ESTABLISHING PATIENT CONSENT ON BEHALF OF A THIRD PARTY

US 20090327297A1
Filed: 06/27/2008
Published: 12/31/2009
Est. Priority Date: 06/27/2008
Status: Active Grant

First Claim

Patent Images

1. A method managing access to an electronic medical record, comprising:

assigning a master-application-identification-code to a clinical system;

associating a privacy statement of the clinical system with the master-application-identification-code;

receiving a child-code-generation-request from the clinical system on behalf of a healthcare provider, the child-code-generation-request specifying the master-application-identification-code assigned to the clinical system and a provider identifier identifying the healthcare provider;

associating the child-application-identification-code with the provider identifier and the privacy statement of the clinical system;

receiving an access request from the clinical system on behalf of the healthcare provider, the access request specifying the child-application-identification-code;

requesting patient approval of the access request by presenting to the patient;

the provider identifier and the privacy statement associated with the child-application-identification-code;

receiving a request response from the patient, the request response including an approval of the access request or a denial of the access request by the patient; and

permitting the healthcare provider associated with the child-application-identification-code to access the electronic medical record of the patient only after the request response including the approval of the access request is received from the patient.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A database system, which stores electronic medical records, may assign a child-application-identification-code to a healthcare provider via a clinical system intermediary acting on behalf of the healthcare provider. The database system may associate the child-application-identification-code assigned to the healthcare provider with a privacy statement and terms of use associated with the clinical system. The privacy statement and terms of use may be presented to the patient when the patient is prompted by the database system to approve or deny a request by the healthcare provider to access the electronic medical record of the patient stored at the database system.

51 Citations

View as Search Results

20 Claims

1. A method managing access to an electronic medical record, comprising:
- assigning a master-application-identification-code to a clinical system;
  
  associating a privacy statement of the clinical system with the master-application-identification-code;
  
  receiving a child-code-generation-request from the clinical system on behalf of a healthcare provider, the child-code-generation-request specifying the master-application-identification-code assigned to the clinical system and a provider identifier identifying the healthcare provider;
  
  associating the child-application-identification-code with the provider identifier and the privacy statement of the clinical system;
  
  receiving an access request from the clinical system on behalf of the healthcare provider, the access request specifying the child-application-identification-code;
  
  requesting patient approval of the access request by presenting to the patient;
  
  the provider identifier and the privacy statement associated with the child-application-identification-code;
  
  receiving a request response from the patient, the request response including an approval of the access request or a denial of the access request by the patient; and
  
  permitting the healthcare provider associated with the child-application-identification-code to access the electronic medical record of the patient only after the request response including the approval of the access request is received from the patient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, where the provider identifier includes a name of the healthcare provider.
  - 3. The method of claim 2, further comprising, associating the child-application-identification-code with a clinical system identifier identifying the clinical system;
    - and where requesting patient approval of the access request further includes presenting the clinical system identifier to the patient along with the provider identifier and the privacy statement associated with the child-application-identification-code.
  - 4. The method of claim 1, further comprising, returning the child-application-identification-code to the clinical system via an application programming interface in response to receiving the child-code-generation-request.
  - 5. The method of claim 1, further comprising, associating the child-application-identification-code with a service agreement of the clinical system;
    - and where requesting patient approval of the access request further includes presenting the service agreement to the patient along with the provider identifier and the privacy statement associated with the child-application-identification-code.
  - 6. The method of claim 1, where the child-code-generation-request is received from the clinical system via an application programming interface.
  - 7. The method of claim 1, where the healthcare provider associated with the child-application-identification-code is permitted to access the electronic medical record of the patient via an application programming interface only after the request response including the approval of the access request is received from the patient.
  - 8. The method of claim 1, where the access request further specifies medical information to be accessed at the electronic medical record by the healthcare provider upon approval of the access request by the patient;
    - where requesting patient approval of the access request further includes presenting the medical information identifier specified the access request to the patient; and
      
      where permitting the healthcare provider to access the electronic medical record of the patient further includes permitting the healthcare provider to access only the medical information identified by the medical information identifier only after the approval of the access request is received from the patient.
  - 9. The method of claim 8, where the access request further specifies an action identifier identifying at least one of a reading action and a writing action to be performed by the healthcare provider with respect to the medical information identified by the medical information identifier upon accessing the electronic medical record of the patient;
    - where requesting patient approval of the access request further includes presenting the action identifier specified by the access request to the patient; and
      
      where permitting the healthcare provider to access the electronic medical record of the patient further includes permitting the healthcare provider to access the medical information identified by the medical information identifier in accordance with the action identifier specified by the access request.

10. A database system, comprising:
- a data store configured to store an electronic medical record of a patient;
  
  a processing subsystem configured to execute instructions; and
  
  computer readable storage media comprising instructions executable by the processing subsystem to;
  
  assign a master-application-identification-code to a clinical system;
  
  associate a privacy statement of the clinical system with the master-application-identification-code;
  
  receive a child-code-generation-request from the clinical system on behalf of a healthcare provider, the child-code-generation-request specifying the master-application-identification-code assigned to the clinical system and a provider identifier identifying the healthcare provider;
  
  associate the child-application-identification-code with the provider identifier and the privacy statement of the clinical system;
  
  receive an access request from the clinical system on behalf of the healthcare provider, the access request specifying the child-application-identification-code;
  
  request patient approval of the access request by presenting to the patient;
  
  the provider identifier and the privacy statement associated with the child-application-identification-code;
  
  receive a request response from the patient, the request response including an approval of the access request or a denial of the access request by the patient; and
  
  permit the healthcare provider associated with the child-application-identification-code to access the electronic medical record of the patient only after the request response including the approval of the access request is received from the patient.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The database system of claim 10, where the computer readable storage media further comprises instructions executable by the processing subsystem to:
    - expose an application programming interface to the clinical system by which the child-code-generation-request is received from the clinical system.
  - 12. The database system of claim 11, where the computer readable storage media further comprises instructions executable by the processing subsystem to:
    - submit the child-application-identification-code to the clinical system via the application programming interface upon receiving the child-code-generation-request.
  - 13. The database system of claim 10, where the computer readable storage media further comprises instructions executable by the processing subsystem to:
    - expose an application programming interface to the clinical system by which the access request is received from the clinical system.
  - 14. The database system of claim 13, where the computer readable storage media further comprises instructions executable by the processing subsystem to:
    - permit the healthcare provider to access the electronic medical record of the patient via the application programming interface only after the request response including the approval of the access request is received from the patient.
  - 15. The database system of claim 10, where the computer readable storage media further comprises instructions executable by the processing subsystem to:
    - expose a patient interface to the patient by which the request response is received from the patient.
  - 16. The database system of claim 15, where the computer readable storage media further comprises instructions executable by the processing subsystem to:
    - presenting the provider identifier and the privacy statement to the patient via the patient interface.
  - 17. The database system of claim 15, where the patient interface includes a webpage.
  - 18. The database system of claim 10, where the computer readable storage media further comprises instructions executable by the processing subsystem to:
    - associate the child-application-identification-code with a service agreement of the clinical system; and
      
      present the service agreement of the clinical system to the patient along with the provider identifier and the privacy statement associated with the child-application-identification-code.

19. A method of managing access to an electronic medical record, comprising:
- receiving a master-code-generation-request from a clinical system via an application programming interface, the master-code-generation-request including a privacy statement and a service agreement;
  
  assigning a master-application-identification-code to the clinical system upon receiving the master-code-generation-request;
  
  associating the privacy statement and the service agreement with the master-application-identification-code;
  
  receiving a child-code-generation-request from the clinical system on behalf of a healthcare provider via the application programming interface, the child-code-generation-request specifying the master-application-identification-code assigned to the clinical system and a provider identifier identifying the healthcare provider;
  
  associating the child-application-identification-code with the provider identifier, the privacy statement, and the service agreement;
  
  receiving an access request from the clinical system on behalf of the healthcare provider via the application programming interface, the access request specifying the child-application-identification-code;
  
  requesting patient approval of the access request by presenting the provider identifier, the privacy statement, and the service agreement associated with the child-application-identification-code to the patient via a patient interface;
  
  receiving a request response from the patient via the patient interface, the request response including an approval of the access request or a denial of the access request by the patient; and
  
  permitting the healthcare provider associated with the child-application-identification-code to access the electronic medical record of the patient via the application programming interface only after the request response including the approval of the access request is received from the patient via the patient interface.
- View Dependent Claims (20)
- - 20. The method of claim 19, where the access request further specifies a medical information identifier identifying medical information to be accessed at the electronic medical record by the healthcare provider and an action identifier identifying at least one of a reading action and a writing action to be performed by the healthcare provider with respect to the medical information upon accessing the electronic medical record of the patient;
    - where requesting patient approval of the access request further includes presenting the medical information identifier and the action identifier to the patient via the patient interface; and
      
      where permitting the healthcare provider to access the medical record further includes permitting the healthcare provider to access only the medical information at the electronic medical record identified by the medical information identifier in accordance with the action identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hoof, Hubert Van, Nolan, Sean, Stokes, Michael, Deobhakta, Kalpita

Granted Patent

US 8,024,273 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

G16H 10/60 for patient-specific data, ...

ESTABLISHING PATIENT CONSENT ON BEHALF OF A THIRD PARTY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ESTABLISHING PATIENT CONSENT ON BEHALF OF A THIRD PARTY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links