JP5865950B2 - Gene information providing method, gene information providing program, and gene information providing system - Google Patents

Description

  The present invention relates to a gene information providing method, a gene information providing program, and a gene information providing system.

  Information obtained by genetic analysis is widely used in fields such as health care aimed at maintaining individual health, including medical treatment. For example, genetic information is used to determine risks associated with various diseases, to determine potential capabilities, and to trace roots of ancestors.

  In this way, by using genetic information, it is possible to know various profiles of the individual. Genetic information is personal information directly related to personal privacy. Therefore, a person who handles information related to a gene, which is personal information, is required to secure sufficient security for the gene information and manage the information so that the information is not leaked.

  An example of the conventional technique is as follows.

  A user orders a genetic test by using a special terminal device of a touch panel type installed in a store such as a convenience store or by accessing a homepage of a genetic testing contract organization on the Internet. Upon receiving an order from the user, the genetic testing contract organization mails the genetic testing kit (set) to the user's house. The genetic testing contractor sends the collected samples such as mucous membranes received from users to the genetic testing center and conducts genetic testing. Request a diagnosis of the genetic test data at a medical institution that conducts genetic diagnosis. The genetic testing contractor mails the result of the genetic test with a doctor's genetic diagnosis (comment) to the user. In addition, there is a technique for performing counseling to a user by a doctor when necessary (see, for example, Patent Document 1).

  In addition, there is a technique that uses identification information (for example, biological information such as a fingerprint, a retina, and a blood flow) for accessing gene information (for example, see Patent Document 2).

  In addition, as an electronic application process using an electronic application system having an individual identification function, a user accesses an electronic application server, performs user authentication, inputs application information, and transmits it to the electronic application server. The electronic application server transmits the application information file to which the user ID is assigned to the relay server. The relay server discriminates the internal office system to be transmitted from the application information, acquires the personal ID of the internal office system from the information that associates the user ID and the personal ID, and obtains the application information file to which the personal ID is assigned. Transmit to the internal office system. In the case of application contents that can be processed in real time at this time, response information is received from the internal system, and the response information is transmitted to the electronic application server. The internal office system can quickly find the corresponding data because the personal ID is given to the application information, and can quickly perform the application process. In the case of application contents that can be processed in real time, reply information assigned with a personal ID is transmitted to the relay server. The relay server assigns a user ID corresponding to the personal ID and transmits the reply information and the transmitted information to the electronic application server. The user has a technique for receiving a reply to the application from the electronic application server and a notification that the application has been transmitted to the office system (for example, see Patent Document 3).

  In addition, in a genetic diagnosis service combining gene analysis and storage, an identification code A used for payment for the genetic diagnosis service is given according to the input of the customer's personal information, and this identification code A is given. An identification code B used for browsing the customer's genetic information is given to the customer. The payment server 1 performs a payment process for the gene diagnosis service using only the identification code A, and the management server 2 performs a browsing process of gene information using only the identification code B. The gene information DB server 3 has a technique for storing gene information using the identification code C without using the identification code A and the identification code B (see, for example, Patent Document 4).

  Moreover, as a guideline of the Japanese government regarding anonymization of genetic information, for example, there is Non-Patent Document 1.

JP 2002-358362 A JP 2003-196403 A JP 2004-171923 A JP 2009-187198 A

"Ethics Guidelines for Human Genome / Gene Analysis Research" March 29, 2001, Ministry of Education, Culture, Sports, Science and Technology, Ministry of Health, Labor and Welfare, Ministry of Economy, Trade and Industry,

  As described above, there are techniques for protecting personal information related to genetic information in various forms. However, in order to obtain genetic information, the person's specimen is obtained, the specimen is sent to the institution that conducts genetic analysis, and then the information on the gene analysis result is obtained from the institution that conducts genetic analysis. It is necessary to provide genetic information. Thus, when handling genetic information, it is necessary to go through a physical transportation means of sending a specimen, and an electronic information transfer means is involved with respect to the result of genetic analysis and the like. As described above, since various institutions intervene and physical and electronic information transmission coexists, it is desired to construct a mechanism for minimizing the leakage of genetic information.

  The present invention has been made in view of the above problems, and an object thereof is to provide a gene information providing method, a gene information providing program, and a gene information providing system capable of appropriately performing information management in a gene analysis service. And

  In one embodiment of the present invention, a method in which one or more servers execute the provision of genetic information includes: a sample identification code attached to a container for storing a sample collected from a subject; and the subject. Receiving a subject ID to be identified from an operation terminal authenticated to be operated by the subject, and obtaining a first correspondence relationship by associating with the subject identification code; Receiving the sample identification code and the genetic information of the sample from the genetic testing institution to which the sample is provided, and acquiring the second correspondence by associating the sample identification code and the genetic information of the sample; the first correspondence and the second And storing the encrypted subject ID, which is obtained by encrypting the subject ID using a predetermined algorithm, in association with the genetic information in the storage unit, and the authenticated The storage unit is searched by a string obtained by encrypting the subject ID used for accessing the one or more servers from the work terminal by the predetermined algorithm, and the storage unit corresponds to the string. Extracting gene information; and transmitting the extracted gene information to the authenticated operation terminal.

  In one aspect, the present invention can appropriately perform information management in a gene analysis service.

The figure which showed the provision system of the genetic information of one Embodiment. The flowchart which showed the process of activation of the sample identification code in one Embodiment. The flowchart which shows the process of acquisition and provision of gene information in one embodiment. The figure which shows the container by which the sample was preserve | saved and the sample identification code was attached | subjected. The functional block diagram of one Embodiment. The sequence diagram which showed the outline of the flow of the process of one Embodiment. The figure which showed the information which can be memorize | stored in each server in one Embodiment. The figure which shows the example of the hardware constitutions of each server.

  Hereinafter, a plurality of embodiments will be described with reference to the drawings, but it should be noted that the plurality of embodiments disclosed in the following description and drawings are examples. Therefore, the invention described in the claims is not limited to the plurality of embodiments disclosed in the specification and the drawings.

  In the drawings, similar constituent elements are denoted by the same reference numerals.

  FIG. 1 shows a system for providing gene information according to an embodiment. The subject 101 is a person who wishes to acquire his / her genetic information. The operation terminal 102 can be operated by the subject 101 and is connected to a network 104 such as the Internet.

  The gene information service organization 110 is a tissue that can acquire a specimen 136 from the subject 101 and provide the subject 101 with genetic information obtained from the specimen 136. The genetic information service organization 110 includes a purchase server 112, a member server 114, a master server 116, and a delivery factory server 118. In FIG. 1, there are a plurality of servers as described above, but all functions may be realized by one server. The server may be a virtual machine. As will be described later, in order to prevent leakage of information about the subject such as genetic information and personal information as much as possible, a plurality of servers as shown in FIG. Is desirable. In addition, for example, a closed network (VPN) is used in terms of network, or communication between servers is limited to only one direction to physically protect access from the outside from entering the server. The function of each server will be described later.

  The genetic information service organization 110 provides the test kit 130 to the subject according to the request of the subject. In the test kit 130, a container 134 for storing the sample 136 of the subject 101, an instrument (not shown) for collecting the sample 136 from the subject 101 and storing it in the container 134, instructions, etc. are transport boxes. Stored in The subject 101 sends the test kit + sample (132) storing the sample 136 to the genetic information service organization 110.

  The gene information service institution 110 takes out the container 134 in which the sample 136 is stored from the received test kit + sample (132) and sends it to the gene testing institution 120.

  The genetic testing institution 120 acquires genetic information from the specimen 136 and sends it to the genetic information service institution 110 along with the specimen identification code 135 via the path 106. The path 106 may be a network. Alternatively, the genetic testing institution 120 stores the genetic information and the specimen identification code 135 in correspondence with each other in a storage medium (not shown) such as a DVD-ROM, and stores the storage medium using physical transportation means. You may send to the genetic information service organization 110. As described above, by sending the storage medium via the physical transportation means and shutting off the genetic testing institution from the network, information leakage to the genetic testing institution 120 via the network can be avoided.

  The genetic information service organization 110 can process the received genetic information as necessary. The processed gene information is transmitted to the subject 101 via the operation terminal 102 operated by the subject 101.

  The genetic information can be processed using various algorithms so that the subject 101 can easily understand. The genetic information processing is executed by the genetic testing institution 120, the genetic information service institution 110, the operation terminal 102, or the like. In the present specification, the term “gene information” is used, including processed gene information.

  Each server in the genetic information service organization 110 will be described. The purchase server 112 is a server for processing an order for the subject 101 to purchase the test kit 130 using the operation terminal 102. Note that the test kit 130 may allow a case where the subject 101 himself / herself does not purchase. The family of the subject 101 or another person may purchase the test kit 130. The purchase server 112 processes various procedures such as deposit processing, establishes a purchase contract for the test kit 130, and acquires the destination of the test kit 130, various information of the purchaser, and the like. Thereafter, the purchase server 112 instructs the delivery factory server 118 to deliver the inspection kit 130 via the network 117.

  The delivery factory server 118 sends the inspection kit 130 to the destination based on the above instruction. When the sending is completed, the delivery factory server 118 holds the status of the delivery status.

  The member server 114 manages members of the genetic information service organization 110. The members include the subject 101 who requested the genetic information service organization 110 for genetic testing. The genetic information service organization 110 has not yet been requested for genetic testing, but members who are interested in genetic testing, who have purchased test kits, medical institutions, and the like may be members. In order to become a member, it is desirable to register at least a member ID and a password for login. Also, the member's e-mail may be registered together. In order to prevent registration of fictitious members, you may be asked to submit images such as a driver's license and passport. Alternatively, the authentication number may be transmitted to the mobile phone via the message communication system of the mobile phone of the prospective member, and the transmitted authentication number may be input to the prospective member at the time of member registration. In the membership registration through the network, various existing means for verifying the identity can be used.

  In addition, the member server 114 has a function of activating the inspection kit 130. When the subject 101 receives the test kit and stores his / her sample 136 in the container 134, the test kit + sample (132) is attached to the container of the test kit 130 before returning it to the genetic information service organization 110. It is desirable to activate the sample identification code 135. The activation is a process for associating the subject ID of the subject 101 with the specimen identification code 135 attached to the container 134. This activated specimen identification code 135 cannot be used again to avoid duplicate registration. The above-mentioned member ID can be substituted for the subject ID.

  After the activation, the master server 116 acquires member information, a specimen identification code 135, a subject ID, and the like from the member server 114 and stores them in a table. The master server 116 and the member server 114 are preferably connected by a more secure network 119 that is separate from the network 117 used by other servers. As will be described later, the master server 116 is a server that stores personal information regarding the subject 101 including genetic information. Therefore, it needs to be managed under strong security. In FIG. 1, the master server 116 exists alone, but a plurality of servers may physically exist, and each server may store information in a distributed manner.

  In the present specification, in order to simplify the explanation and help understanding, each information is described as it is, and only a part of the information is encrypted. However, it is desirable to perform encryption processing on information that does not specify encryption processing. For example, a password, a subject ID, which are normally subjected to encryption processing, are preferably subjected to encryption processing. The same applies to other information such as genetic information.

  The gene testing institution 120 has a gene testing institution server 122. The genetic testing institution server 122 can perform gene analysis and processing. In addition, the genetic testing institution server 122 can store information on gene analysis results, information obtained by processing gene analysis results, a specimen identification code 135, and the like.

  FIG. 2 is a flowchart showing a process for activating the specimen identification code 135 in one embodiment.

  In FIG. 2, it is assumed that the subject 101 has already registered as a member and has registered a member ID and password. The member ID will be described below using the term “subject ID”.

  In step 202, the subject 101 inputs the subject ID and password using the operation terminal 102. The member server 114 receives the subject ID and password.

  In step 204, login processing is performed. That is, it is checked whether the combination of the subject ID and the password matches. If this check is “Yes”, the login is successful and the process proceeds to Step 206. If this check is “No”, the login is unsuccessful and the process ends.

  In step 206, the member server 114 receives the sample identification code 135 from the operation terminal 102.

  In step 207, the member server checks whether the sample identification code 135 is attached to the container 134 and has not yet been activated. For example, if the input information is different in the number of digits from the sample identification code 135, or if the input information is a code (or code system) that has not yet been attached to the container 134, the code is an illegal sample. This is an identification code 135. Further, when the sample identification code 135 has already been activated, if the sample identification code 135 is used redundantly, the subject ID and the sample identification code 135 may not have a one-to-one correspondence. There is sex. In such a case, appropriate genetic information cannot be provided to the appropriate subject 101. Therefore, in order to avoid such inconvenience, a check here is made. If this check is “Yes”, the process proceeds to Step 208. If this check is “No”, the processing ends because the sample identification code 135 is invalid. Alternatively, the member server 114 may transmit a message to the operation terminal prompting the subject 101 that the sample identification code 135 is invalid (invalid) and to input the sample identification code 135 again. Good (not shown).

  In step 208, the member server 114 associates the subject ID with the specimen identification code 135 and stores these pieces of information in the storage unit. The correspondence relationship between the subject ID and the specimen identification code 135 is an example of a first correspondence relationship.

  In step 210, the member server 114 may transmit the address of the delivery destination of the container 134 in which the sample 136 is stored to the operation terminal. The operation terminal may print the received address. The subject 101 can attach the printed address to the box of the test kit and send the container 134 in which the specimen 136 is stored to an appropriate address. The delivery address may be included in the test kit in the form of a sticker label or the like. In addition, when the information of the sending address is included in the test kit, the subject 101 may forget the activation process. As described above, when the activation process is completed, if the delivery address is notified to the subject 101 via the operation terminal, the subject 101 does not perform the activation process, and the specimen is not activated. 136 can be prevented from being sent.

  When the activation process is performed, the member server 114 transmits the subject information, the subject ID, the specimen identification code 135 and the like to the master server, and the master server manages the information. (Not shown). In addition, the member server 114 may instruct the purchase server 112 and the delivery factory server 118 to delete a series of information regarding the inspection kit for which the activation process has been performed. By doing in this way, already used information can be deleted from the purchase server 112 and the delivery factory server 118, and the risk of leakage of information on the subject can be reduced.

  FIG. 3 is a flowchart illustrating a process for acquiring and providing gene information according to an embodiment.

  Prior to this flow, it is assumed that the specimen 136 stored in the container 134 with the specimen identification code 135 is provided to the genetic testing institution 120. The genetic testing institution 120 performs gene analysis of the specimen 136 and acquires gene information. Since the name of the sender address (such as the address of the subject 101) is written in the test kit box, the genetic information service organization 110 stores the sample 136 and receives the sample identification when receiving the test kit. It is desirable to pass only the container 134 with the code 135 to the genetic information service organization 110.

  In step 302, the specimen identification code 135 and the gene information are provided from the genetic testing institution 120 to the gene information service institution 110. Then, the master server 116 stores these pieces of information in the storage unit. The correspondence relationship between the specimen identification code 135 and the gene information is an example of a second correspondence relationship.

  In step 304, the master server 116 determines the correspondence between the subject ID and the specimen identification code 135 (first correspondence) and the correspondence between the specimen identification code 135 and gene information (second correspondence). , The encrypted subject ID obtained by encrypting the subject ID using a predetermined algorithm and the genetic information are combined and stored in the storage unit of the member server. By storing the encrypted subject ID and gene information in association with each other, it is extremely difficult to associate the subject ID and gene information even if the member server is hacked. Further, as already mentioned, the security can be further enhanced by encrypting the genetic information.

  In step 306, the member server 114 receives the subject ID and password from the operation terminal and accepts a login request.

  In step 308, login processing is performed. That is, it is checked whether the combination of the subject ID and the password matches. If this check is “Yes”, the login is successful and the process proceeds to Step 310. If this check is “No”, the login is unsuccessful and the process ends.

  In step 310, when the subject 101 desires to obtain the genetic information, the member server 114 searches the storage unit with a string obtained by encrypting the subject ID with a predetermined algorithm. Then, gene information corresponding to the string is extracted. The gene information extracted here is desirably information processed into a form that can be understood by the subject 101 as described above. In addition, as an example of processing of genetic information, for example, when a specific gene sequence exists, body fat percentage tends to increase, and dietary advice is presented. In addition, regarding the processing of genetic information, various researches and methods understood by those skilled in the art have been proposed, and therefore detailed description thereof will be omitted in this specification.

  In step 312, the member server 114 transmits the extracted gene information to the operation terminal 102 of the subject 101.

  FIG. 4 is a diagram showing the container 134 in which the specimen 136 is stored and the specimen identification code 135 is attached. The container 134 is sealed. The specimen identification code 135 is composed of, for example, a multi-digit character string. Moreover, you may enable it to read a barcode etc. using a reader. Alternatively, the character string itself may be read. In order to prevent a character string input error, a check digit or a redundant character string for error correction may be added to the character string. An example of the specimen is saliva.

  The label describing the specimen identification code 135 may be replaced with another label before the container 134 is sent to the genetic testing institution 120. In this case, the reception server 114 stores a correspondence relationship between the sample identification code of the original label and the sample identification code of another label that has been replaced. This correspondence relationship is an example of a third correspondence relationship. In this case, a pair of the specimen identification code and the genetic information of another label that has been replaced is provided from the genetic testing institution 120. For this reason, the correspondence (second correspondence) between the original specimen identification code and the gene information can be acquired using the third correspondence. Thus, anonymity can be improved by changing a label.

  FIG. 5 shows a functional block diagram of one embodiment.

  In one embodiment, the operation terminal 102, the person authentication means 510, the means 520 for obtaining the relationship (first correspondence) between the sample identification code and the subject ID, the relationship between the sample identification code and the gene information (second 530, a storage unit 540, a gene information extraction unit 550, and a genetic testing institution 120.

  The personal authentication unit 510 checks the combination of the subject ID and password from the operation terminal 102. If the combination is correct, login of the operation terminal 102 to the member server 114 is permitted. If the combination is not correct, login to the member server 114 is rejected.

  The means 520 for acquiring the relationship between the sample identification code and the subject ID (first correspondence relationship) is when the sample identification code 135 is transmitted from the operation terminal 102 and activation of the sample identification code 135 is requested. Function. Since the activation process has already been described with reference to FIG. 2, the details thereof will be omitted. When the activation process is completed, the means 520 associates the specimen identification code 135 with the subject ID and sends them to the storage means 540 (584).

  The means 530 for acquiring the relationship between the sample identification code and the gene information (second correspondence relationship) receives the sample identification code 135 and the gene information from the genetic testing institution 120. The received specimen identification code 135 and genetic information are sent to the storage means 540 (558).

  The storage unit 540 includes a subject ID encryption unit 541. The subject ID encryption unit 541 encrypts the subject ID and generates an encrypted subject ID. The storage unit 540 stores the genetic information that matches the specimen identification code 135 and the encrypted subject ID in association with each other.

  The gene information extraction unit 550 includes a subject ID encryption unit 551. The subject ID encryption unit 551 generates a string obtained by encrypting the subject ID received from the operation terminal 102. The gene information extraction unit 550 searches for the encrypted subject ID stored in the storage unit 540 using the generated string. The gene information extraction means 550 extracts genetic information associated with the searched encrypted subject ID and transmits it to the operation terminal 102 (590).

  The operation terminal 102 displays (or prints) the received gene information. The operation terminal 102 may not display (or print) a name, a subject ID, or the like that can identify the subject 101 when displaying (or printing) the genetic information. By doing so, for example, even if genetic information is printed, it can be made impossible to determine which subject's genetic information is from the printed matter. In addition, even if another person sees the screen displaying the genetic information, it is possible to prevent the other person from determining which subject's genetic information is. By doing in this way, the spreading | diffusion of the genetic information which can specify a subject can be prevented beforehand.

  FIG. 6 is a sequence diagram illustrating an outline of a processing flow according to an embodiment.

  In sequence 602, the master server 116 transmits the sample identification code 135 to the member server 114.

  In sequence 604, the member server 114 sends the sample identification code 135 to the purchase server 112.

  In sequence 606, the member server 114 sends the sample identification code 135, an instruction for issuing the label of the sample identification code 135, and an instruction for attaching the label to the container 134 to the delivery factory server 118. The delivery factory server 118 completes the inspection kit based on this instruction.

  In sequence 608, the purchase application for the test kit 130 is transmitted from the operation terminal 102 operated by the subject 101 to the purchase server 112. This application may be made via the member server 114.

  In sequence 610, the purchase server 112 specifies the specimen identification code 135 and sends a test kit delivery instruction to the delivery factory server 118.

  In sequence 612, the purchase server 112 may send a sample identification code related to the delivery instruction to the member server 114, and cause the member server 114 to set a delivery completed flag.

  In sequence 614, the delivery factory server 118 executes processing for delivery of the inspection kit 130. By this processing, the test kit 130 is sent to the subject 101.

  In sequence 616, the operation terminal 102 transmits a request for activation of the sample identification code 135 to the member server 114. The member server 114 receives the subject ID, password, and specimen identification code 135 from the operation terminal 102.

  In sequence 618, the member server 114 sends at least the subject ID and the specimen identification code 135 to the master server. Note that the member server 114 deletes the information of the activated specimen identification code 135 after the activation is completed. Similarly, the member server 114 may instruct the purchase server 112 and the delivery factory server 118 to delete the information of the activated specimen identification code 135 (not shown). The already activated specimen identification code 135 and the like are desirably deleted from the member server 114, the purchase server 112, and the delivery factory server 118 from the viewpoint of improving security.

  When the test kit + sample (132) in which the sample is stored is sent, the package is separated (630).

  In sequence 620, the container 134 in which the sample 136 is stored and the sample identification code 135 is attached is sent to the genetic testing institution 120. The genetic testing institution 120 analyzes the gene of the specimen 136 to obtain genetic information, and stores the genetic information in the storage device of the genetic testing institution server 122 in association with the specimen identification code 135.

  In sequence 622, the genetic testing institution server 122 associates the sample identification code 135 with the gene information and transmits them to the master server 116. This transmission may use a network. Alternatively, in order to further improve security, information in which the specimen identification code 135 is associated with genetic information is stored in a portable storage medium (for example, a DVD-ROM) and physically stored in the genetic information service organization 110. You may send it.

  In sequence 624, the master server 116 encrypts the subject ID and sends it to the member server 114 in association with the gene information.

  In sequence 626, the member server 114 encrypts the subject ID sent from the authenticated operation terminal using a predetermined encryption algorithm to obtain a string. The member server 114 searches for the encrypted subject ID using this string, and extracts the corresponding gene information.

  In sequence 628, the member server 114 sends the extracted gene information to the authenticated operation terminal. The operation terminal displays (or prints) the gene information.

  FIG. 7 is a diagram illustrating information that can be stored in each server according to an embodiment. The information shown in FIG. 7 may be stored in an encrypted state. It should be noted that information such as a password, which is desirably stored in an encrypted form, is described as it is in consideration of easy understanding.

  Table 700 shows an example of information that can be stored in the purchase server. For example, A1: specimen identification code, A2: purchaser information, A3: delivery destination information, A4: purchase status, etc. are stored in the purchase server. An example of purchaser information is the name of the purchaser. Examples of the purchase status include a purchased flag. As described above, when the sample identification code 135 is activated, it is desirable to delete purchaser information, delivery destination information, and purchase status related to the sample identification code 135.

  A table 710 and a table 712 show examples of information that can be stored in the member server 114. The table 710 stores B10: Subject ID, B11: Password, B12: Mail address. The subject ID (or member ID) and password are used, for example, when logging in to the operation terminal. The e-mail address is used for contacting the subject 101. The table 710 may further store the specimen identification code 135 as described above. Note that the sample identification code 135 is desirably deleted from the table 710 when activation is performed. Alternatively, the sample identification code 135 may be deleted from the table 710 when the sample identification code has been transmitted from the member server 114 to the purchase server 112 and the delivery factory server 118. In this case, the member server 114 may make an inquiry to the master server 116 or the like when checking the validity of the specimen identification code.

  The table 712 stores B21: encrypted subject ID and B22 gene information. As described above, the gene information corresponding to the subject ID can be extracted by searching this table. Note that the subject ID stored in B10 may also be encrypted and stored. In order to further strengthen the security, it is desirable that the encryption algorithm used for the subject ID of B10 and the encryption algorithm used for the encrypted subject ID of B21 are different algorithms.

  The table 720 shows an example of information that can be stored in the genetic testing institution server 122. The table 720 can store D1: specimen identification code and D2: gene information. The gene information of D2 may be unprocessed gene information.

  The table 730 shows an example of information that can be stored in the master server 116. The table 730 may store E1: subject ID, E2: password, E3: mail address, E4: gene information, E5: specimen identification code, E6: subject personal information, and the like. Since the master server 116 is a server that stores almost all information in this way, it is desirable that the master server 116 be a server that is separate from other servers. Also, it is desirable that the location where the master server is installed is a location that is physically and strongly isolated. In addition, it is desirable that each stored information is subjected to an encryption process that is separate from the encryption process used by other servers. Furthermore, the network connected to the master server 116 may be a separate network from the network shared by other servers. For example, it is desirable that the master server 116 be connected to a network that can be connected only to the member server so that unauthorized access from the network can be prevented as much as possible.

  The table 740 shows an example of information that can be stored in the delivery factory server 118. The table 740 can store C1: specimen identification code, C2: purchaser information, C3: delivery destination information, C4: test kit identification code, C5: delivery status, and the like. The inspection kit identification code of C4 is printed on the surface of the inspection kit box and is information for identifying the inspection kit. The delivery status of C5 includes information such as undelivered, preparing for delivery, being delivered, and delivery completed. As described above, when the activation of the sample identification code 135 is completed, it is desirable to delete the sample identification code of C1 and information related thereto.

  FIG. 8 is a diagram illustrating an example of the hardware configuration of each server.

  The server includes a CPU 802, RAM 804, ROM 806, HDD 808, drive device 810, communication interface 812, I / O 814, and peripheral device interface 816. Each component is connected by a bus 850. The drive device 810 can read and write a non-transitory storage medium such as a DVD-ROM. The communication interface 812 is connected to a network 824 such as a LAN or the Internet. The I / O 814 is connected to, for example, a barcode reader that reads the specimen identification code 135. A keyboard, a mouse 828, and the like are connected to the peripheral device interface 816.

  Note that all or part of the present embodiment can be implemented by a program. This program can be stored in the storage medium 822. The storage medium 822 refers to a non-transitory portable storage medium. Examples of the storage medium 822 include a magnetic storage medium, an optical disk, a magneto-optical storage medium, and a nonvolatile memory. Magnetic storage media include HDDs, flexible disks (FD), magnetic tapes (MT) and the like. Examples of the optical disk include a DVD (Digital Versatile Disc), a DVD-RAM, a CD-ROM (Compact Disc-Read Only Memory), and a CD-R (Recordable) / RW (ReWriteable). Magneto-optical storage media include MO (Magneto-Optical disk). All or a part of the embodiments of the present invention can be implemented by reading a program stored in a storage medium and executing it by a processor.

  The embodiments of the present invention have been described in detail with reference to the drawings. It should be noted that the above-described embodiments are for understanding the invention and are not intended to limit the scope of the present invention. Further, the plurality of embodiments described above are not mutually exclusive. Therefore, it should be noted that the elements of different embodiments are also intended to be combined unless a contradiction arises. Further, in the invention according to the method and the program described in the claims, the processing order may be changed or skipped as long as there is no contradiction. Alternatively, a plurality of processes may be executed simultaneously. It goes without saying that these embodiments are also included in the technical scope of the invention described in the claims.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS, a virtual machine monitor VMM, Needless to say, the present invention also includes a case in which a program such as firmware or BIOS performs part or all of the actual processing and the functions of the embodiments are realized by the processing.

  In addition, each component of the various embodiments of the present invention may be realized by a plurality of physically separated hardware. Moreover, each component of the various embodiments of the present invention may be realized by operating on one or more servers. Further, there may be a plurality of CPUs that execute the program according to the present invention, and each CPU may include a plurality of cores.

  Further, one or more storage units in each embodiment may exist and be placed in a server that manages stored information, or may be placed remotely from a server that manages stored information. May be managed by other servers. The storage unit may be a portable storage medium. In addition, information may be transmitted via a network, or information may be stored in a portable storage medium and physically moved by the portable storage medium.

DESCRIPTION OF SYMBOLS 101 Subject 102 Operation terminal 104 Network 106 such as the Internet Route 110 Gene information service organization 112 Purchase server 114 Member server 116 Master server 117 Network 118 Delivery factory server 119 Network 120 Genetic test organization 122 Genetic test organization server 130 Test kit 132 Test Kit + specimen 134 container 135 specimen identification code 136 specimen 510 means 530 for obtaining personal authentication means 520 (first correspondence) 540 means for obtaining (second correspondence) storage means 541 encryption unit 550 gene information extraction Means 551 Encryption Unit

Claims (6)

A method in which one or more servers execute provision of genetic information,
An operation in which the subject is authenticated to operate the sample identification code attached to the container for storing the sample collected from the subject and the subject ID for identifying the subject. Receiving from the terminal and associating the first correspondence relationship; and
Before the specimen is provided to the genetic testing institution, the specimen identification code attached to the container is peeled off, and the container to which another specimen identification code is attached is provided to the genetic testing institution, and the specimen identification is performed. Obtaining a relationship between a code and the other specimen identification code as a third correspondence;
From the genetic laboratories wherein a separate sample identification code and the specimen is provided, and the genetic information of the said another specimen identification code sample, receiving, by using the third relationship, the specimen identification Obtaining a second correspondence by associating the code with the genetic information of the specimen ;
Using the first correspondence relationship and the second correspondence relationship, an encrypted subject ID obtained by encrypting the subject ID using a predetermined algorithm and the genetic information are stored in association with each other. And steps to
The string is obtained by searching the storage unit with a string obtained by encrypting the subject ID used for accessing the one or more servers from the authenticated operation terminal by the predetermined algorithm. Extracting the genetic information corresponding to:
Transmitting the extracted genetic information to the authenticated operating terminal;
A method for providing genetic information. The step of acquiring the first correspondence relationship includes:
When it is determined that the sample identification code does not satisfy a predetermined condition, the step of notifying the authenticated operation terminal that the sample identification code is invalid,
The gene information providing method according to claim 1. The predetermined condition is:
The genetic information providing method according to claim 2, wherein the sample identification code is attached to a container, and the sample identification code is not yet associated with the subject ID. The step of acquiring the first correspondence relationship includes:
When it is determined that the predetermined condition is satisfied, a step of transmitting information on a destination for sending the container in which the sample is stored to the authenticated operation terminal;
The gene information providing method according to claim 2 or 3, comprising: A program for causing the one or more servers to execute the gene information providing method according to any one of claims 1 to 4 . A system for providing genetic information,
An operation in which the subject is authenticated to operate the sample identification code attached to the container for storing the sample collected from the subject and the subject ID for identifying the subject. Means for obtaining the first correspondence by receiving from the terminal and associating;
Before the specimen is provided to the genetic testing institution, the specimen identification code attached to the container is peeled off, and the container to which another specimen identification code is attached is provided to the genetic testing institution, and the specimen identification is performed. Means for acquiring a relationship between the code and the different specimen identification code as a third correspondence;
From the genetic laboratories wherein a separate sample identification code and the specimen is provided, and the genetic information of the said another specimen identification code sample, receiving, by using the third relationship, the specimen identification Means for obtaining a second correspondence by associating a code with genetic information of the specimen ;
Using the first correspondence relationship and the second correspondence relationship, an encrypted subject ID obtained by encrypting the subject ID using a predetermined algorithm and the genetic information are stored in association with each other. Means to
By a string obtained by encrypting by said predetermined algorithm the subject ID used for access to the authenticated operation terminal or found one or more servers, by searching the storage unit, the string Means for extracting the genetic information corresponding to
Means for transmitting the extracted genetic information to the authenticated operating terminal;
A genetic information providing system.

Images