Auditing database access in a distributed medical computing environment

US 9,817,850 B2
Filed: 11/29/2012
Issued: 11/14/2017
Est. Priority Date: 02/25/2011
Status: Active Grant

First Claim

Patent Images

1. A method of auditing database access in a distributed medical computing environment, the method comprising:

receiving, by an audit manager responsive to a user query of one or more databases within the distributed medical computing environment, results of the query;

determining by the audit manager, in dependence upon audit policies for the medical computing environment, whether any portion of the results of the query smaller than the entire results of the query require auditing access before presenting to the user, any portions of the results of the query to the user, wherein the audit policies specify one of several actions to take in response to one or more conditions, the one or more conditions including presence of one or more specific fields and absence of one or more specific fields in the results of the query; and

in response to a determination that any portion of the results of the query require auditing access;

creating and storing an audit record in an audit database, wherein the audit record comprises data identifying the query, the user from which the query is received, and the portions of the query results that caused the results to require auditing access, wherein the audit database only includes audit records, transmitting the audit record to a predetermined auditing facility to be stored, and withholding, from the user, the portions of the results of the query requiring auditing access by redacting the portions of the results of the query requiring auditing access and presenting certain portions of the results of the query anonymously to the user; and

providing a notification of the query if any portion of the results of the query require auditing access, wherein the notification is a message sent to a predetermined location designated for auditing database queries.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Auditing database access in a distributed medical computing environment includes receiving from a user a query of one or more databases within the distributed medical administration computing environment; determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access; and if any of the results of the query require auditing access, creating an audit record and storing the audit record in an audit database.

348 Citations

5 Claims

1. A method of auditing database access in a distributed medical computing environment, the method comprising:
- receiving, by an audit manager responsive to a user query of one or more databases within the distributed medical computing environment, results of the query;
  
  determining by the audit manager, in dependence upon audit policies for the medical computing environment, whether any portion of the results of the query smaller than the entire results of the query require auditing access before presenting to the user, any portions of the results of the query to the user, wherein the audit policies specify one of several actions to take in response to one or more conditions, the one or more conditions including presence of one or more specific fields and absence of one or more specific fields in the results of the query; and
  
  in response to a determination that any portion of the results of the query require auditing access;
  
  creating and storing an audit record in an audit database, wherein the audit record comprises data identifying the query, the user from which the query is received, and the portions of the query results that caused the results to require auditing access, wherein the audit database only includes audit records, transmitting the audit record to a predetermined auditing facility to be stored, and withholding, from the user, the portions of the results of the query requiring auditing access by redacting the portions of the results of the query requiring auditing access and presenting certain portions of the results of the query anonymously to the user; and
  
  providing a notification of the query if any portion of the results of the query require auditing access, wherein the notification is a message sent to a predetermined location designated for auditing database queries.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access further comprises:
    - returning to an audit manager the results of the query; and
      
      determining by the audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access.
  - 3. The method of claim 1 wherein determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access further comprises determining from the query itself whether results would require auditing access.
  - 4. The method of claim 1 wherein the distributed medical computing environment including a medical digital image communications protocol adapter, a medical image metadata database, a medical image repository, and a medical image transaction workflow dispatcher, and wherein the method further comprises receiving from the user the query of the one or more databases within the distributed medical administration computing environment including receiving, in the medical digital image communications protocol adapter, a query transmitted according to one of a plurality of a medical image communications protocol supported by medical digital image communications protocol adapter and used by a user;
    - andcreating an audit record and storing the audit record in an audit database further comprises selecting by the workflow dispatcher audit workflows and executing the audit workflows.

5. A method of auditing database access in a distributed medical computing environment, the method comprising:
- receiving from a user, a query of one or more databases within the distributed medical computing environment including receiving, in the medical digital image communications protocol adapter, a query transmitted according to one of a plurality of a medical image communications protocol supported by medical digital image communications protocol adapter and used by a user;
  
  receiving, by an audit manager responsive to the query of the one or more databases within the distributed medical computing environment, results of the query;
  
  determining from the results of the query, by the audit manager, in dependence upon audit policies for the medical computing environment, whether any portion of the results of the query smaller than the entire results of the query require auditing access before providing the results of the query to the user, determining by an audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access further comprises;
  
  returning to an audit manager the results of the query; and
  
  determining by the audit manager in dependence upon audit policies for the medical computing environment whether any of the results of the query require auditing access; and
  
  wherein the audit policies specify one of several actions to take in response to one or more conditions, the one or more conditions including presence of one or more specific fields and absence of one or more specific fields in the results of the query;
  
  in response to a determination that any portion of the results of the query require auditing access;
  
  creating and storing an audit record in an audit database, wherein the audit record comprises data identifying the query, the user from which the query is received, and the portions of the query results that caused the results to require auditing access, wherein the audit database only includes audit records, wherein creating an audit record and storing the audit record in an audit database further comprises selecting by the workflow dispatcher audit workflows and executing the audit workflows,transmitting the audit record to a predetermined auditing facility to be stored, andwithholding, from the user, the portions of the results of the query requiring auditing access by redacting the portions of the results of the query requiring auditing access and presenting certain portions of the results of the query anonymously to the user; and
  
  providing a notification of the query if any portion of the results of the query require auditing access, wherein the notification is a message sent to a predetermined location designated for auditing database queries.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Dubbels, Joel C., Glowacki, Janice R., Stevens, Richard J.
Primary Examiner(s)
Thomas, Ashish K
Assistant Examiner(s)
Ohba, Mellissa M

Application Number

US13/688,914
Publication Number

US 20130091106A1
Time in Patent Office

1,811 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/27   Replication, distribution o...

G16H 30/20   for handling medical images...

G16H 30/40   for processing medical imag...

Auditing database access in a distributed medical computing environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

348 Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Auditing database access in a distributed medical computing environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

348 Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links