Checkbook to control access to health record bank account

US 8,620,688 B2
Filed: 09/30/2005
Issued: 12/31/2013
Est. Priority Date: 09/30/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method of controlling access to a plurality of electronic medical records related to a plurality of individuals, comprising:

configuring a network-accessible storage repository to store the plurality of electronic medical records, wherein the electronic records for a given individual are associated with an electronic health records account (EHR account);

providing the individual with at least one portable, EHR account access device, wherein the access device includes a predefined authorization key that authorizes a plurality of requesting entities with access to the EHR account when presented with the access device;

receiving, over a data-communications network, a request from one of the requesting entities, wherein the request includes at least one transaction to be processed, the predefined authorization key from the access device given to the requesting entity by the individual, and a predefined requestor identification identifying the requesting entity, wherein the access device authorizes the entity presented with the access device to (i) perform a deposit transaction, wherein the deposit transaction submits additional electronic records associated with the individual stored in the network-accessible storage repository or (ii) to retrieve electronic records associated with the individual from the network-accessible repository;

authorizing the request based on both the predefined authorization key and the predefined requestor identification key;

performing the at least one transaction included in the request by use of one or more computer processors for the EHR account;

for each record accessed by one of the requesting entities, generating a report, wherein the generated report includes a listing of requests to access records associated with the individual and the respective requestor identification for each request; and

providing the reports to the individual.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, and article of manufacture for controlling access to electronic health records associated with an individual are provided. Individuals are provided with an electronic health records account (EHR account), wherein the EHR account is available to store electronic health records associated with the individual, in a network accessible storage repository. Additionally, an individual may be provided with plurality of disposable access devices, wherein the access devices may be presented to an entity. In turn, the entity may access the individual'"'"'s EHR account, based on a predefined authorization specified for a particular access device.

37 Citations

View as Search Results

22 Claims

1. A computer-implemented method of controlling access to a plurality of electronic medical records related to a plurality of individuals, comprising:
- configuring a network-accessible storage repository to store the plurality of electronic medical records, wherein the electronic records for a given individual are associated with an electronic health records account (EHR account);
  
  providing the individual with at least one portable, EHR account access device, wherein the access device includes a predefined authorization key that authorizes a plurality of requesting entities with access to the EHR account when presented with the access device;
  
  receiving, over a data-communications network, a request from one of the requesting entities, wherein the request includes at least one transaction to be processed, the predefined authorization key from the access device given to the requesting entity by the individual, and a predefined requestor identification identifying the requesting entity, wherein the access device authorizes the entity presented with the access device to (i) perform a deposit transaction, wherein the deposit transaction submits additional electronic records associated with the individual stored in the network-accessible storage repository or (ii) to retrieve electronic records associated with the individual from the network-accessible repository;
  
  authorizing the request based on both the predefined authorization key and the predefined requestor identification key;
  
  performing the at least one transaction included in the request by use of one or more computer processors for the EHR account;
  
  for each record accessed by one of the requesting entities, generating a report, wherein the generated report includes a listing of requests to access records associated with the individual and the respective requestor identification for each request; and
  
  providing the reports to the individual.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the access device provides a cryptographic key used to identify the access device and to identify the predefined authorization established for the access device.
  - 3. The method of claim 1, wherein the predefined authorization specifies a period of time to grant access to the EHR account to the entity presented with the access device.
  - 4. The method of claim 1, wherein the at least one access device comprises a plurality of preprinted paper slips that may be individually presented to different entities, and wherein each slip includes a different cryptographic key used to distinguish the preprinted paper slips from one another, and wherein each of the preprinted paper slips identifies the predefined authorization specified for a given slip.
  - 5. The method of claim 1, wherein the access device includes a machine-readable access key selected from at least one of a bar-code, magnetic ink, magnetic strip, or character sequence.
  - 6. The method of claim 1, wherein the access device provided to an individual specifies the predefined authorization for the access device.
  - 7. The method of claim 1, wherein the individual selects the predefined authorization for a given access device, prior to presenting the given access device to the entity.
  - 8. The method of claim 1, wherein the access device is revocable, and wherein a revoked access device will fail to provide the entity presented with the revoked access device access to the EHR account.
  - 9. The method of claim 1, wherein at least one account device comprises a token device with an embedded electronic device that is used to encode the account identifier and access key.
  - 10. The method of claim 1, wherein at least one account device may be used by certain predetermined entities to obtain access to the EHR account.

11. A non-transitory computer-readable medium containing a program, which when executed by a processor performs operations for managing access to a plurality of electronic medical records related to a plurality of individuals, the operations comprising:
- configuring a network-accessible storage repository to store the plurality of electronic medical records, wherein the electronic records for a given individual are associated with an electronic health records account (EHR account);
  
  providing the individual with at least one portable, transferable EHR account access device, wherein the access device includes a predefined authorization key that a plurality of requesting entities with access to the EHR account when presented with the access device;
  
  receiving, over a data-communications network, a request from one of the requesting entities, wherein the request includes at least one transaction to be processed, the predefined authorization key from the access device given to the requesting entity by the individual, and a predefined requestor identification identifying the requesting entity, wherein the access device authorizes the entity presented with the access device to (i) perform a deposit transaction, wherein the deposit transaction submits additional electronic records associated with the individual stored in the network-accessible storage repository or (ii) to retrieve electronic records associated with the individual from the network-accessible repository;
  
  authorizing, by operation of the processor, the request based on both the predefined authorization key and the predefined requestor identification key;
  
  performing, by operation of the processor, the at least one transaction for the EHR account;
  
  for each record accessed by one of the requesting entities, generating a report, wherein the generated report includes a listing of requests to access records associated with the individual and the respective requestor identification for each request; and
  
  providing the reports to the individual.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 12. The non-transitory computer-readable medium of claim 11, wherein the access device provides a cryptographic key used to identify which particular access device is presented to the entity and to identify the predefined authorization established for the access device.
  - 13. The non-transitory computer-readable medium of claim 11, wherein the predefined authorization specifies a period of time to grant access to the EHR account to the entity presented with the access device.
  - 14. The non-transitory computer-readable medium of claim 11, wherein the at least one access device comprises a plurality of preprinted paper slips that may be individually presented to different entities, and wherein each slip includes a different cryptographic key used to distinguish the preprinted paper slips from one another, and wherein each of the preprinted paper slips identifies the predefined authorization specified for a given slip.
  - 15. The non-transitory computer-readable medium of claim 11, wherein the access device authorizes the entity presented with the access device to perform a deposit transaction, wherein the deposit transaction submits additional electronic records associated with the individual stored in the network-accessible storage repository.
  - 16. The non-transitory computer-readable medium of claim 11, wherein the access device authorizes the entity presented with the access device to retrieve electronic records associated with the individual from the network-accessible repository.
  - 17. The non-transitory computer-readable medium of claim 11, wherein the access device includes a machine-readable access key selected from at least one of a bar-code, magnetic ink, magnetic strip, or character sequence.
  - 18. The non-transitory computer-readable medium of claim 11, wherein the access device provided to an individual specifies the predefined authorization for the access device.
  - 19. The non-transitory computer-readable medium of claim 11, wherein the individual selects the predefined authorization for a given access device, prior to presenting the given access device to the entity.
  - 20. The non-transitory computer-readable medium of claim 11, wherein the access device is revocable, and wherein a revoked access device will fail to provide the entity presented with the revoked access device access to the EHR account.
  - 21. The non-transitory computer-readable medium of claim 11, wherein at least one account device comprises a token device with an embedded electronic device that is used to encode the account identifier and access key in a machine readable form.
  - 22. The non-transitory computer-readable medium of claim 11, wherein at least one account device may be used by certain predetermined entities to obtain access to the EHR account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation, ServiceNow Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Dettinger, Richard D., Kolz, Daniel P., Stevens, Richard J.
Primary Examiner(s)
Holcomb, Mark

Application Number

US11/241,704
Publication Number

US 20070075135A1
Time in Patent Office

3,014 Days
Field of Search

705 2- 4, 705/51
US Class Current

705/3
CPC Class Codes

G06Q 10/087 Inventory or stock manageme...

G16H 10/60 for patient-specific data, ...

Checkbook to control access to health record bank account

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Checkbook to control access to health record bank account

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links