SYSTEM AND METHOD FOR PROVIDING MULTI-LAYERED ACCESS CONTROL

US 20170053130A1
Filed: 08/19/2015
Published: 02/23/2017
Est. Priority Date: 08/19/2015
Status: Active Grant

First Claim

Patent Images

1. A method to provide multi-layered access control for healthcare datasets, comprising:

defining an information policy for each of one or more healthcare datasets, wherein the information policy comprises one or more information access permissions;

defining an organization policy for each of the one or more healthcare datasets, wherein the organization policy comprises one or more license permissions for one or more organizations accessing the one or more healthcare datasets;

defining a user account master policy for each of the one or more healthcare datasets, wherein the user account master policy comprises one or more account permissions assigned to one or more users of the one or more organizations; and

generating a master user policy for each of the one or more users based on at least one of the information policy, the organization policy, the user account master policy, or a combination thereof, wherein the master user policy comprises one or more access control permissions to provide each of the one or more users access to the one or more healthcare datasets.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system to provide multi-layered access control for healthcare datasets are disclosed. The method comprises defining an information policy for each of healthcare datasets, wherein the information policy comprises information access permissions. Further, an organization policy is defined for each of the healthcare datasets, wherein the organization policy comprises license permissions for organizations accessing the healthcare datasets. Thereafter, a user account master policy is defined for each of the healthcare datasets, wherein the user account master policy comprises account permissions assigned to users of the organizations. Subsequently, a master user policy is generated for each of the users based on the information policy, the organization policy, the user account master policy, or a combination thereof, wherein the master user policy comprises access control permissions to provide each of the users access to the healthcare datasets.

Citations

20 Claims

1. A method to provide multi-layered access control for healthcare datasets, comprising:
- defining an information policy for each of one or more healthcare datasets, wherein the information policy comprises one or more information access permissions;
  
  defining an organization policy for each of the one or more healthcare datasets, wherein the organization policy comprises one or more license permissions for one or more organizations accessing the one or more healthcare datasets;
  
  defining a user account master policy for each of the one or more healthcare datasets, wherein the user account master policy comprises one or more account permissions assigned to one or more users of the one or more organizations; and
  
  generating a master user policy for each of the one or more users based on at least one of the information policy, the organization policy, the user account master policy, or a combination thereof, wherein the master user policy comprises one or more access control permissions to provide each of the one or more users access to the one or more healthcare datasets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - defining a master administrator policy, wherein the master administrator policy comprises one or more master permissions to control at least one of the information policy, the organization policy, or a combination thereof.
  - 3. The method of claim 1, further comprising:
    - receiving, from a user, a query to access data in at least one dataset from the one or more healthcare datasets;
      
      determining one or more access control permissions for the user based on the master user policy; and
      
      providing, to the user, access to the data based on the one or more access control permissions, wherein at least a part of the data is accessible to the user.
  - 4. The method of claim 3, further comprising:
    - blocking the user from querying the at least one dataset based on the determined one or more access control permissions.
  - 5. The method of claim 1, wherein the one or more information access permissions comprise at least one of a permission to explore meta-data, a permission to query data for aggregated results, a permission to query sensitive attributes, a permission to set granularity limits, a permission to set protocol-based permissions, a permission to extract patient level data, a permission to extract sensitive attributes, or a combination thereof.
  - 6. The method of claim 1, wherein the one or more license permissions comprise at least one of a permission to set a user account master, a permission to set access restrictions, a permission to set access period, a permission to define refresh periods, a permission to define user limits, a permission to define access tools, or a combination thereof.
  - 7. The method of claim 1, wherein the master administrator policy, the information policy, the organization policy, and the user account master policy have a hierarchical architecture.
  - 8. The method of claim 7, wherein the one or more license permissions of the organization policy are restricted by the one or more information permissions of the information policy, and the one or more account permissions of the user account master policy are restricted by the one or more information permissions and the one or more license permissions.

9. A system to provide multi-layered access control for healthcare datasets, comprising:
- an information module configured to define an information policy for each of one or more healthcare datasets, wherein the information policy comprises one or more information access permissions;
  
  an organization module configured to define an organization policy for each of the one or more healthcare datasets, wherein the organization policy comprises one or more license permissions for one or more organizations accessing the one or more healthcare datasets;
  
  a user account master module configured to define a user account master policy for each of the one or more healthcare datasets, wherein the user account master policy comprises one or more account permissions assigned to one or more users of the one or more organizations; and
  
  a user access module configured to generate a master user policy for each of the one or more users based on at least one of the information policy, the organization policy, the user account master policy, or a combination thereof, wherein the master user policy comprises one or more access control permissions to provide each of the one or more users access to the one or more healthcare datasets.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the user access module is further configured to define a master administrator policy, wherein the master administrator policy comprises one or more master permissions to control at least one of the information policy, the organization policy, or a combination thereof.
  - 11. The system of claim 9, further comprising an access control module configured to:
    - receive, from a user, a query to access data in at least one dataset from the one or more healthcare datasets;
      
      determine one or more access control permissions for the user based on the master user policy; and
      
      provide, to the user, access to the data based on the one or more access control permissions, wherein at least a part of the data is provided to the user.
  - 12. The system of claim 11, wherein the access control module is further configured to block the user from querying the at least one dataset based on the determined one or more access control permissions.
  - 13. The system of claim 9, wherein the one or more information access permissions comprise at least one of a permission to explore meta-data, a permission to query data for aggregated results, a permission to query sensitive attributes, a permission to set granularity limits, a permission to set protocol-based permissions, a permission to extract patient level data, a permission to extract sensitive attributes, or a combination thereof.
  - 14. The system of claim 9, wherein the one or more license permissions comprise at least one of a permission to set a user account master, a permission to set access restrictions, a permission to set access period, a permission to define refresh periods, a permission to define user limits, a permission to define access tools, or a combination thereof.
  - 15. The system of claim 9, wherein the master administrator policy, the information policy, the organization policy, and the user account master policy have a hierarchical architecture.
  - 16. The system of claim 15, wherein the one or more license permissions of the organization policy are restricted by the one or more information permissions of the information policy, and the one or more account permissions of the user account master policy are restricted by the one or more information permissions and the one or more license permissions.

17. A method to provide multi-layered access control for healthcare datasets, comprising:
- defining an information policy for each of one or more healthcare datasets, wherein the information policy comprises one or more information access permissions;
  
  defining an organization policy for each of the one or more healthcare datasets, wherein the organization policy comprises one or more license permissions for one or more organizations accessing the one or more healthcare datasets;
  
  defining a user account master policy for each of the one or more healthcare datasets, wherein the user account master policy comprises one or more account permissions assigned to one or more users of the one or more organizations;
  
  generating a master user policy for each of the one or more users based on at least one of the information policy, the organization policy, the user account master policy, or a combination thereof, wherein the master user policy comprises one or more access control permissions to provide each of the one or more users access to the one or more healthcare datasets; and
  
  defining a master administrator policy, wherein the master administrator policy comprises one or more master permissions for control of at least one of the information policy, the organization policy, or a combination thereof.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - receiving, from a user, a query to access data in at least one dataset from the one or more healthcare datasets;
      
      determining one or more access control permissions for the user based on the master user policy; and
      
      providing, to the user, access to the data based on the one or more access control permissions, wherein at least a part of the data is provided to the user.
  - 19. The method of claim 18, further comprising blocking the user from querying the at least one dataset based on the determined one or more access control permissions.
  - 20. The method of claim 17, wherein the master administrator policy, the information policy, the organization policy, and the user account master policy have a hierarchical architecture.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IQVIA, Inc. (IQVIA Holdings, Inc.)
Original Assignee
IMS Health Incorporated (IQVIA Holdings, Inc.)
Inventors
Hughes, Benjamin Alexander, Opel, Michael Carl Friedrich, Crandall, Braley B.

Granted Patent

US 10,726,148 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 2221/032   Protect output to user by s...

G06F 2221/2141   Access rights, e.g. capabil...

G16H 10/60   for patient-specific data, ...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

SYSTEM AND METHOD FOR PROVIDING MULTI-LAYERED ACCESS CONTROL

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PROVIDING MULTI-LAYERED ACCESS CONTROL

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links