Secure and usable authentication for health care information access
First Claim
Patent Images
1. A method, comprising:
- using a radio frequency tag secured to a badge, wherein the badge is configured to;
utilize a card authentication protocol to authenticate the radio frequency tag, wherein the card authentication protocol comprises a time-based shared secret stored in the radio frequency tag that is changed on a regular basis, and the radio frequency tag is authenticated by the radio frequency tag communicating with an authentication module on a computer system;
sense a proximity of the badge to the computer system by utilizing a proximity sensor attached to the computer system, wherein the proximity sensor is configured to sense proximity of the badge to the computer system;
verify that the shared secret stored on the radio frequency tag is the same as a system secret stored on the computer system;
in response to the shared secret being the same as the system secret;
determine whether the health care provider is in a physical area assigned to a first patient by;
sending a radio frequency signal identification information of the health care provider from the radio frequency tag to the authentication module with a tag reader on the computer system, wherein the radio frequency tag determines the position information of the health care provider based on proximity to a terminal of the computer system,comparing the position of the terminal of the computer system with position information of the physical area assigned to the first patient; and
comparing position information of the health care provider with position information derived from the computer system of the physical area assigned to the first patient stored on the computer system;
periodically estimating an appointment time period for the health care provider with the one of the plurality of patients;
denying the health care provider access to an electronic record of the first patient if the health care provider is logged onto the computer system in a physical area assigned to the first patient outside the periodically estimated appointment time period for the first patient;
wherein the radio frequency tag is configured to automatically log in the health care provider to the computer system in response to the health care provider being in the physical area assigned to the first patient;
wherein the computer system is configured to determine whether the health care provider is logged onto the computer system at a time the health care provider is in the physical area assigned to the first patient;
wherein the computer system is configured to ascertain whether the health care provider is logged onto the computer system during authorized hours of the health care provider;
wherein the computer system is configured to, in response to the health care provider being logged onto the computer system at the time the health care provider is in the physical area assigned to the first patient, and in response to the health care provider being logged onto the computer system during the authorized hours of the health care provider, provide the health care provider with access to the electronic record of the first patient using the computer system by transmitting authorization for the health care provider to the computer system, thereby providing visual access to the electronic record of the first patient on a computer display of the computer system;
the computer system is configured to automatically generate a new shared secret, a new system secret, and new authorized hours for the health care provider in response to the health care provider accessing a system to update the shared secret;
whereby the electronic record of the first patient is available to the health care provider only when the health care provider needs it in order to treat the first patient;
whereby the health care provider is directly logged into the computer system without the need to type in a password, thus allowing the health care provider to log into the terminal of the computer system in a hands-free fashion; and
wherein the computer system is configured to log the health care provider out of the computer system after a predetermined time period of inactivity by the health care provider on the computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention relate to providing a health care provider access to an electronic record of a patient may be provided. A determination is made as to whether the health care provider is logged onto a computer system in a physical area assigned to the patient. Whether the health care provider is logged onto the computer system during working hours of the provider is also ascertained. The health care provider is provided with access to the electronic record of the patient via the computer system if the determining resolves to true and the ascertaining resolves to true.
-
Citations
8 Claims
-
1. A method, comprising:
-
using a radio frequency tag secured to a badge, wherein the badge is configured to; utilize a card authentication protocol to authenticate the radio frequency tag, wherein the card authentication protocol comprises a time-based shared secret stored in the radio frequency tag that is changed on a regular basis, and the radio frequency tag is authenticated by the radio frequency tag communicating with an authentication module on a computer system; sense a proximity of the badge to the computer system by utilizing a proximity sensor attached to the computer system, wherein the proximity sensor is configured to sense proximity of the badge to the computer system; verify that the shared secret stored on the radio frequency tag is the same as a system secret stored on the computer system; in response to the shared secret being the same as the system secret; determine whether the health care provider is in a physical area assigned to a first patient by; sending a radio frequency signal identification information of the health care provider from the radio frequency tag to the authentication module with a tag reader on the computer system, wherein the radio frequency tag determines the position information of the health care provider based on proximity to a terminal of the computer system, comparing the position of the terminal of the computer system with position information of the physical area assigned to the first patient; and comparing position information of the health care provider with position information derived from the computer system of the physical area assigned to the first patient stored on the computer system; periodically estimating an appointment time period for the health care provider with the one of the plurality of patients; denying the health care provider access to an electronic record of the first patient if the health care provider is logged onto the computer system in a physical area assigned to the first patient outside the periodically estimated appointment time period for the first patient; wherein the radio frequency tag is configured to automatically log in the health care provider to the computer system in response to the health care provider being in the physical area assigned to the first patient; wherein the computer system is configured to determine whether the health care provider is logged onto the computer system at a time the health care provider is in the physical area assigned to the first patient; wherein the computer system is configured to ascertain whether the health care provider is logged onto the computer system during authorized hours of the health care provider; wherein the computer system is configured to, in response to the health care provider being logged onto the computer system at the time the health care provider is in the physical area assigned to the first patient, and in response to the health care provider being logged onto the computer system during the authorized hours of the health care provider, provide the health care provider with access to the electronic record of the first patient using the computer system by transmitting authorization for the health care provider to the computer system, thereby providing visual access to the electronic record of the first patient on a computer display of the computer system; the computer system is configured to automatically generate a new shared secret, a new system secret, and new authorized hours for the health care provider in response to the health care provider accessing a system to update the shared secret; whereby the electronic record of the first patient is available to the health care provider only when the health care provider needs it in order to treat the first patient; whereby the health care provider is directly logged into the computer system without the need to type in a password, thus allowing the health care provider to log into the terminal of the computer system in a hands-free fashion; and wherein the computer system is configured to log the health care provider out of the computer system after a predetermined time period of inactivity by the health care provider on the computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsWang, Qihua, Jin, Hongxia
-
Primary Examiner(s)Seoh, Minnah
-
Assistant Examiner(s)Durant, Jonathan
-
Application NumberUS13/593,251Publication NumberTime in Patent Office1,811 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/31 User authenticationG06F 21/35 communicating wirelesslyG06F 21/6245 Protecting personal data, e...G06F 2221/2111 Location-sensitive, e.g. ge...G06F 2221/2137 Time limited access, e.g. t...G16H 10/60 for patient-specific data, ...G16H 40/20 for the management or admin...H04L 2209/88 Medical equipmentsH04L 9/3228 One-time or temporary data,...H04L 9/3234 involving additional secure...
