1. Technical Field
The present invention relates to a secure healthcare management system capable of protecting the confidentiality of health information in a healthcare management service in which health information such as body weight or blood pressure of a user measured by the user is received via a communication network and tips for health based on the health information are returned to the user.
2. Background Art
Tags that function as sensors such as thermal sensor, chemical sensor, pressure sensor, biosensor, and others, and that have communication function such as the Radio Frequency Identification (RFID) are in process for development. Furthermore, applications using the tags have been considered. The applications includes, for example, managing the temperature and humidity at the time of transporting fresh food or artwork by attaching tags that function as temperature sensor and humidity sensor. Furthermore, it is also possible to use the tags for managing health of patients who are required to measure body temperature, blood glucose level, and heart rate for a long term or regularly. Attaching a tag with the biological information measuring function (hereafter referred to as a “sensor tag”) to a patient's body allows measuring biological information regularly. The biological information obtained through the measurement is accumulated in the sensor tag. After the measurement for a certain period ends, the sensor tag is removed from the patient's body, and the data accumulated inside is read out. Microminiaturization of the sensor tag enables measuring the biological information regularly without the patient realizing the presence of the sensor tag.
Upon using the sensor tag for the health management purpose, it is necessary to secure the confidentiality of the measured information accumulated in the sensor tag. More specifically, the measured biological information is personal information for the person being measured. There is a possibility that the measured data recorded within the sensor tag leaks when the sensor tag attached to the body becomes unstuck without noticed by the patient and picked up by a third party, or when the third party obtains the sensor tag because of insufficient management of the sensor tag after the data is read. A system in which the measured biological information is encrypted in the sensor tag and accumulated is necessary to prevent the data from leaking.
When encrypting the data within the sensor tag, the key needs to be set after shipment of the product (sensor tag). The sensor tags for health management purpose are purchased by hospitals and provided to patients from the hospitals. Thus, it is necessary to set different keys for each hospital such that, even when the key of a hospital leaks, there would be no risk on the leak of the measured information of the patients going to other hospitals. Accordingly, the sensor tags needs to be shipped and delivered to the hospitals with the key not set, so that the setting of the key can be made at each hospital.
The sensor tag has a battery built-in because the sensor tag must be supplied with power during measurement and there is no way to supply power to the sensor tag from outside of the sensor tag. In addition, the sensor tag must be microminiaturized in size, for it has to be constantly attached to the patient's body. Due to these limitations, it is difficult to provide a switch mechanism that turns on and off the power supply from the power source. Thus, the only available option is to insert an insulator between the battery and a sensor tag circuit, and to remove the insulator to turn on the power supply before use. In this case, however, it is difficult to insert the insulator that was once removed between the battery and the sensor tag again. In other words, once the power supply is turned on from off, the power supply cannot be turned off until the battery runs out.
The following is the overview of the processes for the conventional tags added with the encryption function in consideration of the above-described premises. First, the sensor tags are delivered to a hospital without the keys set. At the hospital, the power supply to the sensor tag is turned on, and the key is set. The hospital provides a patient with the sensor tag with the key set. The patient attaches the sensor tag, and measures the biological information. The sensor tag measures the biological information and encrypts the biological information using the key, and accumulates the information within the sensor tag while being attached to the body. After the measurement is completed, the patient hands in the sensor tag after the measurement to the hospital. The hospital reads out the encrypted measured biological information from the sensor tag, decrypts the information using the key held at the hospital, and obtains the biological information in plaintext. The biological information inside the sensor tag is encrypted. Thus, even if the sensor is obtained by the third party, there is no risk that the information leaks, since the third party does not have the key, and cannot obtain the decrypted biological information.    [Patent Literature 1] Japanese Unexamined Patent Application Publication No. 2006-197202