Privacy compliant consent and data access management system and methods

US 8,275,632 B2
Filed: 07/25/2005
Issued: 09/25/2012
Est. Priority Date: 07/23/2004
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium for managing medical record information in a privacy compliant manner, comprising data that, when accessed by a machine, cause the machine to perform operations comprising:

storing in a database a plurality of medical records, each including an identification of a corresponding client, each further including a plurality of transaction records;

separately and uniquely encrypting a new transaction record before storage in said database to control and enforce;

i) ownership of the transaction record by a service provider or a client,ii) a right of access to discrete information contained in the transaction record by one or more service providers,iii) an identification of said service provider, andiv) the identification of said client, whereby ownership of each individual transaction record is implemented in the data record itself such that access control to each record is enforced even in the event that access to physical data storage of the database or content of the database hosting the individual data records has been compromised;

receiving in a computer system under the control of a third-party trusted information broker, via a communication medium, a first request initiated by a service provider for access to at least one of said medical records in said database, said first request including the identification of the service provider, the service provider being an external entity not affiliated with the third-party trusted information broker;

transmitting from said computer system under the control of said third-party trusted information broker a request for consent to said client;

receiving in said computer system under the control of said third-party trusted information broker, in response to said request for consent, an indication from said client that said client consents or does not consent to access to said medical record by said service provider;

using information indicating said right of access stored in said transaction record to grant or deny access to said at least one medical record based upon said indication from said client, or from a different service provider;

receiving in said computer system under the control of said third party trusted information broker, via said communication medium, a second request initiated by a second service provider to enter at least one second transaction record to said database, said request including the identification of the second service provider, the second service provider being an external entity not affiliated with the trusted information broker;

using an access control list determined by the client to grant entering of one or more new medical records by said second service provider based upon an indication from said client that said client authorizes the second service provider to create such records, said access control list indicating rights of a plurality of service providers to create new records in the database, whereby multi-way communication of transaction records to and from the database is provided in a privacy compliant manner;

receiving in said computer system under the control of said third-party trusted information broker, via said communication medium, a third request initiated by a third service provider to enter at least one third transaction record to said database, said third request including the identification of the third service provider, the third service provider being an external entity not affiliated with the trusted information broker; and

,using said access control list determined by the client to deny entering of one or more new medical records by said third service provider based upon a lack of an indication from said client that said client authorizes the third service provider to create such records.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information management system for restricting access to personal data in compliance with law or regulation includes a database having restricted records stored therein, at least one of the records including an identification of a client or group of clients about whom said record concerns. A computer system under the control of a trusted information broker is configured to receive via a communication medium a request initiated by a requester for access to at least one of the restricted records in the database, the request including an identification of the requester. The computer system is further configured to transmit a request for consent to the client and receive an indication from the client that the client consents or does not consent to access to the restricted record by the requestor. The computer system grants or denies access to the restricted records based upon the indication from the client.

Citations

20 Claims

1. A non-transitory computer readable medium for managing medical record information in a privacy compliant manner, comprising data that, when accessed by a machine, cause the machine to perform operations comprising:
- storing in a database a plurality of medical records, each including an identification of a corresponding client, each further including a plurality of transaction records;
  
  separately and uniquely encrypting a new transaction record before storage in said database to control and enforce;
  
  i) ownership of the transaction record by a service provider or a client,ii) a right of access to discrete information contained in the transaction record by one or more service providers,iii) an identification of said service provider, andiv) the identification of said client, whereby ownership of each individual transaction record is implemented in the data record itself such that access control to each record is enforced even in the event that access to physical data storage of the database or content of the database hosting the individual data records has been compromised;
  
  receiving in a computer system under the control of a third-party trusted information broker, via a communication medium, a first request initiated by a service provider for access to at least one of said medical records in said database, said first request including the identification of the service provider, the service provider being an external entity not affiliated with the third-party trusted information broker;
  
  transmitting from said computer system under the control of said third-party trusted information broker a request for consent to said client;
  
  receiving in said computer system under the control of said third-party trusted information broker, in response to said request for consent, an indication from said client that said client consents or does not consent to access to said medical record by said service provider;
  
  using information indicating said right of access stored in said transaction record to grant or deny access to said at least one medical record based upon said indication from said client, or from a different service provider;
  
  receiving in said computer system under the control of said third party trusted information broker, via said communication medium, a second request initiated by a second service provider to enter at least one second transaction record to said database, said request including the identification of the second service provider, the second service provider being an external entity not affiliated with the trusted information broker;
  
  using an access control list determined by the client to grant entering of one or more new medical records by said second service provider based upon an indication from said client that said client authorizes the second service provider to create such records, said access control list indicating rights of a plurality of service providers to create new records in the database, whereby multi-way communication of transaction records to and from the database is provided in a privacy compliant manner;
  
  receiving in said computer system under the control of said third-party trusted information broker, via said communication medium, a third request initiated by a third service provider to enter at least one third transaction record to said database, said third request including the identification of the third service provider, the third service provider being an external entity not affiliated with the trusted information broker; and
  
  ,using said access control list determined by the client to deny entering of one or more new medical records by said third service provider based upon a lack of an indication from said client that said client authorizes the third service provider to create such records.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, further comprising a step of selectively granting or denying portions of the first request.
  - 3. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, wherein said access control list includes an indication of a group to which said service provider belongs, and further comprising a step of granting or denying access to said requested record based upon a group to which the service provider belongs.
  - 4. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, further comprising a step of granting or denying access to a requested record based upon a context in which said service provider is accessing the information.
  - 5. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, wherein communication between said computer system and said service provider is encrypted.
  - 6. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, wherein communication between said computer system and said client is encrypted.
  - 7. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, wherein communication between said computer system and at least one of said client or said service provider is encrypted using a key which is uniquely generated for each communication session.
  - 8. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, wherein communication between said computer system and at least one of said client or said service provider is conducted via a secure communication channel.
  - 9. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 8, wherein said secure communication channel comprises at least one of:
    - Secure Socket Layer (SSL), Virtual Private Network (VPN), or Internet Protocol Security (IPSec).
  - 10. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, further comprising a step of maintaining an audit trail of access to or changes to at least one of said plurality of records.
  - 11. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 10, wherein said audit trail includes at least one transaction log which is digitally signed.
  - 12. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 10, wherein said audit trail includes at least one transaction log that includes a transaction parameter.
  - 13. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 12, wherein said transaction parameter includes at least one of:
    - an identification of a person requesting the transaction, an identification of an agency requesting the transaction, a date of the transaction, reasons listed for viewing the said record, an identification of particular documents or records accessed, or changes made to said record.
  - 14. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, further comprising a step of transmitting or receiving data in electronic forms that include field identifiers indicating which fields include private information and which fields include public information.
  - 15. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, further comprising the steps of:
    - authenticating a user logging into the system,issuing a login token to said user,transmitting to said user a list of clients whose information the user is authorized to view,determining one or more groups to which the user has been assigned based upon at least said access control list,determining the user'"'"'s access rights,creating a handler instance for an information request from said user,passing the handler instance to a data processing module to verify the handler instance,unwrapping a symmetric key and subsequently unlock transaction data,passing transaction data to the data processing module,using the data processing module to apply at least said access control list to limit the information of the list of clients available to the user to only that which the user is authorized to view,passing the authorized information via a dispatcher to an appropriate smart form.
  - 16. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, wherein said database resides with said trusted information broker.
  - 17. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, wherein said database resides with said service provider.
  - 18. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, wherein said database comprises one or more databases distributed across multiple geographic locations.
  - 19. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, wherein said request for access includes an identification of services to be provided and an identification of information to which the service provider will need access to be able to provide said service.
  - 20. The non-transitory computer readable medium for managing medical record information in a privacy compliant manner in accordance with claim 1, wherein the second service provider and the third service provider are the same service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Privit, Inc.
Original Assignee
Privit, Inc.
Inventors
Awaraji, Christian, Awaragi, Pierre
Primary Examiner(s)
Gilligan, Luke
Assistant Examiner(s)
BURGESS, JOSEPH D

Application Number

US11/187,834
Publication Number

US 20060026042A1
Time in Patent Office

2,619 Days
Field of Search

705 2- 3, 707/5, 707/9, 707/10, 713/176, 726/26
US Class Current

705/2
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 21/6245   Protecting personal data, e...

G06Q 10/00   Administration; Management

G06Q 40/08   Insurance

G06Q 50/265   Personal security, identity...

G16H 10/60   for patient-specific data, ...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 9/14   using a plurality of keys o...

Privacy compliant consent and data access management system and methods

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy compliant consent and data access management system and methods

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links