System and method for medical privacy management

US 8,019,620 B2
Filed: 01/03/2005
Issued: 09/13/2011
Est. Priority Date: 01/03/2005
Status: Active Grant

First Claim

Patent Images

1. Computer-storage media having a system embodied thereon that, when executed, performs a method for managing a release of clinically related information, the system comprising:

an input interface that receives a request from a requesting party for the release of the clinically related information associated with a patient and validates a standing of the requesting party; and

privacy management logic, wherein upon communicating with the input interface, the privacy management logic;

after the input interface receives the request, annotates a receipt status of the request in an access history database to create a privacy disclosure history for the patient, the privacy disclosure history being stored for a specified history-interval and being accessible through a privacy management user interface;

determines a privacy status of the patient;

validates the request based on the standing of the requesting party and a patient-specified time-interval and, if the request cannot be validated based on the standing of the requesting party and the patient specified time-interval, annotates a denial status of the request in the access history database;

generates a response to the request based on the privacy status of the patient;

extracts data from an electronic medical record associated with the patient, wherein the privacy status of the patient includes at least one recorded patient consent for the release of the clinically related information within the electronic medical record associated with the patient to the requesting party within the patient-specified time-interval, and wherein the at least one recorded patient consent permits release of only a portion of the clinically related information within the electronic medical record associated with the patient, the portion being less than a whole of the clinically related information within the electronic medical record associated with the patient and being-specified within the at least one recorded patient consent; and

after extracting data from the electronic medical record associated with the patient, annotates a completion status of the request in the access history database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and related techniques provide an integrated platform for privacy management of electronic medical records, encompassing the entire life cycle of privacy management including the capture of patient consents and other privacy status information, request management to receive and filter requests by health insurance companies and others, publishing management and release management of the contents of the electronic medical record. According to embodiments of the invention in one regard, various modules and logic may directly access the patient EMR and extract appropriate segments of information called for by validated requests, to publish that information as well as record or log that access history. The invention may thus provide an integrated tool to document compliance with HIPAA and other regulatory requirements. According to embodiments of the invention in another regard, medical information requests and other transactions which were originally made in paper or hard-copy form may likewise be assimilated into the access database, along with release requests which are electronic in nature.

12 Citations

View as Search Results

15 Claims

1. Computer-storage media having a system embodied thereon that, when executed, performs a method for managing a release of clinically related information, the system comprising:
- an input interface that receives a request from a requesting party for the release of the clinically related information associated with a patient and validates a standing of the requesting party; and
  
  privacy management logic, wherein upon communicating with the input interface, the privacy management logic;
  
  after the input interface receives the request, annotates a receipt status of the request in an access history database to create a privacy disclosure history for the patient, the privacy disclosure history being stored for a specified history-interval and being accessible through a privacy management user interface;
  
  determines a privacy status of the patient;
  
  validates the request based on the standing of the requesting party and a patient-specified time-interval and, if the request cannot be validated based on the standing of the requesting party and the patient specified time-interval, annotates a denial status of the request in the access history database;
  
  generates a response to the request based on the privacy status of the patient;
  
  extracts data from an electronic medical record associated with the patient, wherein the privacy status of the patient includes at least one recorded patient consent for the release of the clinically related information within the electronic medical record associated with the patient to the requesting party within the patient-specified time-interval, and wherein the at least one recorded patient consent permits release of only a portion of the clinically related information within the electronic medical record associated with the patient, the portion being less than a whole of the clinically related information within the electronic medical record associated with the patient and being-specified within the at least one recorded patient consent; and
  
  after extracting data from the electronic medical record associated with the patient, annotates a completion status of the request in the access history database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A computer-storage medium according to claim 1, wherein the privacy management logic comprises at least a release manager, a privacy status manager, a request manager and a publishing manager.
  - 3. A computer-storage medium according to claim 2, wherein the publishing manager extracts the data in response to the request.
  - 4. A computer-storage medium according to claim 2, wherein the privacy status manger stores consent status information for the patient.
  - 5. A computer-storage medium according to claim 2, wherein the request is received via the request manager.
  - 6. A computer-storage medium according to claim 2, wherein the publishing manager, the privacy status manager, the release manager and the request manager are hosted in a client.
  - 7. A computer-storage medium according to claim 1, wherein the privacy management logic receives a record of a hard copy request for release and generates the record of the hard copy request in electronic form.
  - 8. A computer-storage medium according to claim 1, wherein the electronic medical record is stored in a clinical data store.

9. A method for managing a release of clinically related information, comprising:
- receiving a request from a requesting party for the release of clinically related information associated with a patient and after receiving the request, annotating, via a first computing process, a receipt status of the request in an access history database, wherein the access history database provides a privacy disclosure history for the patient, the privacy disclosure history being stored for a specified history-interval and being accessible through a privacy management user interface;
  
  validating, via a second computing process, a standing of the requesting party;
  
  determining, via a third computing process, a privacy status of the patient, wherein the privacy status includes at least one recorded consent of the patient for the release of the clinically related information associated with the patient within an electronic medical record associated with the patient to the requesting party within a patient-specified time interval, wherein the at least one recorded consent of the patient permits the release of only a portion of the clinically related information within the electronic medical record associated with the patient, the portion being less than a whole of the clinically related information within the electronic medical record associated with the patient and being specified within the at least one recorded consent of the patient;
  
  generating, via a fourth computing process, a response to the request based on the privacy status of the patient;
  
  validating, via a fifth computing process, the request based on the standing of the requesting party and the patient-specified time-interval and if the request cannot be validated based on the standing of the requesting party and the patient-specified time-interval, annotating, via a sixth computing process, a denial status of the request in the access history database; and
  
  extracting, via a seventh computing process, data from the electronic medical record associated with the patient,after extracting the data from the electronic medical record associated with the patient, annotating, via eighth computing process, a completion status of the request in the access history database;
  
  wherein each computing process is performed by one or more computing devices.
- View Dependent Claims (10, 11)
- - 10. The method according to claim 9, wherein the privacy status comprises patient consent status information.
  - 11. The method according to claim 9, further comprising receiving a record of a hard copy request for release, and generating the record of the hard copy request in electronic form.

12. A method for creating a set of clinically related data, selected from an electronic medical record associated with a patient and based upon privacy criteria associated with the patient, the method comprising:
- receiving a request from a requesting party for a release of the set of clinically related information associated with the patient and after receiving the request, annotating, via a first computing process, a receipt status of the request in an access history database, wherein the access history database provides a privacy disclosure history for the patient, the privacy disclosure history being stored for a specified history-interval and being accessible through a privacy management user interface;
  
  validating, via a second computing process, a standing of the requesting party;
  
  determining, via a third computing process, a privacy status of the patient, wherein the privacy status includes at least one recorded consent of the patient for the release of the set of clinically related information within the electronic medical record associated with the patient to the requesting party within a patient-specified time-interval, and wherein the at least one recorded consent of the patient permits release of only a portion of the set of clinically related information within the electronic medical record associated with the patient, the portion being less than a whole of the set of clinically related information within the electronic medical record associated with the patient and being specified within the at least one recorded consent of the patient;
  
  generating, via a fourth computing process, a response to the request based on the privacy status of the patient;
  
  validating the request, via a fifth computing process, based on the standing of the requesting party and the patient-specified time-interval and if the request cannot be validated based on the standing of the requesting party and the patient-specified time-interval, annotating, via a sixth computing process, a denial status of the request in the access history database; and
  
  extracting, via a seventh computing process, the set of clinically related data from the electronic medical record associated with the patient,after extracting the set of clinically related data, annotating, via a eighth computing process, a completion status of the request in the access history database;
  
  wherein each of the computing processes are performed by one or more computing devices.
- View Dependent Claims (13, 14, 15)
- - 13. The method for creating the set of clinically related data according to claim 12, wherein the privacy status comprises patient consent status information.
  - 14. The method for creating the set of clinically related data according to claim 12, wherein the method further comprising recording a release event to the access history database upon validation of the request.
  - 15. The method for creating the set of clinically related data according to claim 12, further comprising:
    - receiving a record of a hard copy request for the release; and
      
      generating the record of the hard copy request in electronic form.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cerner Innovation, Inc. (Oracle Corporation)
Original Assignee
Cerner Innovation, Inc. (Oracle Corporation)
Inventors
Landry, Phillip E., McKenna, Ryan J., Travis, John F., Miller, Heather M., Friesen, Wayne E.
Primary Examiner(s)
Gilligan; Luke
Assistant Examiner(s)
Chng; Joy

Application Number

US11/025,996
Publication Number

US 20060155668A1
Time in Patent Office

2,444 Days
Field of Search

705 2- 3
US Class Current

705/2
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

G16H 10/60 for patient-specific data, ...

System and method for medical privacy management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

System and method for medical privacy management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others