Managing patient consent in a master patient index

US 8,949,137 B2
Filed: 01/09/2012
Issued: 02/03/2015
Est. Priority Date: 05/03/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method executed on one or more processors for managing patient consent, the method comprising:

receiving, with the one or more processors, private patient information associated with a health care information system of a provider;

determining, with the one or more processors, that the private patient information includes confidential data based on an indicator, wherein data is confidential data when the indicator associated with the data indicates that the data is inaccessible to one or more of another health care information system and another provider, the another health care information system and the another provider having an authorized relationship with the patient;

receiving a request from a user for accessing the confidential data;

determining whether the user is allowed to access the confidential data;

responsive to the user not being allowed to access the confidential data, providing a confidentiality alert to the user;

analyzing user access of the confidential data;

determining a pattern of the user access of the confidential data; and

determining whether an access violation occurred based on the pattern.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for managing patient consent. A data access manager includes a controller, a lookup module, a clinical authorization engine, a logging/auditing unit, a user profile engine, a report module and a user interface engine. The controller manages the core functions and the transmission of data between the data access manager components. The lookup module enables a user to query patient data. The clinical authorization engine authorizes access to patient data. The logging/auditing unit logs and monitors user activity. The user profile engine accesses and updates user profile information. The patient profile engine accesses and updates patient profile information. The report module generates reports related to the user activity. The user interface engine generates user interfaces for displaying the user profiles and patient information data.

Citations

20 Claims

1. A computer-implemented method executed on one or more processors for managing patient consent, the method comprising:
- receiving, with the one or more processors, private patient information associated with a health care information system of a provider;
  
  determining, with the one or more processors, that the private patient information includes confidential data based on an indicator, wherein data is confidential data when the indicator associated with the data indicates that the data is inaccessible to one or more of another health care information system and another provider, the another health care information system and the another provider having an authorized relationship with the patient;
  
  receiving a request from a user for accessing the confidential data;
  
  determining whether the user is allowed to access the confidential data;
  
  responsive to the user not being allowed to access the confidential data, providing a confidentiality alert to the user;
  
  analyzing user access of the confidential data;
  
  determining a pattern of the user access of the confidential data; and
  
  determining whether an access violation occurred based on the pattern.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the indicator is associated with at least one of a patient profile and an encounter associated with the patient profile.
  - 3. The method of claim 1, wherein the confidentiality alert requests a type of access and a reason for accessing the confidential data, the reason including an emergency permission.
  - 4. The method of claim 3, further comprising ignoring patient consent to identify affected patients during an emergency.
  - 5. The method of claim 1, further comprising logging access activity by the user.
  - 6. The method of claim 1, wherein multiple users access patient information and further comprising generating a report based on the access of the patient information.
  - 7. The method of claim 1, wherein determining whether the patient information includes confidential data is based on whether a patient opted-in or opted-out of exchanging the patient information.
  - 8. The method of claim 1, further comprising anonymizing the patient information and transmitting the anonymized patient information to the user without patient consent.
  - 9. The method of claim 1, further comprising determining an age of the patient and denying access to the patient information in accordance with a state law.

10. A system for managing patient consent, the system comprising:
- one or more processors;
  
  a data access manager stored on a memory and executable by the processor, the data access manager receiving private patient information associated with a health care information system of a provider, determining that the private patient information includes confidential data based on an indicator, wherein data is confidential data when the indicator associated with the data indicates that the data is inaccessible to one or more of another health care information system and another provider, the another health care information system and the another provider having an authorized relationship with the patient, receiving a request from a user for accessing the confidential data and determining whether the user is allowed to access the confidential data;
  
  a user interface engine stored on the memory and executable by the one or more processors, the user interface engine responsive to the user not being allowed to access the confidential data, providing a confidentiality alert to the user; and
  
  a logging unit stored on the memory and executable by the one or more processors, the logging unit analyzing user access of the confidential data, determining a pattern of the user access of the confidential data and determining whether an access violation occurred based on the pattern.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the indicator is associated with at least one of a patient profile and an encounter associated with the patient profile.
  - 12. The system of claim 10, wherein the confidentiality alert requests a type of access and a reason for accessing the confidential data, the reason including an emergency permission.
  - 13. The system of claim 12, wherein the data access manager ignores patient consent to identify affected patients during an emergency.
  - 14. The system of claim 10, wherein the data access manager logs access activity by the user.
  - 15. The system of claim 10, wherein multiple users access patient information and wherein the data access manager generates a report based on a plurality of access events by the user.
  - 16. The system of claim 10, wherein determining whether the patient information includes confidential data is based on whether a patient opted-in or opted- out of exchanging the patient information.
  - 17. The system of claim 10, wherein the data access manager anonymizes the patient information and transmits the anonymized patient information to the user without patient consent.
  - 18. The system of claim 10, wherein the data access manager determines an age of the patient and denies access to the patient information in accordance with a state law.

19. A computer program product comprising a non-transitory computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- receive private patient information associated with a health care information system of a provider;
  
  determine that the private patient information includes confidential data based on an indicator, wherein data is confidential data when the indicator associated with the data indicates that the data is inaccessible to one or more of another health care information system and another provider, the another health care information system and the another provider having an authorized relationship with the patient;
  
  receive a request from a user for accessing the confidential data;
  
  determine whether the user is allowed to access the confidential data;
  
  responsive to the user not being allowed to access the confidential data, provide a confidentiality alert to the user;
  
  analyze user access of the confidential data;
  
  determine a pattern of the user access of the confidential data; and
  
  determine whether an access violation occurred based on the pattern.
- View Dependent Claims (20)
- - 20. The computer program product of claim 19, wherein the indicator is associated with at least one of a patient profile and an encounter associated with the patient profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Health Catalyst, Inc.
Original Assignee
Medicity Incorporated (Health Catalyst, Inc.)
Inventors
Crapo, Jared, Coyle, David M., Owen, Carol L., Pearson, Preston, McRae, Kristen
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
GUIRGUIS, MICHAEL M

Application Number

US13/346,721
Publication Number

US 20120203571A1
Time in Patent Office

1,121 Days
Field of Search

705/3, 726/27
US Class Current

705/3
CPC Class Codes

G06Q 10/10   Office automation; Time man...

G16H 10/60   for patient-specific data, ...

G16H 40/20   for the management or admin...

Managing patient consent in a master patient index

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Managing patient consent in a master patient index

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links