Systems and methods of managing specification, enforcement, or auditing of electronic health information access or use
First Claim
1. A tangible computer readable storage medium comprising computer executable instructions that are configured to, when executed, cause a data processing apparatus to perform operations comprising:
- receiving data characterizing a request to modify access and usage rights of health information of a subject, the health information being secured by a security, the request being from a first user managing the access and usage rights of a second one or more other users to the health information;
determining to what extent the first user is permitted to modify the access and usage rights of the second one or more other users as a function of a relationship between the first user and the health information, wherein a table of relationships is queried to determine if the first user has at least an indirect relationship to the subject;
maintaining a data store including a plurality of data structures, each of the data structures corresponding to a relationship type, and each of the data structures including information describing the access and usage rights, wherein the data store is further configured to store policy preferences related to the access and usage rights, and wherein the information describing the access and usage rights relates to the relationship type; and
modifying the access and usage rights in accordance with the request, the modifying comprising;
modifying a property characterizing the access and usage rights of a relationship between the first user and the second users, the relationship being stored in at least one of the plurality of data structures, the access and usage rights being independent of the health information in order to enable modification of the access and usage rights independent of the security of the health information such that the security of the health information need not be changed in response to the modification of the property.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus, including computer program products, related to managing specification, enforcement, or auditing of electronic health information use. In general, data characterizing a request to modify access rights to health information is received and the access rights are modified in accordance with the request, where the modifying includes modifying a property characterizing access rights of a relationship between a first user and second users, or an organization of the second users. The access rights may be independent of the health information and modification of access rights may be independent of a security of the health information.
-
Citations
19 Claims
-
1. A tangible computer readable storage medium comprising computer executable instructions that are configured to, when executed, cause a data processing apparatus to perform operations comprising:
-
receiving data characterizing a request to modify access and usage rights of health information of a subject, the health information being secured by a security, the request being from a first user managing the access and usage rights of a second one or more other users to the health information; determining to what extent the first user is permitted to modify the access and usage rights of the second one or more other users as a function of a relationship between the first user and the health information, wherein a table of relationships is queried to determine if the first user has at least an indirect relationship to the subject; maintaining a data store including a plurality of data structures, each of the data structures corresponding to a relationship type, and each of the data structures including information describing the access and usage rights, wherein the data store is further configured to store policy preferences related to the access and usage rights, and wherein the information describing the access and usage rights relates to the relationship type; and modifying the access and usage rights in accordance with the request, the modifying comprising; modifying a property characterizing the access and usage rights of a relationship between the first user and the second users, the relationship being stored in at least one of the plurality of data structures, the access and usage rights being independent of the health information in order to enable modification of the access and usage rights independent of the security of the health information such that the security of the health information need not be changed in response to the modification of the property. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method for use with a data store containing a plurality of data structures, the method comprising:
-
receiving data characterizing a request to modify access and usage rights of health information of a subject, the health information being secured by a security, the request being from a first user managing the access and usage rights of a second one or more other users to the health information; determining to what extent the first user is permitted to modify the access and usage rights of the one or more other users as a function of a relationship between the first user and the health information, wherein a table of relationships is queried to determine if the first user has at least an indirect relationship to the subject; maintaining the data store including the plurality of data structures, each of the data structures corresponding to a relationship type, and each of the data structures including information describing the access and usage rights, wherein the data store is further configured to store policy preferences related to the access and usage rights, and wherein the information describing the access and usage rights relates to the relationship type; and modifying the access and usage rights in accordance with the request, the modifying comprising; modifying a property characterizing the access and usage rights of a relationship between the first user and the second users, the relationship being stored in at least one of the plurality of data structures, the access rights being independent of the health information in order to enable modification of the access and usage rights independent of the security of the health information such that the security of the health information need not be changed in response to the modification of the property. - View Dependent Claims (14, 15, 16)
-
-
17. A tangible computer readable storage medium comprising computer executable instructions that are configured to, when executed, cause a data processing apparatus to perform operations comprising:
-
receiving data characterizing a request to modify access and usage rights of health information of a subject, the health information being secured by a security, the request being from a first user managing the access and usage rights of a second one or more other users to the health information; determining to what extent the first user is permitted to modify the access and usage rights of the second one or more other users as a function of a relationship between the first user and the health information, wherein a table of relationships is queried to determine if the first user has at least an indirect relationship to the subject; maintaining a data store including a plurality of data structures, each of the data structures corresponding to a relationship type, and each of the data structures including information describing access and usage rights, wherein the data store is further configured to store policy preferences related to the access and usage rights, and wherein the information describing the access and usage rights relates to the relationship type; and modifying the access and usage rights in accordance with the request, the modifying comprising; modifying a property characterizing the access and usage rights of a relationship between the first user and an organization comprising the second users, the relationship being stored in at least one of the plurality of data structures, the access and usage rights being independent of the health information in order to enable modification of the access and usage rights independent of the security of the health information such that the security of the health information need not be changed in response to the modification of the property. - View Dependent Claims (18, 19)
-
Specification