JP2007148510A - Medical information management system - Google Patents

Abstract

A medical information management system that responds to complicated concealment conditions and has quick response operability based on attributes of an operator who acquires medical information.
SOLUTION: Medical information for each patient is created by converting original medical information maintaining the personal information of the patient, and converting the part of the personal information in the original medical information to be indistinguishable. Data management means for storing and managing, authority information management means for holding an authority management list in which authorized persons and non-authorized persons are divided according to the identification information or attributes of the operator, and input operator's A data output unit that determines whether the person is an authorized person or a non-authorized person from the identification information or attribute by referring to the authorization management list, and outputs the original medical information or the converted medical information accordingly. A featured medical information management system.
[Selection] Figure 1

Description

  The present invention conceals and displays information that can identify a patient under a predetermined condition in a medical information management system that manages medical image information and examination results collected as part of a medical practice performed at a medical institution. The present invention relates to a medical information management system provided with a technology for protecting personal information.

  Digitization has been performed in various diagnostic devices and inspection devices used in medical practice. Furthermore, in the management of diagnostic information and examination data obtained by these, systemization in hospitals has progressed, and various systems have come to operate in the hospital. For example, systems for managing medical information such as an image management system (PACS), a radiation information system (RIS), and a hospital information system (HIS) are connected to a network, and communicate with these systems using client terminals on the network. . This client terminal receives medical information through communication with the system and displays it on a monitor.

  For example, order information, examination execution information, or examination images used in the radiation department are stored in a host information system server managed by a hospital / department. When a doctor diagnoses a patient, in many cases, a single doctor in charge of a patient performs a diagnosis, but other departments for obtaining other diagnostic information such as ultrasonic image diagnosis or endoscopic image diagnosis The order information is transmitted to the doctor or the diagnosis opinion of the image diagnosis specialist in another department is requested, and the medical information of each linked patient is managed, and these are searched and browsed from various departments. On the other hand, when it is used in conferences (in-hospital conferences) or education, it may be used in explanations in telemedicine or home medical care.

  The medical information transmitted and received by such a hospital system contains a lot of information related to various privacy such as name, age, address, and medical condition. However, when outputting this information to a monitor, external media, or external information device, it is necessary to take measures to prevent leakage by taking measures such as masking patient information from the viewpoint of personal information protection and technical safety measures. There is.

As a technique for preventing leakage of medical information, when a diagnostic request form including medical information is transmitted from one terminal operated by a requesting doctor who requests a specialized diagnosis to the other terminal operated by the diagnostic doctor via a network, There is one that sets or changes the range of medical information displayed on the diagnosis request form at the terminal operated by the requesting doctor, and hides unnecessary medical information for the diagnostician (see, for example, Patent Document 1). In this technique, the medical information disclosed in the diagnosis request form and the medical information to be concealed are uniformly set in advance, and the setting can be changed manually.
JP 2003-323496 A

In the system for managing the conventional examination execution information and medical information described above,
1) There is a technique for concealing information for identifying an individual, but since this is performed immediately before the output of information, it can be easily seen by avoiding this operation.

2) When a plurality of systems are installed, detailed control for each system user, each department / request department, or each group is complicated and not easy.

3) It is not controlled for external outputs other than the display monitor (for example, DVD, printer, other system, etc.).

4) When the output request is congested, an output delay occurs due to the concealment process.

There was a problem.

  The present invention has been made in view of the above problems, and based on the attributes of an operator who obtains medical information, personal information leakage prevention corresponding to complex concealment conditions and response operability by quick output processing An object of the present invention is to provide a medical information management system that improves the above.

  In order to achieve the above object, the medical information management system of the present invention includes medical information for each patient, original medical information that maintains the personal information of the patient, and a part of the personal information in the original medical information. Data management means for storing and managing post-conversion medical information created by conversion to replace it with indistinguishable, and an authority management list in which authorized persons and non-authorized persons are separated according to operator identification information or attributes Based on the authority information management means to be held and the identification information or attributes of the input operator, the authority management list is referred to determine whether the person is an authorized person or a non-authorized person, and the original medical information or post-conversion is converted accordingly. And a data output means for outputting medical information.

  Further, the medical information management system of the present invention provides original medical information memory means for storing medical information for each patient and original medical information maintaining patient personal information including a predetermined identification item of the patient in a predetermined storage area. Further, the converted medical information created by converting the medical information of the patient while maintaining the predetermined identification item and replacing all or some of the other items to be unidentifiable is stored in a predetermined storage area. A post-conversion medical information memory means to save, and an authority information management memory means comprising an operator authority list in which either an authorized person or an unauthorized person is assigned in advance to a plurality of attributes set for each identification information of the operator; When the assignment is authorized by referring to the operator authorization list from the input identification information of the operator or its designated attribute, the original Output information management means for reading the original medical information of the patient stored in the medical information memory means and reading out the converted medical information of the patient stored in the post-conversion medical information memory means in the case of an unauthorized person. It is characterized by this.

  The medical information management system of the present invention stores medical information for each patient in a storage area in which original medical information that maintains patient personal information including a predetermined identification item of the patient is divided by a predetermined identification code. Original medical information memory means, and further conversion of the medical information of the patient by maintaining the predetermined identification items of the patient personal information and converting all or some of the other items to be indistinguishable A post-conversion medical information memory means for storing post-medical information in a storage area divided by a predetermined identification code, and an operator attribute list for sorting attributes set in advance for a plurality of attribute classifications for each operator identification information And, for each combination of the attribute for each attribute category and the output destination or the output method of the medical information, a classification code corresponding to the identification code for dividing the storage area is manipulated. Based on authority information management memory means corresponding to the authority conditions of the operator and provided with a preset authority management list, personal identification information of the operator, attribute classification of processing authority, and output destination or method Then, referring to the operator attribute list and the authority management list, authority authentication means for determining one of the classification codes, the determined classification code, and either the original information memory means or the converted information memory means The storage area matching the identification code is retrieved, output information management means for reading the original medical information or the converted medical information stored therein, and the read medical information as the input output destination or And an external output control means for outputting to the output method.

  Furthermore, in the medical information management system for protecting personal information according to the present invention, the medical information is an X-ray image device, a CT image device, an ultrasonic image device, an MR image device, an endoscopic image device, a specimen examination device, Medical findings data or instruction data output from at least one of the blood analyzer, test request device, image management system (PACS), radiation information system (RIS), hospital information system (HIS), or test order device It is characterized by being.

  Furthermore, in the medical information management system for protecting personal information of the present invention, the patient personal information includes an item of the patient's own ID number or chart code, patient name, patient date of birth, patient sex, patient address, patient The data is characterized by identifying the individual patient by at least one of the items of the contact telephone number, the name of the medical department to be examined, the patient's past medical history, and the patient relative history.

  Furthermore, in the medical information management system for protecting personal information according to the present invention, the predetermined identification item of the patient is the patient's own ID number or chart code of the personal information.

  Furthermore, in the medical information management system for protecting personal information according to the present invention, the plurality of attribute categories of the operator attribute list include an operator name, a department name, a requested department name, a medical qualification name, a job title, and an extra mission. It is characterized in that it includes at least one section of the permission group.

  Furthermore, in the medical information management system for protecting personal information according to the present invention, the storage area of the post-conversion medical information memory means is concealed so as to be further identifiable except for the predetermined identification item of the patient personal information. Each set of personal information items is divided by a plurality of different predetermined identification codes, and a plurality of predetermined classification codes of the authority management list are provided corresponding to the plurality of different identification codes, and the attribute For each combination of the attribute for each category and the output destination or output method of the medical information, a set of items of personal information that is concealed and converted in an indistinguishable manner other than the predetermined identification items of the patient personal information set in advance. Each is divided by a plurality of different predetermined identification codes, and a plurality of predetermined classification codes in the authority management list correspond to the plurality of different identification codes. Vignetting, for each combination of the attributes of the attribute classification for each output destination or the output method of the medical information, is characterized in that is preset.

  According to the radiation information management system of the present invention, it is possible to display and output information to be concealed from the outside of the system as meaningless information, and secure protection of personal information. In addition, it is easy to set up to cope with complicated concealment conditions for personal information, and it is possible to perform settings based on the concealment conditions for the attributes of the operator and the output method, thereby realizing high concealment performance.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

(Embodiment 1)
FIG. 1 is a functional configuration diagram showing an embodiment of a medical information management system for protecting personal information according to the present invention.

  As shown in FIG. 1, this embodiment mainly includes a management system main body 1, a patient information data input unit 2, and an external output device 3.

  Further, the management system main unit 1 includes a system management unit 10 including a data management unit 11 and a data output unit 12, a system control and maintenance unit 13, and a mouse 15 and a keyboard 16 which are input devices connected to the system control IF 14. The system monitor 17 is used.

  The data management unit 11 includes an original information unit 112 having a memory unit 112m that holds and stores data input from the patient information data input unit 2 as it is, and a post-conversion operation that performs a predetermined conversion operation on predetermined items of the input data. An information generation control unit 111 and a post-conversion information unit 113 having a memory unit 113m that holds and stores the data after conversion are configured.

  Further, the data output unit 12 includes an authority information management unit 121 having a memory unit 121m that holds and stores authority data based on data input by the operator, an authentication key management unit 122 that performs authentication based on the authority information, and this authentication. From the session information management unit 123 that outputs either the original information or the converted information by a key, and the external output control unit 124 that controls which of the external output devices 3 outputs this output. Composed.

  The patient information data input unit 2 includes a modality X-ray image device 21, a CT image device 22, an ultrasonic image device 23, an MR image device 24, an endoscopic image device 25, a specimen inspection device 26, blood Connected to the analysis device 27, the medical information system 29, and the patient ID personal information 28, etc., each image diagnosis data, examination result data, and personal information are input to the system management unit 10 through this. The output of the system management unit 10 is connected to the display device 31 of the external output device 3, the other system 32, the DVD device 33, the printer 34, etc., and is displayed, transferred, or recorded.

  The system management unit 10 of the present embodiment configured as described above first performs “data management” to collect information (data) of a target patient by the data management unit 11, and then the doctor performs this collection. The data (synonymous with patient information, but the recorded results are referred to as data hereinafter) is read out, and “data output” is performed to perform medical practice such as diagnosis and treatment.

  Hereinafter, the operation and operation of the “data management” and “data output” performed by the present embodiment will be described with reference to FIGS.

  FIG. 2A illustrates the concept of “data management” processing in the data management unit 11 of the present embodiment. FIG. 5B is a flowchart showing the procedure of the “data management” process.

  As shown in the flowchart of FIG. 2 (b), medical information such as a medical image of a target patient, a test result, or a test order, and identification information about the target patient are managed together with START from the patient information data input unit 2. When input is made to the unit 11, first, step S21 is performed. In this step S21, all the input data is as it is, that is, patient ID, patient name, patient sex, date of birth, disease / disease name, disease which is personal information of a patient generally attached to medical information. Data whose history, family relationship, family illness history, etc. are not changed at all is recorded in the memory 112m of the data management unit 11 as original information.

  Along with this recording, post-conversion information creation is performed in step S22. In this post-conversion information creation (step S22), in order to prevent the publication of a predetermined item that can easily identify an individual patient, or an item that the patient wants to keep secret, the data value of the corresponding item is shown in FIG. As shown in “Conversion” in a), the original information is converted into post-conversion information by either automatic system generation, rule-based generation, or random generation. This conversion may be either reversible or irreversible, but is preferably irreversible in order to increase confidentiality. Specific examples of this conversion include, for example, a predetermined character string such as “****” or “----”, meaningless such as “ABC ··” or “123 ··”, For example, a character string in which the contents of the item cannot be identified, or a character string in which a part of the original data character string is replaced with a hidden character such as “*”. In addition, in order to identify the target patient whose information (data) has been converted, one item of the patient's personal information that can specify the converted data is not converted. This non-converted item is not associated with other items of the subject patient in the personal information, and more generally, the “patient ID”, which is the only item issued in the system, is not displayed. As a conversion, it is preferable to use it for identification.

  In the next step S23, the converted data generated in step S22 is subjected to the predetermined conversion in the following step S23, that is, the patient name, patient sex, date of birth, Each item such as disease / disease name, medical history, family relationship, family medical history is replaced with meaningless or indistinguishable data, and medical images such as medical images or test results are converted into original data. As post information, it is newly recorded in the memory 113m of the data management section 11 in a memory different from the original information.

  Further, each of these original information or post-conversion information for each patient is identified in a predetermined area including predetermined code data set based on an authentication key described later in the memory 112m or the memory 113m in which the information is recorded. For example, it is recorded separately in a folder or an area formed as part of a file name. As an example of the code data of the authentication key described later, for example, a code 0011 is set for the original information, and a code 0001 is set for the converted information.

  The code data for identifying the storage area for storing the original data and the converted data is referred to as an identification code and distinguished from an authentication key code data described later, and an authentication key described later is referred to as a classification code.

  As described above, in the embodiment of the present invention, in the medical information recording performed by the data management unit 11, at least one original information, for example, original information in which all personal information of a predetermined patient is correctly attached and stored, is stored. The patient ID is left as patient identification data, and data related to other personal information is converted into a data value that cannot be assumed by the original data by a predetermined conversion method, and the post-conversion information attached to the medical information is 2 Two medical examination information is recorded simultaneously. These two pieces of information are identified and recorded by different code data.

  According to the present embodiment, the original information and the post-conversion information in which a part of personal information is rewritten into meaningless data are separated and recorded in different storage locations. In specifying the access destination, searching from the outside is not easy, and even if information is extracted from the storage location, an individual cannot be specified.

  Also, in the data reading, the concealment conversion process is performed in advance as post-conversion information at the time of the original information process, so that the response is quicker than the conventional concealment process in which conversion is performed each time. To be done. In particular, according to the present embodiment, data can be provided in a short time even when the conventional system is complicated in data retrieval that requires concealment processing.

(Embodiment 2)
As described above, the original information or post-conversion information recorded in the data management unit 11 according to the present embodiment is used for further medical procedures such as diagnosis and treatment by the operation of medical personnel such as doctors. A part of the recorded data is read out.

  In the present embodiment, this “data output” is performed in the data output unit 12 shown in FIG. Next, using FIG. 3 and FIG. 4, the operation and operation in “data output” performed by the present embodiment will be described below.

  FIG. 3 is a flowchart of the “data output” process in the data output unit 12 of the present embodiment. 4 (a) and 4 (b) illustrate the concept of processing for sorting information categories in the data output unit 12 of the present embodiment.

  In order to diagnose the patient's medical condition by a medical staff such as a doctor, the present embodiment is used for the inquiry of medical information, the conference (intra-hospital meeting) browsing, etc. The procedure for providing data output such as image information and inspection results will be described with reference to FIG.

  As shown in FIG. 3, for browsing or outputting medical information in the present embodiment, first, authority authentication for determining restrictions on providing information to an operator who is a viewer is shown as follows in steps S31 to S33. To do.

  In the first step S31, the operator operates the operator's name, operator ID, operation password, and the like with the mouse 15 or the keyboard 16 while viewing the display on the system monitor 17 provided in the system main body 1 of the present embodiment. Enter the person information. Alternatively, an ID card reader (not shown) may be connected to the system control IF 14 so as to be complicated, and the operator's own ID card in which the operator information is written in advance may be read and input.

  Furthermore, in step S31, the operator inputs an authentication attribute classification and an output item (output form). This authentication attribute classification is, for example, a classification for attribute groups such as individual (name), department (name), requested department (name), medical qualification (name), title (name), special permission group designation, etc. This corresponds to the first row of the authority management list in FIG. 5A described later, and in each column, attributes of the attribute classification relating to the authority of the arranged operators are set. Similarly, the output item is an item in the first row of the authority management list in FIG. 5B or FIG. 5C, for example, an output destination system such as a radiation management system, an output destination such as a DVD output or a monitor output. It is the output destination according to use that can be used in the model, in-hospital conference / in-hospital education such as “other than current patient”, that is, conference, interpretation, educational site, telemedicine, home medical care, etc. Each item of authentication attribute and output item is selected and set in advance for each medical institution in which the system of this embodiment is installed, so it is displayed in the form of a pull-down menu, and these items are input instructed by the operator. It may be performed in the form. Needless to say, such an input means is suitable because the input operation can be performed easily.

  Next, when the operator attribute, authentication attribute, and output destination in step S31 are input, these are analyzed in step S32. For this analysis, an operator attribute list illustrated in FIG. 5A and an authority management list similarly illustrated in FIGS. 5B and 5C are set in advance, and the system management unit 10 includes them. This is recorded in the memory unit 121m provided in the authority information management unit 121 of the data output unit 12, and these are referred to and referred to.

  In the operator attribute list illustrated in FIG. 5A, the names of individual users of the system that is the operator, for example, Sato, Takahashi, Suzuki, and the like are the first column of the vertical item, and the first row of the horizontal item includes Each operator's affiliation and related items, such as the department name, affiliation qualification, special setting group, etc. of the request destination, are configured in the attribute category items, and the attribute items (data ) Is set. The attribute classification in the first row is a connection configuration of an image management system (PACS), a radiation information system (RIS), a hospital information system (HIS), etc., which is managed as medical information by the medical information management system 1 of the present embodiment. In addition to the above-mentioned attribute item classification for each medical institution or hospital that operates the system according to this embodiment, the system department (name), requested department (name), medical qualification (Name), title (name), special permission group designation.

  Each of the vertical items corresponding to the columns of the authority management list illustrated in FIGS. 5B and 5C corresponds to each of a plurality of attribute categories (horizontal items) in the operator attribute list, and the attribute category name is assigned. For example, the operator names Sato, Takahashi, Suzuki, etc., or the requested radiology, internal medicine, orthopedic surgery, etc. In the horizontal item corresponding to the row of the authority management list, an output destination system or output means (output means) that outputs medical information that is set in advance in the medical information management system 1 of the present embodiment and that is operated or browsed by the operator. Each of the devices is listed. As described above, columns and rows are set, and each cell in each data field of each authority management list in which each attribute category attribute is set in the column item is used as an authentication key for displaying medical information in the data management unit 11. Code data for specifying any of medical information with different display combinations of the recorded patient personal information is set in advance and recorded.

  This code data includes a data code (identification code) for identifying the storage area of the medical information example generated for each combination of display of the patient personal information described in the first embodiment, and a pairing classification code based on the display conditions. It has become.

  For example, “0011” of the 4-bit data in each authority management list shown in FIG. 5B or FIG. 5C is code data of authority to access the memory unit 112m of the original information unit 112 included in the data management unit 11. “0001” indicates code data of authority to access the memory unit 113m of the post-conversion information unit 113.

  In step S32, the authentication attribute is selected from the plurality of authority management lists recorded in the memory unit 121m of the authority information management unit 121 provided in the data output unit 12 according to the authentication attribute input by the operator in step S31. The authority management list is referred to, and one row of horizontal items corresponding to the output item (output form) input in step S31 is first referred to. Next, the attribute name of the cell where the column of the same attribute in the operator attribute list similarly recorded in the memory unit 121m and the row of the operator name intersect is detected.

  Further, the authentication key management unit 122 of the data output unit 12 refers to one column of horizontal items corresponding to the output item (output form) obtained in step S32 and the vertical item of the authority management list in step S33. Then, the authentication key management unit 122 acquires the code data (classification code) in the cell intersecting with one row of the attribute found as the authentication key data.

  Further, in the acquisition of the authentication key in step S33, the access destination of the two types of medical information recorded in the data management unit 11 is controlled as shown in FIG. 5 schematically showing the concept of the authentication key acquisition. Along with the code data, code data of a patient name for identifying the subject patient is also given at the same time, and an authentication key is acquired as a series of code data obtained by connecting these data. The code data of the portion related to the patient name is, for example, a 5-bit code obtained by converting data that can identify the patient such as a patient ID as shown in the figure, and the patient in the data management unit 11 described above. In recording the medical information, the same code as the code data identified and set is used.

  In step S34, the medical information recorded in the data management unit 11 is accessed by the code data of the authentication key acquired in the procedure up to step S33. This access is performed from the authentication key management unit 122 of the data output unit 12 to the memory 112m of the original information unit 112 of the data management unit 11 or the memory unit 113m of the post-conversion information unit 113 via the session information management unit 123. A folder or file having the same code name as that of the code data is searched (step S35 or step S36). In the sorting of medical information recording in the data management unit 11, by this search, the medical information data of the same code data folder or file is read from either of the memories 112m and 113m in step S37. In step S38, the read data is connected to the output system or output means instructed in step S31 by the external output control unit 124, and the data is output.

  According to this embodiment, for each operator (name or personal ID), an operator attribute list that associates attributes of departments or services related to disclosure of patient information, and the attribute of the patient's medical information By combining these lists with the authority management list that associates the distinction of medical information that can be output (information output authority) for each type of output destination or output means, the complex operator's personal information for each output destination The authority for the display can be set, and a complicated combination of presentation and non-presentation of personal information can be performed.

(Embodiment 3)
The predetermined items that are not displayed of the patient personal information displayed in the medical information shown in the first and second embodiments are, for example, all items other than the patient ID. However, in the field where medical information is processed for diagnosis and treatment, for example, information such as patient age (date of birth), gender, and past medical history may be required. In some cases, the setting requires a plurality of display patterns with different combination items.

  In the third embodiment described below, a medical information management system capable of setting N types of display forms of personal information with different display contents of patient personal information attached to medical information will be described.

  In the data management unit of the present embodiment, all the above-mentioned patient personal information is attached to the medical information of the patient as it is without changing the individual patient information, and is identified as original information. For example, the data code “ Recorded in a storage memory having an address "0011".

  Next, for example, the patient ID of the patient personal information is left as it is, the other patient personal information is converted by a predetermined conversion means, and the attached medical information of the patient is set as the first information after conversion. Further, the first information after this conversion is recorded in a storage memory having the address of the data code “0001” for identifying this, for example.

  Further, other items different from the personal information (patient ID) left unconverted in the first information after conversion, for example, the patient age (date of birth) are left as they are, and the other patient personal information is subjected to predetermined conversion. The medical information of the patient that is converted by the means and attached is used as the second information after conversion. Further, this is recorded, for example, in a storage memory having an address of a data code “0101” other than that already set.

  Further, the converted nth information having different personal information to be left unconverted is converted, and the data code for identifying the converted information is set so as not to be duplicated, and sequentially recorded in the storage memory having the address.

  When there is no display / non-display combination set in advance, the recording of the Nth information after the conversion ends, and the original information of the subject patient, the first information after the conversion, and the Nth information after the conversion are managed by data management. The data code is identified and recorded in the section.

  In addition, the authority management list provided in the memory unit provided in the data output of the present embodiment has the vertical items of the individual names of the system users who are operators, for example, Sato, Takahashi, Suzuki, etc. Consists of attribute classifications such as each operator's affiliation and related matters, such as the name of the department to be requested, affiliation qualification, and a specially set group. In the lower column (cell) of the attribute classification of this authority management list, the medical information to be recorded in the data management unit of the present embodiment, that is, the original information, the first information after conversion, and the N information after conversion up to the N information after conversion. A plurality of set data codes, that is, one of the division codes are assigned. This assignment is based on the relationship between each attribute item of the vertical item and its output destination or output means, and an identification code whose display / non-display correspondence of preset patient personal information matches that of the converted nth information Is set and recorded in each cell as code data having the same value as.

  In this embodiment configured as described above, when the operator browses or outputs the medical information, the operator only needs to input the viewing authority category and the output destination / form for viewing. Medical information attached with only personal information of (content) can be output.

  The display range of the personal information set in advance is set in the data management unit of the present embodiment by setting the display / non-display items in advance corresponding to the attribute for each operator and the output form of the medical information. Information on items that did not convert part of the information is included. Therefore, the post-conversion n-th information output in the present embodiment can know a part of personal information such as the age and sex of the patient or a past medical history when performing diagnosis and treatment with this medical information. Medical information can be provided, and personal information that is not involved in medical practice can be concealed, and medical information that can be meticulously protected for personal information can be provided.

  According to this embodiment, a plurality of combinations of items of personal information that are attached to and displayed on medical information can be set, and a plurality of display item sets limited to the minimum items required in each medical site. One can be set as a viewing authority, and there is an effect that disclosure of personal information can be set in various ways.

  Further, in a system in which the conventional concealment process is performed by conversion each time, the concealment can be easily escaped by temporarily changing the conversion process program at the time of output. On the other hand, in this embodiment, in order to avoid such secrecy, it is executed only by changing the setting of the authority to access the original information by changing the data of the operator attribute list and the authority management list for setting the concealment of personal information. Is done. Therefore, in this embodiment, there is an advantage that it is easy to increase the confidentiality of personal information by increasing the security of these lists, and a highly secure medical information management system is provided from the viewpoint of information protection. it can.

The schematic diagram which shows the structure of one Embodiment of the medical information management system of this invention. The conceptual diagram which shows the production | generation of the original information of the embodiment of this invention, and the information after conversion, and the production | generation flowchart. The flowchart at the time of the external output which implements personal information protection of embodiment of this invention. The figure which shows the production | generation concept of the code data in this embodiment. The figure which shows the example of the operator attribute list and authority management list | wrist of this embodiment.

Explanation of symbols

1 ... Management system body,
2 ... Patient information data input part,
3 ... External output device,
10: System management department,
11: Data management unit,
12: Data output unit,
13 ... System control / maintenance department,
14 ... System control IF,
15 ... mouse,
16 ... Keyboard,
17 System monitor,
21 ... X-ray imaging apparatus,
22 ... CT image device,
23 ... Ultrasonic imaging device,
24. MR image device,
25 ... Endoscopic image device,
26... Specimen inspection device,
27 ... Blood analyzer,
28 ... Patient ID personal information,
29 ... Medical information system,
31 ... Display device,
32 ... Other systems,
33 ... DVD device,
34 ... Printer,
111 ... post-conversion information generation control unit,
112 ... Original information section,
113 ... Information section after conversion,
121 ... Authority information management unit,
122... Authentication key management unit,
123 ... Session information management unit,
124: External output control unit,
112m, 113m, 121m ... Memory unit.

Claims (8)

The medical information for each patient is stored as original medical information that maintains the patient's personal information, and post-conversion medical information created by converting a part of the personal information in the original medical information to be unidentifiable. Data management means to manage and
An authority information management means for maintaining an authority management list in which authorized persons and non-authorized persons are separated according to operator identification information or attributes;
Data output means for determining whether the person is an authorized person or a non-authorized person by referring to the authorization management list from the input identification information or attribute of the operator and outputting the original medical information or the converted medical information accordingly When,
A medical information management system comprising: Original medical information memory means for storing medical information for each patient, original medical information maintaining patient personal information including a predetermined identification item of the patient in a predetermined storage area;
Further, the medical information of the patient is stored in a predetermined storage area after the conversion, which is created by converting the medical information of the patient while maintaining the predetermined identification items and replacing all or some of the other items to be indistinguishable A post-conversion medical information memory means;
An authority information management memory means comprising an operator authority list in which either an authorized person or a non-authorized person is assigned in advance to a plurality of attributes set for each identification information of the operator;
The operator's original medical information stored in the original medical information memory means when the assignment is authorized by referring to the operator authority list from the inputted identification information of the operator or its designated attribute Output information management means for reading information, and in the case of a non-authorized person, for reading post-conversion medical information of the patient to be stored in the post-conversion medical information memory means;
A medical information management system comprising: Original medical information memory means for storing medical information for each patient in a storage area in which original medical information maintaining patient personal information including a predetermined identification item of the patient is divided by a predetermined identification code;
Further, the converted medical information created by converting the patient's medical information by maintaining the predetermined identification items of the patient personal information and replacing all or some of the other items to be unidentifiable A post-conversion medical information memory means for storing in a storage area divided by an identification code;
A storage area for each combination of an operator attribute list for sorting a plurality of attributes set in advance for a plurality of attribute categories for each operator identification information, and an attribute for each attribute category and an output destination or output method of the medical information An authority information management memory means comprising an authority management list set in advance, corresponding to an operator's authority condition, and a classification code corresponding to the identification code
One of the classification codes is determined by referring to the operator attribute list and authority management list based on the input individual identification information of the operator, attribute classification of processing authority, and output destination or method, respectively. Authority authentication means to
Output information that searches the storage area that matches the determined classification code and the identification code of either the original information memory means or the converted information memory means, and reads the original medical information or the converted medical information stored therein Management means;
An external output control means for outputting the read medical information to the input output destination or output method;
A medical information management system comprising:   The medical information includes an X-ray image apparatus, a CT image apparatus, an ultrasonic image apparatus, an MR image apparatus, an endoscopic image apparatus, a specimen inspection apparatus, a blood analysis apparatus, an examination request apparatus, an image management system (PACS), and radiation information. 4. Medical observation data or instruction data output from at least one of a system (RIS), a hospital information system (HIS), or an examination order device. Medical information management system.   The patient's personal information includes the patient's own ID number or chart code item, patient's name, patient birth date, patient gender, patient address, patient contact phone number, medical department name, patient history, patient relative The medical information management system according to any one of claims 1 to 3, wherein the medical information management system is data for identifying an individual patient composed of at least one of medical history items.   4. The medical information management system for protecting personal information according to claim 2, wherein the predetermined identification item of the patient is the patient's own ID number or medical chart code of the personal information.   The plurality of attribute classifications of the operator attribute list includes at least one classification of an operator name, a department name, a requested department name, a medical qualification name, a job title, and a special permission group. 3. The medical information management system according to 3.   The storage area of the post-conversion medical information memory means includes a plurality of different predetermined identification codes for each set of personal information items to be concealed and converted in addition to the predetermined identification items of the patient personal information. And a plurality of preset classification codes corresponding to the plurality of different identification codes are provided for each combination of the attribute for each attribute classification and the output destination or output method of the medical information. The medical information management system according to claim 3, wherein the medical information management system is preset.