Methods, apparatuses and computer program products for auditing protected health information

US 9,158,917 B2
Filed: 03/30/2012
Issued: 10/13/2015
Est. Priority Date: 03/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting a query to access information stored in a database comprising patient-related information;

saving the query in an event file;

capturing query-related information associated with the query and saving the query-related information in the event file;

determining, via a processor, whether data of the query itself comprises protected health information;

executing the query;

determining whether data returned from executing the query comprises protected health information;

determining whether a software application that generated the query has access to protected health information;

wherein the query is determined to comprise protected health information in an instance in which it is determined that either the query itself or the data returned by the query comprises protected health information;

wherein the query is determined not to comprise protected health information in an instance in which it is determined that the software application does not have access to protected health information; and

transmitting, in response to determining that the query comprises protected health information, the query-related information to be used in a reporting table.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus is provided for auditing protected health information of one or more patients. The apparatus includes at least one memory and at least one processor configured to detect a query to access information stored in a database including patient-related information. The processor is further configured to save the query in an event file. The processor is further configured to capture query-related information associated with the query and save the query-related information in the event file. The processor is further configured to determine that the query involves protected health information. The processor is further configured to transmit, in response to determining that the query involves protected health information, the query-related information to be used in a reporting table. Corresponding computer program products and methods are also provided.

4 Citations

20 Claims

1. A method comprising:
- detecting a query to access information stored in a database comprising patient-related information;
  
  saving the query in an event file;
  
  capturing query-related information associated with the query and saving the query-related information in the event file;
  
  determining, via a processor, whether data of the query itself comprises protected health information;
  
  executing the query;
  
  determining whether data returned from executing the query comprises protected health information;
  
  determining whether a software application that generated the query has access to protected health information;
  
  wherein the query is determined to comprise protected health information in an instance in which it is determined that either the query itself or the data returned by the query comprises protected health information;
  
  wherein the query is determined not to comprise protected health information in an instance in which it is determined that the software application does not have access to protected health information; and
  
  transmitting, in response to determining that the query comprises protected health information, the query-related information to be used in a reporting table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - identifying at least a portion of the underlying protected health information involved in the query; and
      
      transmitting the identified protected health information to be used in the reporting table.
  - 3. The method of claim 2, further comprising:
    - using the identified protected health information to retrieve additional protected health information to be used in the reporting table.
  - 4. The method of claim 1 further comprising:
    - determining that the query does not involve protected health information; and
      
      discarding the event file.
  - 5. The method of claim 1, wherein the query comprises a Structured Query Language (SQL) statement generated by a health care application operating within a health care system.
  - 6. The method of claim 1, wherein the query-related information comprises the identity of a health care application generating the query, the identity of a user operating the health care application, a time at which the health care application generated the query, a workstation used to access the health care application, or a combination thereof.
  - 7. The method of claim 1, wherein determining that the query involves protected health information further comprises determining that the query involves protected health information by comparing the query-related information to metadata designating medical information qualifying as protected health information.
  - 8. The method of claim 7, wherein determining that the query includes protected health information further comprises comparing content of the query and the information to which access is requested to one or more items of metadata specifying information designated as protected health information.
  - 9. The method of claim 7, wherein determining that the information to which access is requested by the query comprises protected health information further comprises:
    - executing the query; and
      
      determining that a result of the executed query comprises protected health information.

10. An apparatus comprising:
- at least one memory; and
  
  at least one processor configured to cause the apparatus to;
  
  detect a query to access information stored in a database comprising patient-related information;
  
  save the query in an event file;
  
  capture query-related information associated with the query and save the query-related information in the event file;
  
  determine whether data of the query itself comprises protected health information;
  
  execute the query;
  
  determine whether data returned from executing the query comprises protected health information,determine whether a software application that generated the query has access to protected health information;
  
  wherein the query is determined to comprise protected health information in an instance in which it is determined that either the query itself or the data returned by the query comprises protected health information;
  
  wherein the query is determined not to comprise protected health information in an instance in which it is determined that the software application does not have access to protected health information; and
  
  transmit, in response to determining that the query involves protected health information, the query-related information to be used in a reporting table.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10, wherein the processor is further configured to cause the apparatus to:
    - identify at least a portion of the underlying protected health information involved in the query; and
      
      transmit the identified protected health information to be used in the reporting table.
  - 12. The apparatus of claim 11, wherein the processor is further configured to cause the apparatus to:
    - use the identified protected health information to retrieve additional protected health information to be used in the reporting table.
  - 13. The apparatus of claim 10, wherein the processor is further configured to cause the apparatus to:
    - determine that the query does not involve protected health information; and
      
      discard the event file.
  - 14. The apparatus of claim 10, wherein the query comprises a Structured Query Language (SQL) statement generated by a health care application operating within a health care system.
  - 15. The apparatus of claim 10, wherein the query-related information comprises the identity of a health care application generating the query, the identity of a user operating the health care application, a time at which the health care application generated the query, a workstation used to access the health care application, or a combination thereof.
  - 16. The apparatus of claim 10, wherein the processor is further configured to cause the apparatus to:
    - determine that the query involves protected health information by comparing the query-related information to metadata designating medical information qualifying as protected health information.
  - 17. The apparatus of claim 16, wherein determining that the query includes protected health information further comprises comparing content of the query and the information to which access is requested to one or more items of metadata specifying information designated as protected health information.
  - 18. The apparatus of claim 16, wherein the processor is further configured to cause the apparatus to:
    - determine that the information to which access is requested by the query comprises protected health information by;
      
      executing the query; and
      
      determining that a result of the executed query comprises protected health information.

19. A computer program product comprising at least one non-transitory computer-readable storage medium having computer-executable program code instructions stored therein, the computer executable program code instructions comprising:
- program code instructions configured to detect a query to access information stored in a database comprising patient-related information;
  
  program code instructions configured to save the query in an event file;
  
  program code instructions configured to capture query-related information associated with the query and save the query-related information in the event file;
  
  program code instructions configured to determine whether data of the query itself comprises protected health information;
  
  program code instructions configured to execute the query;
  
  program code instructions configured to determine whether data returned from executing the query comprises protected health information,program code instructions configured to determine whether a software application that generated the query has access to protected health information;
  
  wherein the query is determined to comprise protected health information in an instance in which it is determined that either the query itself or the data returned by the query comprises protected health information;
  
  wherein the query is determined not to comprise protected health information in an instance in which it is determined that the software application does not have access to protected health information; and
  
  program code instructions configured to cause transmission, in response to determining that the query involves protected health information, of the query-related information to be used in a reporting table.
- View Dependent Claims (20)
- - 20. The computer program product of claim 19, further comprising:
    - program code instructions configured to identify at least a portion of the underlying protected health information involved in the query; and
      
      program code instructions configured to cause transmission of the identified protected health information to be used in the reporting table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Harris Dawn Holdings Incorporated
Original Assignee
Mckesson Financial Holdings Limited (McKesson Corp.)
Inventors
Newton, Roger, Brank, Barbara, Kells, Robert, Martin, Jason K.
Primary Examiner(s)
VO, TRUONG V

Application Number

US13/436,134
Publication Number

US 20130262503A1
Time in Patent Office

1,292 Days
Field of Search

707/758
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2101   Auditing as a secondary aspect

G16H 10/60   for patient-specific data, ...

Methods, apparatuses and computer program products for auditing protected health information

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

4 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, apparatuses and computer program products for auditing protected health information

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links