it is possible to return to the function selection screen in FIG. 11b.
FIG. 11b is a diagram showing an example of a user interface in the health care related information unified management system of the present invention.
In this case, the individual (user) enters his or her My Number information and password information in the relevant fields, and after matching information exists in the system and access authentication is performed, the screen moves to the function selection screen. . Then, by clicking, touching, or tapping the OK button corresponding to "(C) Maintenance Processing", the health and medical information related to the individual (user) for which consent/disapproval has not yet been given. At the same time, the screen changes to a screen that also displays health and medical information for which you have already consented/disapproved.
FIG. 11f is a diagram showing an example of a user interface in the health care related information unified management system of the present invention.
In this case, it is preferable to display the health and medical related information of the individual concerned and the corresponding consent/non-consent status in an easy-to-understand manner, such as in a list format. As a result, for health and medical related information for which consent/disagree has not yet been given at the time of viewing, individuals (users) can enter a "★" mark in the check box format consent/disagree column and click the OK button. By clicking, touching, or tapping, the granting of incentives, etc. is processed. On the other hand, for health and medical related information for which a "★" mark has already been entered in the consent/disagree column, the individual (user) will review it and change it from consent to non-consent, or from non-consent to consent. By changing to , and clicking, touching, or tapping the OK button, the update process becomes possible. Note that by clicking, touching, or tapping the end button, it is possible to return to the function selection screen in FIG. 11b.

<Embodiment 4 Health and medical related information unified management system: Hardware configuration>
The hardware configuration of the unified health and medical information management system in this embodiment will be explained using diagrams.

FIG. 5b is a diagram showing the hardware configuration of the health and medical related information unified management system in this embodiment. As shown in this figure, the health and medical related information unified management system in this embodiment includes a "CPU (Central Processing Unit)" 511 that performs various calculation processes, and a "main memory" 512. It also includes a "nonvolatile memory" 513 that holds predetermined information, and a "network I/F (interface)" 514 that sends and receives information to and from a plurality of third party terminals 516 and an administrator terminal 517. These devices are connected to each other by a data communication path such as a “bus” 515, and transmit, receive, and process information.

Here, the "main memory" reads out programs for performing various processes in order to be executed by the "CPU", and at the same time provides a work area that is a work area for the programs. In addition, multiple addresses are assigned to each of the "main memory" and "nonvolatile memory," and programs executed by the "CPU" can exchange data with each other by identifying and accessing those addresses. It is possible to carry out and process. In this embodiment, the programs stored in the "main memory" are an access authentication processing program, a consent information acquisition program, and an incentive processing program. Additionally, the "main memory" and "nonvolatile memory" store My Number information, password information, consent information, incentive information, etc.

The "CPU" executes the access authentication processing program stored in the "main memory" and accepts input of My Number information and password information sent from third-party terminals through the "network I/F". , authenticate whether matching information exists. In addition, My Number information and password information are stored in "main memory" and "nonvolatile memory."
In addition, the "CPU" executes the consent information acquisition program stored in the "main memory" and collects each individual's (usage consent information indicating the intention of the person) is obtained. Additionally, consent information is stored in "main memory" or "nonvolatile memory."
In addition, the "CPU" executes the incentive processing program stored in the "main memory" to provide an incentive, which is a process for providing incentives when consent is obtained for health and medical information related to individuals. Perform processing.

<Embodiment 4 Health and medical related information unified management system: Processing flow>
FIG. 5c is a diagram showing the flow of processing when the unified health and medical information management system according to this embodiment is used. As shown in the figure, this processing method includes an access authentication processing step S501, a consent information acquisition step S502, and an incentive processing step S503.

"Incentive processing step" S503 is a step of executing incentive processing, which is processing for providing incentives, when consent information is obtained by the consent information obtaining unit.

<Summary>
As described above, in the present invention, it is possible to perform incentive processing, which is a process for providing incentives, with respect to health and medical related information regarding an individual (user) when the user has consented, and to provide health and medical information related to the individual. Appropriate incentive processing can be applied to related information.

<Embodiment 5 (mainly corresponding to claim 5)>
<Embodiment 5 Overview>
This embodiment is based on Embodiments 1 to 4, and includes a health and medical information storage section that stores health and medical information related to individuals, and a network for the health and medical information stored in the health and medical information storage section. and an access control unit for allowing a third party to access the IP packet, and the access control unit includes IP packet analysis means for analyzing an IP packet sent via the network, and an IP header section of the IP packet. a destination IP address determination means for extracting a destination IP address from the source and determining whether or not the destination IP address is addressed to the user's own health and medical information unified management system; an access ID/user ID acquisition means for acquiring an access ID indicating an access subject and a user ID indicating a user belonging to the access subject from the IP payload when the IP address is an IP address; an access subject user attribute acquisition means for acquiring corresponding access subject information, user information, and user attribute information (here, information indicating whether the user is a medical worker or a non-medical worker); , access control means that controls access to health and medical information from third parties, and disclosure permission information storage that holds disclosure permission information that indicates whether or not to permit disclosure of personal health and medical information to third parties. We provide a unified management system for health and medical information, including: Note that descriptions of functions, hardware configurations, and processing flows similar to those of Embodiments 1 to 4 will be omitted as appropriate.

<Embodiment 5 Functional configuration>
FIG. 6a is a diagram showing the functional configuration of a health and medical related information unified management system in Embodiment 5. In this embodiment, the access control unit includes an IP packet analysis means, a destination IP address determination means, an access ID/user ID acquisition means, an access subject user attribute acquisition means, an access control means, and disclosure permission information. It is equipped with a holding part.

<Embodiment 5 Configuration description: IP packet analysis means of access control unit>
The "IP packet analysis means" 601 is configured to have a function of analyzing IP packets sent via a network (particularly, the Internet). Generally, an IP packet is composed of an IP header section and an IP payload section, and various information and data are stored therein. The "IP packet analysis means" 601 has the role of analyzing and examining what kind of information and data are included in them.

<Embodiment 5 Configuration description: Destination IP address determination means of access control unit>
The "destination IP address determination means" 602 has a function of extracting the destination IP address from the header of the sent IP packet and determining whether the IP address is addressed to the own health and medical information unified management system. configured to have. Generally, an IP packet includes at least a source IP address representing a source and a destination IP address representing a destination in an IP header section. "Destination IP address determination means" 602 refers to the destination IP address extracted from the IP header section and determines whether or not the IP packet is sent to its own health and medical related information unified management system, If it is determined that the message was sent to the user, the process proceeds to the next step. Note that if it is determined that the IP packet is not addressed to itself, it ignores the IP packet and takes no further action.

<Embodiment 5 Configuration description: access ID/user ID acquisition means of access control unit>
"Access ID/User ID acquisition means" 603 is an access ID/user ID acquisition means that is used to identify the accessing entity stored in the IP payload when it is determined that the IP packet has been sent to the user's health and medical information unified management system. The access ID is configured to have a function of extracting and acquiring an access ID indicating the access ID and a user ID indicating the user belonging to the access subject.

<Embodiment 5 Configuration description: Access subject user attribute acquisition means of access control unit>
"Access subject user attribute acquisition means" 604 includes access subject information corresponding to the access ID and user ID, user information belonging to the access subject, and user attribute information for the user (here, if the user The device is configured to have a function of acquiring information indicating whether the person is a medical worker or a non-medical worker. The access subject information is information specifically representing the access subject, and is represented by a name such as "Edogawa Central Hospital" or "Edogawa Pharmaceutical", for example. In addition, the user information is information that specifically represents the employee who belongs to the accessing entity, such as "Ichiro Suzuki" who is an employee who belongs to "Edogawa Central Hospital" or an employee who belongs to "Edogawa Pharmaceutical". It is expressed by names such as ``Fumiko Maeda'', which is a member of the group. Further, user attribute information is associated with user information and is attribute information indicating whether the user is a medical worker or a non-medical worker. '' (abbreviated as ``medical care'') and ``non-medical personnel'' (abbreviated as ``non-medical care'').
Here, "medical workers" are at least doctors, dentists, pharmacists, public health nurses, midwives, nurses, associate nurses, physical therapists, occupational therapists, orthoptists, speech therapists, and prosthetics and orthotics. Medical radiologist, medical X-ray technician, clinical laboratory technician, sanitary laboratory technician, clinical engineer, dental hygienist, dental technician, emergency medical technician, anma massage shiatsu therapist, acupuncture therapist, massage therapist, judo therapist, management It is preferable to include a nutritionist, nutritionist, mental health worker, social worker, care worker, certified psychologist, clinical psychologist, medical administrator, etc.
Among the above-mentioned "medical personnel," so-called family medical personnel (e.g., family doctors, family pharmacists, family dentists) who routinely provide medical examinations and medication guidance to individuals (patients). The role is very important: to have access to personal health and medical information stored in the health and medical information repository, and to be authorized to edit, add, and delete health and medical information as appropriate and necessary. is preferred.
For example, a "family doctor" is someone you can talk to about anything, is familiar with the latest medical information, can refer you to specialists and specialized medical institutions when necessary, and is a familiar and reliable general practitioner who is responsible for local medical care, health, and welfare. This refers to a doctor who has a certain level of ability.
(1) In daily medical treatment, a "family doctor" must understand the patient's living background, provide appropriate medical care and health guidance, and if unable to provide medical care or guidance beyond his or her own expertise, (2) To be able to provide solutions in cooperation with local doctors, medical institutions, etc., and (2) to provide necessary information with local doctors, medical institutions, etc. so that the best medical care can be continued for patients even outside of their own clinic hours. (3) In addition to daily medical treatment, we can build relationships of trust with local residents and provide health consultations and checkups. - Actively participate in social and administrative activities surrounding medical care in the community, such as cancer screening, maternal and child health, school health, industrial health, community health, etc., and collaborate with health, nursing care, and welfare related parties. (4) The ability to provide appropriate and easy-to-understand information regarding medical care to patients and their families. It is desirable that the person be able to take on this role.
Furthermore, for example, a "family pharmacist" is a pharmacist who has a wealth of knowledge and experience in matters related to drug treatment, health and nursing care, and is able to respond to consultations tailored to the needs of patients and consumers. Pointing to.
A "family pharmacist" has the following functions: (1) one pharmacist manages the medication status of one patient in one pharmacy, and continues to do so (for example, to ensure that medicines are administered safely and securely); In order to encourage patients to use the drugs, we collect information on the drugs patients are using, such as prescription drugs and over-the-counter drugs, in one place, check for duplication of drugs and combinations of drugs, check whether the drugs are working, and whether there are any side effects. (2) A function that provides 24-hour support and visits patients at their homes to provide home medical care (for example, even outside of pharmacy opening hours, such as on holidays or at night, we provide telephone support). Respond to consultations regarding medicines, such as how to use them and side effects.Also, provide medicines based on prescriptions, even at night and on holidays, if necessary.Visit the homes of patients, such as elderly people, who have difficulty going out and explain medicines. (3) Function to collaborate with prescribing doctors and medical institutions (for example, checking prescription details and making inquiries and suggestions to doctors as necessary). Monitor the patient's condition even after giving the medicine to the patient, provide feedback to the prescribing physician, and check for any remaining medicines.In addition to medicines, we also provide a wide range of health-related consultations, and in some cases provide medical care. It is desirable for the person to be able to take on the following responsibilities: encourage patients to see a patient at an institution, and build relationships with local medical institutions on a daily basis to support patients as a team.
For example, a "family dentist" not only provides safe and secure dental care, but also has a wide range of knowledge and insight related to medical care and nursing care, and aims to maintain and improve the oral function of local residents throughout their lives. Refers to dentists who can fulfill their responsibilities as a person who plays a role in local medical care.
A "family dentist" (1) provides appropriate dental treatment and health guidance for continuous management and prevention of aggravation according to life stages from infancy to old age, and maintains and improves oral and systemic health. (2) To play a role in improving oral health for local residents through health activities such as dental checkups together with the government and related organizations; (3) To work together with local related organizations and other industries to improve oral health. It is desirable to be a person who can take on roles such as providing seamless home dental care and nursing care services to difficult patients in various treatment settings, and actively participating in community comprehensive care.
Additionally, flag information that can identify a family medical worker may be added to or associated with third party identification information, which will be described later. In addition, information indicating the family healthcare worker may be provided by the individual (patient, etc.), the company to which the individual belongs, the health insurance association to which the individual belongs, or the municipality in which the individual resides, as appropriate. However, settings, changes, and deletions may be performed using a third-party terminal, or the above-mentioned administrator may be allowed to register, edit, and delete using an administrator terminal. good.
In addition, "non-medical workers" include at least life insurance companies, non-life insurance companies, securities companies, pharmaceutical companies, drug discovery venture companies, food companies, health equipment companies, fitness clubs, gyms, banks, credit unions, JA ( Agricultural cooperatives), health insurance associations, Kenpo associations, mutual aid associations, municipal national health insurance associations, public relations companies, general research institutes, universities and graduate schools (including affiliated research institutes), technical colleges, agriculture, forestry and fisheries companies, fertilizer manufacturers , employees of public offices, local governments, independent administrative agencies, etc. are preferably included.

<Embodiment 5 Configuration description: access control means of access control unit>
The "access control means" 605 is configured to have a function of controlling access when a third party accesses the health and medical information storage unit via the network.

FIG. 6b is a diagram illustrating an example of the functional configuration of the health and medical related information unified management system in this embodiment.
First, the IP packet analysis means analyzes the sent IP packet 608 to find out what information and data it contains. For example, it is analyzed and checked to see if the IP header section of the IP packet contains a source IP address and a destination IP address.
Next, the destination IP address determination means extracts the destination IP address included in the sent IP packet 608, and determines whether it is addressed to the own health and medical related information unified management system. At this time, the access control unit 609 stores an IP address table 610, and refers to the table to determine whether or not the address is for the own health and medical related information unified management system. If the stored IP address (for example, 192.168.0.1) matches the destination IP address, it is determined that the destination is the user's own health and medical information unified management system, and the process proceeds to the next step. If there is no match in the IP address table, the IP packet is ignored and no further processing occurs.
Next, if the sent IP packet is addressed to the own health and medical information unified management system, the access ID/user ID acquisition means determines the access information stored in the IP payload of the IP packet. The access ID indicating the subject and the user ID indicating the user belonging to the access subject are extracted and obtained.
Next, the access subject user attribute acquisition means obtains access subject information, user information, and user attribute information from the extracted access ID and user ID. At this time, the access control unit 609 stores an access ID/user ID table 611, and refers to the table to obtain specific access subject information, user information, and user attribute information. Here, when the access ID is "A0001", the access subject information is "Edogawa Chuo Hospital", and when the user ID is "C0001", the user information is "Ichiro Suzuki", and the user attribute information is is a "medical worker." Furthermore, when the access ID is "B0001", the access subject information is "Edogawa Pharmaceutical", and when the user ID is "D0001", the user information is "Fumiko Maeda", and the user attribute information is " Non-medical workers”. By the operation of the means described above, it is possible to determine whether a third party who has accessed the health and medical information unified management system is a medical worker or a non-medical worker.
Next, the access control means allows the viewing range of healthcare-related information to vary depending on whether the third party is a medical professional or a non-medical professional. For example, if the user belonging to the third-party access entity (in this case, "Edogawa Central Hospital") is "Ichiro Suzuki" and his attribute information is "medical worker," then All medical related information can be viewed. On the other hand, for example, if the user belonging to the third party accessing entity (in this case, "Edogawa Pharmaceutical") is "Fumiko Maeda" and her attribute information is "non-medical worker," It is possible to view part (including all) of health and medical related information related to the above, or health and medical related information that has been anonymized using a predetermined anonymization method described below. In this way, it is possible to determine who a third party user is and whether their attribute information is a "medical worker" or "non-medical worker", thereby providing information on the health and medical care of an individual. It becomes possible to change the viewing range of related information.
In addition, it is preferable that these tables mentioned above allow the administrator responsible for managing and operating the unified health and medical information management system to register, edit, and delete information using an administrator terminal. . Further, it is preferable that the access subject information, user information, and user attribute information ("medical worker" or "non-medical worker") are also associated with third party identification information, which will be described later.

<Embodiment 5 Configuration description: Publication permission information holding unit of access control unit>
As shown in FIG. 6a, the "disclosure permission information holding unit" 606 determines whether or not to disclose the health and medical information of the individual to a third party who has accessed the health and medical information related to the individual via the network. It is configured to have a function of holding disclosure permission information indicating whether the Specifically, a third-party terminal 206 as shown in FIG. 2b issues a "permission to publish" or "refuse to publish" to the access control unit 202 of the healthcare-related information unified management system 200 via the network 205. It is desirable that the system be configured so that the information displayed can be set according to the individual's will. For example, it may be binary information (flag information) in which "publication permission" is set to "1" and "publication refusal" is set to "0". Furthermore, the disclosure permission/denial information may be such that it can be set whether or not to disclose a predetermined group of health and medical related information. For example, among medical departments, health and medical information related to internal medicine may be set to "disclosure permission," while health and medical information related to psychiatry may be set to "disclosure prohibited." In addition, when the third party is a specific medical professional, the disclosure permission/denial information can be used in combination with third party identification information (described later) to determine whether the third party is a specific medical professional. It may also be possible to set them separately. For example, if the third-party identifying information represents a "doctor," the individual's health and medical information will be "permitted to be released," but on the other hand, if the third-party identifying information represents a "doctor" person, accountant, etc.), it may be possible to ``refuse disclosure'' of personal health and medical information.

<Embodiment 5 Health and medical related information unified management system: Hardware configuration>
The hardware configuration of the unified health and medical information management system in this embodiment will be explained using figures.

FIG. 6c is a diagram showing the hardware configuration of the health and medical related information unified management system in this embodiment. As shown in this figure, the access control unit in this embodiment includes a "CPU (central processing unit)" 621 that performs various calculation processes and a "main memory" 622. It also includes a "nonvolatile memory" 623 that holds predetermined information, and a "network I/F (interface)" 624 that sends and receives information to and from a plurality of third party terminals 626 and an administrator terminal 627. These devices are interconnected by a data communication path such as a “bus” 625, and transmit, receive, and process information.

Here, the "main memory" reads out programs for performing various processes in order to be executed by the "CPU", and at the same time provides a work area that is a work area for the programs. In addition, multiple addresses are assigned to each of the "main memory" and "nonvolatile memory," and programs executed by the "CPU" can exchange data with each other by identifying and accessing those addresses. It is possible to carry out and process. In this embodiment, the programs stored in the "main memory" include a health and medical information accumulation program, an IP packet analysis program, a destination IP address determination program, an access ID/user ID acquisition program, and an access subject user attribute acquisition program. program, disclosure permission information retention program, and access control program. In addition, "main memory" and "nonvolatile memory" contain health and medical information, IP address information, access ID information, user ID information, access subject information, user information, user attribute information, disclosure permission information, etc. is stored.

The "CPU" executes the health and medical information storage program stored in the "main memory" and collects health and medical information related to the individual sent from a third party terminal through the "network I/F", for example. , electronic medical record information, various test information, prescription information, drug history information, vital information (e.g., body temperature, blood pressure, heart rate, etc.) and other health and medical related information is stored in the "main memory" and "nonvolatile memory." It also executes an IP packet analysis program stored in the "main memory" to analyze IP packets sent via the network (particularly the Internet). In addition, it executes the destination IP address determination program stored in the "main memory" to determine whether the destination IP address sent is the IP address for its own health and medical information sharing system, and then If it is determined that the IP address is the destination, the IP address is stored in "main memory" and "nonvolatile memory". In addition, by executing the access ID/user ID acquisition program stored in the "main memory", the access ID indicating the access subject stored in the IP payload of the sent IP packet and the access ID belonging to the access subject are stored in the IP payload of the sent IP packet. The user ID indicating the user is extracted and acquired, and is stored in the "main memory" and "nonvolatile memory". In addition, the access subject user attribute acquisition program stored in the "main memory" is executed to obtain access subject information, user information, and user attribute information (here, user information) corresponding to the access ID and user ID. information indicating whether the person is a medical worker or a non-medical worker (e.g., "medical worker" or "non-medical worker"), as well as "main memory" ”. In addition, the program executes the disclosure permission information retention program stored in the "main memory" to obtain disclosure permission information indicating whether or not to disclose personal health and medical information to a third party, and and stored in "non-volatile memory". It also executes an access control program stored in the "main memory" to control access to health and medical information related to the individual.

<Embodiment 5 Health and medical related information unified management system: Processing flow>
FIG. 6d is a diagram showing the flow of processing when the health and medical care related information unified management system in this embodiment is used. As shown in the figure, a health and medical information accumulation step S601, an IP packet analysis step S602, a destination IP address determination step S603, an access ID/user ID acquisition step S604, and an access subject user attribute acquisition step S605 This processing method includes a disclosure permission information holding step S606, and an access control step S607.

"Health and medical related information accumulation step" S601 refers to health and medical related information regarding an individual sent from a third party terminal via a network, such as electronic medical record information, various test information, prescription information, drug history information, etc. This is the stage of accumulating vital information (for example, body temperature, blood pressure, heart rate, etc.).

"IP packet analysis step" S602 is a step in which an IP packet sent via a network (particularly the Internet) is analyzed.

"Destination IP address determination step" S603 is a step in which the destination IP address is extracted from the IP header section of the IP packet and it is determined whether the IP address is addressed to the own health and medical related information unified management system.

"Access ID/user ID acquisition step" S604 refers to the access ID indicating the access subject from the IP payload and the This is the stage of acquiring a user ID indicating a user belonging to the .

"Access subject user attribute acquisition step" S605 refers to access subject information corresponding to the access ID and user ID, user information, and user attribute information (here, whether the user is a medical worker or This is the stage of acquiring information indicating whether the person is a non-medical worker (for example, "medical worker" or "non-medical worker").

"Disclosure permission/denial information retention step" S606 is a step of holding disclosure permission/denial information indicating whether or not to permit disclosure of personal health and medical information to a third party.

"Access control step" S607 is a step in which access to the health and medical related information unified management system is controlled.

<Summary>
As described above, it is possible to hold disclosure permission information indicating whether or not to permit disclosure to a third party regarding health and medical related information regarding an individual (user). That is, an individual can select and set whether or not to permit publication based on his/her will.

This embodiment is based on Embodiments 1 to 5, and describes a third party who holds third party identification information for identifying whether the third party is a medical worker or a non-medical worker. A unified health and medical information management system equipped with an identification information storage unit is provided. Note that descriptions of functions, hardware configurations, and processing flows similar to those of Embodiments 1 to 5 will be omitted as appropriate.
FIG. 7a is a diagram showing the functional configuration of a health and medical related information unified management system in Embodiment 6. As shown in this figure, the present embodiment is characterized in that, in addition to the fifth embodiment, a third party identification information holding section is provided.

Hereinafter, the functional configuration, hardware configuration, and processing flow of the health and medical related information unified management system in this embodiment will be explained in order. From now on, descriptions of functions, hardware configurations, and processing flows similar to those of the fifth embodiment will be omitted as appropriate.

<Embodiment 6 Functional configuration>
FIG. 7a is a diagram showing the functional configuration of the health and medical related information unified management system in this embodiment. In this embodiment, by providing the third party identification information holding unit, it is possible to identify whether the third party is a medical worker or a non-medical worker.

<Embodiment 6 Health and medical related information unified management system: functional configuration>
FIG. 7a is a diagram showing the functional configuration of the health and medical related information unified management system in this embodiment. Here, differences from Embodiment 5 will be mainly explained.

<Embodiment 6 Configuration description: Third party identification information holding unit of access control unit>
The “third party identification information holding unit” 707 determines whether a third party who has accessed the health and medical information stored in the health and medical information storage unit via the network is a medical professional or a non-medical professional. It is configured to have a function to hold third party identification information to identify whether the person is a medical worker. Here, the third party identification information is, for example, information created by combining 12-digit numbers, letters, symbols, etc., and may be information that can uniquely identify a third party. For example, specifically, My Number information, health insurance card number, etc. may be used. Further, it is preferable that the third party identification information is associated with the above-mentioned access subject information, user information, and user attribute information (“medical worker” or “non-medical worker”). Further, the third party identification information may be registered, edited, and deleted by the above-mentioned administrator using an administrator terminal.
Furthermore, due to the combination of the above-mentioned disclosure permission information and third party identification information, even if the disclosure permission information indicates "disclosure permission", if the third party is a specific medical professional, access may be prohibited. It may also be possible to make settings for cases in which permission is permitted and cases in which permission is not permitted.
For example, if the third-party identifier represents a "doctor," it may allow access to healthcare-related information, but if the third-party identifier represents a (person in charge, etc.), it may be possible to disallow access to healthcare-related information.
Also, for example, by adding information indicating the department to which the third party belongs to the third party identification information, it is possible to control permission or disallowance of access to healthcare-related information based on the information indicating the department to which the person belongs. Good too. In addition, for example, permission to access healthcare-related information may be granted based on information regarding the user's specialty identified by third-party identification information (e.g., the specialty and years of experience of a "doctor" or "nurse"). , it may be possible to control disallowance. For example, depending on the combination of department and expertise related to disclosure permission information and third-party identification information, we will determine how third parties can obtain health and medical information (for example, viewing only, converting information to text, copying) (transferable, bulk downloadable of anonymously processed information, etc.) may be changed. Note that if the data is made downloadable, it is preferable to use digital watermark technology, NFT (Non-Fungible Token) technology, etc. to prevent data tampering. Further, for example, it may be possible to grant access authority to a patient to a third party based on a combination of the department to which the patient belongs and the specialty related to the disclosure permission information and the third party identification information. For example, it is assumed that a person in charge of a PCR test, who is a medical worker, transmits the results of a PCR test to a third-party terminal used by a doctor and also to a third-party terminal used by a patient himself.
The above-mentioned administrator uses the administrator terminal to register the combination of these information in the above-mentioned access control unit in advance in table format, etc., so that it can be edited or deleted as needed. It is possible to do so.
In addition, for example, medical professionals include doctors, dentists, and pharmacists, and at least part of their third-party identification information includes the medical registration number written on the doctor's license (e.g. , a 6-digit number), a dental registration number written on a dentist's license (e.g. a 6-digit number), a pharmacist directory registration number written on a pharmacist's license (e.g. A 6-digit number) may also be included. Similarly, for other medical professionals, the third party identification information may include at least a part of the number written on the qualification license.
In addition, at least the symbol and number (including branch number) written on the insurance card of the health insurance association to which the user belongs, the number of the driver's license, and the My Number information written on the My Number card, etc. It may be included as part of the third party identification information. Note that the user may be identified using third party authentication by a platform such as Google (registered trademark) or Facebook (registered trademark).

<Embodiment 6 Health and medical related information unified management system: Hardware configuration>
FIG. 7b is a diagram showing the hardware configuration of the health and medical related information unified management system in this embodiment. As shown in this figure, the health and medical related information unified management system in this embodiment includes a "CPU (Central Processing Unit)" 721 that performs various calculation processes and a "main memory" 722. It also includes a "nonvolatile memory" 723 that holds predetermined information, and a "network I/F" 724 that sends and receives information to and from a third party terminal 726 and an administrator terminal 727. These devices are interconnected by a data communication path such as a “bus” 725, and transmit, receive, and process information.

Here, the "main memory" reads out programs for performing various processes in order to be executed by the "CPU", and at the same time provides a work area that is a work area for the programs. In addition, multiple addresses are assigned to each of the "main memory" and "nonvolatile memory," and programs executed by the "CPU" can exchange data with each other by identifying and accessing those addresses. It is possible to carry out and process. In this embodiment, in addition to the program stored in the "main memory" in the fifth embodiment, the program is a third party identification information holding program.

In addition to the fifth embodiment, third party identification information and the like are stored in the "main memory" and "nonvolatile memory".

The "CPU" executes the third party identification information holding program stored in the "main memory" and accesses the health and medical information stored in the health and medical information storage section via the network. Third party identification information for identifying whether the three parties are medical workers or non-medical workers is stored in "main memory" and "nonvolatile memory."

<Embodiment 6 Health and medical related information unified management system: Processing flow>
FIG. 7c is a diagram showing the flow of processing when the health and medical care related information unified management system in this embodiment is used. Here, differences from Embodiment 5 will be mainly explained.
As shown in the figure, this processing method includes a third party identification information holding step S707.

"Third party identification information holding step" S707 means whether the third party who has accessed the health and medical information stored in the health and medical information storage unit via the network is a medical worker or This is the stage of retaining third-party identification information to identify non-medical personnel.

<Summary>
From the above, it is possible to identify whether the third party is a medical worker or a non-medical worker.

This embodiment is based on Embodiments 1 to 6, and the disclosure permission information held in the release permission information storage unit indicates permission to release, and the third party identification information held in the third party identification information storage unit is Provided is a health and medical related information unified management system that allows a medical professional to view health and medical related information accumulated in a health and medical related information storage unit when the person indicates that the person is a medical professional.
FIG. 8a is a diagram showing the functional configuration of a health and medical related information unified management system in Embodiment 7. From now on, descriptions of functions, hardware configurations, and processing flows similar to those of the fifth and sixth embodiments will be omitted as appropriate.

Hereinafter, the functional configuration, hardware configuration, and processing flow of the health and medical related information unified management system in this embodiment will be explained in order.

<Embodiment 7 Functional configuration>
FIG. 7a is a diagram showing the functional configuration of the health and medical related information unified management system in this embodiment. By adopting such a configuration, if the disclosure permission/denial information held in the disclosure permission/denial information holding unit indicates permission to release, and the third party identification information indicates that the person is a medical professional, the health and medical related information will not be stored. It becomes possible to view health and medical related information accumulated in the department.

<Embodiment 7 Health and medical related information unified management system: functional configuration>
FIG. 7a is a diagram showing the functional configuration of the health and medical related information unified management system in this embodiment.

<Embodiment 7 Configuration description: Publication permission information holding unit of access control unit>
The “disclosure permission/denial information holding unit” 806 holds disclosure permission/denial information indicating whether or not to disclose the health and medical information of the individual to a third party who has accessed the health and medical information related to the individual via the network. It is configured to have the function of Specifically, a third-party terminal 206 as shown in FIG. 2b issues "permission to publish" or "refuse to publish" to the access control unit 202 of the healthcare-related information unified management system 200 via the network 205. It is desirable that the information displayed be configured so that the information can be set according to the individual's will. For example, it may be binary information (flag information) in which "publication permission" is set to "1" and "publication refusal" is set to "0". Further, the disclosure permission/denial information may be such that it can be set whether or not to disclose a predetermined group of health and medical related information. For example, among medical departments, health and medical information related to internal medicine may be set to "disclosure permission," while health and medical information related to psychiatry may be set to "disclosure prohibited." In addition, when the third party is a specific medical professional, the disclosure permission/denial information can be used in combination with the third party identification information described above to determine whether the third party is a specific medical professional, whether the disclosure is permitted or the disclosure is refused. It may also be possible to set them separately. For example, if the third-party identifying information represents a "doctor," the individual's health and medical information will be "permitted to be released," but on the other hand, if the third-party identifying information represents a "doctor," the individual's health and medical information will be "permitted to be released," but on the other hand, if the third-party identifying information represents a "doctor" person, accountant, etc.), it may be possible to ``refuse disclosure'' of personal health and medical information.

<Embodiment 7 Configuration description: Third party identification information holding unit of access control unit>
The “third party identification information holding unit” 807 determines whether a third party who has accessed the health and medical information stored in the health and medical information storage unit via the network is a medical professional or a non-medical professional. It is configured to have a function to hold third party identification information to identify whether the person is a medical worker. Here, the third party identification information is, for example, information created by combining 12-digit numbers, letters, symbols, etc., and may be information that can uniquely identify a third party. For example, specifically, My Number information, health insurance card number, etc. may be used.
Further, it is preferable that the third party identification information is associated with the above-mentioned access subject information, user information, and user attribute information (“medical worker” or “non-medical worker”). Further, the third party identification information may be registered, edited, and deleted by the above-mentioned administrator using an administrator terminal.
Furthermore, due to the combination of the above-mentioned disclosure permission information and third party identification information, even if the disclosure permission information indicates "disclosure permission", if the third party is a specific medical professional, access may be prohibited. It may also be possible to make settings for cases in which permission is permitted and cases in which permission is not permitted.
For example, if the third-party identifier represents a "doctor," it may allow access to healthcare-related information, but if the third-party identifier represents a (person in charge, etc.), it may be possible to disallow access to healthcare-related information.
Also, for example, by adding information indicating the department to which the third party belongs to the third party identification information, it is possible to control permission or disallowance of access to healthcare-related information based on the information indicating the department to which the person belongs. Good too. In addition, for example, permission to access healthcare-related information may be granted based on information regarding the user's specialty identified by third-party identification information (e.g., the specialty and years of experience of a "doctor" or "nurse"). , it may be possible to control disallowance. For example, depending on the combination of department and expertise related to disclosure permission information and third-party identification information, we will determine how third parties can obtain health and medical information (for example, viewing only, converting information to text, copying) (transferable, bulk downloadable of anonymously processed information, etc.) may be changed. Note that if the data is made downloadable, it is preferable to use digital watermark technology, NFT (Non-Fungible Token) technology, etc. to prevent data tampering. Further, for example, it may be possible to grant access authority to a patient to a third party based on a combination of the department to which the patient belongs and the specialty related to the disclosure permission information and the third party identification information. For example, it is assumed that a person in charge of a PCR test, who is a medical worker, transmits the results of a PCR test to a third-party terminal used by a doctor and also to a third-party terminal used by a patient himself.
The above-mentioned administrator uses the administrator terminal to register the combination of these information in the above-mentioned access control unit in advance in table format, etc., so that it can be edited or deleted as needed. It is possible to do so.
In addition, for example, medical professionals include doctors, dentists, and pharmacists, and at least part of their third-party identification information includes the medical registration number written on the doctor's license (e.g. , a 6-digit number), a dental registration number written on a dentist's license (e.g. a 6-digit number), a pharmacist directory registration number written on a pharmacist's license (e.g. A number consisting of 6 digits) may be included. Similarly, for other medical professionals, the third party identification information may include at least a part of the number written on the qualification license.
In addition, at least the symbol and number (including branch number) written on the insurance card of the health insurance association to which the user belongs, the number of the driver's license, and the My Number information written on the My Number card, etc. It may be included as part of the third party identification information. Note that the user may be identified using third party authentication by a platform such as Google (registered trademark) or Facebook (registered trademark).

<Embodiment 7 Description of configuration: access control means of access control unit>
The "access control means" 705 controls access when a third party accesses the health and medical information storage unit via the network, and determines whether the disclosure permission information held in the disclosure permission information storage unit is and the third party identification information indicates that the third party is a medical worker, the third party identification information is configured to have a function of allowing viewing of the health and medical related information stored in the health and medical related information storage section.

<Embodiment 7 Health and medical related information unified management system: Hardware configuration>
FIG. 7b is a diagram showing the hardware configuration of the health and medical related information unified management system in this embodiment. As shown in this figure, the health and medical related information unified management system in this embodiment includes a "CPU (Central Processing Unit)" 721 that performs various calculation processes, and a "main memory" 722. It also includes a "nonvolatile memory" 723 that holds predetermined information, and a "network I/F" 724 that sends and receives information to and from a third party terminal 726 and an administrator terminal 727. These devices are interconnected by a data communication path such as a “bus” 725, and transmit, receive, and process information.

Here, the "main memory" reads out programs for performing various processes in order to be executed by the "CPU", and at the same time provides a work area that is a work area for the programs. In addition, multiple addresses are assigned to each of the "main memory" and "nonvolatile memory," and programs executed by the "CPU" can exchange data with each other by identifying and accessing these addresses. It is now possible to carry out and process. In this embodiment, the programs stored in the "main memory" are a release permission information holding program, a third party identification information holding program, and an access control program.

Additionally, the "main memory" and "nonvolatile memory" store disclosure permission information, third party identification information, and the like.

The ``CPU'' executes the release permission information holding program stored in the ``main memory'' to notify a third party who has accessed the health and medical information related to the individual via the network that the individual's health and medical related information is stored. Disclosure permission information indicating whether or not to disclose information is stored in "main memory" and "nonvolatile memory." In addition, a third party who accesses the health and medical information stored in the health and medical information storage unit via the network by executing the third party identification information retention program stored in the "main memory" , third-party identification information for identifying whether the person is a medical worker or a non-medical worker is stored in the "main memory" and "nonvolatile memory." After this, the access control program stored in the "main memory" is executed to determine if the disclosure permission information indicates disclosure permission and the third party identification information indicates that the person is a medical professional. To enable viewing of health and medical related information accumulated in the information storage section.

<Embodiment 7 Health and medical related information unified management system: Processing flow>
FIG. 7c is a diagram showing the flow of processing when the health and medical care related information unified management system in this embodiment is used.
As shown in the figure, this processing method includes a disclosure permission information holding step S706, a third party identification information holding step S707, and an access control step S708.

"Disclosure permission/denial information retention step" S706 refers to disclosure permission/denial information indicating whether or not to disclose the health and medical information of the individual to a third party who has accessed the health and medical information related to the individual via the network. This is the stage of holding.

"Access control step" S708 means that if the disclosure permission information held in the disclosure permission information holding unit indicates permission to publish and the third party identification information indicates that the person is a medical worker, the health and medical related information storage This is the stage where the health and medical information accumulated in the department can be viewed.

<Summary>
From the above, if the disclosure permission/denial information held in the disclosure permission/denial information storage unit indicates permission to release, and the third party identification information indicates that the person is a medical worker, the health information stored in the health and medical information storage unit Medical related information can be viewed.

This embodiment is characterized in that anonymization method information is held based on Embodiments 1 to 6. From now on, descriptions of functions, hardware configurations, and processing flows similar to those of Embodiments 1 to 6 will be omitted as appropriate.

Hereinafter, the functional configuration, hardware configuration, and processing flow of the health and medical related information unified management system in this embodiment will be explained in order. From now on, the explanation will focus on the points that are different from the first to sixth embodiments.

<Embodiment 8 Functional configuration>
FIG. 9a is a diagram showing the functional configuration of the health and medical related information unified management system in this embodiment. In addition to the fifth and sixth embodiments, the health and medical related information unified management system in this embodiment includes an anonymization method information holding unit.

<Embodiment 8 Health and medical related information unified management system: functional configuration>
FIG. 8a is a diagram showing the functional configuration of the health and medical related information unified management system in this embodiment. Here, differences from Embodiments 5 and 6 will be mainly explained.

<Embodiment 8 Configuration description: Anonymization method information holding unit of access control unit>
The “anonymization method information holding unit” 908 is configured to have a function of holding information representing an anonymization method. Here, the anonymization method information is, for example, information created by combining six-digit numbers, letters, symbols, etc., and may be information that can uniquely identify the anonymization method. Note that the anonymization method information may be registered, edited, and deleted by the administrator described above using an administrator terminal.

There are several anonymization methods, and these are often used alone or in combination. The main anonymization methods will be briefly explained below.
"k-anonymization" (here k represents a natural number of 2 or more) is an attribute that cannot identify an individual by itself, but can identify an individual with high probability by combining multiple attributes (for example, gender , age, place of residence, occupation, etc.), no matter what combination of attribute values, k or more values must exist in the target data.
"Pseudonymization" refers to replacing something with another description, etc., using a method that does not have regularity that allows it to be deleted or restored.
"Generalization" means replacing the value of an attribute with a higher value or concept. For example, cucumbers may be given as a superordinate vegetable in 10-year increments.
"Top (bottom) coding" refers to grouping numerical attributes into particularly large or small attribute values. For example, people who are 100 years old or older may be referred to as "100 years old or older."
"Noise (error) addition" means adding random number noise according to a certain distribution to numerical attributes.
"Swaping (data exchange)" means (probabilistically) exchanging attribute values between records for category attributes. Also called data swap.
“Sampling” refers to randomly extracting data at a fixed rate and number from the entire original data.
"Grouping" refers to replacing detailed items in attributes and history with certain groups or classifications.

<Embodiment 8 Configuration description: access control means of access control unit>
The "access control means" 905 controls access when a third party accesses the health and medical information storage unit via the network, and determines whether the disclosure permission information held in the disclosure permission information storage unit is and the third party identification information indicates that the third party is a non-medical worker, some (including all) of the health and medical information stored in the health and medical information storage unit or a predetermined The system is configured to have a function that allows viewing of health and medical related information that has been anonymized using anonymization method.

<Embodiment 8 Healthcare-related information unified management system: Hardware configuration>
FIG. 9b is a diagram showing the hardware configuration of the health and medical related information unified management system in this embodiment. As shown in this figure, the health and medical related information unified management system in this embodiment includes a "CPU (Central Processing Unit)" 911 that performs various calculation processes and a "main memory" 912. It also includes a "nonvolatile memory" 913 that holds predetermined information, and a "network I/F" 914 that sends and receives information to and from a third party terminal 916 and an administrator terminal 917. These devices are interconnected by a data communication path such as a “bus” 915, and transmit, receive, and process information.

Here, the "main memory" reads out programs for performing various processes in order to be executed by the "CPU", and at the same time provides a work area that is a work area for the programs. In addition, multiple addresses are assigned to each of the "main memory" and "nonvolatile memory," and programs executed by the "CPU" can exchange data with each other by identifying and accessing those addresses. It is possible to carry out and process. In this embodiment, in addition to the fifth and sixth embodiments, the program stored in the "main memory" is an anonymization method information holding program.

In addition to the fifth and sixth embodiments, anonymization method information and the like are stored in the "main memory" and "nonvolatile memory."

The "CPU" executes the anonymization method information holding program stored in the "main memory" and stores the anonymization method information representing the anonymization method in the "main memory" and "nonvolatile memory". do. After this, the access control program stored in the "main memory" is executed, and if the disclosure permission information indicates disclosure permission and the third party identification information indicates that the person is a non-medical worker, the health care It is possible to view part (including all) of the health and medical related information stored in the related information storage unit, or health and medical related information anonymized by a predetermined anonymization method.

<Embodiment 8 Health and medical related information unified management system: Processing flow>
FIG. 8c is a diagram showing the flow of processing when the health and medical care related information unified management system in this embodiment is used. The following will focus on the differences from the fifth and sixth embodiments.
As shown in the figure, this processing method includes an anonymization method information holding step S908 and an access control step S909.

"Anonymization method information retention step" S908 is a step of retaining anonymization method information that is information representing a method for anonymizing health and medical related information.

"Access control step" S909 refers to health and medical related information when the disclosure permission/denial information held in the disclosure permission/denial information holding unit indicates permission to publish and the third party identification information indicates that the person is a non-medical worker. This is a stage where part (including all) of the health and medical related information accumulated in the storage unit or health and medical related information anonymized by a predetermined anonymization method can be viewed.

<Explanation of an example of anonymization method>
FIGS. 10a to 10c are diagrams illustrating an example of an anonymization method. An example of an anonymization method will be briefly explained using these.
The table shown in Figure 10a is a list of patients at a fictitious medical institution in Minato-ku, Tokyo, Japan, who have not yet been anonymized. This includes six attributes (name, age, gender, place of residence, religion, disease name) and data for 12 people. Among these, "name" is information that constitutes personal data, and is information that may identify an individual by itself. Additionally, "age", "gender", "place of residence", "religion", and "disease name" are information that constitutes personal data and are not accumulated over time and are used alone. Although it cannot identify an individual, it is information that may identify an individual when combined with other attributes or compared with external information. In particular, "disease name" is extremely sensitive attribute information in personal data. These pieces of information correspond to the personal health and medical information stored in the health and medical information storage unit described above. In this case, the following process may be performed to achieve k-anonymity for a certain value of k (k is a natural number of 2 or more).
First, a process called "pseudonymization" is performed to replace a certain value of a certain attribute with an asterisk "*". All or part of the values in that column are replaced with "*". In the table shown in FIG. 10b, all values of "name" and all values of "religion" are replaced with "*".
Next, a process called "generalization" is performed to replace each attribute value with a wide range. For example, regarding "age,""29 years old" is replaced with "20s,""35 years old" is replaced with "30s," and so on. Furthermore, the "place of residence" is a value consisting of the prefecture and city, ward, town, or village, but the city, ward, town, or village is deleted and changed to only the prefecture.
Figure 10b shows an anonymized table. Here, there are four equivalence classes having the same combination of quasi-identifiers (“age,” “gender,” and “place of residence”).
Figure 10c shows anonymized tables grouped for ease of understanding. As can be seen from this table, all groups (Group A to Group D) achieved 3-anonymity in terms of "age,""gender," and "place of residence." This is because any combination of these attributes results in three or more people.
In this way, by anonymizing the health and medical information related to the individual stored in the health and medical information storage unit described above, it is possible to reduce the risk of the individual being identified.

<Summary>
Based on the above, if the disclosure permission/denial information held in the disclosure permission/denial information holding unit indicates permission to release, and the third party identification information indicates that the person is a non-medical worker, the information stored in the health and medical information storage unit is Part (including all) of the health and medical related information or health and medical related information that has been anonymized using a predetermined anonymization method can be made viewable.

Health and medical information unified management system: 200
Health and medical information storage department: 201
Access control section: 202
Incentive management department: 203
Incentive function department: 204
Network: 205
Third party terminal: 206
Administrator terminal: 207

Claims

a health and medical information storage department for accumulating and centrally managing health and medical information related to individuals;
an access control unit for controlling disclosure of the health and medical related information accumulated in the health and medical related information storage unit to a third party via a network;
an incentive function unit that includes at least an incentive management unit for providing incentives to the individual in order to promote unified management of the health and medical information regarding whether or not to disclose the health and medical information related to the individual;
A unified management system for health and medical information, characterized by having:
The health and medical related information unified management system according to claim 1, further comprising an access authentication processing unit that performs authentication for accessing the incentive management unit.
The health and medical related information according to claim 2, further comprising a consent information acquisition unit that acquires consent information that is information indicating consent to accept the incentive from the incentive management unit after being authenticated by the access authentication processing unit. Centralized management system.
The health and medical related information unified management system according to claim 3, further comprising an incentive processing unit for performing incentive processing, which is processing for providing an incentive when consent information is acquired by the consent information acquisition unit. .
The health care device according to claim 1, further comprising a disclosure permission information storage unit that holds disclosure permission information indicating whether or not an individual is permitted to disclose his/her health and medical information to a third party. Related information unified management system.
The claim further comprises a third party identification information holding unit that holds third party identification information for identifying whether the third party is a medical worker or a non-medical worker. The unified health and medical information management system described in item 5.
The access control unit is configured such that the disclosure permission/denial information held in the release permission/denial information storage unit indicates permission to publish, and the third party identification information held in the third party identification information storage unit is a medical worker. 7. The integrated health and medical information management system according to claim 6, wherein the health and medical information integrated management system allows the medical worker to view the health and medical information stored in the health and medical information storage section.
The access control unit is configured to determine whether the disclosure permission/denial information held in the release permission/denial information storage unit indicates permission to publish, and the third party identification information held in the third party identification information storage unit is a non-medical worker. If it indicates that there is, part (including all) of the health and medical information accumulated in the health and medical information storage unit, or health and medical information that has been anonymized using a predetermined anonymization method. 7. The health and medical related information unified management system according to claim 6, wherein the non-medical personnel are allowed to view the information.
The anonymization method includes at least k (k is a natural number of 2 or more) anonymization, pseudonymization, generalization, top (bottom) coding, noise (error) addition, swapping (data exchange), sampling, and grouping anonymization. 9. The integrated health and medical information management system according to claim 8, characterized in that the processing is performed by any one of processing methods or a combination thereof.
The medical professionals include doctors, dentists, pharmacists, public health nurses, midwives, nurses, associate nurses, physical therapists, occupational therapists, orthoptists, speech therapists, prosthetists, and radiology technicians. , Medical X-ray technician, Clinical laboratory technician, Hygiene laboratory technician, Clinical engineer, Dental hygienist, Dental technician, Emergency medical technician, Anma massage shiatsu therapist, Acupuncture therapist, Kyushu therapist, Judo therapist, Registered dietitian, Nutritionist, Psychiatrist 7. The unified health and medical information management system according to claim 6, comprising at least one of a certified social worker, a certified social worker, a certified care worker, a certified psychologist, a clinical psychologist, and a medical administrator.
The non-medical workers include life insurance companies, non-life insurance companies, securities companies, pharmaceutical companies, drug discovery venture companies, food companies, health equipment companies, fitness clubs, gyms, banks, credit unions, and JA (agricultural cooperatives). , health insurance associations, health insurance associations, mutual aid associations, municipalities, national health insurance associations, PR companies, general research institutes, universities and graduate schools (including affiliated research institutes), technical colleges, agriculture, forestry and fisheries companies, fertilizer manufacturers, government offices, and local governments. 7. The integrated health and medical information management system according to claim 6, characterized in that the system includes at least one employee of an independent administrative agency.
A method executed by a CPU in a unified health and medical information management system, the method comprising:
a health and medical information accumulation step for accumulating and centrally managing health and medical information related to individuals;
an access control step for controlling disclosure of the health and medical related information accumulated in the health and medical related information storage unit to a third party via a network;
an incentive function step including at least an incentive management step for providing an incentive to the individual in order to encourage central management of the health and medical information regarding whether or not to disclose the health and medical information related to the individual;
A method characterized by having the following.
a health and medical information accumulation step for accumulating and centrally managing health and medical information related to individuals;
an access control step for controlling disclosure of the health and medical related information accumulated in the health and medical related information storage unit to a third party via a network;
an incentive function step including at least an incentive management step for providing an incentive to the individual in order to encourage unified management of the health and medical information regarding whether or not to disclose the health and medical information related to the individual;
An operating program for a unified health and medical information management system written to be read and executed by the unified health and medical information management system, which is a computer characterized by including the following.