Context management with audit capability

US 6,941,313 B2
Filed: 12/11/2001
Issued: 09/06/2005
Est. Priority Date: 12/11/2000
Status: Expired due to Fees

- Alert
- Pin

First Claim

Patent Images

1. In a system comprising at least two software applications, a context manager which facilitates a sharing of a context among the at least two software applications in accordance with the Clinical Context Object Workgroup (CCOW) standard, a centralized database accessible to the context manager, and an auditor which provides an interface to enable the extraction of information from the centralized database relating to attempts to access patient data by the at least two software applications, a method comprising acts of:

(A) storing, in the centralized database, information relating to attempts to access patient data by the at least two software applications; and

(B) extracting, by the auditor, at least some of the information stored in the centralized database relating to attempts to access patient data by the at least two software applications, the at least some of the information being suitable for making an assessment as to compliance with at least one provision of the Health Insurance Portability and Accountability Act (HIPPA).

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A context management framework is given that provides in various embodiments, numerous advantages over previously-existing systems. In some instances, an architecture having a centralized storage location coupled to a context manager is provided for servicing and logging context events from a plurality of sources. This type of system uses a synchronization scheme to perform orderly storage and retrieval of data to and from the centralized storage location. In other instances, information stored in the centralized storage location or signals from the context manager are used to achieve an auditing capability for reviewing and acting on context data events and gestures. Selective blocking or allowance of impending context gestures or data-access events is accomplished based on a rule set or lookup table containing rules or other data to make such access-control decisions. Access to private data and other security measures may thus be implemented using the teachings presented herein. Furthermore, a communication paradigm, using a Web-proxy, which identifies ordinarily-unidentified applications to a context manager is provided according to some embodiments of the invention.

75 Citations

View as Search Results

39 Claims

1. In a system comprising at least two software applications, a context manager which facilitates a sharing of a context among the at least two software applications in accordance with the Clinical Context Object Workgroup (CCOW) standard, a centralized database accessible to the context manager, and an auditor which provides an interface to enable the extraction of information from the centralized database relating to attempts to access patient data by the at least two software applications, a method comprising acts of:
- (A) storing, in the centralized database, information relating to attempts to access patient data by the at least two software applications; and
  
  (B) extracting, by the auditor, at least some of the information stored in the centralized database relating to attempts to access patient data by the at least two software applications, the at least some of the information being suitable for making an assessment as to compliance with at least one provision of the Health Insurance Portability and Accountability Act (HIPPA).
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the act (B) comprises extracting information relating to at least one attempt to access patient data that is unauthorized via at least one rule.
  - 3. The method of claim 2, wherein the at least one rule is specified by the at least one provision of HIPAA.
  - 4. The method of claim 2, wherein when the extracted information indicates that at least one unauthorized attempt was made to access patient data, the method further comprises an act of:
    - (C) creating a report comprising an alert indicating that the unauthorized attempt was made to access patient data.
  - 5. The method of claim 1, wherein the patient data includes data relating to at least a first patient, and the information extracted from the centralized database in the act (B) comprises information relating to attempts to access the data relating to the first patient.
  - 6. The method of claim 1, wherein the act (A) comprises an act of storing information, relating to attempts to access patient data, that is provided by the at least two software applications.

7. A system for auditing attempts to access patient data in a computer system comprising at least two software applications operable to access patient data and a context manager which facilitates a sharing of a context among the at least two software applications in accordance with the Clinical Context Object Workgroup (CCOW) standard, the system comprising:
- a centralized database that stores information relating to attempts to access patient data by the at least two software applications; and
  
  an auditor that provides an interface to enable an extraction of at least some of the information from the centralized database relating to attempts to access patient data by the at least two software applications, the at least some of the information being suitable for making an assessment as to compliance with at least one provision of the Health Insurance Portability and Accountability Act (HIPPA).
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, further comprising a report facility that creates at least one report, based upon the extracted information, which presents information relating to attempts to access patient data by the at least two software applications.
  - 9. The system of claim 8, wherein the system further comprises an alert facility which sends an alert to a user when it is determined that an attempt unauthorized by at least one HIPAA provision was made to access patient data.
  - 10. The system of claim 8, wherein the patient data includes data relating to a first patient, and the at least one report includes information extracted from the centralized database on attempts to access the data relating to the first patient.
  - 11. The system of claim 7, wherein the auditor interface further enables the extraction of at least some of the information from the centralized database relating to attempts to access patient data that are unauthorized by the at least one HIPAA provision.
  - 12. The system of claim 7, wherein the information relating to attempts to access patient data is provided by the at least two software applications to the centralized database.

13. At least one computer readable medium encoded with instructions for execution in a computer system comprising at least two software applications, a context manager which facilitates a sharing of a context among the at least two software applications in accordance with the Clinical Context Object Workgroup (CCOW) standard, a centralized database accessible to the context manager, and an auditor which provides an interface to enable the extraction of information from the centralized database relating to attempts to access patient data by the at least two software applications, the instructions, when executed on the computer system, perform a method comprising acts of:
- (A) storing, in the centralized database, information relating to attempts to access patient data by the at least two software applications; and
  
  (B) extracting, by the auditor, at least some of the information stored in the centralized database relating to attempts to access patient data by the at least two software applications, the at least some of the information being suitable for making an assessment as to compliance with at least one provision of the Health Insurance Portability and Accountability Act (HIPPA).
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The at least one computer readable medium of claim 13, wherein the act (B) comprises extracting information relating to at least one attempt to access patient data that is unauthorized via at least one rule.
  - 15. The at least one computer readable medium of claim 14, wherein the at least one rule is specified by the at least one provision of HIPAA.
  - 16. The at least one computer readable medium of claim 14, wherein when the extracted information indicates that at least one unauthorized attempt was made to access patient data, the method further comprises an act of:
    - (C) creating a report comprising an alert indicating that the unauthorized attempt was made to access patient data.
  - 17. The at least one computer readable medium of claim 13, wherein the patient data includes data relating to at least a first patient, and the information extracted from the centralized database in the act (B) comprises information relating to attempts to access the data relating to the first patient.
  - 18. The at least one computer readable medium of claim 13, wherein the act (A) comprises an act of storing information, relating to attempts to access patient data, that is provided by the at least two software applications.
  - 19. The at least one computer readable medium of claim 13, wherein the centralized database provides a single interface to the auditor to enable the extracted data to be extracted via the single interface.

20. In a system comprising at least two software applications capable of accessing patient data, a centralized database, and an auditor that is coupled to the centralized database, a method comprising acts of:
- (A) storing, in the centralized database, information relating to attempts to access patient data by the at least two software applications; and
  
  (B) extracting, by the auditor, at least some of the information stored in the centralized database relating to attempts to access patient data by the at least two software applications, the at least some of the information being suitable for making an assessment as to compliance with at least one provision of the Health Insurance Portability and Accountability Act (HIPPA).
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The method of claim 20, wherein the act (B) comprises extracting information relating to at least one attempt to access patient data that is unauthorized via at least one rule.
  - 22. The method of claim 21, wherein the at least one rule is specified by the at least one provision of HIPAA.
  - 23. The method of claim 21, wherein when the extracted information indicates that at least one unauthorized attempt was made to access patient data, the method further comprises an act of:
    - (C) creating a report comprising an alert indicating that the unauthorized attempt was made to access patient data.
  - 24. The method of claim 20, wherein the patient data includes data relating to at least a first patient, and the information extracted from the centralized database in the act (B) comprises information relating to attempts to access the data relating to the first patient.
  - 25. The method of claim 20, wherein the act (A) comprises an act of storing information, relating to attempts to access patient data, that is provided by the at least two software applications.

26. A system for auditing attempts to access patient data in a computer system comprising at least two software applications operable to access patient data, the system comprising:
- a centralized database that stores information relating to attempts to access patient data by the at least two software applications; and
  
  an auditor that provides an interface to enable an extraction of at least some of the information from the centralized database relating to attempts to access patient data by the at least two software applications, the at least some of the information being suitable for making an assessment as to compliance with at least one provision of the Health Insurance Portability and Accountability Act (HIPPA).
- View Dependent Claims (27, 28, 29, 30, 31, 32)
- - 27. The system of claim 26, further comprising a report facility that creates at least one report, based upon the extracted information, which presents information relating to attempts to access patient data by the at least two software applications.
  - 28. The system of claim 27, wherein the system further comprises an alert facility which sends an alert to a user when it is determined that an attempt unauthorized by at least one HIPAA provision was made to access patient data.
  - 29. The system of claim 27, wherein the system further comprises a graphical user interface (GUI), and wherein the report is presented to a user via the GUI.
  - 30. The system of claim 27, wherein the patient data includes data relating to a first patient, and the at least one report includes information extracted from the centralized database on attempts to access the data relating to the first patient.
  - 31. The system of claim 26, wherein the auditor interface further enables the extraction of at least some of the information from the centralized database relating to attempts to access patient data that are unauthorized by the at least one HIPAA provision.
  - 32. The system of claim 26, wherein the information relating to attempts to access patient data is provided by the at least two software applications to the centralized database.

33. At least one computer readable medium encoded with instructions for execution in a computer system comprising at least two software applications capable of accessing patient data, a centralized database, and an auditor that is coupled to the centralized database, the instructions, when executed on the computer system, perform a method comprising acts of:
- (A) storing, in the centralized database, information relating to attempts to access patient data by the at least two software applications; and
  
  (B) extracting, by the auditor, at least some of the information stored in the centralized database relating to attempts to access patient data by the at least two software applications, the at least some of the information being suitable for making an assessment as to compliance with at least one provision of the Health Insurance Portability and Accountability Act (HIPPA).
- View Dependent Claims (34, 35, 36, 37, 38, 39)
- - 34. The at least one computer readable medium of claim 33, wherein the act (B) comprises extracting information relating to at least one attempt to access patient data that is unauthorized via at least one rule.
  - 35. The at least one computer readable medium of claim 34, wherein the at least one rule is specified by the at least one provision of HIPAA.
  - 36. The at least one computer readable medium of claim 34, wherein when the extracted information indicates that at least one unauthorized attempt was made to access patient data, the method further comprises an act of:
    - (C) creating a report comprising an alert indicating that the unauthorized attempt was made to access patient data.
  - 37. The at least one computer readable medium of claim 33, wherein the patient data includes data relating to at least a first patient, and the information extracted from the centralized database in the act (B) comprises information relating to attempts to access the data relating to the first patient.
  - 38. The at least one computer readable medium of claim 33, wherein the act (A) comprises an act of storing information, relating to attempts to access patient data, that is provided by the at least two software applications.
  - 39. The at least one computer readable medium of claim 33, wherein the centralized database provides a single interface to the auditor to enable the extracted data to be extracted via the single interface.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Sentillion Incorporated (Microsoft Corporation)
Inventors
Fusari, David, Seliger, Robert
Primary Examiner(s)
Robinson, Greta
Assistant Examiner(s)
LEWIS, CHERYL RENEA

Application Number

US10/014,341
Publication Number

US 20020107875A1
Time in Patent Office

1,365 Days
Field of Search

707/1, 707/104.1, 707/101, 707103 R-103 Z, 707/209, 707/203, 707/8, 717/100, 717/101, 717/108, 705/2, 705/3
US Class Current

718/108
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 21/6272   by registering files or doc...

G06F 2221/2101   Auditing as a secondary aspect

G06Q 10/10   Office automation; Time man...

G16H 40/67   for remote operation

Y10S 707/952   Malicious software

Y10S 707/99931   Database or file accessing

Y10S 707/99942   Manipulating data structure...

Y10S 707/99944   Object-oriented database st...

Y10S 707/99945   Object-oriented database st...

Context management with audit capability

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

75 Citations

39 Claims

Specification

Use Cases

Quick Links

Others

Context management with audit capability

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

39 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others