RU2828165C1 - Method of exchanging data between sender and receiver, implemented by means of integration bus - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: invention relates to methods of interpreting open and proprietary protocols used by medical and pharmacy information systems, allowing to set up information exchange between them using centralized control devices. Declared result is achieved due to an integration bus consisting of: a core containing: software interface, data conversion subsystem, message arbitration subsystem, internal balancing subsystem and enabling multithreaded conversion of received data from external sources, asynchronous guaranteed arbitration of processed data and intra-system load balancing; adapter modules interacting with the kernel and allowing to interpret open and proprietary protocols of various information system manufacturers; database management system intended for storage of technical, configuration and production information and administrative panel.

EFFECT: expansion of operational capabilities during creation and operation of a single seamless distributed circuit of information exchange, complying with established requirements for protection of confidential information.

4 cl, 5 dwg

Description

The technical solution for the method of operation of an integration-analytical system for medical and pharmacy organizations, claimed as an invention, relates to methods of operation of regulatory and control systems with software control, namely to methods of interpreting open and proprietary protocols using an integration platform for secure exchange of confidential information, used by medical and pharmacy information systems, allowing for the configuration of information exchange between them using centralized control devices of electronic integrated production systems with devices for maintaining, administering and managing data switching networks, ensuring the linking of information records, the integration of medical, pharmacological and information systems in local and distributed information circuits by means of information exchange through their interfaces or using direct access to information stored in their databases.

Currently, most information circuits of institutions contain a large number of incompatible information systems, as well as morally and technically obsolete software, the functionality of which is severely limited. The need to spend a lot of time transferring data between systems, manually loading and unloading information, creates unfavorable conditions for personnel, in which labor productivity decreases, errors caused by the human factor appear, and the processing and storage itself can be carried out in violation of the rules in the field of information and personal data protection, which in turn increases the risk of unauthorized access to information. Another important problem in healthcare is the lack of effective tools for monitoring and collecting analytical data at all levels - some of the reporting of organizations is still generated and submitted on paper or in simple Excel spreadsheets, and staffing restrictions and large territorial networks of organizations with their branches do not allow for effective control and objective assessment of the effectiveness of institutions.

A major problem with information circuit devices is the lack of a tool that would combine the functionality of an integration bus and a business analytics tool that would reduce the amount of manual labor on site, increase the reliability of data, and provide the most convenient and adapted system for managers and executives.

Currently, there is a unified state information system in the field of healthcare (EGISZ). EGISZ is a complex of technologies and tools. The purpose of the system is to provide information support for the high-quality organization of work processes between participants in the healthcare system, which include: medical institutions, healthcare authorities, insurance companies, territorial compulsory medical insurance funds.

The well-known information system EGISZ has the following shortcomings: the system is suitable for a limited number of decision-making; it combines data only in the MIS, generates only individual statistical reports, and monitors and analyzes only medical activities. In addition, EGISZ does not provide for such functions as: comparison of the general indicators of the organization, analysis of spending and participation in procurement activities; integration with external services; analysis of the equipment of the institution and the movement of fixed assets.

The problems described have arisen in connection with the spread of the electronic approach to solving medical problems. Therefore, the need for reliable and high-quality operation of all devices of electronic integration systems increases.

As a technical solution that would eliminate the shortcomings of electronic integration system devices, we can propose the claimed method of operation of the integration-analytical system for medical and pharmacy organizations.

The claimed technical solution is aimed at simplifying the operation of all devices of electronic integration systems and allows for the unification of existing medical information systems into a single digital space, ensuring automated information exchange between them.

As an analogue of the claimed invention, one can highlight the technical solution of the system for linking the corresponding patient information records stored in various objects according to the Russian Federation patent for invention No. 2565506 dated September 29, 2010, IPC: G06Q 50/22, A61B 5/00, G06F 19/00, published on October 20, 2015, which consists in the fact that the system contains: - a plurality of objects, wherein each of the objects has one or more patient databases containing patient information records, an object-specific patient identification algorithm for matching patient information records located in this object from a plurality of objects with information records about the same patient located in other objects from a plurality of objects; and - a linking subsystem for maintaining a plurality of links between this object and other objects from the plurality of objects, in which each link from the plurality of links represents an object-specific agreement, wherein the linking subsystem of the first object of the plurality of objects is configured to link patient information records of the same patient located in the first object with corresponding patient information records of the same patient located in the second object of the plurality of objects by creating a first link from the plurality of links of the first object in response to a patient identification algorithm of the first object that is specific to the first object, agreeing a patient information record of the same patient located in the first object with a corresponding patient information record of the same patient located in the second object, wherein the linking subsystem of the second object of the plurality of objects links patient information records of the same patient located in the second object with corresponding patient information records of the same patient located in the first object of the plurality of objects by creating a first link from the plurality of links of the second object in response to a specific to the second object, a patient identification algorithm of a second object, matching a patient information record of the same patient located in the second object with a corresponding patient information record of the same patient located in the first object, wherein the patient identification algorithm specific to the first object and the patient identification algorithm specific to the second object are different, and the first link of the first object and the first link of the second object are different links. The links of the system provide a link between locally assigned identifiers (ID, RID) of the same patient in different objects.

The common feature is the purpose of storing and communicating data in an electronic system.

The difference is that in the analogue according to the Russian Federation patent for invention No. 2565506, the synchronous storage of data of one type, for example, information about patients, in databases is improved to a greater extent. In the claimed case, it is a gateway that transmits and converts information, acting as an arbitrator between information systems, and does not store information, and all that the claimed solution stores is the fact (event) of information transfer. Also, in the claimed solution, new logical connections in systems are not created, but a method is simply developed that ensures the usual information exchange in previously incompatible information systems.

The prototype is a technical solution disclosed in a patent for a method for organizing communication between components of a multi-domain industrial automation system according to European patent EPO No. EP 2378740A1 dated 15.04.2010, published on 19.10.2011. The prototype method describes an improved industrial automation system and a communication system for implementing it, as well as corresponding operating methods. The improved communication system allows for communication in the form of messages between modules in different control areas or domains of an enterprise. In addition, in at least some embodiments, such communication is achieved by providing a communication system that includes an industrial service bus that has two internal service buses with a bridge between the internal buses. In addition, in at least some embodiments, a synchronous message exchange methodology is used, in which sending and receiving a message is controlled by relay logic, in which the message is at least temporarily stored in a buffer after receiving it before it is processed by a user. ladder logic.

The prototype describes a method, the intended use of which, in comparison with the claimed solution, is different, namely, in the prototype the method is intended for automated control systems of technological processes. In the claimed solution, the method of operation of the integration-analytical system for medical and pharmacy organizations is adapted specifically for medicine, while in the prototype opsian is a technological process for industrial purposes.

The differences between the prototype and the claimed technical solution are due to the specifics of the technology used. The difference is significant in relation to the integration bus, which, although used in the prototype, is not logically specialized.

The above-mentioned technical solutions of the analogue according to the Russian Federation patent for invention No. 2565506 and the prototype according to the EPO patent No. EP2378740A1, like the claimed solution, are to one degree or another intended to provide communication between devices, however, the analogue and prototype have significant differences from the claimed technical solution.

The purpose of the claimed invention is to develop a method for the operation of an integration and analytical system for medical and pharmacy organizations, providing Russian medical and pharmacy organizations with a tool that allows: combining their existing information systems into a single digital space, ensuring automated information exchange between them, even if this was not originally provided by the manufacturer, and also providing a convenient tool for interactive data visualization and business analytics, allowing for making the right management decisions based on real data collected during the information exchange.

The technical task of the claimed invention is the centralization of information exchange by connecting information systems and software from various manufacturers, available in the information circuit of the organization, to a universal integration bus, providing recognition of protocols and interaction with software interfaces used by these information systems and software, for the purpose of analyzing and exchanging information in electronic form, as well as the ability to convert received data in accordance with protocols used by other participants in the information exchange.

The technical result of the present invention is the expansion of operational capabilities in the creation and operation of a single seamless distributed information exchange circuit that meets the established requirements for the protection of confidential information (with the exception of information constituting a state secret).

Disclosure of the essence of the invention.

The stated technical result is achieved due to the presence in the information system of an integration bus, which consists of a set of modules (adapters) allowing the interpretation of open and proprietary protocols of various manufacturers of information systems and software, a core providing the possibility of multi-threaded conversion of data received from external sources, asynchronous guaranteed arbitration of processed data and intra-system load balancing, from a database management system designed to store technical, configuration and production information, as well as an administrative panel.

The essential feature of the claimed solution is the need to ensure increased security of certain categories of confidential information, such as personal data and medical confidentiality. The protection and confidentiality of this category of information is ensured by means of a secure access subsystem, which, using built-in cryptographic protection tools, implements the reception, transmission and processing of data, both within the local circuit and when transmitting data via unprotected communication channels or the Internet.

The claimed technical solution is explained by drawings Fig.1-Fig.5.

Fig. 1 shows the logical diagram of the integration bus.

Fig. 2 shows the basic logical diagram of information processing in the integration bus.

Fig. 3 shows a model of a local information exchange scheme.

Fig. 4 shows a model of a centralized information exchange network.

Fig. 5 shows a model of a distributed information exchange network.

The essence of the claimed technical solution is that the method of operation of the integration and analytical system for medical and pharmacy organizations includes control modules and communication systems, and the method includes an integration bus, which consists of a set of adapter modules that allow interpreting open and proprietary protocols of various manufacturers of information systems and software, as well as a core that provides the ability to multi-thread conversion of data received from external sources, asynchronous guaranteed arbitration of processed data and intra-system load balancing, as well as a database management system designed to store technical, configuration and production information, and an administrative panel.

Implementation of a technical solution

The implementation of the functionality of the declared technical solution, including as an embedded component of software or hardware and software, can be performed in a monolithic or microservice architecture.

The general logical scheme of interaction of the main blocks and modules of the system is presented in the diagram of Fig. 1. The integration bus consists of a set of modules (adapters) allowing interpretation of open and proprietary protocols of various manufacturers of information systems and software; a core providing the possibility of multi-threaded conversion of received data from external sources, asynchronous guaranteed arbitration of processed data and intra-system load balancing, as well as a database management system designed for storing technical, configuration and production information, as well as an administrative panel.

Additionally, the claimed technical solution can be implemented with an extension in the form of a module for monitoring the circulation of medicinal, dressing and related products, the functionality of which includes the analysis and accounting of the movement and circulation of medicinal and dressing products, including various categories of consumables, by analyzing and processing the marking of matrix barcodes of at least the following two types - "Data Matrix", which is implemented on the basis of open standards - ISO / IEC 15418: 1999 "Symbol Data Format Semantics", ISO / IEC 15434: 1999 "Symbol Data Format Syntax", ISO / IEC 15415 "2-D Print Quality Standard"), and International Article Number (IAN), implemented on the basis of open standards of the "General Specifications Change Notifications (GSCN)" family. This module uses its own database management system and a mobile application for scanning and checking various types of barcodes, including the above formats. The integration bus acts as an aggregator and supplier of data on the movement and turnover of the funds being accounted for.

The list and type of processed data is not limited and depends on the layout and the number of connected information systems and built-in modules of the integration bus adapters used to interpret individual types of protocols.

Implementation of the claimed method.

1. In a closed local area network of an organization, the client of information exchange allocates a server - in the case of a software and hardware implementation of the invention - a place in a server rack, in the case of a software implementation - a dedicated hardware or, if acceptable, virtual server, on which the proposed system is installed. In order to increase fault tolerance, it is recommended to create a cluster consisting of several copies of the application server. In the case of using the claimed solution to create a centralized or decentralized information exchange network, the application server must have access to the Internet.

2. Determine the list of information exchange nodes, namely information systems and software that are subject to connection for the organization of information exchange. If the information exchange node has software interfaces, local technical accounts are created in it, which will be used for the systematic collection and exchange of information, in accordance with the protocols used by these nodes. If any of the information exchange nodes does not have software interfaces, an additional adapter can be used for such a node, allowing for information exchange, or the system can, if technically possible, directly interact with the storage or database of such a node.

Additionally, in order to enhance the security of the technological process of information exchange, an authentication mechanism based on trusted electronic signature certificates can be used, implemented in accordance with the standards of GOST R 34.10-2012 "Processes for the formation and verification of an electronic digital signature" (RFC 7091), Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (RFC 5280) and GOST R ISO/IEC 9594-8-98 "Information technology. Open Systems Interconnection. Handbook. Part 8. Authentication Fundamentals" (ISO/IEC 9594). Key pairs and electronic signature certificates used to verify the authenticity of a participant in the information exchange can be issued by the owner of the information exchange independently or with the involvement of an authorized certification center with such powers, if this is required in the context of implementing regulatory and legal norms in the field of cryptographic protection of information.

Also, in order to reduce the load on the system and reduce the amount of traffic transmitted within the framework of information exchange, for authentication of the system in the nodes of information exchange, if technologically possible, the technology of issuing the authentication token JSON Web Token (RFC 7519) or its analogue can be used, while the validity period (Time to live/ TTL) of the authentication token used must be limited.

It is permitted to connect other systems and types of authentication to the system, but on the condition that these systems and types of authentication comply with the information protection requirements imposed on the categories of information processed in the invention.

In case of using the feedback and authentication mechanism, in which the information exchange node independently addresses the invention and requests the invention to perform some operation, all the above authentication methods can also be used. Interaction according to such a scenario is carried out only on the basis of the software interface (API) implemented in the invention.

3. Collection of information from information exchange nodes is performed centrally, according to a schedule set by the system administrator, or in accordance with the default settings set in the configuration. Before the start of information exchange, at periods of time determined by the system administrator, the built-in system service checks the availability of all participants in the information exchange; if any of the nodes is absent, depending on the system settings set by the administrator, the information exchange with their participation can be temporarily suspended or performed partially: for example, the system can accumulate transmitted data on the application server until full information exchange can be resumed, or store them in accordance with the internal policy set by the administrator.

When initially accessing an information exchange node, the system establishes a secure connection with it using one of the protocols of the SSL or TLS families, and the choice of a specific type and kind of protocol depends on the type supported by the information exchange node. The use of unprotected protocols in open form, such as, for example, HTTP/1.1 RFC 2616, HTTP/2 RFC (7540) - is supported, but is allowed only in test or debug mode. After establishing a successful connection, the system, in accordance with the protocol of the information exchange node, receives the necessary data and transmits them for processing to the core of the invention.

4. The data received by the system core are transmitted to the data conversion subsystem, which, by comparing the protocol types of the information exchange node - the sender (hereinafter referred to as the sender) and the information exchange node - the recipient (hereinafter referred to as the recipient), in accordance with the settings of the invention and the available modules (adapters) of the protocols, either converts the container with the received information first into the internal protocol-markup of the system, and then converts the data according to the form of the protocol used by the recipient, or immediately converts the data directly, without using intermediate conversion, into the protocol of the recipient.

After the conversion is complete, the converted data is transferred to the built-in queue manager, which stores it on the hard drives or RAM of the server (servers) of the application (applications), depending on the configuration settings and the layout of the invention, until they are successfully sent to the recipient. At the same time, the internal balancer built into the core ensures correct processing and sending of the data received by the invention.

5. After moving the processed data to the built-in queue manager, and if the recipient is available, the system sends the processed data to the recipient; if the recipient becomes unavailable at any time, the processed data is returned back to the queue, and the cycle is repeated until the recipient appears on the network or until the operation is manually cancelled by the system administrator. The same security mechanisms and processes are used in the process of sending messages to recipients as are used when connecting to information exchange nodes during data collection.

The basic logical scheme of information processing in the system is shown in Fig. 2. The process of technological processing and transmission of information in the system can include both the creation of backup copies of the information transmitted through it using an external file storage system, and completely exclude the storage of any information, limiting itself only to the collection of metadata and technical information for monitoring operability and logging.

If the technological process provides for the storage and backup of transmitted confidential information, then the storage of such data is carried out in encrypted form. The encryption key, with the help of which the encryption of data is performed, is stored and managed by an external secrets management subsystem.

6. In the case of building centralized or decentralized information exchange networks, in order to establish a secure connection between peer-to-peer instances of the system or subscribers connected via a centralized information exchange scheme located outside the controlled zone in which the system instance is deployed, the secure access subsystem implements additional security measures that ensure the protection of information during its transmission over open public communication channels, including over the Internet, using the TLS protocol version 1.2 or 1.3, implemented on the basis of the GOST R standard GOST R 34.12-2015 "Information Technology (IT). Cryptographic Protection of Information. Block Ciphers" and recommendations thereto, or virtual private network technology (Virtual Private Network / VPN) implemented using the technologies described in the state standards GOST R 34.11-2012 "Hash Function", GOST 28147-89 "Information Processing Systems. Cryptographic Protection. Cryptographic transformation algorithm, GOST R 34.10-2012 “Processes for the formation and verification of electronic digital signatures”, or their more current editions and later versions of technologies.

8. In case of using a module for monitoring the circulation of medicinal, dressing and related products in the system, the technological process of information processing, in terms of performing the functionality embedded in the module, will correspond to the architecture of the centralized information exchange network, in which one of the system instances acts as a centralized node for collecting the data used in the module. A distinctive feature of this module is the ability to build its functionality within a decentralized network, in which all instances of the system can act as an intermediate data aggregator, and one of them is designated as the central node (gateway) for data collection.

The use of the claimed method does not introduce changes to the operation or logic of the connected information systems and software, but interacts with them through the use of the application programming interfaces (API) and application protocols implemented in them.

In terms of providing a unified environment for information exchange, the claimed method provides a new approach to building a seamless and flexible, including distributed, information landscape of medical and pharmacological organizations, allowing for a reduction in dependence on single suppliers of information systems and software, as well as the possibility of quickly replacing information systems and software in the organization's information circuit - due to the possibility of setting up and maintaining interaction between systems of different generations during the transition period.

In addition, the advantage of the claimed method is the ability to automate and reduce routine processes performed by medical specialists and personnel, which will significantly reduce the working time of specialists and personnel for receiving, sending and transferring information between information systems.

Also, one of the advantages of the claimed method is the improvement of control over the work of medical and pharmacological organizations, due to clear and transparent exchange of information, and the elimination of the possibility of unauthorized access to confidential information, as a result of its unsafe storage or unprotected transmission.

Examples of specific implementation. The process of deployment of the claimed method in the information environment can be implemented according to the following schemes:

a) Local information exchange scheme.

Within the framework of this model, the solution is deployed in one undistributed territorial local computer network and without taking into account external connections implemented by means of third-party software and hardware. Such a scheme is used for automation and basic interaction between information systems, and, in fact, allows for safe and effective interaction (information exchange) only within one organization. An example of such a logical deployment scheme is shown in Fig. 3, illustrating a model of a local information exchange scheme.

b) Centralized information exchange network.

Within the framework of this model, secure exchange is implemented between geographically distributed network nodes, for example, between different organizations, within which one of the nodes assumes the role of a central gateway, and other nodes connect to it as subscribers. An example of this logical diagram is shown in Fig. 4, illustrating the model of a centralized information exchange network.

c) Decentralized information exchange network.

This model is deployed according to the scheme of an independent decentralized information exchange network, within which information exchange occurs between peer-to-peer instances of the system, regardless of their territorial location or affiliation, in particular, the owners of each instance can be different organizations. An example of interaction according to this scheme is shown in Figure 5, illustrating the model of a distributed information exchange network.

A characteristic feature of schemes built on the basis of distributed interaction networks is both the need to ensure reliable secure interaction between network nodes and the implementation of regulatory requirements for information protection imposed on various categories of information in the system.

To achieve this result, the secure access subsystem implements cryptographic and authentication mechanisms based on open and national protocols and standards, such as HTTP Over TLS (RFC 2818), Transport Layer Security, version 1.2 (RFC 5246), Transport Layer Security, version 1.3 (RFC 8446), GOST R 58833-2020 "Information Security. Identification and Authentication. General Provisions", GOST R ISO / IEC 9594-8-98 "Information Technology. Open Systems Interconnection. Handbook. Part 8. Authentication Fundamentals" (ISO / IEC 9594), GOST 28147-89 "Information Processing Systems. Cryptographic Protection. Cryptographic Transformation Algorithm" (RFC 5830), GOST R 34.10-2012 "Processes for Formation and Verification of Electronic Digital Signature" (RFC 7091), GOST R 34.11-2012 "Hash Function" (RFC 6986), GOST R 34.12-2015 "Information Technology (IT). Cryptographic Protection of Information. Block Ciphers (RFC 7801, 8891)", GOST R 34.13-2015 "Information Technology. Cryptographic Protection of Information. Operating Modes of Block Ciphers, GOST 34.10-2018 "Information Technology. Cryptographic Protection of Information. Processes for Formation and Verification of Electronic Digital Signature", GOST 34.11-2018 "Information Technology. Cryptographic Protection of Information. Hashing function", GOST 34.12-2018 "Information technology. Cryptographic protection of information. Block ciphers", Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (RFC 5280), OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens (RFC 8750), which provides the claimed method with an advantage in terms of using reliable and secure mechanisms for protecting information from unauthorized access, in terms of using an electronic signature, authentication, establishing a secure connection and general protection of information when transmitting it over open communication channels.

In addition, the overall architecture of the solution may include additional extension modules that enable monitoring, data visualization, backup, file storage, key information management and configuration of the invention, which are not the subject of this patent.

The claimed method can be applied using standard equipment, the stages of the method assume industrial use. From scientific and technical literature and patent documentation, such a universal method of operation of the integration-analytical system is not known.

Consequently, the claimed technical solution meets the criteria of “novelty”, “inventive step” and “industrial applicability”.

Claims (22)

1. A method of exchanging data between a sender and a recipient, implemented by means of an integration and analytical system containing an integration bus and consisting of: a core containing: a software interface, a data conversion subsystem, a message arbitration subsystem, an internal balancing subsystem and providing the ability to multi-thread conversion of data received from external sources, asynchronous guaranteed arbitration of processed data and internal system load balancing; adapter modules that interact with the kernel and allow interpretation of open and proprietary protocols of various information system manufacturers; database management systems designed to store technical, configuration and production information; and admin panel, wherein when using an integration and analytical system in a closed local area network of an organization that is a client of information exchange, a cluster consisting of several application servers is allocated, wherein in the case of software and hardware execution, the application server is a place in the server rack, and in the case of software execution, it is a dedicated hardware or virtual server on which a copy of the system is installed, when using an integration and analytical system in a centralized or decentralized information exchange network, the application server has access to the Internet; The method contains the following steps: determine the list of information exchange nodes in the form of information systems and software that are subject to connection to the system for the organization of information exchange, while if the information exchange node has software interfaces, local technical accounts are created in it that will be used by the system for the systematic collection and exchange of information, in accordance with the protocols used by these nodes, and if any of the information exchange nodes does not have software interfaces for such a node, an additional adapter is created for such a node that allows for information exchange with the system, or the system interacts with the storage or database of such a node directly; use an authentication mechanism based on trusted electronic signature certificates, whereby key pairs and electronic signature certificates used to verify the authenticity of a participant in the information exchange are issued by the owner of the information exchange independently or with the involvement of an authorized certification center, carry out system authentication in information exchange nodes by issuing a JSON Web Token (RFC 7519) authentication token, the validity period (Time to live/ TTL) of which is limited; establish a secure connection between the system and the information exchange node during initial access using protocols of the SSL or TLS families, the choice of a specific type and type of which depends on the type supported by the information exchange node; moreover, the use of unprotected protocols in open form is supported only in test or debug mode; After establishing a successful connection, the system, in accordance with the protocol of the information exchange node, receives and transmits data to the core for processing; the data received by the system core are transmitted to the data conversion subsystem, which, by comparing the protocol types of the information exchange node - the sender and the information exchange node - the recipient, in accordance with the system settings and the available protocol adapter modules, either converts the container with the received information first into the internal protocol-markup of the system, and then converts the data according to the protocol form used by the recipient, or immediately converts the data directly, without using intermediate conversion, into the recipient's protocol; After the conversion is complete, the converted data is transferred to the built-in queue manager, which stores it on the hard drives or RAM of the application server until it is successfully sent to the recipient; at the same time, the internal balancer built into the kernel ensures correct processing and sending of received data to the built-in queue manager; after moving the processed data to the built-in queue manager and if the recipient is available, the system sends the processed data to the recipient; if the recipient becomes unavailable at some point, the processed data is returned back to the queue and the cycle is repeated until the recipient appears online or until the operation is manually cancelled by the system administrator, Moreover, within the process of sending messages to addressees, the same mechanisms and security processes are used that are used when connecting to information exchange nodes during data collection; Moreover, in the case of building centralized or decentralized information exchange networks, in order to establish a secure connection between peer-to-peer instances of the system or subscribers connected via a centralized information exchange scheme located outside the controlled zone in which the instance of the system is deployed, the secure access subsystem implements security measures that ensure the protection of information when it is transmitted over open public communication channels using the TLS protocol version 1.2 or 1.3. 2. The method according to item 1, characterized in that authentication systems and types are connected to the system that meet the information protection requirements imposed on the categories of information that are processed in the system, and in the case of using a feedback and authentication mechanism, in which the information exchange node independently contacts the system and requests the system to perform some operation, all of the above authentication methods can also be applied and interaction according to such a scenario is carried out only on the basis of the implemented software interface (API). 3. The method according to paragraph 1 and/or 2, characterized in that the collection of information from the nodes of the information exchange is carried out centrally, according to a schedule established by the administrator, or in accordance with the default settings established in the configuration, wherein before the start of the information exchange, at periods of time determined by the administrator, the built-in service of the system checks the availability of all participants in the information exchange, and in the event of the absence of any of the nodes, depending on the system settings established by the administrator, the information exchange with their participation is either temporarily suspended or performed partially, wherein the system can accumulate the transmitted data on the application server until the possibility of resuming full-fledged information exchange, or store them in accordance with an internal rule established by the administrator. 4. The method according to paragraph 1, 2 and/or 3, characterized in that the system additionally contains a module for monitoring the circulation of medicinal, dressing and related products, the technological process of information processing of which, in terms of performing the functionality embedded in the module, corresponds to the architecture of the centralized information exchange network, in which one of the instances of the system acts as a centralized node for collecting the data used in the module, and the instances of the system act as an intermediate data aggregator, one of which is designated as the central gateway node for collecting data.