Systems and methods of managing specification, enforcement, or auditing of electronic health information access or use

US 8,041,749 B2
Filed: 04/11/2007
Issued: 10/18/2011
Est. Priority Date: 04/11/2006
Status: Active Grant

First Claim

Patent Images

1. A tangible computer readable storage medium comprising computer executable instructions that are configured to, when executed, cause a data processing apparatus to perform operations comprising:

receiving data characterizing a request to modify access and usage rights of health information of a subject, the health information being secured by a security, the request being from a first user managing the access and usage rights of a second one or more other users to the health information;

determining to what extent the first user is permitted to modify the access and usage rights of the second one or more other users as a function of a relationship between the first user and the health information, wherein a table of relationships is queried to determine if the first user has at least an indirect relationship to the subject;

maintaining a data store including a plurality of data structures, each of the data structures corresponding to a relationship type, and each of the data structures including information describing the access and usage rights, wherein the data store is further configured to store policy preferences related to the access and usage rights, and wherein the information describing the access and usage rights relates to the relationship type; and

modifying the access and usage rights in accordance with the request, the modifying comprising;

modifying a property characterizing the access and usage rights of a relationship between the first user and the second users, the relationship being stored in at least one of the plurality of data structures, the access and usage rights being independent of the health information in order to enable modification of the access and usage rights independent of the security of the health information such that the security of the health information need not be changed in response to the modification of the property.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus, including computer program products, related to managing specification, enforcement, or auditing of electronic health information use. In general, data characterizing a request to modify access rights to health information is received and the access rights are modified in accordance with the request, where the modifying includes modifying a property characterizing access rights of a relationship between a first user and second users, or an organization of the second users. The access rights may be independent of the health information and modification of access rights may be independent of a security of the health information.

Citations

19 Claims

1. A tangible computer readable storage medium comprising computer executable instructions that are configured to, when executed, cause a data processing apparatus to perform operations comprising:
- receiving data characterizing a request to modify access and usage rights of health information of a subject, the health information being secured by a security, the request being from a first user managing the access and usage rights of a second one or more other users to the health information;
  
  determining to what extent the first user is permitted to modify the access and usage rights of the second one or more other users as a function of a relationship between the first user and the health information, wherein a table of relationships is queried to determine if the first user has at least an indirect relationship to the subject;
  
  maintaining a data store including a plurality of data structures, each of the data structures corresponding to a relationship type, and each of the data structures including information describing the access and usage rights, wherein the data store is further configured to store policy preferences related to the access and usage rights, and wherein the information describing the access and usage rights relates to the relationship type; and
  
  modifying the access and usage rights in accordance with the request, the modifying comprising;
  
  modifying a property characterizing the access and usage rights of a relationship between the first user and the second users, the relationship being stored in at least one of the plurality of data structures, the access and usage rights being independent of the health information in order to enable modification of the access and usage rights independent of the security of the health information such that the security of the health information need not be changed in response to the modification of the property.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer program product of claim 1, wherein the access and usage rights comprise one or more of rights for viewing, copying, printing, or exporting the health information.
  - 3. The computer program product of claim 1, wherein the receiving and the modifying are performed by services that may interface with a user interface.
  - 4. The computer program product of claim 3, wherein the user interface is a website.
  - 5. The computer program product of claim 1, wherein the health information is a secure electronic health record.
  - 6. The computer program product of claim 1, wherein the health information is a secure holding of a secure electronic health record.
  - 7. The computer program product of claim 6, wherein security of the secure holding differs from security of one or more other secure holdings of the secure electronic health record.
  - 8. The computer program product of claim 6, wherein access rights of the secure holding differ from access rights of one or more other secure holdings of the secure electronic health record.
  - 9. The computer program product of claim 1 further comprising:
    - storing the modified property.
  - 10. The computer program product of claim 1 further comprising:
    - receiving a request from the second users to access or use the health information at a first time later or earlier than a second time of another request, the request being approved or denied based on the modifying the property to approve or revoke access.
  - 11. The computer program product of claim 1, wherein the operations of the receiving and the modifying are performed at a server and the operations further comprise requesting from a client of at least one of the second users access of the health information and the server determining whether to grant access depending on the property characterizing the access and usage rights of the relationship between the first user and the second users.
  - 12. The computer program product of claim 1, wherein the relationship types include user to user relationships, organization to user relationships, user to organization relationships, and organization to organization relationships, the relationships of the plurality of data structures associated with one or more attributes of access and usage rights between parties of at least some of the relationships, a combination of relationships used to determine indirect relationships, and the relationships describing a graph of relationships of the parties.

13. A computer-implemented method for use with a data store containing a plurality of data structures, the method comprising:
- receiving data characterizing a request to modify access and usage rights of health information of a subject, the health information being secured by a security, the request being from a first user managing the access and usage rights of a second one or more other users to the health information;
  
  determining to what extent the first user is permitted to modify the access and usage rights of the one or more other users as a function of a relationship between the first user and the health information, wherein a table of relationships is queried to determine if the first user has at least an indirect relationship to the subject;
  
  maintaining the data store including the plurality of data structures, each of the data structures corresponding to a relationship type, and each of the data structures including information describing the access and usage rights, wherein the data store is further configured to store policy preferences related to the access and usage rights, and wherein the information describing the access and usage rights relates to the relationship type; and
  
  modifying the access and usage rights in accordance with the request, the modifying comprising;
  
  modifying a property characterizing the access and usage rights of a relationship between the first user and the second users, the relationship being stored in at least one of the plurality of data structures, the access rights being independent of the health information in order to enable modification of the access and usage rights independent of the security of the health information such that the security of the health information need not be changed in response to the modification of the property.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein the receiving and the modifying are performed by services that may interface with a user interface.
  - 15. The method of claim 13, wherein the health information is a secure holding of a secure electronic health record.
  - 16. The method of claim 13, wherein the operations of the receiving and the modifying are performed at a server and the operations further comprise requesting from a client of at least one of the second users access and usage of the health information and the server determining whether to grant access depending on the property characterizing the access and usage rights of the relationship between the first user and the second users.

17. A tangible computer readable storage medium comprising computer executable instructions that are configured to, when executed, cause a data processing apparatus to perform operations comprising:
- receiving data characterizing a request to modify access and usage rights of health information of a subject, the health information being secured by a security, the request being from a first user managing the access and usage rights of a second one or more other users to the health information;
  
  determining to what extent the first user is permitted to modify the access and usage rights of the second one or more other users as a function of a relationship between the first user and the health information, wherein a table of relationships is queried to determine if the first user has at least an indirect relationship to the subject;
  
  maintaining a data store including a plurality of data structures, each of the data structures corresponding to a relationship type, and each of the data structures including information describing access and usage rights, wherein the data store is further configured to store policy preferences related to the access and usage rights, and wherein the information describing the access and usage rights relates to the relationship type; and
  
  modifying the access and usage rights in accordance with the request, the modifying comprising;
  
  modifying a property characterizing the access and usage rights of a relationship between the first user and an organization comprising the second users, the relationship being stored in at least one of the plurality of data structures, the access and usage rights being independent of the health information in order to enable modification of the access and usage rights independent of the security of the health information such that the security of the health information need not be changed in response to the modification of the property.
- View Dependent Claims (18, 19)
- - 18. The computer program product of claim 17, wherein the receiving and the modifying are performed by services that may interface with a user interface.
  - 19. The computer program product of claim 17, wherein the operations of the receiving and the modifying are performed at a server and the operations further comprise requesting from a client of at least one of the second users access and usage of the health information and the server determining whether to grant access depending on the property characterizing the access and usage rights of the relationship between the first user and the organization of the second users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Medox Technologies, Inc.
Original Assignee
Medox Exchange, Inc.
Inventors
Beck, Michael E.
Primary Examiner(s)
Yen; Syling

Application Number

US11/786,482
Publication Number

US 20070282843A1
Time in Patent Office

1,651 Days
Field of Search

707/9, 707/10, 707/610, 707/640, 707/661, 707/706, 707/713, 707/722, 707/736, 707/758, 707/791, 707/802, 707/803, 707/809, 707/812, 707/999.1, 707/999.101, 707/999.102, 705/1, 705/3, 726/27, 726/28, 726/29, 726/30, 713/173, 713/175, 713/165, 713/167, 713/166
US Class Current

707/803
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/604   Tools and structures for ma...

G06F 21/6245   Protecting personal data, e...

G06F 21/6272   by registering files or doc...

G16H 10/60   for patient-specific data, ...

G16H 50/20   for computer-aided diagnosi...

G16H 70/20   relating to practices or gu...

G16H 80/00   ICT specially adapted for f...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

Systems and methods of managing specification, enforcement, or auditing of electronic health information access or use

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of managing specification, enforcement, or auditing of electronic health information access or use

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links