Method and system for maintaining HIPAA patient privacy requirements during auditing of electronic patient medical records

US 7,742,933 B1
Filed: 03/24/2009
Issued: 06/22/2010
Est. Priority Date: 03/24/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A computerized method for permitting an institution running clinical trials on new drugs, which trials must be audited periodically by an outside Audit Agency, to prepare a Compliance Report independent of the outside Audit Agency, and to maintain Patient Privacy requirements mandated by HIPAA, relative to the Compliance Report to be provided to the outside Audit Agency, the method comprising:

outside Audit Agency steps including;

using an outside Audit Agency computer programmed to transform a self-indexing Search Engine for independent use by said institution in preparing a Compliance Report for use by said outside Audit Agency to audit a clinical trial run by said Institution, the transformation steps including;

constructing application programs containing Protocol requirements for a clinical trial to be audited, and necessary steps for permittingsaid Institution to run the transformed Search Engine on an Institution computer to prepare said Compliance Report;

adding to the Search Engine said application programs; and

storing the transformed Search Engine in an outside Audit Agency computer memory;

using said outside Audit Agency computer to read said transformed Search Engine from said computer memory, and send the transformed Search Engine to said Institution;

said Institution steps including;

programming an Institution computer to assemble individual electronic patient records from the clinical trial into a discrete database;

programming said Institution computer to remove all personal information from each patient record;

programming said Institution computer to assign a unique number or code to each patient record that permits only the Institution access to the patients'"'"' private information;

programming said Institution computer to mark the patient records via a markup language to permit data in the patient records to be accessed by said transformed Search Engine;

operating said Institution computer to receive and store in a memory the transformed Search Engine from said outside Audit Agency;

using said Institution computer to read said transformed Search Engine from said memory, and run the transformed Search Engine independent of said outside Audit Agency to produce a Compliance Report detailing discrepancies relative to the Protocol dictated course of treatment for each said patient;

storing the Compliance Report in said memory;

using said Institution computer to retrieve said Compliance Report from said memory, and send sending the Compliance Report produced by said transformed Search Engine to said outside Audit Agency;

outside Audit Agency steps further including;

receiving on said outside Audit Agency Computer the Compliance Report from said Institution;

processing the Compliance Report on said outside Audit Agency computer to produce an Audit Report requesting comments, and if necessary, a corrective action plan, from the Institution;

storing the Compliance Report, and the Audit Report in said outside Audit Agency memory; and

using said outside Audit Agency computer to retrieve said Audit Report from memory, and send the Audit Report to the Institution.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for permitting a government agency or a medical research Institution to retain an independent Audit Agency to periodically audit a clinical trial testing the effect of experimental drugs on patients, being conducted by the Institution, to insure the audit conducted is in compliance with the privacy requirements of HIPAA. Prior to the audit, the Institution assembles individual electronic patient records relative to the clinical trial into an XML file in a discrete database, wherein each patient record has all personal information deleted, and such record is identified by a unique number or code assigned by the Institution. In turn, remote from the Institution, the Audit Agency transforms an appropriate search and indexing engine by adding to it libraries of text names, and synonyms, and constructs application programs containing the associated Protocol requirements and rules. The Audit Agency sends the transformed Search Engine to the Institution via the Internet or on CD'"'"'s. The Institution runs the Search Engine against their database to produce a Compliance Report detailing all discrepancies found relative the Protocol course of medical treatment for each patient in the clinical trial, and sends the report to the Audit Agency. The Audit Agency processes the report to provide an Audit Report to Institution requesting comments, and if necessary, a corrective action plan.

43 Citations

View as Search Results

23 Claims

1. A computerized method for permitting an institution running clinical trials on new drugs, which trials must be audited periodically by an outside Audit Agency, to prepare a Compliance Report independent of the outside Audit Agency, and to maintain Patient Privacy requirements mandated by HIPAA, relative to the Compliance Report to be provided to the outside Audit Agency, the method comprising:
- outside Audit Agency steps including;
  
  using an outside Audit Agency computer programmed to transform a self-indexing Search Engine for independent use by said institution in preparing a Compliance Report for use by said outside Audit Agency to audit a clinical trial run by said Institution, the transformation steps including;
  
  constructing application programs containing Protocol requirements for a clinical trial to be audited, and necessary steps for permittingsaid Institution to run the transformed Search Engine on an Institution computer to prepare said Compliance Report;
  
  adding to the Search Engine said application programs; and
  
  storing the transformed Search Engine in an outside Audit Agency computer memory;
  
  using said outside Audit Agency computer to read said transformed Search Engine from said computer memory, and send the transformed Search Engine to said Institution;
  
  said Institution steps including;
  
  programming an Institution computer to assemble individual electronic patient records from the clinical trial into a discrete database;
  
  programming said Institution computer to remove all personal information from each patient record;
  
  programming said Institution computer to assign a unique number or code to each patient record that permits only the Institution access to the patients'"'"' private information;
  
  programming said Institution computer to mark the patient records via a markup language to permit data in the patient records to be accessed by said transformed Search Engine;
  
  operating said Institution computer to receive and store in a memory the transformed Search Engine from said outside Audit Agency;
  
  using said Institution computer to read said transformed Search Engine from said memory, and run the transformed Search Engine independent of said outside Audit Agency to produce a Compliance Report detailing discrepancies relative to the Protocol dictated course of treatment for each said patient;
  
  storing the Compliance Report in said memory;
  
  using said Institution computer to retrieve said Compliance Report from said memory, and send sending the Compliance Report produced by said transformed Search Engine to said outside Audit Agency;
  
  outside Audit Agency steps further including;
  
  receiving on said outside Audit Agency Computer the Compliance Report from said Institution;
  
  processing the Compliance Report on said outside Audit Agency computer to produce an Audit Report requesting comments, and if necessary, a corrective action plan, from the Institution;
  
  storing the Compliance Report, and the Audit Report in said outside Audit Agency memory; and
  
  using said outside Audit Agency computer to retrieve said Audit Report from memory, and send the Audit Report to the Institution.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein said Search Engine is a desktop search software.
  - 3. The method of claim 1, wherein said markup language is Extensible Mark Up Language (XML).
  - 4. The method of claim 1, wherein said step of transforming said Search Engine further includes the steps ofadding a library of approved drug names;
    - adding a library of disease names;
      
      adding a library of adverse event text strings;
      
      adding a library of medication regimens;
      
      adding a library of investigational drug names;
      
      adding a library of test synonyms; and
      
      adding a library of testing frequencies.
  - 5. The method of claim 4, further including the steps of;
    - said Institution providing in said discrete database a Case Report Form (CRF) containing the results and observations required by said Protocol for each patient in the clinical trial; and
      
      said outside Audit Agency programming said Search Engine to apply said library of adverse event text strings to detect text strings within medical and nursing progress notes contained in patient records in said discrete database, to identify text strings suggestive of adverse events in said notes;
      
      said outside Audit Agency further programming said Search Engine to compare the results of the text string search with a listing of adverse events reported in said CRF, and to add to the Compliance Report any potential adverse events not reported in the CRF.
  - 6. The method of claim 4, wherein said outside Audit Agency further includes the step of insuring that the Protocol rules contained in said application programs include at least patient demographics, patient eligibility requirements, drug administration requirements, baseline test requirements, on-study safety measures to be followed, efficacy measurements, and adverse event report requirements.
  - 7. The method of claim 6, further including the steps of:
    - said Institution providing in said discrete database a Case Report Form (CRF) containing the results and observations required by said Protocol for each patient in the clinical trial; and
      
      said outside Audit Agency programming said Search Engine to apply said library of adverse event text strings to detect text strings within medical and nursing progress notes contained in patient records in said discrete database, to identify text strings suggestive of adverse events in said notes;
      
      said outside Audit Agency further programming said Search Engine to compare the results of the text string search with a listing of adverse events reported in said CRF, and to add to the Compliance Report any potential adverse events not reported in the CRF.
  - 8. The method of claim 7, wherein said Search Engine is a desktop search software.
  - 9. The method of claim 7, wherein said markup language is Extensible Mark Up Language (XML).
  - 10. The method of claim 4, wherein said Institution further includes the step of insuring that the Medical Record for each patient stored in said discrete database contains all the source documentation for tests and progress notes required by the Protocol.
  - 11. The method of claim 10, further including the steps of:
    - said Institution providing in said discrete database a Case Report Form (CRF) containing the results and observations required by said Protocol for each patient in the clinical trial; and
      
      said outside Audit Agency programming said Search Engine to apply said library of adverse event text strings to detect text strings within medical and nursing progress notes contained in patient records in said discrete database, to identify text strings suggestive of adverse events in said notes;
      
      said outside Audit Agency further programming said Search Engine to compare the results of the text string search with a listing of adverse events reported in said CRF, and to add to the Compliance Report any potential adverse events not reported in the CRF.
  - 12. The method of claim 10, wherein said Search Engine is a desktop search software.
  - 13. The method of claim 10, wherein said markup language is Extensible Mark Up Language (XML).
  - 14. The method of claim 4, further including:
    - said outside Audit Agency further includes the step of insuring that the Protocol rules contained in said application programs include at least patient demographics, patient eligibility requirements, drug administration requirements, baseline test requirements, on-study safety measures to be followed, efficacy measurements, and adverse event report requirements; and
      
      said Institution further includes the step of insuring that the Medical Record for each patient stored in said discrete database contains all the source documentation for tests and progress notes required by the Protocol.
  - 15. The method of claim 14, further including the steps of:
    - said Institution providing in said discrete database a Case Report Form (CRF) containing the results and observations required by said Protocol for each patient in the clinical trial; and
      
      said outside Audit Agency programming said Search Engine to apply said library of adverse event text strings to detect text strings within medical and nursing progress notes contained in patient records in said discrete database, to identify text strings suggestive of adverse events in said notes;
      
      said outside Audit Agency further programming said Search Engine to compare the results of the text string search with a listing of adverse events reported in said CRF, and to add to the Compliance Report any potential adverse events not reported in the CRF.
  - 16. The method of claim 14, wherein said Search Engine is a desktop search software.
  - 17. The method of claim 14, wherein said step markup language is Extensible Mark Up Language (XML).
  - 18. The method of claim 14, wherein:
    - said Search Engine is a desktop search software; and
      
      said markup language is Extensible Mark Up Language (XML).
  - 19. The method of claim 1, further comprising the step of:
    - communicating over the Internet between the outside Audit Agency and the Institution via personal computer systems of each.
  - 20. The method of claim 1, wherein said outside Audit Agency further includes the step of insuring that the Protocol rules contained in said application programs include at least patient demographics, patient eligibility requirements, drug administration requirements, baseline test requirements, on-study safety measures to be followed, efficacy measurements, and adverse event report requirements.
  - 21. The method of claim 1, wherein said Institution further includes the step of insuring that the Medical Record for each patient stored in said discrete database contains all the source documentation for tests and progress notes required by the Protocol.
  - 22. The method of claim 1, wherein:
    - said Search Engine is a desktop search software; and
      
      said markup language is Extensible Mark Up Language (XML).

23. A computerized method for permitting an Institution running clinical trials on new drugs, which trials must be audited periodically by an outside Audit Agency, to prepare a Compliance Report independent of the outside Audit Agency, and to maintain Patient Privacy requirements mandated by HIPAA, relative to the Compliance Report to be provided to said outside Audit Agency, the method comprising:
- said outside Audit Agency steps including;
  
  programming a computer to transform a self-indexing Search Engine by steps including;
  
  constructing application programs containing the Institution'"'"'s Protocol requirements for the clinical trial, and necessary steps for permitting said Institution to use a computer to prepare a Compliance Report;
  
  adding to the Search Engine said application programs; and
  
  sending the transformed Search Engine to said Institution;
  
  said institution steps including;
  
  using a computer to assemble individual electronic patient records from the clinical trial into a discrete database;
  
  using a computer to remove all personal information from each patient record;
  
  using a computer to assign a unique number or code to each patient record that permits only the Institution access to the patients'"'"' private information;
  
  using a computer to mark the patient records via a markup language to permit data in the patient records to be accessed by said Search Engine;
  
  storing the permitted patient data in a computer memory;
  
  receiving on the computer the Search Engine from said outside Audit Agency;
  
  running the Search Engine on a computer independent of said outside Audit Agency to produce a said Compliance Report detailing discrepancies relative to the Protocol dictated course of treatment for each said patient; and
  
  sending via a computer the digitized Compliance Report produced by said Search Engine to said outside Audit Agency;
  
  said outside Audit Agency steps further including;
  
  receiving on a computer the Compliance Report from said Institution, and storing the Report in memory;
  
  using a computer to read the Compliance Report from memory, and to produce an Audit Report requesting any necessary comments, and if necessary, a corrective action plan, from the Institution; and
  
  using a computer to send the Audit Report to the Institution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Harrogate Holdings New Jersey Inc.
Original Assignee
Harrogate Holdings Limited
Inventors
Royds, Robert B.
Primary Examiner(s)
O'Connor; Gerald J.
Assistant Examiner(s)
Pauls; John A

Application Number

US12/383,445
Time in Patent Office

455 Days
Field of Search

705/2, 705/3, 705/4, 707/3, 704/9
US Class Current

705/3
CPC Class Codes

G16H 10/20   for electronic clinical tri...

G16H 10/60   for patient-specific data, ...

G16H 15/00   ICT specially adapted for m...

Method and system for maintaining HIPAA patient privacy requirements during auditing of electronic patient medical records

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for maintaining HIPAA patient privacy requirements during auditing of electronic patient medical records

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links