System and method for privacy management

US 20060184455A1
Filed: 02/10/2006
Published: 08/17/2006
Est. Priority Date: 02/11/2005
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for managing access to a patient'"'"'s protected health information (PHI) within a healthcare domain, comprising:

(i) providing a user identity for each user;

(ii) providing a patient identity for each patient;

(iii) for each patient'"'"'s patient identity, associating at least one user'"'"'s user identity with the patient'"'"'s circle-of-care;

(iv) for each user request for access to the patient'"'"'s PHI, determining access based on whether the user'"'"'s user identity is associated with the patient'"'"'s circle-of-care.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is disclosed a system and method for managing the privacy of a patient'"'"'s PHI within a medical/healthcare domain (e.g. within a healthcare institution or organization). More generally, listing of a caregiver or assistant in a patient'"'"'s circle-of-care is managed by a circle-of-care manager that tracks the names and any aliases for any caregivers/assistants, as well as the name and any aliases of the patient, throughout the medical/healthcare domain. Using a set of hierarchical rules determining access restrictions, the circle-of-care list is updated by the circle-of-care manager to reflect any changes in membership. Within the circle-of-care list, multi-level permissions and restrictions may be assigned to each caregiver/assistant, depending on the level of access required. Permissions and/or restrictions may be time-limited to expire automatically.

Citations

35 Claims

1. A computer-implemented method for managing access to a patient'"'"'s protected health information (PHI) within a healthcare domain, comprising:
- (i) providing a user identity for each user;
  
  (ii) providing a patient identity for each patient;
  
  (iii) for each patient'"'"'s patient identity, associating at least one user'"'"'s user identity with the patient'"'"'s circle-of-care;
  
  (iv) for each user request for access to the patient'"'"'s PHI, determining access based on whether the user'"'"'s user identity is associated with the patient'"'"'s circle-of-care.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 further comprising, for each user request for access, specifying a subset of the patient'"'"'s PHI to which access is requested.
  - 3. The method of claim 1 further comprising, for each user request for access, specifying the user'"'"'s role and a reason for access to the patient'"'"'s PHI.
  - 4. The method of claim 1 further comprising, for each user request for access, specifying a timeframe for access to the patient'"'"'s PHI.
  - 5. The method of claim 1 further comprising, in response to each user request for access, processing at least one applicable rule within a rules engine and outputting an access ruling which is one of a full permission, a partial permission, and a restriction.
  - 6. The method of claim 5, further comprising processing at least one applicable rule based on laws and regulations governing the healthcare domain jurisdiction.
  - 7. The method of claim 6, further comprising processing at least one applicable rule based on organizational policies and procedures for the healthcare domain.
  - 8. The method of claim 7, further comprising processing at least one applicable rule based on clinical context object workgroup (CCOW) standards.
  - 9. The method of claim 5 further comprising outputting an explanation for the access ruling based on the at least one applicable rule applied.
  - 10. The method of claim 1 further comprising storing the patient'"'"'s PHI in a relational database and associating with the patient'"'"'s PHI at least one level of user clearance required to access the patient'"'"'s PHI.
  - 11. The method of claim 10 further comprising associating with each level of user clearance a list of permissions, the list of permissions including at least one of access, update, create, delete and disclose.
  - 12. The method of claim 1 further comprising storing the patient'"'"'s PHI in a relational database and associating with a subset of the patient'"'"'s PHI a level of user clearance required to access the subset of the patient'"'"'s PHI.
  - 13. The method of claim 1 further comprising operating at least one circle-of-care node, each circle-of-care node including a circle-of-care list for associating at least one user'"'"'s user identity with the patient'"'"'s circle-of-care.
  - 14. The method of claim 13 further comprising searching each circle-of-care list of the least one other circle-of-care node to identify any multiple aliases for a user identity, and upon detection of multiple aliases for a user identity, associating the multiple aliases with a patient'"'"'s circle-of-care.
  - 15. The method of claim 14, further comprising operating the at least one circle-of-care node as a web-based server, and permitting communications with each circle-of-care list from any user system within the healthcare domain.

16. A system for managing access to a patient'"'"'s protected health information (PHI) within a healthcare domain, comprising:
- means for providing a user identity for each user;
  
  means for providing a patient identity for each patient;
  
  means for associating at least one user'"'"'s user identity with the patient'"'"'s circle-of-care for each patient'"'"'s patient identity;
  
  means for determining, for each user request for access to the patient'"'"'s PHI, access based on whether the user'"'"'s user identity is associated with the patient'"'"'s circle-of-care.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 17. The system of claim 16 further comprising means for specifying, for each user request for access, a subset of the patient'"'"'s PHI to which access is requested.
  - 18. The system of claim 16 further comprising means for specifying, for each user request for access, the user'"'"'s role and a reason for access to the patient'"'"'s PHI.
  - 19. The system of claim 16 further comprising means for specifying, for each user request for access, a timeframe for access to the patient'"'"'s PHI.
  - 20. The system of claim 16 further comprising:
    - means for processing, in response to each user request for access, at least one applicable rule within a rules engine; and
      
      means for outputting an access ruling which is one of a full permission, a partial permission, and a restriction.
  - 21. The system of claim 20, further comprising means for processing at least one applicable rule based on laws and regulations governing the healthcare domain jurisdiction.
  - 22. The system of claim 21, further comprising means for processing at least one applicable rule based on organizational policies and procedures for the healthcare domain.
  - 23. The system of claim 22, further comprising means for processing at least one applicable rule based on clinical context object workgroup (CCOW) standards.
  - 24. The system of claim 20 further comprising means for outputting an explanation for the access ruling based on the at least one applicable rule applied.
  - 25. The system of claim 16 further comprising means for storing the patient'"'"'s PHI in a relational database and associating with the patient'"'"'s PHI at least one level of user clearance required to access the patient'"'"'s PHI.
  - 26. The system of claim 25 further comprising means for associating with each level of user clearance a list of permissions, the list of permissions including at least one of access, update, create, delete and disclose.
  - 27. The system of claim 16 further comprising:
    - means for storing the patient'"'"'s PHI in a relational database; and
      
      means for associating with a subset of the patient'"'"'s PHI a level of user clearance required to access the subset of the patient'"'"'s PHI.
  - 28. The system of claim 16 further comprising means for operating at least one circle-of-care node, each circle-of-care node including a circle-of-care list for associating at least one user'"'"'s user identity with the patient'"'"'s circle-of-care.
  - 29. The system of claim 28 further comprising:
    - means for searching each circle-of-care list of the least one other circle-of-care node to identify any multiple aliases for a user identity; and
      
      means for associating, upon detection of multiple aliases for a user identity, the multiple aliases with a patient'"'"'s circle-of-care.
  - 30. The system of claim 29, further comprising:
    - means for operating the at least one circle-of-care node as a web-based server; and
      
      means for communicating with each circle-of-care list from any user system within the healthcare domain.
  - 31. The system of claim 30, wherein the means for communicating comprises an extensible message format.
  - 32. The system of claim 31, wherein the extensible message format is extensible markup language (XML).
  - 33. The system of claim 16, wherein the means for associating the at least one user'"'"'s user identity with the patient'"'"'s circle-of-care comprises a circle-of-care node having data storage components, the data storage components including:
    - a directory database, the directory database including the user identity for each user;
      
      a relational database, the relational database including patients'"'"' PHI;
      
      a rules database, the rules database including applicable access rules; and
      
      a configuration database, the configuration database including information about the circle-of-care node and other circle-of-care nodes.
  - 34. The system of claim 16, wherein the means for associating the at least one user'"'"'s user identity with the patient'"'"'s circle-of-care comprises a circle-of-care node having computational components, the computational components including:
    - a rules engine, the rules engine including at least one applicable rule based on legal requirements, organizational policies, patient restrictions and consents, the role of the user, and accumulated circle-of-care records;
      
      a reporting engine, the reporting engine configured to provide reports on queries received by the circle-of-care node; and
      
      an analysis engine, the analysis engine configured to analyze incoming messages to extract necessary information for associating a user identity to a patient'"'"'s circle-of-care.
  - 35. The system of claim 16, wherein the means for associating the at least one user'"'"'s user identity with the patient'"'"'s circle-of-care comprises a circle-of-care node having communication components, the communication components including:
    - a security layer, the security layer configured to implement node authentication and encryption;
      
      a network server, the network server for supporting a network communication interface;
      
      a directory query, the directory query configured to query external user directories via the network communication interface, and a node query, the node query configured to query other circle-of-care nodes via the network communication interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Steven P. Meyer, Terrance Callahan
Original Assignee
Steven P. Meyer, Terrance Callahan
Inventors
Callahan, Terrance, Meyer, Steven P.

Application Number

US11/350,748
Publication Number

US 20060184455A1
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 10/10   Office automation; Time man...

G06Q 20/3674   involving authentication

G16H 10/60   for patient-specific data, ...

System and method for privacy management

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for privacy management

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links