Controlling access to medical records

US 20070078677A1
Filed: 05/19/2004
Published: 04/05/2007
Est. Priority Date: 05/19/2003
Status: Abandoned Application

First Claim

Patent Images

1-21. -21. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for controlling the access of healthcare providers to the medical records of a patient held in a medical record database. A patient controls the access of healthcare providers to the patient'"'"'s medical records held in a medical record database. The patient determines access rights to be granted to the healthcare provider and generates an access authorisation message which specifies the access rights. The access authorisation message is transmitted from the patient to one or more healthcare providers. The healthcare provider transmits the access authorisation message together with a request for access to the patient'"'"'s medical records to the medical record database. The medical record database verifies that the access authorisation message originated from the patient before granting the healthcare provider access to the patient'"'"'s medical records in accordance with the access authorisation message.

85 Citations

View as Search Results

40 Claims

1-21. -21. (canceled)

22. A method for controlling the access of healthcare providers to the medical records of a patient held in a medical record database, the method including the steps of:
- (a) the patient determining access rights to be granted to one or more healthcare providers;
  
  (b) generating an access authorisation message which specifies the access rights;
  
  (c) transmitting the access authorisation message from the patient to one or more healthcare providers;
  
  (d) transmitting the access authorisation message together with a request for access to the patient'"'"'s medical records from the healthcare provider to the medical record database;
  
  (e) verifying that the access authorisation message originated from the patient;
  
  wherein the healthcare provider is granted access to the patient'"'"'s medical records in accordance with the access authorisation message if it can be verified that the access authorisation message originated from the patient whose medical records the health provider wishes to access.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 23. A method according to claim 22, wherein verification that the access authorisation message originates from the patient involves authenticating a digital signature accompanying the access authorisation message.
  - 24. A method according to claim 23, wherein the digital signature is generated by a private encryption key associated with the patient and the medical record database authenticates the digital signature using a public decryption key which corresponds to the private encryption key.
  - 25. A method according to claim 22, wherein the access rights determined by the patient are entered into a personal electronic device via an associated user interface and the personal electronic device generates the corresponding access authorisation message for transmission to the healthcare provider.
  - 26. A method according to claim 25, wherein the personal electronic device includes a private encryption key associated with the patient which is used to generate the digital signature which accompanies the access authorisation message.
  - 27. A method according to claim 22, wherein the access authorisation message includes one or more of the following restrictions:
    - (a) a time interval during which access is authorised;
      
      (b) a category of medical data to which access is authorised;
      
      or (c) a type of access which is authorised.
  - 28. A method according to claim 22, wherein the access authorisation message includes an identifier corresponding to the healthcare provider to whom access is granted by the patient.
  - 29. A method according to claim 22, wherein the medical record database is accessible to healthcare providers over a network.
  - 30. A method according to claim 25, wherein the personal electronic device is password protected.
  - 31. A method according to claim 25, wherein the personal electronic device is activated using one or more forms of biometric data associated with the patient.
  - 32. A method according to claim 22, wherein the medical record database verifies that the access authorisation message originated from the patient using a password transmitted by the patient to the healthcare provider together with the access authorisation message.

33. A system for controlling the access of healthcare providers to the medical records of a patient held in a medical record database, the system including:
- (a) an input component for entering patient determined access rights to be granted to one or more healthcare providers;
  
  (b) a processor for generating an access authorisation message that specifies the access rights;
  
  (c) a first transmitter for transmitting the access authorisation message from the patient to one or more healthcare providers;
  
  (d) a second transmitter for transmitting the access authorisation message together with a request for access to the patient'"'"'s medical records from the healthcare provider to the medical record database;
  
  (e) a verification component for verifying that the access authorisation message originated from the patient;
  
  wherein the healthcare provider is granted access to the patient'"'"'s medical records in accordance with the access authorisation message if it can be verified that the access authorisation message originated from the patient whose medical records the health provider wishes to access.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. A system according to claim 33, wherein the verification component verifies that the access authorisation message originates from the patient by authenticating a digital signature accompanying the access authorisation message.
  - 35. A system according to claim 33, wherein the processor is provided as part of a personal electronic device selected from one of the following:
    - (a) smart card;
      
      (b) mobile telephone;
      
      or (c) personal digital assistant.
  - 36. A system according to claim 35, wherein the input component is a user interface associated with the personal electronic device.
  - 37. A system according to claim 35, wherein the processor stores a private encryption key associated with the patient, the private encryption key being used to generate the digital signature and the verification component authenticates the digital signature using a public decryption key which corresponds to the private encryption key.
  - 38. A system according to any one of claim 33 wherein the medical record database is accessible to healthcare providers over a network.
  - 39. A system according to claim 35 wherein the personal electronic device is password protected.
  - 40. A system according to claim 35, wherein the personal electronic device is activated using one or more forms of biometric data associated with the patient.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellirad Solutions Pty Ltd.
Original Assignee
Intellirad Solutions Pty Ltd.
Inventors
Hofstetter, Robert

Application Number

US10/557,178
Publication Number

US 20070078677A1
Time in Patent Office

Days
Field of Search
US Class Current

705/2
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 10/10   Office automation; Time man...

G06Q 20/40   Authorisation, e.g. identif...

G16H 10/60   for patient-specific data, ...

Y04S 40/20   Information technology spec...

Controlling access to medical records

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

85 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling access to medical records

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links