The present invention disclosed herein relates to a method of managing medical information in an operating system for a medical information database.
As paper-based medical records become digitalized by introducing electronic medical records (EMR) and an order communication systems (OCS), management of a medical information database highly attracts interests. Even though medical information including sensitive, privacy-related information requires to be encrypted, since not all the information is sensitive, an active encryption method reflecting characteristics of the medical information is necessary. Also, as evidence-based medicine (EBM) is developed, it is required to effectively search a medical information database for medical information for clinical research.
Typically, since a medical information database locates within a hospital, there is no separate protection measure on medical information therein or all medical information is encrypted with a symmetric-key cryptosystem. In the search, all encrypted medical information is read, decrypted, and then searched, and, in this process, there is a risk of information leaks by an inner manger.
Accordingly, the search is necessary to be enabled in an encrypted state without decryption for security and efficient commerciality. For this, database encryption and search schemes are being researched, which mainly focus on a system for selecting representative keywords from a document, encrypting them and using the encrypted keywords as indexes for a search. Since a medical information database is accessed by users in various groups such as doctors, nurses, or the persons related to hospital management, the group users are to be considered. Accordingly, typical database encryption and search schemes have limitations in applying to medical information databases, since they do not consider characteristics of medical information and lack consideration for various group users.