Secure patient data in medical environments

US 10,614,914 B2
Filed: 10/27/2017
Issued: 04/07/2020
Est. Priority Date: 10/27/2017
Status: Active Grant

First Claim

Patent Images

1. A method for creating an authenticated connection between a monitoring device and a wireless vital sign device, the method comprising:

provisioning at least one wireless vital sign device with an encrypted patient blob;

transmitting a patient blob request to the at least one wireless vital sign device;

receiving a patient blob communication from the at least one wireless vital sign device, the patient blob communication including the encrypted patient blob; and

determining at least one patient identifier by decrypting the encrypted patient blob using a decryption key without receiving the decryption key from the at least one wireless vital sign device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A patient care environment includes a monitoring device and a vital sign device, where the vital sign device communicates patient vital sign data to the monitoring device. A site key, entity keys, and key combining algorithms are used to secure communications in the patient care environment. Neither the site key nor the entity keys are communicated between the monitoring device and the vital sign device. The monitoring device may use the site key and entity keys to decrypt encrypted messages that have been previously stored in the vital sign device and transmitted back to any monitoring device containing the correct set of site and entity keys. The site key and entity key may also be used during the discovery and/or connection operations between the monitoring device and the vital sign device to associate a wirelessly connected vital sign device with a patient record.

Citations

19 Claims

1. A method for creating an authenticated connection between a monitoring device and a wireless vital sign device, the method comprising:
- provisioning at least one wireless vital sign device with an encrypted patient blob;
  
  transmitting a patient blob request to the at least one wireless vital sign device;
  
  receiving a patient blob communication from the at least one wireless vital sign device, the patient blob communication including the encrypted patient blob; and
  
  determining at least one patient identifier by decrypting the encrypted patient blob using a decryption key without receiving the decryption key from the at least one wireless vital sign device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, further comprising:
    - displaying at least one patient identifier for at least one patient;
      
      receiving a selection of a patient;
      
      transmitting a request for vital sign data to the wireless vital sign device associated with the patient; and
      
      receiving vital sign data from the wireless vital sign device for the patient selected.
  - 3. The method according to claim 1, further comprising:
    - enabling a discovery mode on the monitoring device; and
      
      after enabling the discovery mode, receiving a communication from the wireless vital sign device and making an initial connection.
  - 4. The method according to claim 1, the encrypted patient blob including information identifying a patient or a device used to identify a specific patient, the information being used to associate vital sign data with a specific patient record.
  - 5. The method according to claim 4, wherein the wireless vital sign device lacks decryption keys used to decrypt the encrypted patient blob, and further comprising:
    - before provisioning the wireless vital sign device with the encrypted patient blob, generating the encrypted patient blob.
  - 6. The method according to claim 1, wherein decrypting the encrypted patient blob received from the wireless vital sign device includes:
    - acquiring a site key and an entity key;
      
      combining the site key and the entity key using one or more key-combining algorithms, thereby generating the decryption key; and
      
      decrypting the patient blob using the decryption key.
  - 7. The method according to claim 6, further comprising:
    - prompting a user to select a patient identifier from a list of patient identifiers; and
      
      upon selection of a single patient identifier, creating a communication connection to an associated vital sign device for receiving vital sign data.

8. A patient monitoring system, comprising:
- a wireless vital sign device, the wireless vital sign device including;
  
  a processing unit; and
  
  memory storing instructions that, when executed by the processing unit, cause the wireless vital sign device to;
  
  receive and store an encrypted patient blob;
  
  transmit the encrypted patient blob upon request;
  
  obtain vital sign data;
  
  transmit the vital sign data to a monitoring device; and
  
  the monitoring device, including;
  
  a monitoring device processing unit;
  
  monitoring device memory storing instructions that, when executed by the monitoring device processing unit, cause the monitoring device to;
  
  establish an initial connection to the wireless vital sign device;
  
  request an encrypted patient blob from the wireless vital sign device;
  
  receive an encrypted patient blob from the wireless vital sign device;
  
  receive the vital sign data from the wireless vital sign device; and
  
  without receiving decryption keys from an external source, determine at least one patient identifier included in the encrypted patient blob either by decrypting the encrypted patient blob or by determining a globally unique identifier included in the encrypted patient blob by obtaining the at least one patient identifier from a database.
- View Dependent Claims (9, 10)
- - 9. The patient monitoring system of claim 8, wherein the monitoring device memory further includes instructions that, when executed by the monitoring device processing unit, cause the monitoring device to:
    - display at least one patient identifier and the vital sign data; and
      
      receive confirmation that the patient identifier corresponds to a patient.
  - 10. The patient monitoring system according to claim 8, wherein the monitoring device memory further includes instructions that, when executed by the monitoring device processing unit, cause the monitoring device to:
    - enable a discovery mode on the monitoring device;
      
      after enabling the discovery mode, receive an advertisement communication from the wireless vital sign device.

11. A method for monitoring vital signs of a patient in a medical environment, the method comprising:
- provisioning a monitoring device with a site key and an entity key by obtaining the site key and the entity key, entering the site key and the entity key into the monitoring device, storing the site key and the entity key in persistent storage, and setting an expiration date for the site key;
  
  obtaining an identifier;
  
  encrypting the identifier into a patient blob;
  
  writing the patient blob to a vital sign device;
  
  establishing an initial connection to a vital sign device;
  
  transmitting a patient blob request to the vital sign device;
  
  receiving a patient blob transmission from the vital sign device;
  
  decrypting the patient blob using a decryption key, without receiving the decryption key from the vital sign device, wherein decrypting is used to determine the identifier;
  
  displaying the identifier;
  
  receiving a request to connect to the vital sign device;
  
  forming an authenticated connection with the vital sign device; and
  
  receiving a vital sign data packet from the vital sign device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method according to claim 11, wherein, the identifier includes patient identifying information to be used associating vital sign data with a patient record.
  - 13. The method according to claim 12, wherein the vital sign data are stored in a persistent patient record.
  - 14. The method according to claim 11, wherein encrypting the identifier comprises:
    - acquiring the site key and the entity key from a persistent storage;
      
      combining the site key and one or more entity keys using one or more key combining algorithms resulting in an encryption key;
      
      encrypting the identifier using an encryption algorithm and the encryption key.
  - 15. The method according to claim 11, further comprising:
    - determining that the site key needs to be replaced;
      
      obtaining a new site key;
      
      entering the new site key into the patient monitoring device;
      
      storing the new site key in long-term storage; and
      
      setting a new expiration date for the new site key.
  - 16. The method according to claim 15 further comprising:
    - removing the site key from the patient monitoring device after the expiration date;
      
      transmitting a vital sign data request to the vital sign device, wherein the vital sign data packet includes vital sign measurement data.
  - 17. The method according to claim 16, wherein establishing the initial connection includes determining a preferred vital sign device using out-of-band communication.
  - 18. The method according to claim 16, further comprising:
    - prompting a user to select a patient identifier from a list of patient identifiers; and
      
      upon selection of a single patient identifier, creating a communication connection to an associated vital sign device for receiving vital sign data.
  - 19. The method according to claim 11, further comprising:
    - receiving a request to transfer a patient and an associated vital sign device;
      
      encrypting the patient blob using a public key of a new department, thereby generating an encrypted patient blob;
      
      providing the encrypted patient blob to the new department;
      
      by the new department, decrypting the encrypted patient blob using a private key;
      
      encrypting the patient blob using the site key and the entity key of the new department; and
      
      after moving the patient and the associated vital sign device to the new department, provisioning the vital sign device with the encrypted patient blob.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Welch Allyn Incorporated
Original Assignee
Welch Allyn Incorporated
Inventors
Gondek, Cory R., Chung, Song Y., Mudge, Kenzi, Baker, Steven D.
Primary Examiner(s)
Zaidi, Syed A

Application Number

US15/796,323
Publication Number

US 20190130068A1
Time in Patent Office

893 Days
Field of Search

713171
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G16H 10/60   for patient-specific data, ...

G16H 40/67   for remote operation

H04L 2209/80   Wireless

H04L 2209/88   Medical equipments

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

Secure patient data in medical environments

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure patient data in medical environments

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links