System and method for providing multi-layered access control

US 10,726,148 B2
Filed: 08/19/2015
Issued: 07/28/2020
Est. Priority Date: 08/19/2015
Status: Active Grant

First Claim

Patent Images

1. A method to provide permissions for users from different organizations to access health information of cohort members while assuring privacy and security of the cohort members'"'"' health information deposited in a plurality of datasets having different commercial owners who control the access to the datasets they own, wherein the access is achieved via computing devices having a hardware processor communicatively connected to the plurality of datasets via a network, the method comprising the steps of:

defining, by the processor,an information policy including permissions set by the different commercial owners of each of the plurality of datasets for access to the health information and granularity of the health information in each of the plurality of the datasets,an organization policy including permissions derived from a plurality of licenses subscribed to by the respective organizations for accessing each of the plurality of datasets, anda user policy including account permissions selectively assigned to the users from each of the different organizations;

generating a master policy having access control permissions for access to each of the plurality of datasets for each of the users from each of the different organizations, wherein the master policy comprises the information policy, organization policy, and the user policy; and

in response to a request from the computing device of the users;

controlling, by the processor, access to the health information of the cohort members in the plurality of datasets based on the access control permissions of the master policy.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system to provide multi-layered access control for healthcare datasets are disclosed. The method comprises defining an information policy for each of healthcare datasets, wherein the information policy comprises information access permissions. Further, an organization policy is defined for each of the healthcare datasets, wherein the organization policy comprises license permissions for organizations accessing the healthcare datasets. Thereafter, a user account master policy is defined for each of the healthcare datasets, wherein the user account master policy comprises account permissions assigned to users of the organizations. Subsequently, a master user policy is generated for each of the users based on the information policy, the organization policy, the user account master policy, or a combination thereof, wherein the master user policy comprises access control permissions to provide each of the users access to the healthcare datasets.

Citations

17 Claims

1. A method to provide permissions for users from different organizations to access health information of cohort members while assuring privacy and security of the cohort members'"'"' health information deposited in a plurality of datasets having different commercial owners who control the access to the datasets they own, wherein the access is achieved via computing devices having a hardware processor communicatively connected to the plurality of datasets via a network, the method comprising the steps of:
- defining, by the processor,an information policy including permissions set by the different commercial owners of each of the plurality of datasets for access to the health information and granularity of the health information in each of the plurality of the datasets,an organization policy including permissions derived from a plurality of licenses subscribed to by the respective organizations for accessing each of the plurality of datasets, anda user policy including account permissions selectively assigned to the users from each of the different organizations;
  
  generating a master policy having access control permissions for access to each of the plurality of datasets for each of the users from each of the different organizations, wherein the master policy comprises the information policy, organization policy, and the user policy; and
  
  in response to a request from the computing device of the users;
  
  controlling, by the processor, access to the health information of the cohort members in the plurality of datasets based on the access control permissions of the master policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising a step of:
    - defining, by the processor, an administrator policy including permissions to control the information policy and the organization policy.
  - 3. The method of claim 2, wherein the administrator policy, the information policy, the organization policy, and the user policy have a hierarchical architecture.
  - 4. The method of claim 3, wherein each of the plurality of licenses is restricted by the information policy, and the user policy is restricted by the information policy and the license.
  - 5. The method of claim 1, further comprising a step of:
    - blocking, by the processor, the users from querying, via their respective computing device, the plurality of datasets based on the generated access control permissions.
  - 6. The method of claim 1, wherein the information policy further comprises at least one of a permission to explore meta-data, a permission to query data for aggregated results, a permission to query sensitive attributes, a permission to set protocol-based permissions, a permission to extract patient level data, and a permission to extract sensitive attributes.
  - 7. The method of claim 1, wherein each of the plurality of licenses comprises at least one of a permission to set a user account, a permission to set access restrictions, a permission to set access period, a permission to define refresh periods, a permission to define user limits, and a permission to define access tools.

8. A system to provide permissions for users from different organizations to access health information of cohort members while assuring privacy and security of the cohort members'"'"' health information deposited in a plurality of datasets having different commercial owners who control the access to the datasets they own, wherein the access is achieved via computing devices having a hardware processor communicatively connected to the plurality of datasets via a network, the system comprising:
- the processor configured to;
  
  definean information policy including permissions set by the different commercial owners of each of the plurality of datasets for access to the health information and granularity limits of the health information in each of the plurality of the datasets,an organization policy including permissions derived from a plurality of licenses subscribed to by the respective organizations for accessing each of the plurality of datasets, anda user policy including account permissions selectively assigned to the users from each of the different organizations;
  
  generate a master policy having access control permissions for access to each of the plurality of datasets for each of the users from each of the different organizations, wherein the master policy comprises the information policy, organization policy, and the user policy; and
  
  in response to a request from the computing device of the users;
  
  control access to the health information of the cohort members in the plurality of datasets based on the access control permissions of the master policy of the master policy.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the processor is further configured to define an administrator policy including permissions to control the information policy, and the organization policy.
  - 10. The system of claim 9, wherein the administrator policy, the information policy, the organization policy, and the user policy have a hierarchical architecture.
  - 11. The system of claim 10, wherein each of the plurality of licenses is restricted by the information policy, and the user policy is restricted by the information policy and the license.
  - 12. The system of claim 8, wherein the processor is further configured to block the users from querying, via their respective computing device, the plurality of datasets based on the generated access control permissions.
  - 13. The system of claim 8, wherein the information policy further comprises at least one of a permission to explore meta-data, a permission to query data for aggregated results, a permission to query sensitive attributes, a permission to set protocol-based permissions, a permission to extract patient level data, and a permission to extract sensitive attributes.
  - 14. The system of claim 8, wherein each of the plurality of licenses comprises at least one of a permission to set a user account, a permission to set access restrictions, a permission to set access period, a permission to define refresh periods, a permission to define user limits, and a permission to define access tools.

15. A method to provide permissions for users from different organizations to access health information of cohort members while assuring privacy and security of the cohort members'"'"' health information is deposited in a plurality of datasets having different commercial owners who control the access to the datasets they own, wherein the access is achieved via computing devices having a hardware processor communicatively connected to the plurality of datasets via a network, the method comprising the steps of:
- defining, by the processor,an information policy including permissions set by the different commercial owners of each of the plurality of datasets for access to the health information and granularity of the health information in each of the plurality of the datasets;
  
  an organization policy including permissions derived from a plurality of licenses subscribed to by the respective organizations for accessing each of the plurality of datasets;
  
  a user policy including account permissions selectively assigned to the users from each of the different organizations;
  
  generating a master policy having access control permissions for access to the plurality of datasets for each of the users from each of the different organizations, wherein the master policy comprises the information policy, organization policy, and the user policy;
  
  defining, by the processor, an administrator policy including permissions for control of the information policy, and the organization policy; and
  
  in response to a request from the computing device of the users;
  
  controlling, by the processor, access to the health information of the cohort members in the plurality of datasets based on the access control permissions of the master policy.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, further comprising a step of blocking, by the processor, the users from querying, via their respective computing device, the plurality of datasets based on the generated access control permissions.
  - 17. The method of claim 15, wherein the administrator policy, the information policy, the organization policy, and the user policy have a hierarchical architecture.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IQVIA, Inc. (IQVIA Holdings, Inc.)
Original Assignee
IQVIA, Inc. (IQVIA Holdings, Inc.)
Inventors
Hughes, Benjamin Alexander, Opel, Michael Carl Friedrich, Crandall, Braley B.
Primary Examiner(s)
Thai, Hanh B

Application Number

US14/830,220
Publication Number

US 20170053130A1
Time in Patent Office

1,805 Days
Field of Search

707781, 707786, 707803
US Class Current
CPC Class Codes

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 2221/032   Protect output to user by s...

G06F 2221/2141   Access rights, e.g. capabil...

G16H 10/60   for patient-specific data, ...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

System and method for providing multi-layered access control

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing multi-layered access control

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links