Method and system for maintaining HIPAA patient privacy requirements during auditing of electronic patient medical records
First Claim
1. A computerized method for permitting an institution running clinical trials on new drugs, which trials must be audited periodically by an outside Audit Agency, to prepare a Compliance Report independent of the outside Audit Agency, and to maintain Patient Privacy requirements mandated by HIPAA, relative to the Compliance Report to be provided to the outside Audit Agency, the method comprising:
- outside Audit Agency steps including;
using an outside Audit Agency computer programmed to transform a self-indexing Search Engine for independent use by said institution in preparing a Compliance Report for use by said outside Audit Agency to audit a clinical trial run by said Institution, the transformation steps including;
constructing application programs containing Protocol requirements for a clinical trial to be audited, and necessary steps for permittingsaid Institution to run the transformed Search Engine on an Institution computer to prepare said Compliance Report;
adding to the Search Engine said application programs; and
storing the transformed Search Engine in an outside Audit Agency computer memory;
using said outside Audit Agency computer to read said transformed Search Engine from said computer memory, and send the transformed Search Engine to said Institution;
said Institution steps including;
programming an Institution computer to assemble individual electronic patient records from the clinical trial into a discrete database;
programming said Institution computer to remove all personal information from each patient record;
programming said Institution computer to assign a unique number or code to each patient record that permits only the Institution access to the patients'"'"' private information;
programming said Institution computer to mark the patient records via a markup language to permit data in the patient records to be accessed by said transformed Search Engine;
operating said Institution computer to receive and store in a memory the transformed Search Engine from said outside Audit Agency;
using said Institution computer to read said transformed Search Engine from said memory, and run the transformed Search Engine independent of said outside Audit Agency to produce a Compliance Report detailing discrepancies relative to the Protocol dictated course of treatment for each said patient;
storing the Compliance Report in said memory;
using said Institution computer to retrieve said Compliance Report from said memory, and send sending the Compliance Report produced by said transformed Search Engine to said outside Audit Agency;
outside Audit Agency steps further including;
receiving on said outside Audit Agency Computer the Compliance Report from said Institution;
processing the Compliance Report on said outside Audit Agency computer to produce an Audit Report requesting comments, and if necessary, a corrective action plan, from the Institution;
storing the Compliance Report, and the Audit Report in said outside Audit Agency memory; and
using said outside Audit Agency computer to retrieve said Audit Report from memory, and send the Audit Report to the Institution.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for permitting a government agency or a medical research Institution to retain an independent Audit Agency to periodically audit a clinical trial testing the effect of experimental drugs on patients, being conducted by the Institution, to insure the audit conducted is in compliance with the privacy requirements of HIPAA. Prior to the audit, the Institution assembles individual electronic patient records relative to the clinical trial into an XML file in a discrete database, wherein each patient record has all personal information deleted, and such record is identified by a unique number or code assigned by the Institution. In turn, remote from the Institution, the Audit Agency transforms an appropriate search and indexing engine by adding to it libraries of text names, and synonyms, and constructs application programs containing the associated Protocol requirements and rules. The Audit Agency sends the transformed Search Engine to the Institution via the Internet or on CD'"'"'s. The Institution runs the Search Engine against their database to produce a Compliance Report detailing all discrepancies found relative the Protocol course of medical treatment for each patient in the clinical trial, and sends the report to the Audit Agency. The Audit Agency processes the report to provide an Audit Report to Institution requesting comments, and if necessary, a corrective action plan.
43 Citations
23 Claims
-
1. A computerized method for permitting an institution running clinical trials on new drugs, which trials must be audited periodically by an outside Audit Agency, to prepare a Compliance Report independent of the outside Audit Agency, and to maintain Patient Privacy requirements mandated by HIPAA, relative to the Compliance Report to be provided to the outside Audit Agency, the method comprising:
-
outside Audit Agency steps including; using an outside Audit Agency computer programmed to transform a self-indexing Search Engine for independent use by said institution in preparing a Compliance Report for use by said outside Audit Agency to audit a clinical trial run by said Institution, the transformation steps including; constructing application programs containing Protocol requirements for a clinical trial to be audited, and necessary steps for permitting said Institution to run the transformed Search Engine on an Institution computer to prepare said Compliance Report; adding to the Search Engine said application programs; and storing the transformed Search Engine in an outside Audit Agency computer memory; using said outside Audit Agency computer to read said transformed Search Engine from said computer memory, and send the transformed Search Engine to said Institution; said Institution steps including; programming an Institution computer to assemble individual electronic patient records from the clinical trial into a discrete database; programming said Institution computer to remove all personal information from each patient record; programming said Institution computer to assign a unique number or code to each patient record that permits only the Institution access to the patients'"'"' private information; programming said Institution computer to mark the patient records via a markup language to permit data in the patient records to be accessed by said transformed Search Engine; operating said Institution computer to receive and store in a memory the transformed Search Engine from said outside Audit Agency; using said Institution computer to read said transformed Search Engine from said memory, and run the transformed Search Engine independent of said outside Audit Agency to produce a Compliance Report detailing discrepancies relative to the Protocol dictated course of treatment for each said patient; storing the Compliance Report in said memory; using said Institution computer to retrieve said Compliance Report from said memory, and send sending the Compliance Report produced by said transformed Search Engine to said outside Audit Agency; outside Audit Agency steps further including; receiving on said outside Audit Agency Computer the Compliance Report from said Institution; processing the Compliance Report on said outside Audit Agency computer to produce an Audit Report requesting comments, and if necessary, a corrective action plan, from the Institution; storing the Compliance Report, and the Audit Report in said outside Audit Agency memory; and using said outside Audit Agency computer to retrieve said Audit Report from memory, and send the Audit Report to the Institution. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computerized method for permitting an Institution running clinical trials on new drugs, which trials must be audited periodically by an outside Audit Agency, to prepare a Compliance Report independent of the outside Audit Agency, and to maintain Patient Privacy requirements mandated by HIPAA, relative to the Compliance Report to be provided to said outside Audit Agency, the method comprising:
-
said outside Audit Agency steps including; programming a computer to transform a self-indexing Search Engine by steps including; constructing application programs containing the Institution'"'"'s Protocol requirements for the clinical trial, and necessary steps for permitting said Institution to use a computer to prepare a Compliance Report; adding to the Search Engine said application programs; and sending the transformed Search Engine to said Institution; said institution steps including; using a computer to assemble individual electronic patient records from the clinical trial into a discrete database; using a computer to remove all personal information from each patient record; using a computer to assign a unique number or code to each patient record that permits only the Institution access to the patients'"'"' private information; using a computer to mark the patient records via a markup language to permit data in the patient records to be accessed by said Search Engine; storing the permitted patient data in a computer memory; receiving on the computer the Search Engine from said outside Audit Agency; running the Search Engine on a computer independent of said outside Audit Agency to produce a said Compliance Report detailing discrepancies relative to the Protocol dictated course of treatment for each said patient; and sending via a computer the digitized Compliance Report produced by said Search Engine to said outside Audit Agency; said outside Audit Agency steps further including; receiving on a computer the Compliance Report from said Institution, and storing the Report in memory; using a computer to read the Compliance Report from memory, and to produce an Audit Report requesting any necessary comments, and if necessary, a corrective action plan, from the Institution; and using a computer to send the Audit Report to the Institution.
-
Specification