Information record infrastructure, system and method

US 7,805,377 B2
Filed: 08/19/2008
Issued: 09/28/2010
Est. Priority Date: 07/06/2000
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for controlling access to a medical record of a patient hosted by at least one medical record repository, comprising a plurality of record portions, each record portion having associated different patient-controlled access control criteria, comprising:

(a) receiving, by an intermediary, a request for a medical record from a requestor, said request comprising a medical record identifier, a requestor identifier, requestor authentication information, and patient-provided access control authorization;

(b) providing an automated processor adapted for automatically processing, by the intermediary, the request for the medical record to authenticate the requestor and determine sufficiency of the patient-provided access control authorization to meet the patient-controlled access control criteria for each respective record portion encompassed by the request; and

(c) selectively communicating, through an automated communication network, from the intermediary to the at least one medical record repository, an identification of each record portion for which patient-controlled access control criteria are determined to be sufficient for access by the requestor; and

(d) generating an electronic payment authorization associated with the request, for compensation of at least one of the intermediary and the at least one medical record repository.

View all claims

6 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A method for controlling access to a medical record of a patient hosted by at least one medical record repository, comprising a plurality of sub-records, each sub-record having an associated different patient-controlled access control criteria, comprising: receiving, by an intermediary, a request for a medical record from a requester, said request comprising a medical record identifier, a requester identifier, requester authentication information, and patient-provided access control authorization; automatically processing, by the intermediary, the request for the medical record to authenticate the requester and determine sufficiency of the patient-provided access control authorization to meet the patient-controlled access control criteria for each respective sub-record encompassed by the request; and selectively communicating, from the intermediary to the at least one medical record repository, an identification of each sub-record for which access control criteria are determined to be sufficient for access by the requestor. An electronic payment authorization associated with the request may be generated, for compensation of at least one of the intermediary and a medical record repository.

100 Citations

View as Search Results

19 Claims

1. A method for controlling access to a medical record of a patient hosted by at least one medical record repository, comprising a plurality of record portions, each record portion having associated different patient-controlled access control criteria, comprising:
- (a) receiving, by an intermediary, a request for a medical record from a requestor, said request comprising a medical record identifier, a requestor identifier, requestor authentication information, and patient-provided access control authorization;
  
  (b) providing an automated processor adapted for automatically processing, by the intermediary, the request for the medical record to authenticate the requestor and determine sufficiency of the patient-provided access control authorization to meet the patient-controlled access control criteria for each respective record portion encompassed by the request; and
  
  (c) selectively communicating, through an automated communication network, from the intermediary to the at least one medical record repository, an identification of each record portion for which patient-controlled access control criteria are determined to be sufficient for access by the requestor; and
  
  (d) generating an electronic payment authorization associated with the request, for compensation of at least one of the intermediary and the at least one medical record repository.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, further comprising generating an electronic payment authorization associated with the request, for compensation of the at least one medical record repository.
  - 3. The method according to claim 1, further comprising the step of persistently storing at least each request for which patient-controlled access control criteria are determined to be sufficient for access by the requestor.
  - 4. The method according to claim 1, further comprising the step of determining a role of a requestor in a medical care of a patient, and determining a sufficiency of the patient-provided access control authorization to meet the patient-controlled access control criteria at least in dependence on the determined role.
  - 5. The method according to claim 1, further comprising accounting by the intermediary, in a financial accounting database, for the request.
  - 6. The method according to claim 1, wherein the intermediary ensures that the requestor has entered into a restriction limiting retransmission of the medical record.

7. A system adapted to control access to a patient medical record hosted by at least one medical record repository comprising a plurality of record portions, each record portion being associated with different patient-controlled access control criteria, said system comprising an automated processor, a database adapted to store information for authenticating requestors, a database adapted to store information for determining patient-controlled access control criteria for respective record portions of a patient medical record, and a computer network interface, said processor being controlled by instructions stored on a computer readable storage medium to:
- (a) receive a request for a medical record from a requestor, said request comprising a medical record identifier, a requestor identifier, requestor authentication information, and patient-provided access control authorization;
  
  (b) process the request for the medical record, to authenticate the requestor and determine sufficiency of the patient-provided access control authorization to meet the patient-controlled access control criteria for each respective record portion encompassed by the request;
  
  (c) selectively communicate through the computer network interface to the at least one medical record repository, an identification of each record portion for which access control criteria are determined to be sufficient for access by the requestor; and
  
  (d) generating an electronic payment authorization associated with the request, for compensation of at least one of said system and the at least one medical record repository.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system according to claim 7, wherein said processor is further controlled by instructions to generate an electronic payment authorization associated with the request, for compensation of the at least one medical record repository.
  - 9. The system according to claim 7, wherein said processor is further controlled by instructions to persistently store at least each request for which patient-controlled access control criteria are determined to be sufficient for access by the requestor.
  - 10. The system according to claim 7, wherein said processor is further controlled by instructions to determine a role of a requestor in a medical care of a patient, and determining a sufficiency of the patient-provided access control authorization to meet the patient-controlled access control criteria at least in dependence on the determined role.
  - 11. The system according to claim 7, wherein said processor is further controlled by instructions to account, in a financial accounting database, for the request transaction.
  - 12. The system according to claim 7, wherein said processor is further controlled by instructions to ensure that the requestor has entered into a restriction limiting retransmission of the medical record.

13. A method for controlling access to a medical record of a patient hosted by at least one medical record repository, comprising:
- (a) receiving, by an intermediary, a request for a medical record comprising a plurality of record portions, each record portion having an associated different patient-controlled access control criteria, from a requestor, said request comprising a medical record identifier, a requestor identifier, and requestor authentication information;
  
  (b) automatically processing, by an automated processor associated with the intermediary, the request for the medical record to authenticate the requestor;
  
  (c) receiving, by the intermediary, a patient-provided access control authorization associated with a request for a medical record from a requestor;
  
  (d) automatically processing, by the automated processor associated with the intermediary, the request for the medical record, to further determine sufficiency of the patient-provided access control authorization to meet the patient-controlled access control criteria for each respective record portion encompassed by the request;
  
  (e) selectively communicating through an automated communication network, from the intermediary to the at least one medical record repository, an authenticated request for access to the medical record by the requestor and an identification of each record portion for which access control criteria are determined to be sufficient for access by the requestor; and
  
  (f) generating an electronic payment message associated with the request, relating to compensation of at least one of the intermediary and a medical record repository.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method according to claim 13, further comprising the step of persistently storing at least each request for which patient-controlled access control criteria are determined to be sufficient for access by the requestor.
  - 15. The method according to claim 13, further comprising the step of determining a role of a requestor in a medical care of a patient, and determining a sufficiency of the patient-provided access control authorization to meet the patient-controlled access control criteria at least in dependence on the determined role.
  - 16. The method according to claim 13, further comprising accounting by the intermediary, in a financial accounting database, for the request.
  - 17. The method according to claim 13, wherein the intermediary ensures that the requestor has entered into a restriction limiting retransmission of the medical record.
  - 18. The method according to claim 13, further comprising a context of a request for access to the medical record by the requestor, and determining a sufficiency of the patient-provided access control authorization to meet the patient-controlled access control criteria at least in dependence on the determined context.
  - 19. The method according to claim 13, further comprising encrypting at least a portion of the medical record for which the request for access is authenticated for secure transmission over a public communications network.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
RPX Corporation
Original Assignee
David Paul Felsher
Inventors
Felsher, David Paul
Primary Examiner(s)
Elisca, Pierre E

Application Number

US12/194,519
Publication Number

US 20080306872A1
Time in Patent Office

770 Days
Field of Search

705/64, 705/67, 705/51
US Class Current

705/64
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 10/10   Office automation; Time man...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G16H 10/60   for patient-specific data, ...

Information record infrastructure, system and method

First Claim

6 Assignments

Litigations

0 Petitions

Accused Products

Abstract

100 Citations

19 Claims

Specification

11 Family Members

Thank you for your feedback