A two-dimensional code driven multi-role collaborative processing system for medical referral

By using a QR code-driven multi-role collaborative processing system, and leveraging a finite state machine and an improved permission discrimination model, the system solves the problems of permission management and state control in medical referral systems, and achieves dynamic adjustment of signature permissions and improved process reliability and security.

CN122245676APending Publication Date: 2026-06-19TAIAN CENT HOSPITAL (TAIAN CENT HOSPITAL AFFILIATED TO QINGDAO UNIV TAISHAN MEDICAL NURSING CENT)

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
TAIAN CENT HOSPITAL (TAIAN CENT HOSPITAL AFFILIATED TO QINGDAO UNIV TAISHAN MEDICAL NURSING CENT)
Filing Date
2026-03-20
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing medical referral systems suffer from issues such as unauthorized or omitted permissions, difficulty in identifying process anomalies, easy expiration of access credentials, and inconsistent status in multi-role collaboration scenarios, which affect the standardization, security, and efficiency of the referral process.

Method used

A QR code-driven multi-role collaborative processing system is adopted. The system generates status QR codes through the instance modeling module, and combines a finite state machine and an improved permission discrimination model to realize dynamic control of signature permissions and state-aware permission management. An improved probabilistic semi-Markov model is used to determine the signature state transition, and abnormal situations are handled by the QR code update and freeze control modules.

Benefits of technology

It enables the synchronous evolution of signature permissions and status, improves the security and consistency of the referral process, enhances the reliability and controllability of cross-institutional collaboration, and reduces abnormal stagnation and misjudgment.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122245676A_ABST
    Figure CN122245676A_ABST
Patent Text Reader

Abstract

This invention discloses a QR code-driven multi-role collaborative processing system for medical referrals, comprising: an instance modeling module for receiving referral initiation requests and constructing a finite state machine; a QR code generation module for generating status QR codes; a scanning access module for receiving scanning requests and opening the referral processing interface; a signature verification module for receiving electronic signature requests, constructing a signature relationship graph, and performing credibility calculations; a state transition module for updating the signature status using an improved probabilistic semi-Markov model; a QR code update module for generating new status QR codes; and a freeze control module for restricting the signature operation permissions of referral instances. This invention achieves dynamic collaborative control of multi-role signature permissions and signature status in the medical referral process, improving the security, controllability, and consistency of the referral process.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of medical informatics and information processing technology, and in particular to a QR code-driven multi-role collaborative processing system for medical referral. Background Technology

[0002] With the continuous improvement of medical informatization and the ongoing advancement of the hierarchical medical system, the demand for digital management and collaborative processing of medical referral procedures is becoming increasingly prominent. Medical referrals typically involve collaborative signatures and confirmations from primary healthcare institutions, higher-level medical institutions, and various medical personnel. Existing referral systems mostly rely on fixed account logins, static permission configurations, or offline paper-based processes to complete referral approvals. However, in practical applications, the following problems are commonly encountered:

[0003] In the referral process, the permissions of different signing roles are strongly correlated with the referral stage. Existing systems mostly use static role-based permission control, which is difficult to dynamically adjust according to changes in signature status. This can easily lead to unauthorized access or missing permissions, affecting the standardization and security of the referral process. The referral process involves numerous signing nodes and complex status transitions. Existing process control methods typically lack modeling of signature status dwell time and historical flow behavior, making it difficult to identify abnormal signatures or process blockages in a timely manner, resulting in reduced referral efficiency. In cross-institutional, multi-role collaboration scenarios, traditional account- or link-based access methods suffer from easily expired and difficult-to-trace access credentials. The lack of a unified binding mechanism for referral instance status, validity period, and role access conditions increases the difficulty of process management. Furthermore, existing systems often lack unified freezing and control strategies in abnormal situations such as signature failure, timeout, or rejection, which can easily lead to inconsistent referral statuses or duplicate operations, affecting the continuity and reliability of medical services.

[0004] Therefore, how to provide a QR code-driven multi-role collaborative processing system for medical referrals is a problem that urgently needs to be solved by those skilled in the art. Summary of the Invention

[0005] One objective of this invention is to propose a QR code-driven multi-role collaborative processing system for medical referrals. This invention constructs referral instances and finite state machines through an instance modeling module. A QR code generation module uniformly encodes the referral instance identifier, signature status identifier, set of allowed operation role identifiers, and valid time parameters. A QR code access module enables dynamic access control of the referral processing interface. During the referral process, a signature verification module, an improved permission discrimination model, and an improved probabilistic semi-Markov model are combined to collaboratively process signature permission determination, signature credibility verification, and signature status transition. Simultaneously, a QR code update module and a freeze control module provide unified management of status changes and abnormal situations, thereby completing the entire digital processing of multi-role collaborative signatures in the medical referral process. This invention possesses advantages such as dynamic association between permission control and signature status, strong traceability of the referral process, high consistency in abnormal handling, and strong cross-institutional collaborative security.

[0006] A QR code-driven multi-role collaborative processing system for medical referral according to an embodiment of the present invention includes:

[0007] The instance modeling module is used to receive referral initiation requests, generate referral instance identifiers according to the referral business type, and construct a finite state machine containing multiple signature states for the referral instance according to the preset signature order.

[0008] The QR code generation module is used to generate a status QR code based on the signature status of the referral instance. The status QR code includes a referral instance identifier, a signature status identifier, a set of allowed operation role identifiers, and an effective time parameter. The set of allowed operation role identifiers is calculated by an improved permission discrimination model.

[0009] The QR code access module is used to receive QR code scanning requests, obtain the identity information of the scanning user and determine the corresponding role identifier. If the role identifier belongs to the set of allowed operation role identifiers recorded in the status QR code, and the valid time parameter corresponding to the status QR code meets the preset time condition, then the referral processing interface corresponding to the signature status is opened.

[0010] The signature verification module is used to receive electronic signature requests in the referral processing interface, perform identity verification, medical institution verification, and signature status verification on the electronic signature requests, construct a signature relationship graph based on the signature participants' roles, calculate the credibility of the signature relationship graph, and generate corresponding signature records.

[0011] The state transition module is used to calculate the state transition result of the referral instance based on the signature record, signature time distribution and historical state transition data, using an improved probabilistic semi-Markov model, and update the signature state of the referral instance in the finite state machine according to the state transition result.

[0012] The QR code update module is used to terminate the access permission of the status QR code corresponding to the previous signature status after the signature status is updated, and to generate a new status QR code based on the updated signature status.

[0013] The freeze control module is used to mark the referral instance as frozen and restrict the referral instance's signature operation permissions when it detects that the signature verification fails, the signature exceeds a preset time range, or the signature operation is rejected.

[0014] Optionally, the instance modeling module specifically comprises:

[0015] Receive a referral initiation request and obtain the referral service type; generate a referral instance identifier based on the referral service type and associate it with the referral information;

[0016] Read the preset signature order and generate a signature node sequence, the signature node sequence including a signature status identifier set;

[0017] A finite state machine is constructed based on the signature node sequence. The finite state machine includes multiple signature states and the state transition relationships between the signature states.

[0018] An initial signature status identifier is written into the finite state machine, and the referral instance identifier is associated with the initial signature status identifier.

[0019] Write a frozen state identifier into the finite state machine, and establish a trigger association between the frozen state identifier and the signature status verification failure, the signature exceeding the preset time range, or the signature rejection operation.

[0020] Optionally, the QR code generation module specifically comprises:

[0021] Obtain the referral instance identifier and signature status identifier; obtain the state transition relationship corresponding to the signature status identifier and extract the state transition legality constraints;

[0022] The system acquires role characteristics and inputs them into an improved permission discrimination model. Based on the attention calculation of role characteristics, and combined with the signature status and state transition legality constraints, the system calculates the set of role identifiers that are allowed to operate.

[0023] Obtain and write the valid time parameter;

[0024] The referral instance identifier, signature status identifier, set of allowed operation role identifiers, and valid time parameter are encoded to generate a status QR code, and the status QR code is output.

[0025] Optionally, the improved permission determination model is specifically as follows:

[0026] Obtain character features and construct a character feature matrix, wherein the character feature matrix contains feature vectors corresponding to multiple character identifiers;

[0027] Obtain the signature status identifier and map the signature status identifier to a status feature vector;

[0028] Read the state transition relationship corresponding to the signature status identifier and construct a legality constraint matrix, wherein the legality constraint matrix contains the role identifier and the legality marker of the state transition relationship;

[0029] Generate query vectors based on state feature vectors, and generate key vector matrices and value vector matrices based on role feature matrices;

[0030] The attention score vector is obtained by performing a dot product operation on the query vector and the key vector matrix, and the constraint score vector is obtained by performing a mask operation on the attention score vector according to the legality constraint matrix.

[0031] Normalize the constraint score vector to obtain the attention weight vector, and perform a weighted summation on the attention weight vector and the value vector matrix to obtain the attention output vector;

[0032] The attention output vector and the state feature vector are concatenated to obtain a fusion vector, and a linear transformation and activation operation are performed on the fusion vector to obtain the role permission score vector.

[0033] A threshold determination is performed on the role permission score vector to obtain the set of role identifiers that are allowed to operate.

[0034] Optionally, the QR code access module specifically comprises:

[0035] Receive the QR code scanning request and parse the status QR code to obtain the referral instance identifier, signature status identifier, set of allowed operation role identifiers, and validity time parameter;

[0036] Obtain the user's identity information and generate a user identity identifier;

[0037] Obtain role identifiers based on user identity identifiers and generate a set of user role identifiers;

[0038] Perform a time comparison on the valid time parameter. If the time comparison result meets the preset time condition, then perform a role comparison.

[0039] Perform a set inclusion determination on the user role identifier set and the allowed operation role identifier set. If the set inclusion determination result meets the preset admission conditions, open the referral processing interface and write the referral instance identifier and signature status identifier into the referral processing interface session information.

[0040] If the time comparison result does not meet the preset time condition or the set inclusion judgment result does not meet the preset admission condition, the access rejection result will be output and the referral processing interface opening operation will be terminated.

[0041] Optionally, the signature verification module specifically comprises:

[0042] Receive electronic signature requests and obtain referral instance identifier, signature status identifier, and user identity identifier;

[0043] The medical institution identifier and role identifier are obtained based on the user's identity identifier, and the medical institution identifier is verified.

[0044] Perform identity verification on the user's identity identifier and perform signature status verification on the signature status identifier;

[0045] Obtain the signing participants and generate a set of signing participants. Construct a signing relationship graph based on the set of signing participants, wherein the signing relationship graph includes the association edges between role nodes.

[0046] Get the character node features and write them into the character node features; get the associated edge features and write them into the associated edge features.

[0047] The credibility calculation is performed on the signature relationship diagram to obtain the credibility result, and the credibility result is then subjected to threshold determination to obtain the credibility determination result;

[0048] A signature record is generated when the medical institution verification, identity verification, and signature status verification meet the preset verification rules and the credibility judgment result meets the preset credibility conditions. The signature record includes a referral instance identifier, a signature status identifier, a user identity identifier, a medical institution identifier, a role identifier, and a signature timestamp.

[0049] If the results of medical institution verification, identity verification, signature status verification, or credibility determination do not meet the preset conditions, output a signature rejection result and terminate the signature record generation operation.

[0050] Optionally, the state transition module specifically comprises:

[0051] Obtain the signature record and extract the referral instance identifier, signature status identifier, and signature timestamp;

[0052] Historical status flow data is read based on referral instance identifiers and a status sequence is constructed, the status sequence including multiple signed status identifiers;

[0053] Calculate the signature time distribution and generate a dwell time sequence based on the signature timestamp and status sequence;

[0054] Obtain the semantic features of the signature and generate a semantic feature vector, wherein the semantic features of the signature include a signature operation type identifier and a signature result identifier;

[0055] The signature status identifier, dwell time sequence, semantic feature vector and historical state transition data are input into the improved probabilistic semi-Markov model to calculate the state transition probability vector and generate the next signature status identifier.

[0056] Update the signature status corresponding to the referral instance to the next signature status identifier and write it into the signature status change record of the finite state machine.

[0057] Optionally, the improved probabilistic semi-Markov model is specifically:

[0058] Obtain the signature status identifier and construct the state set; obtain the state transition relationship and construct the state transition matrix.

[0059] Obtain the dwell time series and construct a duration set, then construct a duration distribution parameter set based on the duration set;

[0060] Obtain the semantic features of the signature and construct a set of semantic feature vectors, wherein the set of semantic feature vectors includes vector codes corresponding to the signature operation type identifier and the signature result identifier;

[0061] Based on the semantic features of the signature, a conditional update is performed on the duration distribution parameter set to generate a semantic condition parameter set;

[0062] The state transition probability vector is calculated based on the state transition matrix and the set of semantic condition parameters. The next signature state identifier is obtained by performing the maximum probability selection on the state transition probability vector, and the next signature state identifier and the state transition probability vector are output.

[0063] Optionally, the QR code update module specifically comprises:

[0064] Receive signature status update instructions and obtain referral instance identifier, signature status identifier before update and signature status identifier after update;

[0065] Based on the referral instance identifier and the signature status identifier before the update, locate the status QR code corresponding to the signature status before the update and read the status QR code identifier.

[0066] Write an invalidation flag to the status QR code identifier and update the access control record corresponding to the status QR code identifier;

[0067] Obtain the updated signature status identifier and, based on the updated signature status identifier, obtain the state transition legality constraints;

[0068] Obtain role characteristics and input them into the improved permission discrimination model. Combine the updated signature status identifier and state transition legality constraints to calculate the set of role identifiers that are allowed to operate.

[0069] Obtain and write the valid time parameter;

[0070] The referral instance identifier, the updated signature status identifier, the set of allowed operation role identifiers, and the valid time parameter are encoded to generate a status QR code corresponding to the updated signature status, and the status QR code corresponding to the updated signature status is output.

[0071] Optionally, the freeze control module specifically comprises:

[0072] Obtain the signature rejection result output by the signature verification module and extract the referral instance identifier, signature status identifier, and rejection reason identifier;

[0073] Obtain the signature timestamp and perform time difference calculation between the signature timestamp and the valid time parameter. If the time difference calculation result does not meet the preset time condition, generate an expiration flag.

[0074] Obtain the signature rejection operation identifier and perform a rejection judgment on the signature rejection operation identifier. If the rejection judgment result meets the preset rejection conditions, a rejection identifier is generated.

[0075] Perform a freeze trigger determination on the rejection reason flag, timeout flag and rejection flag. If the freeze trigger determination result meets the preset freeze conditions, write the freeze status flag.

[0076] Update the instance state record of the finite state machine based on the referral instance identifier and the frozen status identifier;

[0077] Write the signature operation restriction identifier based on the referral instance identifier and update the access control record. The access control record includes the correspondence between the set of allowed operation role identifiers and the signature status identifier. Output the freeze result and terminate the signature record generation operation and the status transition operation.

[0078] The beneficial effects of this invention are:

[0079] (1) Bind the referral instance identifier, signature status identifier, set of allowed operation role identifiers and valid time parameters to the status QR code, and combine the instance modeling module and finite state machine to realize the synchronous evolution of signature permissions and signature status in the referral process, so as to avoid the problem of unauthorized access or omission caused by static permission configuration.

[0080] (2) By improving the permission judgment model, role characteristics, signature status identifiers and state transition legality constraints are introduced into the permission judgment process, so that the set of role identifiers that are allowed to operate is dynamically updated with the signature status, realizing state-aware permission control in multi-role collaborative signature scenarios, and improving the security and consistency of the referral process.

[0081] (3) By using an improved probabilistic semi-Markov model, the signature time distribution, historical state transition data and signature semantic features are jointly modeled. The signature behavior rhythm and semantic differences are considered in the state transition judgment, which improves the adaptability of the signature state transition results to the real medical referral process and reduces abnormal stagnation and misjudgment.

[0082] (4) Through the QR code update module and the freeze control module, the abnormal situations such as signature status update, timeout signature, and signature rejection are uniformly managed, and the collaborative processing of status QR code failure, permission recalculation and instance freezing is realized, which enhances the controllability and reliability of the medical referral process in cross-institution and multi-role collaboration scenarios. Attached Figure Description

[0083] The accompanying drawings are provided to further illustrate the invention and form part of the specification. They are used in conjunction with embodiments of the invention to explain the invention and do not constitute a limitation thereof. In the drawings:

[0084] Figure 1 This is a schematic diagram of a QR code-driven multi-role collaborative processing system for medical referral proposed in this invention.

[0085] Figure 2 This is a data flow diagram of a QR code-driven multi-role collaborative processing system for medical referral proposed in this invention. Detailed Implementation

[0086] The present invention will now be described in further detail with reference to the accompanying drawings. These drawings are simplified schematic diagrams, illustrating only the basic structure of the invention, and therefore only show the components relevant to the invention.

[0087] refer to Figures 1-2 A QR code-driven multi-role collaborative processing system for medical referrals, comprising:

[0088] The instance modeling module is used to receive referral initiation requests, generate referral instance identifiers according to the referral business type, and construct a finite state machine containing multiple signature states for the referral instance according to the preset signature order.

[0089] The QR code generation module is used to generate a status QR code based on the signature status of the referral instance. The status QR code includes the referral instance identifier, signature status identifier, set of allowed operation role identifiers, and validity time parameter; the set of allowed operation role identifiers is calculated by an improved permission discrimination model.

[0090] The QR code access module is used to receive QR code scanning requests, obtain the identity information of the scanning user and determine the corresponding role identifier. If the role identifier belongs to the set of allowed role identifiers recorded in the status QR code, and the valid time parameter corresponding to the status QR code meets the preset time condition, then the referral processing interface corresponding to the signature status is opened.

[0091] The signature verification module is used to receive electronic signature requests in the referral processing interface, perform identity verification, medical institution verification, and signature status verification on the electronic signature requests, construct a signature relationship graph based on the signature participants' roles, calculate the credibility of the signature relationship graph, and generate the corresponding signature record.

[0092] The state transition module is used to calculate the state transition result of the referral instance based on the signature record, signature time distribution and historical state transition data, using an improved probabilistic semi-Markov model, and update the signature status of the referral instance in the finite state machine according to the state transition result.

[0093] The QR code update module is used to terminate the access permission of the status QR code corresponding to the previous signature status after the signature status is updated, and to generate a new status QR code based on the updated signature status.

[0094] The freeze control module is used to mark the referral instance as frozen and restrict the referral instance's signature operation permissions when it detects that the signature verification fails, the signature exceeds the preset time range, or the signature operation is rejected.

[0095] In this embodiment, the instance modeling module specifically comprises:

[0096] Receive referral initiation request and read the referral business type field. The referral business type field is a pre-configured enumerated business code, and the business code is mapped one-to-one with the corresponding signature node template.

[0097] A referral instance identifier is generated based on the referral business type. The referral instance identifier is obtained by concatenating the business code, the timestamp field, and the random verification field. The concatenation method is to sequentially connect the business code, the millisecond-level timestamp value, and the random verification field in a fixed order. The random verification field consists of a number sequence of preset length. The referral instance identifier is written into the referral information record, which includes the correspondence between the patient identifier, the referral department identifier, and the referral instance identifier.

[0098] Read the preset signature order and generate a signature node sequence. The preset signature order is stored as a linear ordered table structure, and each element in the ordered table corresponds to a signature node number. Generate a signature status identifier set based on the signature node number. The signature status identifier is obtained by concatenating the signature node number with the status type code. The status type code is used to distinguish between unsigned, signed and frozen status.

[0099] A finite state machine is constructed based on the signature node sequence. The finite state machine consists of a set of states and a set of state transition relationships. The set of states consists of a set of signature state identifiers, and the set of state transition relationships is stored in the form of directed edges. Each directed edge consists of the previous signature state identifier and the next signature state identifier. The state transition relationships are generated in the order of the signature node sequence. A one-way transition relationship is established between the signature state identifiers corresponding to adjacent signature nodes, and no state transition relationship is established between non-adjacent signature nodes.

[0100] Write the initial signature status identifier into the finite state machine. The initial signature status identifier is selected as the first signature status identifier in the signature node sequence. Establish a binding record between the referral instance identifier and the initial signature status identifier. The binding record is stored in the form of key-value pairs, where the key is the referral instance identifier and the value is the current signature status identifier.

[0101] A frozen state identifier is written into the finite state machine. The frozen state identifier is added to the state set as an independent state node and does not participate in the order of the signature node sequence. A transition relationship pointing to the frozen state identifier is established in the state transition relationship set. The transition conditions correspond one-to-one with the signature status verification failure, signature exceeding the preset time range, or signature rejection operation. The method for determining whether the signature exceeds the preset time range is as follows: the difference between the signature timestamp and the valid time parameter is calculated. If the difference result is greater than the preset time threshold, it is determined that the signature exceeds the preset time range. The preset time threshold is a fixed time length configured by the system.

[0102] Complete the writing of the state set, state transition relationship set and referral instance identifier binding records of the finite state machine to form the state machine modeling result corresponding to the referral instance.

[0103] In this embodiment, the QR code generation module specifically comprises:

[0104] Obtain the referral instance identifier and signature status identifier. The referral instance identifier serves as the unique index field of the status QR code, and the signature status identifier serves as the status control field of the status QR code. Based on the signature status identifier, read the set of state transition relationships in the finite state machine. The set of state transition relationships is stored in the form of a set of directed edges, and each directed edge consists of an initial signature status identifier and a target signature status identifier. Extract state transition legality constraints from the set of state transition relationships. The state transition legality constraints are represented in the form of a binary labeled matrix. The matrix rows correspond to role identifiers, and the matrix columns correspond to target signature status identifiers. A matrix element value of 1 indicates that there is a legal transition relationship under the corresponding signature status identifier, and a matrix element value of 0 indicates that there is no legal transition relationship.

[0105] The system acquires role features and constructs a set of role feature vectors. Each role feature vector is obtained by concatenating the role identifier code, the affiliated medical institution code, and historical signature behavior statistics in a fixed order. The concatenation method involves performing a vector-level sequential concatenation of these elements to form a single vector. This set of role feature vectors is then input into an improved permission discrimination model. Within the model, signature status identifiers are mapped to state feature vectors, which are obtained through embedding mapping. An attention score vector is calculated based on the state feature vectors and the set of role feature vectors. Each element in the attention score vector represents the correlation strength between the corresponding role feature vector and the state feature vector, obtained by performing a vector dot product between the state feature vector and the role feature vector. Finally, the attention score vector is masked according to state transition legality constraints. The masking method involves assigning negative infinity to the positions where the corresponding legality constraint matrix element is 0 in the attention score vector, and then masking the corresponding legality constraint matrix element. Positions with a matrix element of 1 retain their original score values. The attention score vector after masking is normalized by performing an exponential operation on all scores and dividing by the sum of the exponents to obtain an attention weight vector, where the sum of all elements is 1. A weighted summation is performed on the set of role feature vectors based on the attention weight vector to obtain a permission representation vector, which is a linear combination of the set of role feature vectors and the attention weight vector. The permission representation vector and the state feature vector are concatenated along their respective vector dimensions to form a fusion vector, which is formed by sequentially connecting the two vectors along their feature dimensions to create a high-dimensional vector. A linear mapping and activation transformation are performed on the fusion vector to obtain a role permission score vector, where each element corresponds to the permission score value of a role identifier. A threshold determination is performed on the role permission score vector, comparing the permission score value with a preset permission threshold. Role identifiers with permission scores not less than the permission threshold are written into the set of allowed role identifiers.

[0106] Obtain the valid time parameter, which is determined by the timestamp of the status QR code generation and the preset valid duration. The valid expiration time is obtained by adding the generation timestamp and the valid duration. Write the referral instance identifier, signature status identifier, set of allowed operation role identifiers, and valid time parameter into the QR code payload data structure. The QR code payload data structure is stored in key-value pair format, and the fields are arranged in a fixed field order. Perform encoding processing on the QR code payload data structure. The encoding processing method is to serialize the payload data structure and perform error correction encoding to generate QR code image data. Output the status QR code and establish an association between the status QR code and the referral instance identifier for storage.

[0107] In this embodiment, the improved permission determination model is specifically as follows:

[0108] Obtain role characteristics and construct a role characteristic matrix. The role characteristics are formed by concatenating the role identifier code, the affiliated medical institution code, the historical signature count statistics, and the historical signature pass rate values ​​in a fixed field order to form a role characteristic vector. Multiple role characteristic vectors are arranged in the order of the role identifier to form a role characteristic matrix.

[0109] The signature status identifier is obtained and embedded mapping is performed. The embedded mapping maps the signature status identifier into a fixed-length numerical vector by looking up a table. The resulting numerical vector is used as the status feature vector. Each dimension of the status feature vector represents the representation component of the signature status in different implicit semantic spaces.

[0110] Read the set of state transition relationships corresponding to the signature state identifier in the finite state machine, and construct a legality constraint matrix based on the set of state transition relationships. The legality constraint matrix is ​​stored in the form of a two-dimensional matrix. The matrix row index corresponds to the role identifier, and the matrix column index corresponds to the signature state identifier of the state transition target. A matrix element value of 1 indicates that the role identifier is allowed to participate in the corresponding state transition in the current signature state, and a matrix element value of 0 indicates that participation is prohibited.

[0111] The query vector is obtained through linear mapping based on the state feature vector. The query vector is obtained by matrix multiplication of the state feature vector and the preset query weight matrix. The key vector matrix and the value vector matrix are obtained through linear mapping based on the role feature matrix. The key vector matrix is ​​obtained by matrix multiplication of the role feature matrix and the preset key weight matrix, and the value vector matrix is ​​obtained by matrix multiplication of the role feature matrix and the preset value weight matrix.

[0112] The query vector and key vector matrix are subjected to a vector dot product operation. The dot product results are arranged according to the role dimension to form an attention score vector. Each element in the attention score vector represents the correlation strength between the state feature vector and the corresponding role feature vector. The attention score vector is then combined with the legality constraint matrix for masking. The masking method is to assign a value of negative infinity to the positions in the attention score vector that correspond to the legality constraint matrix elements of 0, and to keep the original score value at the positions that correspond to the legality constraint matrix elements of 1, thus forming a constraint score vector.

[0113] The constraint score vector is normalized through exponential operations and normalized summation. Specifically, the natural exponent value of each element in the constraint score vector is taken and divided by the sum of all exponent values ​​to obtain the attention weight vector. The sum of all elements in the attention weight vector is 1. A weighted summation operation is then performed on the attention weight vector and the value vector matrix. The weighted summation method is to multiply each weight value in the attention weight vector with the corresponding role vector in the value vector matrix and then sum them according to the role dimension to obtain the attention output vector.

[0114] The attention output vector and the state feature vector are concatenated. The concatenation method is to place the attention output vector in front and the state feature vector in the back in the feature dimension to form a high-dimensional fusion vector. The fusion vector is then subjected to a linear transformation. The linear transformation is obtained by multiplying the fusion vector with a preset fusion weight matrix to obtain an intermediate vector. The intermediate vector is then activated to obtain a role permission score vector. Each element in the role permission score vector corresponds to the permission score of the role identifier in the current signature state.

[0115] The role permission score vector is subjected to threshold determination processing. The threshold determination is completed by comparing the permission score of each role with the preset permission threshold. The role identifier with the permission score not less than the permission threshold is written into the set of role identifiers that are allowed to operate, and the role identifier with the permission score less than the permission threshold is not written into the set of role identifiers that are allowed to operate.

[0116] In this embodiment, the improved permission discrimination model is improved because in the medical referral scenario, the signing permission is not only related to the static attributes of the role, but also closely related to the signing status and state transition constraints of the referral instance. Simply judging permissions based on role characteristics cannot accurately reflect the permission differences at different signing stages. The improvement is to introduce the signing status identifier and state transition legality constraint in the permission discrimination process, and to explicitly integrate the state transition relationship corresponding to the signing status into the attention calculation process of the role characteristics, so that the permission judgment is affected by both role characteristics and state constraints. By mapping the signing status to a state feature vector and participating in the query vector generation, the permission discrimination result is dynamically adjusted as the signing status changes. By constructing a legality constraint matrix corresponding to the role identifier and the state transition relationship, the attention score is constrained and filtered to exclude roles that do not have the legal participation conditions in the current signing status. By concatenating the state feature vector and the attention output vector by feature dimension to generate the role permission score, the state perception discrimination of the role permission is realized, thereby forming a permission discrimination result that is consistent with the finite state machine and can be dynamically updated as the referral process progresses.

[0117] In this embodiment, the QR code access module specifically comprises:

[0118] The system receives a QR code scanning request and parses the QR code image data in the request. The parsing process decodes the QR code encoding content to obtain structured fields. The structured fields include a referral instance identifier, a signature status identifier, a set of allowed operation role identifiers, and a valid time parameter. The valid time parameter consists of a start timestamp and an end timestamp.

[0119] The system obtains the identity information submitted by the user who scanned the code. The identity information includes the user account identifier and the authentication credential identifier. The system performs a consistency check on the identity information and generates a user identity identifier. The user identity identifier is obtained by concatenating the user account identifier and the medical institution identifier in a fixed order.

[0120] Based on the user identity identifier, a matching search is performed in the user role mapping table to read one or more role identifiers corresponding to the user identity identifier. Multiple role identifiers are sorted in ascending order of role number to generate a user role identifier set.

[0121] Obtain the current system timestamp and perform a range comparison between the current system timestamp and the start and end timestamps in the valid time parameters. The range comparison is completed by comparing whether the current system timestamp is greater than or equal to the start timestamp and less than or equal to the end timestamp. The range comparison result is used as the time comparison result.

[0122] The preset time condition characterizes the time interval constraint relationship between the valid time parameter recorded in the status QR code and the current system timestamp. The valid time parameter includes a start timestamp and an end timestamp. The preset time condition satisfies all of the following constraints: the current system timestamp is not less than the start timestamp; the current system timestamp is not greater than the end timestamp; the time difference between the current system timestamp and the start timestamp does not exceed the preset maximum allowed access duration; the start timestamp is the time value written when the status QR code is generated.

[0123] The deadline timestamp is the sum of the start timestamp and the preset valid duration; the preset maximum allowed access duration is a time threshold pre-configured for different signature statuses.

[0124] When the time comparison result meets the preset time condition, a set inclusion determination is performed on the user role identifier set and the allowed operation role identifier set. The set inclusion determination is completed by comparing one by one whether the element in the user role identifier set exists in the allowed operation role identifier set. When at least one identical role identifier exists, the determination result is that the preset admission condition is met.

[0125] When the set contains judgment results that meet the preset admission conditions, a referral processing interface session identifier is generated, and the referral instance identifier and signature status identifier are written into the referral processing interface session information. The referral processing interface session information is then associated with the user identity identifier.

[0126] If the time comparison result does not meet the preset time condition or the set inclusion judgment result does not meet the preset admission condition, an access rejection flag is generated and an access rejection result is returned. At the same time, the session context corresponding to the scan request is cleared and the referral processing interface session is terminated.

[0127] In this embodiment, the signature verification module specifically comprises:

[0128] Receive electronic signature requests and parse the request data. The parsing results include referral instance identifier, signature status identifier and user identity identifier. The user identity identifier is obtained by concatenating the user account identifier and the code of the affiliated medical institution in a fixed field order.

[0129] Based on the user's identity identifier, a matching search is performed in the medical institution mapping table. The medical institution identifier corresponding to the user's identity identifier is read, and the read medical institution identifier is compared with the target medical institution identifier associated with the referral instance. The consistency comparison is completed by string equality judgment, and the judgment result is used as the medical institution verification result.

[0130] Based on the user's identity identifier, the user identity authentication table is searched, the user's identity status flag is read and compared with the valid identity status flag, and the comparison result is used as the identity verification result.

[0131] Based on the referral instance identifier, the current signature status identifier is read from the finite state machine state record, and the read current signature status identifier is compared with the signature status identifier in the electronic signature request. The consistency comparison result is used as the signature status verification result.

[0132] Obtain the list of signing participants corresponding to the referral instance. The list of signing participants consists of all completed signing role identifiers and pending signing role identifiers corresponding to the current signing status. After deduplicating the list of signing participants, generate a set of signing participants.

[0133] A signature relationship graph is constructed based on the set of signature participants. The signature relationship graph is stored in the form of a graph structure. Each role identifier in the graph corresponds to a role node. There are association edges between role nodes. The association edges represent the collaborative signature relationship of roles in the same referral instance.

[0134] Obtain the role node features corresponding to each role node. The role node features are formed by concatenating the role's historical signature count value, the role's historical signature pass ratio value, and the consistency flag of the medical institution to which the role belongs in the order of feature dimensions, and write them into the corresponding role node.

[0135] Obtain the associated edge features corresponding to each associated edge. The associated edge features are formed by concatenating the signature order flag between role nodes, the signature time interval value, and the historical number of joint signatures value according to the feature dimension order, and write them into the corresponding associated edge.

[0136] The credibility of the signature relationship graph is calculated by taking the weighted average of all role node features and the weighted average of all associated edge features, and then summing the results. The weights of the role node features and the associated edge features in the weighted summation are preset constants. The credibility result is equal to the sum of the weighted average of the role node features and the weighted average of the associated edge features.

[0137] The credibility result is numerically compared with the preset credibility threshold. If the credibility result is greater than or equal to the credibility threshold, a credibility judgment result of "pass" is generated; if the credibility result is less than the credibility threshold, a credibility judgment result of "fail" is generated.

[0138] When the medical institution verification result is passed, the identity verification result is passed, the signature status verification result is passed, and the credibility judgment result is passed, a signature record is generated and written to the signature record table. The signature record includes the referral instance identifier, signature status identifier, user identity identifier, medical institution identifier, role identifier, and signature timestamp.

[0139] If any of the medical institution verification results, identity verification results, signature status verification results, or credibility determination results fail to meet the preset conditions, a signature rejection flag is generated and a signature rejection result is output, while the signature record writing operation is terminated.

[0140] In this embodiment, the state transition module specifically comprises:

[0141] Obtain the signature record and parse the signature record fields. The parsing results include the referral instance identifier, signature status identifier and signature timestamp. The signature timestamp is an absolute time value under a unified time base.

[0142] Based on the referral instance identifier, the status change record table is retrieved, the historical signature status identifiers are read in ascending order of timestamp and arranged in the reading order to generate a status sequence. Adjacent elements in the status sequence represent a continuous status change.

[0143] The signature time distribution is calculated based on the state sequence and the corresponding signature timestamp. The signature time distribution is obtained by subtracting adjacent signature timestamps to obtain a time interval sequence. Each element in the time interval sequence represents the dwell time of the corresponding signature state. All time interval values ​​are arranged in the state order to generate a dwell time sequence.

[0144] Obtain the semantic features of the signature and generate a semantic feature vector. The semantic features of the signature consist of the signature operation type identifier and the signature result identifier. The signature operation type identifier and the signature result identifier are mapped to fixed-length numerical vectors by a table lookup method, and are sequentially concatenated in the feature dimension direction to form the semantic feature vector.

[0145] The signature status identifier, dwell time sequence, semantic feature vector and historical status flow data are combined into joint input data according to the status time alignment method. Each status in the joint input data corresponds to a set of status identifier, dwell time value and semantic feature vector.

[0146] A state transition probability vector is generated based on the joint input data, and the state index corresponding to the maximum probability in the probability vector is read. The state index corresponding to the maximum probability is used as the next signature state identifier.

[0147] Update the signature status corresponding to the referral instance to the next signature status identifier, and write the status change record in the finite state machine. The status change record includes the signature status identifier before the update, the signature status identifier after the update, and the corresponding timestamp.

[0148] In this embodiment, the improved probabilistic semi-Markov model is specifically as follows:

[0149] Obtain the signature status identifier set and construct a state set, where each element in the state set corresponds to a signature state in a finite state machine;

[0150] A state transition matrix is ​​constructed based on the pre-defined state transition relationship in the finite state machine. The state transition matrix is ​​a two-dimensional matrix. The matrix row index represents the initial signing state, the matrix column index represents the target signing state, and the matrix elements are the basic probability parameters of the state transition.

[0151] Obtain the dwell time series and construct a duration set. The duration set consists of multiple dwell time values, where each duration value is the time interval value of the same signature status in the historical flow.

[0152] Based on the duration set, a duration distribution parameter set is constructed. The duration distribution parameter set includes the average dwell time parameter and the time dispersion parameter corresponding to each signature state. The average dwell time parameter is equal to the sum of all dwell time values ​​for the corresponding state divided by the number of dwell time values. The time dispersion parameter is equal to the sum of the squares of the differences between the dwell time values ​​and the average dwell time parameter divided by the number of dwell time values.

[0153] The semantic features of the signature are obtained and a set of semantic feature vectors is constructed. The semantic features of the signature consist of the signature operation type identifier and the signature result identifier recorded during the electronic signature process. The signature operation type identifier corresponds to a preset signature behavior category code, and the signature result identifier corresponds to the signature verification result code. The signature operation type identifier is mapped to an operation type vector and the signature result identifier is mapped to a result vector. The semantic feature vectors are then concatenated in a fixed order along the feature dimension to form a semantic feature vector. The concatenation method is that the operation type vector comes first and the result vector comes last. The set of semantic feature vectors consists of multiple semantic feature vectors, and each semantic feature vector corresponds to a signature state.

[0154] The set of duration distribution parameters is conditionally updated based on semantic feature vectors. The conditional update is completed by adding the dot product of the semantic feature vector and the corresponding parameter weight vector to the average dwell time parameter and the time dispersion parameter, respectively. The updated parameters form a set of semantic conditional parameters.

[0155] The state transition probability vector is calculated based on the state transition matrix and the set of semantic condition parameters. Each element in the state transition probability vector is equal to the product of the corresponding state transition basic probability parameter and the exponential decay function of the average dwell time parameter in the semantic condition parameters. The exponent of the exponential decay function is the ratio of the negative dwell time value to the average dwell time parameter.

[0156] The state transition probability vector is normalized by dividing each probability value by the sum of all probability values. After normalization, the sum of all elements in the state transition probability vector is 1.

[0157] Read the state index corresponding to the element with the largest value in the state transition probability vector as the next signing state identifier, and output the next signing state identifier and the state transition probability vector.

[0158] In this embodiment, the improved probabilistic semi-Markov model is based on the probabilistic semi-Markov model because the signature status flow in the medical referral process is not only affected by the state transition probability, but also closely related to the dwell time distribution of each signature status and the semantics of the signature behavior. The traditional probabilistic semi-Markov model only uses historical states and durations for modeling, which makes it difficult to reflect the impact of different signature operation types and signature results on the state dwell characteristics. The improvement is to introduce signature semantic features in the state transition modeling process, mapping the signature operation type identifier and the signature result identifier into semantic feature vectors, and using the semantic feature vectors as conditional information to participate in the update of the duration distribution parameters. By semantically conditionalizing the duration distribution parameters, different signature semantics correspond to different state dwell characteristics. In the state transition probability calculation stage, the semantically conditionalized duration parameters and the state transition matrix work together in the transition probability generation process, so that the state transition result is simultaneously affected by historical flow patterns and signature semantics. This forms a state transition determination method that can reflect the differences in signature behavior and adapt to the actual rhythm changes of the medical referral process.

[0159] In this embodiment, the QR code update module specifically comprises:

[0160] Receive signature status update instruction and parse update instruction fields. The parsing result includes referral instance identifier, signature status identifier before update and signature status identifier after update.

[0161] Based on the referral instance identifier and the signature status identifier before the update, a joint matching search is performed in the QR code index table to read the status QR code identifier corresponding to the joint matching result. The status QR code identifier is a unique coded value assigned when the status QR code is generated.

[0162] An invalidation flag is written to the status QR code identifier. The invalidation flag is a preset binary status flag. A value of 1 indicates that the status QR code can no longer be used, and a value of 0 indicates that the status QR code is in a valid state. The invalidation flag is written to the QR code status record table.

[0163] The access control record is updated based on the status QR code identifier. The access control record includes the status QR code identifier, the set of allowed role identifiers, and the validity time parameter. The update method is to set the allowed access flag in the access control record to the prohibited state.

[0164] Obtain the updated signature status identifier and search it in the finite state machine state transition table. Read the set of state transition relationships corresponding to the updated signature status identifier and extract the state transition legality constraints from the set of state transition relationships. The state transition legality constraints are stored in the form of an allow flag between the role identifier and the target signature status identifier.

[0165] Obtain role characteristics and construct a role feature matrix according to the order of role identifiers. Each row in the role feature matrix corresponds to a feature vector of a role identifier. The role feature vector is formed by concatenating the historical signature count, historical signature pass rate, and consistency flag of the affiliated medical institution according to the feature dimension order.

[0166] Input the role feature matrix, the updated signature status identifier, and the state transition legality constraint into the improved permission discrimination model, and output the set of role identifiers that are allowed to operate. Each role identifier in the set of role identifiers that are allowed to operate has operation permissions in the updated signature status.

[0167] Obtain the valid time parameter. The valid time parameter is obtained by combining the current system timestamp with the preset valid duration value. The combination method is to use the current system timestamp as the start timestamp and the sum of the current system timestamp and the valid duration value as the end timestamp.

[0168] The referral instance identifier, the updated signature status identifier, the set of allowed operation role identifiers, and the effective time parameter are encoded according to the field order. The encoding method is to convert each field into a binary data block according to the preset field order and then concatenate them serially. The concatenated data block is used as the status QR code encoding content.

[0169] Based on the encoded content of the status QR code, a status QR code corresponding to the updated signature status is generated and written into the QR code storage table. At the same time, the status QR code corresponding to the updated signature status is output for subsequent scanning access.

[0170] In this embodiment, the freeze control module specifically comprises:

[0171] Obtain the signature rejection result output by the signature verification module and parse the rejection result field. The parsing result includes the referral instance identifier, signature status identifier, and rejection reason identifier. The rejection reason identifier consists of at least one of the following: medical institution verification failure flag, identity verification failure flag, signature status verification failure flag, and credibility judgment failure flag.

[0172] Obtain the signature timestamp and the valid time parameters recorded in the status QR code. The valid time parameters include the start timestamp and the end timestamp. Calculate the time difference between the signature timestamp and the start timestamp and the end timestamp. The time difference is equal to the signature timestamp minus the start timestamp. At the same time, determine whether the signature timestamp is greater than the end timestamp. When the time difference is negative or the signature timestamp is greater than the end timestamp, generate a timeout flag.

[0173] Obtain the signature rejection operation identifier. The signature rejection operation identifier is generated by the rejection operation option selected by the user in the referral processing interface. The signature rejection operation identifier is compared and judged by the value. The judgment rule is that the rejection operation identifier is generated when the value is equal to the preset rejection code.

[0174] The rejection reason flag, timeout flag and rejection flag are combined and judged. The combination judgment is completed by logical OR operation. When any failure flag in the rejection reason flag is true, or the timeout flag is true or the rejection flag is true, a freeze trigger result is generated. When the freeze trigger result is true, the freeze status flag is written.

[0175] Based on the referral instance identifier and the frozen status identifier, the instance frozen status is written into the finite state machine status record table. The signature status identifier corresponding to the instance frozen status is replaced by the frozen status identifier and the status change timestamp is recorded.

[0176] The signature operation restriction identifier is written based on the referral instance identifier. The signature operation restriction identifier is set to the prohibited state. The access control record is updated in the access control record table. The set of allowed role identifiers in the access control record is set to an empty set. The signature status identifier is updated to the frozen status identifier. The frozen result is output and the signature processing session information corresponding to the referral instance is cleared. At the same time, the signature record generation operation and the state transition operation are terminated.

[0177] Example 1: To verify the feasibility of the present invention in practice, it was applied to a regional medical referral scenario, covering three types of medical institutions: municipal general hospitals, district and county people's hospitals, and primary health centers. The roles involved included the attending physician, the referring physician, the receiving physician, the department head, the medical affairs staff, and the patient's family members. On-site operations included two types of referral services: upward and downward. The entry point was accessed by the physician scanning a code or clicking on a WeChat mini-program page. Referral information was entered according to the form fields, and it supported sending reminders by selecting the next level of signature hospital and staff number, or generating a QR code for the current form for the patient to scan to enter the subsequent signature process. After the signatures at each level were completed, the backend retrieved and organized the data according to time periods.

[0178] In the application scenario, the instance modeling module generates a referral instance identifier upon receiving a referral initiation request. This identifier is associated with the referral information field set, and a finite state machine is used to write the signature status identifier set corresponding to the signature node sequence and the state transition relationship. The QR code generation module generates a status QR code based on the signature status identifier. This QR code includes the referral instance identifier, signature status identifier, set of allowed operation role identifiers, and a valid time parameter. The set of allowed operation role identifiers is output by an improved permission discrimination model with a role feature matrix and a state feature vector as input. The QR code access module parses the status QR code and obtains the scanning user's identity information to generate a user identity identifier. This identifier maps to a set of user role identifiers. When the time comparison meets a preset time condition and the set contains the identifiers, the referral processing interface is opened, and session information is written. The signature verification module receives the electronic signature on the referral processing interface. The system requests and executes identity verification, medical institution verification, and signature status verification. Simultaneously, it constructs a signature relationship graph based on the set of participating roles and calculates credibility. When the verification and credibility determination meet the conditions, a signature record is generated and a signature timestamp is written. The state transition module reads the signature record, signature time distribution, and historical state transition data. An improved probabilistic semi-Markov model outputs a state transition probability vector and generates the next signature status identifier. A finite state machine writes the signature status change record. The QR code update module writes the QR code corresponding to the previous signature status to an invalidation flag and updates the access control record after the signature status is updated, then generates the QR code corresponding to the updated signature status. The freeze control module writes a freeze status identifier and a signature operation restriction identifier when signature verification fails, the signature exceeds a preset time range, or a signature rejection operation is triggered, terminating the signature record generation and state transition operations.

[0179] To quantify the beneficial effects, 312 referral cases over 14 consecutive days were selected as samples. The traditional system was set to the existing implementation method of "static QR code jump + manual verification + sequential signature flow", while the experimental group was the system of this invention. The statistical indicators included the total process time, signature omission, duplicate signature, abnormal access, timeout rate, and the integrity of data retrieved by the backend in time periods. The results are shown in Tables 1 and 2.

[0180] Table 1. Comparison of Referral Process Efficiency and Completeness

[0181]

[0182] Table 1 analysis shows that traditional systems rely on manual confirmation and static QR code jumps during the step-by-step signature process, resulting in problems such as an excessively large open range of nodes and inconsistent state transitions, leading to high rates of signature omissions and duplicate signatures. The system of this invention uses an instance modeling module to solidify the signature node sequence into a finite state machine, explicitly writing the signature state and state transition relationship into the instance state record. The QR code access module only opens the referral processing interface when the time comparison and set inclusion determination conditions are met. The signature verification module superimposes credibility calculations before generating signature records to reduce invalid and duplicate submissions. The QR code update module writes an invalidation flag and refreshes the access control record after the signature state is updated, reducing process rollback caused by continued access with old QR codes. Therefore, the median time and average node time of the entire process are reduced, and the data integrity rate retrieved by the background in time periods is improved.

[0183] Table 2 Comparison of Security Access and Abnormal Handling

[0184]

[0185] Table 2 analysis shows that traditional systems mostly use static verification at the page or interface layer for role access control, lacking a constraint source that simultaneously incorporates signature status and state transition legality constraints into the access control calculation. This limits the interception rate of unauthorized role access attempts. Furthermore, old QR codes do not have an expiration flag written after status updates, leading to a high incidence of expired or old QR codes entering the interface. In the present invention, the improved permission judgment model outputs a set of allowed role identifiers in the QR code generation module, which, along with a valid time parameter, is written into the status QR code. The scanning access module outputs a rejection result based on time comparison and set inclusion determination. The QR code update module writes an expiration flag to the status QR code identifier and updates the access control record, significantly reducing the number of successful accesses with expired QR codes. The freeze control module writes a freeze status identifier and a signature operation restriction identifier when the rejection reason identifier, timeout identifier, and rejection identifier meet the freeze trigger determination. After freezing, the number of abnormal signature attempts is reduced to zero, resulting in a clear closed-loop exception handling mechanism.

[0186] This invention enables a consistent closed-loop control of signature status management, QR code entry, role access, signature credibility, status transfer, and freeze handling in regional medical referral signing processes. It improves process efficiency and data integrity while maintaining the WeChat mini-program QR code entry and the habit of signing at each level, and reduces process risks caused by abnormal access and expired QR codes.

[0187] The above description is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any equivalent substitutions or modifications made by those skilled in the art within the scope of the technology disclosed in the present invention, based on the technical solution and inventive concept of the present invention, should be covered within the scope of protection of the present invention.

Claims

1. A QR code-driven multi-role collaborative processing system for medical referrals, characterized in that, include: The instance modeling module is used to receive referral initiation requests, generate referral instance identifiers according to the referral business type, and construct a finite state machine containing multiple signature states for the referral instance according to the preset signature order. The QR code generation module is used to generate a status QR code based on the signature status of the referral instance. The status QR code includes a referral instance identifier, a signature status identifier, a set of allowed operation role identifiers, and an effective time parameter. The set of allowed operation role identifiers is calculated by an improved permission discrimination model. The QR code access module is used to receive QR code scanning requests, obtain the identity information of the scanning user and determine the corresponding role identifier. If the role identifier belongs to the set of allowed operation role identifiers recorded in the status QR code, and the valid time parameter corresponding to the status QR code meets the preset time condition, then the referral processing interface corresponding to the signature status is opened. The signature verification module is used to receive electronic signature requests in the referral processing interface, perform identity verification, medical institution verification, and signature status verification on the electronic signature requests, construct a signature relationship graph based on the signature participants' roles, calculate the credibility of the signature relationship graph, and generate corresponding signature records. The state transition module is used to calculate the state transition result of the referral instance based on the signature record, signature time distribution and historical state transition data, using an improved probabilistic semi-Markov model, and update the signature status of the referral instance in the finite state machine according to the state transition result. The QR code update module is used to terminate the access permission of the status QR code corresponding to the previous signature status after the signature status is updated, and to generate a new status QR code based on the updated signature status. The freeze control module is used to mark the referral instance as frozen and restrict the referral instance's signature operation permissions when it detects that the signature verification fails, the signature exceeds a preset time range, or the signature operation is rejected.

2. The QR code-driven multi-role collaborative processing system for medical referral as described in claim 1, characterized in that, The instance modeling module is specifically as follows: Receive a referral initiation request and obtain the referral service type; generate a referral instance identifier based on the referral service type and associate it with the referral information; Read the preset signature order and generate a signature node sequence, the signature node sequence including a signature status identifier set; A finite state machine is constructed based on the signature node sequence. The finite state machine includes multiple signature states and the state transition relationships between the signature states. An initial signature status identifier is written into the finite state machine, and the referral instance identifier is associated with the initial signature status identifier. Write a frozen state identifier into the finite state machine, and establish a trigger association between the frozen state identifier and the signature status verification failure, the signature exceeding the preset time range, or the signature rejection operation.

3. The QR code-driven multi-role collaborative processing system for medical referral as described in claim 1, characterized in that, The QR code generation module is specifically as follows: Obtain the referral instance identifier and signature status identifier; obtain the state transition relationship corresponding to the signature status identifier and extract the state transition legality constraints; The system acquires role characteristics and inputs them into an improved permission discrimination model. Based on the attention calculation of role characteristics, and combined with the signature status and state transition legality constraints, the system calculates the set of role identifiers that are allowed to operate. Obtain and write the valid time parameter; The referral instance identifier, signature status identifier, set of allowed operation role identifiers, and valid time parameter are encoded to generate a status QR code, and the status QR code is output.

4. A QR code-driven multi-role collaborative processing system for medical referrals according to claim 1, characterized in that, The improved permission determination model is as follows: Obtain character features and construct a character feature matrix, wherein the character feature matrix contains feature vectors corresponding to multiple character identifiers; Obtain the signature status identifier and map the signature status identifier to a status feature vector; Read the state transition relationship corresponding to the signature status identifier and construct a legality constraint matrix, wherein the legality constraint matrix contains the role identifier and the legality marker of the state transition relationship; Generate query vectors based on state feature vectors, and generate key vector matrices and value vector matrices based on role feature matrices; The attention score vector is obtained by performing a dot product operation on the query vector and the key vector matrix, and the constraint score vector is obtained by performing a mask operation on the attention score vector according to the legality constraint matrix. Normalize the constraint score vector to obtain the attention weight vector, and perform a weighted summation on the attention weight vector and the value vector matrix to obtain the attention output vector; The attention output vector and the state feature vector are concatenated to obtain a fusion vector, and a linear transformation and activation operation are performed on the fusion vector to obtain the role permission score vector. A threshold determination is performed on the role permission score vector to obtain the set of role identifiers that are allowed to operate.

5. A QR code-driven multi-role collaborative processing system for medical referrals according to claim 1, characterized in that, The QR code access module is specifically: Receive the QR code scanning request and parse the status QR code to obtain the referral instance identifier, signature status identifier, set of allowed operation role identifiers, and validity time parameter; Obtain the user's identity information and generate a user identity identifier; Obtain role identifiers based on user identity identifiers and generate a set of user role identifiers; Perform a time comparison on the valid time parameter. If the time comparison result meets the preset time condition, then perform a role comparison. Perform a set inclusion determination on the user role identifier set and the allowed operation role identifier set. If the set inclusion determination result meets the preset admission conditions, open the referral processing interface and write the referral instance identifier and signature status identifier into the referral processing interface session information. If the time comparison result does not meet the preset time condition or the set inclusion judgment result does not meet the preset admission condition, the access rejection result will be output and the referral processing interface opening operation will be terminated.

6. A QR code-driven multi-role collaborative processing system for medical referrals according to claim 1, characterized in that, The signature verification module is specifically as follows: Receive electronic signature requests and obtain referral instance identifier, signature status identifier, and user identity identifier; The medical institution identifier and role identifier are obtained based on the user's identity identifier, and the medical institution identifier is verified. Perform identity verification on the user's identity identifier and perform signature status verification on the signature status identifier; Obtain the signing participants and generate a set of signing participants. Construct a signing relationship graph based on the set of signing participants, wherein the signing relationship graph includes the association edges between role nodes. Get the character node features and write them into the character node features; get the associated edge features and write them into the associated edge features. The credibility calculation is performed on the signature relationship diagram to obtain the credibility result, and the credibility result is then subjected to threshold determination to obtain the credibility determination result; A signature record is generated when the medical institution verification, identity verification, and signature status verification meet the preset verification rules and the credibility judgment result meets the preset credibility conditions. The signature record includes a referral instance identifier, a signature status identifier, a user identity identifier, a medical institution identifier, a role identifier, and a signature timestamp. If the results of medical institution verification, identity verification, signature status verification, or credibility determination do not meet the preset conditions, output a signature rejection result and terminate the signature record generation operation.

7. A QR code-driven multi-role collaborative processing system for medical referrals according to claim 1, characterized in that, The state transition module is specifically: Obtain the signature record and extract the referral instance identifier, signature status identifier, and signature timestamp; Based on the referral instance identifier, historical status flow data is read and a status sequence is constructed, the status sequence including multiple signed status identifiers; Calculate the signature time distribution and generate a dwell time sequence based on the signature timestamp and status sequence; Obtain the semantic features of the signature and generate a semantic feature vector, wherein the semantic features of the signature include a signature operation type identifier and a signature result identifier; The signature status identifier, dwell time sequence, semantic feature vector and historical state transition data are input into the improved probabilistic semi-Markov model to calculate the state transition probability vector and generate the next signature status identifier. Update the signature status corresponding to the referral instance to the next signature status identifier and write it into the signature status change record of the finite state machine.

8. A QR code-driven multi-role collaborative processing system for medical referrals according to claim 1, characterized in that, The improved probabilistic semi-Markov model is specifically as follows: Obtain the signature status identifier and construct the state set; obtain the state transition relationship and construct the state transition matrix. Obtain the dwell time series and construct a duration set, then construct a duration distribution parameter set based on the duration set; Obtain the semantic features of the signature and construct a set of semantic feature vectors, wherein the set of semantic feature vectors includes vector codes corresponding to the signature operation type identifier and the signature result identifier; Based on the semantic features of the signature, a conditional update is performed on the duration distribution parameter set to generate a semantic condition parameter set; The state transition probability vector is calculated based on the state transition matrix and the set of semantic condition parameters. The next signature state identifier is obtained by performing the maximum probability selection on the state transition probability vector, and the next signature state identifier and the state transition probability vector are output.

9. A QR code-driven multi-role collaborative processing system for medical referrals according to claim 1, characterized in that, The QR code update module is specifically as follows: Receive signature status update instructions and obtain referral instance identifier, signature status identifier before update and signature status identifier after update; Based on the referral instance identifier and the signature status identifier before the update, locate the status QR code corresponding to the signature status before the update and read the status QR code identifier. Write an invalidation flag to the status QR code identifier and update the access control record corresponding to the status QR code identifier; Obtain the updated signature status identifier and, based on the updated signature status identifier, obtain the state transition legality constraints; Obtain role characteristics and input them into the improved permission discrimination model. Combine the updated signature status identifier and state transition legality constraints to calculate the set of role identifiers that are allowed to operate. Obtain and write the valid time parameter; The referral instance identifier, the updated signature status identifier, the set of allowed operation role identifiers, and the valid time parameter are encoded to generate a status QR code corresponding to the updated signature status, and the status QR code corresponding to the updated signature status is output.

10. A QR code-driven multi-role collaborative processing system for medical referrals according to claim 1, characterized in that, The freeze control module is specifically: Obtain the signature rejection result output by the signature verification module and extract the referral instance identifier, signature status identifier, and rejection reason identifier; Obtain the signature timestamp and perform time difference calculation between the signature timestamp and the valid time parameter. If the time difference calculation result does not meet the preset time condition, generate an expiration flag. Obtain the signature rejection operation identifier and perform a rejection judgment on the signature rejection operation identifier. If the rejection judgment result meets the preset rejection conditions, a rejection identifier is generated. Perform a freeze trigger determination on the rejection reason flag, timeout flag and rejection flag. If the freeze trigger determination result meets the preset freeze conditions, write the freeze status flag. Update the instance state record of the finite state machine based on the referral instance identifier and the frozen status identifier; Write the signature operation restriction identifier based on the referral instance identifier and update the access control record. The access control record includes the correspondence between the set of allowed operation role identifiers and the signature status identifier. Output the freeze result and terminate the signature record generation operation and the status transition operation.