Patient data hub

US 10,565,396 B2
Filed: 03/29/2017
Issued: 02/18/2020
Est. Priority Date: 03/30/2016
Status: Active Grant

First Claim

Patent Images

1. A patient data hub comprising:

a housing;

a first network interface disposed within the housing;

a second network interface disposed within the housing and associated with a security standard for communication with one or more trusted devices;

a first controller operably coupled to the first network interface;

a second controller operably coupled to the second network interface and the first controller; and

a tamper-evident device protecting the second controller,wherein the first controller is configured toreceive sensitive patient data via the first network interface, andtransmit the sensitive patient data to the second controller, andthe second controller is configured toreceive the sensitive patient data from the first controller,apply one or more security functions to secure the sensitive patient data according to the security standard associated with the second network interface to provide secured sensitive patient data,store the secured sensitive patient data in a data storage device,upon receiving a request for at least a portion of the secured sensitive patient data from a trusted device operably connected to the second network interface, provide the at least a portion of the secured sensitive patient data to the trusted device, andauthenticate an operator within a role prior to allowing the operator to execute any of a plurality of services associated with the role.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one example, the patient data hub includes a housing, a first network interface disposed within the housing, a second network interface disposed within the housing, a first controller coupled to the first network interface and a second controller coupled to the second network interface. The first controller is configured to receive sensitive patient data via the first network interface and to transmit the sensitive patient data to the second controller. The second controller is configured to receive the sensitive patient data from the first controller, to secure the sensitive patient data according to a security standard to provide secured sensitive patient data, and to store the secured sensitive patient data in a data storage device.

64 Citations

21 Claims

1. A patient data hub comprising:
- a housing;
  
  a first network interface disposed within the housing;
  
  a second network interface disposed within the housing and associated with a security standard for communication with one or more trusted devices;
  
  a first controller operably coupled to the first network interface;
  
  a second controller operably coupled to the second network interface and the first controller; and
  
  a tamper-evident device protecting the second controller,wherein the first controller is configured toreceive sensitive patient data via the first network interface, andtransmit the sensitive patient data to the second controller, andthe second controller is configured toreceive the sensitive patient data from the first controller,apply one or more security functions to secure the sensitive patient data according to the security standard associated with the second network interface to provide secured sensitive patient data,store the secured sensitive patient data in a data storage device,upon receiving a request for at least a portion of the secured sensitive patient data from a trusted device operably connected to the second network interface, provide the at least a portion of the secured sensitive patient data to the trusted device, andauthenticate an operator within a role prior to allowing the operator to execute any of a plurality of services associated with the role.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20, 21)
- - 2. The patient data hub of claim 1, wherein the tamper-evident device comprises at least one of a coat and a seal.
  - 3. The patient data hub of claim 1, further comprising an isolated interface and a security device protecting the second controller, wherein the security device is configured to zeroize critical security parameters in response detecting tampering and the second controller is configured to:
    - authenticate an operator'"'"'s identity prior to allowing the operator to execute any of a plurality of services associated with the operator; and
      
      allow external access to plaintext critical security parameters only through the isolated interface.
  - 4. The patient data hub of claim 3, wherein the security device surrounds the second controller and the second controller is configured to zeroize all critical security parameters in response to detecting transgression of one or more threshold values by one or more environmental conditions.
  - 5. The patient data hub of claim 4, wherein the one or more environmental conditions comprise current supplied to the second controller and a temperature of the second controller.
  - 6. The patient data hub of claim 5, further comprising the data storage device, wherein the data storage device is surrounded by the security device.
  - 7. The patient data hub of claim 1, wherein the security standard is compliant with at least one Federal Information Processing Standard security level.
  - 8. The patient data hub of claim 1, wherein the first controller is configured to synchronize chronological data elements of the sensitive patient data with reference to a time identified by the first controller.
  - 9. The patient data hub of claim 1, wherein the second controller is configured to receive configuration information, store the configuration information, and transmit the configuration information to the first controller.
  - 10. The patient data hub of claim 9, wherein the configuration information comprises information descriptive of at least one of a new device model, a new data type, and a new security function.
  - 20. The patient data hub of claim 1, wherein the trusted device comprises at least one computing device certified as being compliant with the security standard.
  - 21. The patient data hub of claim 1, wherein the second controller is configured to determine the one or more security functions to be applied to the sensitive patient data based upon the security standard associated with the second network interface.

11. A hospital information system comprising:
- at least one medical device;
  
  a trusted device; and
  
  a patient data hub comprisinga housing,a first network interface disposed within the housing and configured to be operably connected with the at least one medical device,a second network interface disposed within the housing and associated with a security standard for communication with one or more trusted devices, the second network interface configured to be operably connected with the trusted device,a first controller operably coupled to the first network interface,a second controller operably coupled to the second network interface and the first controller, anda tamper-evident device protecting the second controller,wherein the first controller is configured toreceive sensitive patient data via the first network interface, andtransmit the sensitive patient data to the second controller, andthe second controller is configured toreceive the sensitive patient data from the first controller,apply one or more security functions to secure the sensitive patient data according to the security standard associated with the second network interface to provide secured sensitive patient data,store the secured sensitive patient data in a data storage device,upon receiving a request for at least a portion of the secured sensitive patient data from the trusted device, provide the at least a portion of the secured sensitive patient data to the trusted device, andauthenticate an operator within a role prior to allowing the operator to execute any of a plurality of services associated with the role.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein the security standard is compliant with at least one Federal Information Processing Standard security level.
  - 13. The system of claim 11, wherein the first controller is configured to synchronize chronological data elements of the sensitive patient data with reference to a time identified by the first controller.
  - 14. The system of claim 11, wherein the second controller is configured to receive configuration information, store the configuration information, and transmit the configuration information to the first controller.
  - 15. The system of claim 14, wherein the configuration information comprises information descriptive of at least one of a new device model, a new data type, and a new security function.

16. A patient data module comprising:
- a substrate;
  
  a first network interface disposed upon the substrate;
  
  a second network interface disposed upon the substrate and associated with a security standard for communication with one or more trusted devices;
  
  a first controller operably coupled to the first network interface;
  
  a second controller operably coupled to the second network interface and the first controller; and
  
  a tamper-evident device protecting the second controller,wherein the first controller is configured toreceive sensitive patient data via the first network interface, andtransmit the sensitive patient data to the second controller, andthe second controller is configured toreceive the sensitive patient data from the first controller,apply one of more security functions to secure the sensitive patient data according to the security standard associated with the second network interface to provide secured sensitive patient data,store the secured sensitive patient data in a data storage device,upon receiving a request for at least a portion of the secured sensitive patient data from a trusted device operably connected to the second network interface, provide the at least a portion of the secured sensitive patient data to the trusted device, andauthenticate an operator within a role prior to allowing the operator to execute any of a plurality of services associated with the role.
- View Dependent Claims (17, 18, 19)
- - 17. The patient data module of claim 16, wherein the security standard is compliant with at least one Federal Information Processing Standard security level.
  - 18. The patient data module of claim 16, wherein the first controller is configured to synchronize chronological data elements of the sensitive patient data with reference to a time identified by the first controller.
  - 19. The patient data module of claim 16, wherein the second controller is configured to receive configuration information, store the configuration information, and transmit the configuration information to the first controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zoll Medical Corporation (Asahi Kasei Corporation)
Original Assignee
Zoll Medical Corporation (Asahi Kasei Corporation)
Inventors
Stever, Timothy F.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Sherkat, Arezoo

Application Number

US15/472,527
Publication Number

US 20170300715A1
Time in Patent Office

1,056 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 21/85   interconnection devices, e....

G16H 10/60   for patient-specific data, ...

H04L 63/0407   wherein the identity of one...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04W 12/02   Protecting privacy or anony...

Patient data hub

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Patient data hub

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links