Data driven schema for patient data exchange system

US 10,147,502 B2
Filed: 10/10/2016
Issued: 12/04/2018
Est. Priority Date: 08/21/2013
Status: Active Grant

First Claim

Patent Images

1. A data warehouse system, the system comprising:

at least one processing circuitry configured to;

encapsulate, within a respective metadata envelope, each data record from a set of data records for a clinical study by;

adding, to the metadata envelope, at least one class component that defines the clinical study;

adding, to the metadata envelope, at least one domain component that defines details of a subject within the clinical study;

adding, to the metadata envelope, at least one variable component that defines data gathered during the clinical study;

adding, to the metadata envelope, at least one privacy component that defines usage safeguards on access to the data record; and

adding, to the metadata envelope, at least one security component that defines protection from security threats;

receive a request for a particular data record from the set of clinical study data records from a subscriber interface;

determine whether the subscriber interface satisfies the protection from security threats as defined in the security component of the particular data record;

transmit, in response to determining that the subscriber interface satisfies the protection from security threats;

the encapsulated particular data record to the subscriber interface;

receive a request for an authorization token from the subscriber interface and for the encapsulated particular data record;

verify trust of the subscriber interface;

in response to verifying trust, create the authorization token, the authorization token providing an access right to the encapsulated particular data, wherein the authorization token is created dependent upon attributes of the metadata components and the subscriber interface, andtransmit the authorization token to the subscriber interface to apply to the encapsulated particular data for access thereto.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A patient data exchange system comprises at least one device. Each of the devices implements an interface. When a device in the patient data exchange system publishes patient data, the device generates a metadata envelope that encapsulates the patient data. The metadata envelope conforms to a schema that defines allowable metadata attributes of the metadata envelope. When a device in the patient data exchange system receives a metadata envelope that conforms to the schema, the device determines, based at least in part on a metadata attribute of the metadata envelope, a particular patient data handling policy to apply to patient data encapsulated by the metadata envelope. In some instances, the metadata attribute indicates that authorization is required from an authorization service to access the patient data encapsulated by the metadata envelope.

Citations

20 Claims

1. A data warehouse system, the system comprising:
- at least one processing circuitry configured to;
  
  encapsulate, within a respective metadata envelope, each data record from a set of data records for a clinical study by;
  
  adding, to the metadata envelope, at least one class component that defines the clinical study;
  
  adding, to the metadata envelope, at least one domain component that defines details of a subject within the clinical study;
  
  adding, to the metadata envelope, at least one variable component that defines data gathered during the clinical study;
  
  adding, to the metadata envelope, at least one privacy component that defines usage safeguards on access to the data record; and
  
  adding, to the metadata envelope, at least one security component that defines protection from security threats;
  
  receive a request for a particular data record from the set of clinical study data records from a subscriber interface;
  
  determine whether the subscriber interface satisfies the protection from security threats as defined in the security component of the particular data record;
  
  transmit, in response to determining that the subscriber interface satisfies the protection from security threats;
  
  the encapsulated particular data record to the subscriber interface;
  
  receive a request for an authorization token from the subscriber interface and for the encapsulated particular data record;
  
  verify trust of the subscriber interface;
  
  in response to verifying trust, create the authorization token, the authorization token providing an access right to the encapsulated particular data, wherein the authorization token is created dependent upon attributes of the metadata components and the subscriber interface, andtransmit the authorization token to the subscriber interface to apply to the encapsulated particular data for access thereto.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the system is further configured to provide a security authorization service and wherein the at least one privacy component includes an identification of the security authorization service.
  - 3. The system of claim 2, wherein the security authorization service is configured to receive encrypted authorization data from the subscriber interface.
  - 4. The system of claim 3, wherein the security authorization service is further configured to determine whether the subscriber interface satisfies the protection from security threats as defined in the security component of the particular data record by decrypting the encrypted authorization data.
  - 5. The system of claim 1, wherein the at least one privacy component indicates a type of consent given by a patient regarding sharing of the particular set of patient data.
  - 6. The system of claim 1, wherein the at least one privacy component indicates a country in which consent was given by a patient regarding sharing of the particular set of patient data.
  - 7. The system of claim 1, wherein the at least one processing circuitry is further configured to share schema information about the metadata envelopes.
  - 8. The system of claim 1, wherein the at least one processing circuitry is further configured to modify the schema information about the metadata envelopes in response to a change to requirements to privacy or security.
  - 9. The system of claim 1, wherein the at least one security component specifies whether the set of data records are to be encrypted by the subscriber interface when the data is at rest.
  - 10. The system of claim 9, wherein the at least one security component specifies the type of encryption to be used by the subscriber interface when the data is at rest.

11. A method for use with a data warehouse system having at least one processing circuitry, the method comprising:
- using the at least one processing circuitry to;
  
  encapsulate, within a respective metadata envelope, each data record from a set of data records for a clinical study by;
  
  adding, to the metadata envelope, at least one class component that defines the clinical study;
  
  adding, to the metadata envelope, at least one domain component that defines details of a subject within the clinical study;
  
  adding, to the metadata envelope, at least one variable component that defines data gathered during the clinical study;
  
  adding, to the metadata envelope, at least one privacy component that defines usage safeguards on access to the data record; and
  
  adding, to the metadata envelope, at least one security component that defines protection from security threats;
  
  receive a request for a particular data record from the set of clinical study data records from a subscriber interface;
  
  determine whether the subscriber interface satisfies the protection from security threats as defined in the security component of the particular data record;
  
  transmit, in response to determining that the subscriber interface satisfies the protection from security threats;
  
  the encapsulated particular data record to the subscriber interface;
  
  receive a request for an authorization token from the subscriber interface and for the encapsulated particular data record;
  
  verify trust of the subscriber interface;
  
  in response to verifying trust, create the authorization token, the authorization token providing an access right to the encapsulated particular data, wherein the authorization token is created dependent upon attributes of the metadata components and the subscriber interface, andtransmit the authorization token to the subscriber interface to apply to the encapsulated particular data for access thereto.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the at least one privacy component includes an identification of a security authorization service.
  - 13. The method of claim 12, further comprising receiving, by the security authorization service, encrypted authorization data from the subscriber interface.
  - 14. The method of claim 13, further comprising determining, by the security authorization service, whether the subscriber interface satisfies the protection from security threats as defined in the security component of the particular data record by decrypting the encrypted authorization data.
  - 15. The method of claim 11, wherein the at least one privacy component indicates a type of consent given by a patient regarding sharing of the particular set of patient data.
  - 16. The method of claim 11, wherein the at least one privacy component indicates a country in which consent was given by a patient regarding sharing of the particular set of patient data.
  - 17. The method of claim 11, further comprising sharing, using the at least one processing circuitry and with subscriber interfaces, schema information about the metadata envelopes.
  - 18. The method of claim 11, further comprising modifying, using the at least one processing circuitry, the schema information about the metadata envelopes in response to a change to requirements to privacy or security.
  - 19. The method of claim 11, wherein the at least one security component specifies whether the set of data records are to be encrypted by the subscriber interface when the data is at rest.
  - 20. The method of claim 19, wherein the at least one security component specifies the type of encryption to be used by the subscriber interface when the data is at rest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Medtronic Incorporated (Medtronic Plc)
Original Assignee
Medtronic Incorporated (Medtronic Plc)
Inventors
Paffel, Timothy D., Harding, William C.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/289,655
Publication Number

US 20170098041A1
Time in Patent Office

785 Days
Field of Search
US Class Current
CPC Class Codes

G16H 10/60   for patient-specific data, ...

G16Z 99/00   Subject matter not provided...

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Data driven schema for patient data exchange system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data driven schema for patient data exchange system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links