[go: up one dir, main page]

WO2010135578A2 - Health care information systems using object identifiers devoid of personal health information - Google Patents

Health care information systems using object identifiers devoid of personal health information Download PDF

Info

Publication number
WO2010135578A2
WO2010135578A2 PCT/US2010/035654 US2010035654W WO2010135578A2 WO 2010135578 A2 WO2010135578 A2 WO 2010135578A2 US 2010035654 W US2010035654 W US 2010035654W WO 2010135578 A2 WO2010135578 A2 WO 2010135578A2
Authority
WO
WIPO (PCT)
Prior art keywords
health care
information
provider
name
health
Prior art date
Application number
PCT/US2010/035654
Other languages
French (fr)
Other versions
WO2010135578A3 (en
Inventor
Carl Kesselman
Stephan G. Erberich
Frank Siebenlist
Sam X. Sun
Karl Czajkowski
Laura Pearlman
Original Assignee
Carl Kesselman
Erberich Stephan G
Frank Siebenlist
Sun Sam X
Karl Czajkowski
Laura Pearlman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Carl Kesselman, Erberich Stephan G, Frank Siebenlist, Sun Sam X, Karl Czajkowski, Laura Pearlman filed Critical Carl Kesselman
Publication of WO2010135578A2 publication Critical patent/WO2010135578A2/en
Publication of WO2010135578A3 publication Critical patent/WO2010135578A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation

Definitions

  • This disclosure relates to health care information systems, including systems which communicate health care information between different health care providers.
  • Health care information often needs to be exchanged between different institutions, such as between different health care providers.
  • Health Insurance Portability and Accountability Act of 1966 HIPAA
  • This act includes administrative simplification provisions which require national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
  • the administration simplification provisions also impose stringent security and privacy requirements on health care data.
  • a name generating system may generate an object name for each of the health care objects.
  • the object name of each health care object may include provider information indicative of the identity of the health care provider which manages the health care object.
  • the provider information may include information indicative of the National Provider ID of the health care provider.
  • the object name of each health care object may include object information indicative of the identity of the health care object.
  • the object information may not contain any personal health information.
  • the object information may be randomly generated.
  • the object information may include information enabling the integrity of the object information to be verified.
  • a name delivery system may deliver the object names generated by the name generating system.
  • a communication system may receive the object information from a health care information access system and, in response, provide the information about the health care object, named in part with the object information, to the health care information access system.
  • the health care information provider system may include a security system configured to limit access to the information about the health care objects to only authorized heath care information access systems.
  • At least one of the health care objects may include a health care record, the name of a health care patient, and/or a health care patient study.
  • the name generating system and the object resolution system may both be under the control of a common health care provider.
  • a health care information access system may access information about health care objects that are each managed by a health care provider.
  • the health care information access system may include a user interface configured to receive an object name for each of the health care objects.
  • the object name of each health care object may include provider information and object information.
  • the health care information access system may include a provider identification system configured to identify the health care provider that manages each health care object based on the provider information in the object name of the health care object.
  • the provider identification system may be configured to identify the health care provider that manages each health care object based on a National Provider ID in the provider information.
  • the health care information access system may include a security system configured to provide each health care information provider system with information identifying the health care information access system. This may enable the health care information provider system to verify the authority of the health care information access system to obtain the information about the health care object managed by each health care information provider system.
  • FIG. 1 is an example of a health care information system.
  • FIG. 2 is an example of a health care information provider system.
  • FIG. 3 are examples of object names for health care objects.
  • FIG. 4 is an example of a health care information access system.
  • Each health care information access system may be configured to access information about health care objects. These objects may include patient medical records, names and other information about health care patients, and/or health care studies.
  • Each health care information provider system may be configured to provide information about one or more health care objects. These objects may include patient medical records, names and other information about health care patients, and/or health care studies.
  • the network communication infrastructure may be configured to facilitate communication of requests for health care information from the health care information access systems to the health care information provider systems.
  • the requests may seek information about and/or copies of one or more health care objects.
  • An example is a request for a copy of a medical imaging study.
  • These health care objects may contain private health information, as commonly defined by federal and local laws.
  • the requests may come from a variety of different types of health care providers, such as hospital, doctor offices, clinics, and/or midwives.
  • the health care information provider system illustrated in FiG. 2 may be used as one or more of the health care information provider systems illustrated in FIG. 1. Conversely, one or more of the health care information provider systems illustrated in FiG. 1 may be of a type that is different from the health care information provider system illustrated in FiG. 2.
  • the health care information provider system illustrated in FiG. 2 may include a name generating system 201 , a name delivery system 203, an object resolution system 205, a security system 207, and/or a communication system 209.
  • the health care identification provider system may include additional components not illustrated in FiG. 2. Examples include databases, local authentication systems, and other software components and services.
  • the name generating system 201 may be configured to generate an object name for each of the health care objects.
  • Each object name may include provider information and object information.
  • Other information may be included, such as handle attributes in accordance with an object naming convention, such as the one described in U.S. Patent 6,135,646 to Kahn et al., the entire of which is incorporated herein by reference.
  • the attributes may include information such as the hospital name and authentication information which may be used by administrators managing the hospital name space.
  • This provider information naming convention changes in provider names may not necessarily require any change in the provider information which forms part of the object name.
  • the object information portion of each object name may be indicative of the identity of the health care object.
  • the object information may not contain any personal health information.
  • the object information may not include the name of the patient, the address of the patient, the age of the patient, the sex of the patient, or any other information about the identity of the individual about whom the information pertains.
  • the object information include any such personal health information in any encrypted form which might be subject to decryption through the use of a decryption key.
  • the object information may be randomly generated.
  • the object information may be a randomly-generated number.
  • the name generating system 201 may be configured to include information enabling the integrity of the object information, the provider information, or both, to be verified. For example, the name generating system 201 may calculate a check sum for any or all of these fields of information and may include that check sum as part of the object name. Standard cryptographic check sums such as SHA may be used.
  • the name delivery system 203 may be configured to deliver the object names generated by and delivered from the name generating system 201. Because the object name may be structured so as not to divulge private health information, any standard network delivery protocol may be used to deliver the name. In addition, because the object naming and resolution is decoupled from the access to the object, the configurations of who to deliver to, how, and when may be adjusted to conform to the information sharing workflow. The name delivery system 203 may be configured to deliver these names over the network communication infrastructure illustrated in FiG. 1 via standard network protocols and/or to a user of the health care information provider system through a user interface (not shown), such as a web browser, email client or other specialized application.
  • a user interface not shown
  • the object resolution system 205 may be configured to utilize this location information for the purpose of seeking and obtaining the information about the health care object, or may simply return the location information so that the information about the health care object may be accessed by a different system.
  • the name resolution system may return the network address and path (e.g., URL) to one or more storage servers that hold the referenced information (e.g., a patient X-ray), or may provide the application entity title of a DICOM storage device that holds the information (e.g., radiological images).
  • the name resolution system may in addition or instead return a copy of the health care object (e.g., patient X-ray).
  • the security system 207 may be configured to limit access to the information about the health care objects to only authorized health care information access systems. For example, the security system 207 may request a user name and password from each health care information access system and, before granting access to the requested health care information, verify that the entered user name and password is correct.
  • the security system 207 may perform further checks to ensure that the querying health care information access system is entitled to receive the requested health care information. For example, the security system 207 may be configured to verify that the requesting health care information access system has a business associates agreement with the institution that is managing the health care object about which information is sought.
  • the communication system 209 may be configured to receive the object information from a health care information access system. In response, the communication system may be configured to provide the requesting health care information access system with the requested information.
  • the communication system 209 may include such components as a network interface card and related software and hardware systems that facilitate communication between different computers in a network environment.
  • FIG. 3 illustrates examples of object names for health care objects.
  • each object name may include provider information.
  • the provider information may be indicative of the identity of the health care provider which manages the health care object.
  • the provider information may be in the form of a National Provider ID. As illustrated in FiG. 3, this may take the form of the digits "888,” followed by a decimal, followed by the prefix USNPI, followed by a 7", and followed finally by a unique handle.
  • each object name may include object information.
  • the object information may be randomly generated, such as a randomly generated number. As explained above, this number may not include any personal health information, even in a form which can be decrypted with a decryption key.
  • the provider information and object information that forms each object name may be in a form and/or with content that is different from what is illustrated in FIG. 3.
  • the provider identification system 403 may be configured to identify the health care provider that manages each health object, based on the provider information in the object name of the health care object.
  • the provider information includes a National Provider ID
  • the provider identification system 403 may include a database which associates each national provider ID with an actual provider.
  • the identification of a provider may include a network address or other type of location at which a request for information about a health care object managed by the provider may be sent.
  • a National Provider ID is not provided, another type of managed name space may be used.
  • the database may include information which associates the provider information in the form in which it is provided with the network addresses or other type of location information for the provider. Any unique name may be used for each provider.
  • CHI-Appliance The Center for Health Informatics (CHI) has created a networked system (CHI-Appliance) to enable HIPAA compliant data exchange Medical professionals or health providers can utilize the CHI-Appliance to release clinical information for (i) treatment, payment or health-care operations (TPO) or (11) limited / de-identified data for research under HlPAA policy enforcement by the system
  • Part of the system is _ policy engine which enables a well-defmed and appropriately authorized release of a medical record from the local provider to the intended remote recipient, e g another provider engaged in TPO of the patient or a research affiliate engaged in an IRB approved study which receives a PHI removed and coded version of the medical record
  • the system uses a secure data management system to reference the medical record and to securely transport the medical record over public networks, e g Internet, to the intended recipient
  • the recipient also equipped with the system is receiving the reference and based on the recipient's policy will execute a secure data transfer
  • the recipient's system may recode the data depending on local provider conventions using the policy engine and consumes the medical record into the provider hospital information systems, e g EMR, PACS etc
  • a doctor at hospital A wants to share an MRI image set with a sub-specialist at practice B for second opinion
  • the patient agrees and signs waiver of consent to release the medical image record to the sub-specialist
  • the images are send from the clinical PACS (image archive) to the local CHI-Appliance (publication event)
  • the IT support of hospital A enters a release policy (HIPAA policy enforcement rule) for this record into the system (policy definition)
  • the system finds the record and its matching policy and notifies practice B that an image record is ready for release
  • the system at practice B validates the notification with the local record policy and determines it is able to obtain the record (unique HIPAA compliant naming of the image record)
  • the images are then requested from the appliance of hospital A and send to practice B (peer to-peer secure transfer)
  • the images are now recoded to match the local medical record number and entered into the image review system
  • the images are no ready for consultation

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Medical Informatics (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • Public Health (AREA)
  • Biomedical Technology (AREA)
  • Primary Health Care (AREA)
  • General Business, Economics & Management (AREA)
  • Epidemiology (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

A health care information provider system may provide information about health care objects managed by a health care provider. A name generating system may generate an object name for each of the health care objects. The object name of each health care object may include provider information indicative of the identity of the health care provider which manages the health care object. The object name of each health care object may include object information indicative of the identity of the health care object. The object information not be devoid of any personal health information, even in a form which can be decrypted by a decryption key. An object resolution system may receive object information indicative of the identity of each health care object and provide information about the health care object in response. The object resolution system may include location information correlating the object information for each object to information indicative of the location of the information about each health care object within the health care provider. A communication system may receive the object information from a health care information access system and, in response, provide the information about the health care object, named in part with the object information, to the health care information access system.

Description

HEALTH CARE INFORMATION SYSTEMS USING OBJECT IDENTIFIERS DEVOID OF PERSONAL HEALTH INFORMATION
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is based upon and claims priority to U.S. Provisional Patent Application 61/180,074, entitled "HEALTH OBJECT IDENTIFIER," filed May 20, 2009, attorney docket number 028080-0471 , and to U.S. Provisional Patent Application 61/221 ,410, entitled "HIPAA COMPLIANT MEDICAL RECORD EXCHANGE APPLIANCE CHI APPLIANCE," June 29, 2009, attorney docket number 028080-0481 . The entire content of these two applications is incorporated herein by reference.
BACKGROUND
TECHNICAL FIELD
[0002] This disclosure relates to health care information systems, including systems which communicate health care information between different health care providers.
DESCRIPTION OF RELATED ART
[0003] Health care information often needs to be exchanged between different institutions, such as between different health care providers. However, there are numerous laws which protect the security and privacy of much of this information. One example is the Health Insurance Portability and Accountability Act of 1966 (HIPAA). This act includes administrative simplification provisions which require national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The administration simplification provisions also impose stringent security and privacy requirements on health care data.
[0004] Unfortunately, it can be difficult to comply with all of these laws while exchanging needed health care information. This can make the exchange of such information costly, difficult, and time-consuming. SUMMARY
[0005] A health care information provider system may provide information about health care objects managed by a health care provider.
[0006] A name generating system may generate an object name for each of the health care objects.
[0007] The object name of each health care object may include provider information indicative of the identity of the health care provider which manages the health care object. The provider information may include information indicative of the National Provider ID of the health care provider.
[0008] The object name of each health care object may include object information indicative of the identity of the health care object. The object information may not contain any personal health information. The object information may be randomly generated. The object information may include information enabling the integrity of the object information to be verified.
[0009] A name delivery system may deliver the object names generated by the name generating system.
[0010] An object resolution system may receive object information indicative of the identity of each health care object and provide information about the health care object in response. The object resolution system may include location information correlating the object information for each object to information indicative of the location of the information about each health care object within the health care provider.
[0011] A communication system may receive the object information from a health care information access system and, in response, provide the information about the health care object, named in part with the object information, to the health care information access system.
[0012] The health care information provider system may include a security system configured to limit access to the information about the health care objects to only authorized heath care information access systems.
[0013] At least one of the health care objects may include a health care record, the name of a health care patient, and/or a health care patient study. [0014] The name generating system and the object resolution system may both be under the control of a common health care provider.
[0015] A health care information access system may access information about health care objects that are each managed by a health care provider. The health care information access system may include a user interface configured to receive an object name for each of the health care objects. The object name of each health care object may include provider information and object information.
[0016] The health care information access system may include a provider identification system configured to identify the health care provider that manages each health care object based on the provider information in the object name of the health care object. The provider identification system may be configured to identify the health care provider that manages each health care object based on a National Provider ID in the provider information.
[0017] The health care information access system may include a communication system that provides the object information for each health care object to a health care information provider system controlled by the health care provider managing the health care object. The communication system may receive information about the health care object from the health care information provider system in response.
[0018] The health care information access system may include a security system configured to provide each health care information provider system with information identifying the health care information access system. This may enable the health care information provider system to verify the authority of the health care information access system to obtain the information about the health care object managed by each health care information provider system.
[0019] These, as well as other components, steps, features, objects, benefits, and advantages, will now become clear from a review of the following detailed description of illustrative embodiments, the accompanying drawings, and the claims. BRIEF DESCRIPTION OF DRAWINGS
[0020] The drawings disclose illustrative embodiments. They do not set forth all embodiments. Other embodiments may be used in addition or instead. Details which may be apparent or unnecessary may be omitted to save space or for more effective illustration. Conversely, some embodiments may be practiced without all of the details which are disclosed. When the same numeral appears in different drawings, it refers to the same or like components or steps.
[0021] FIG. 1 is an example of a health care information system.
[0022] FIG. 2 is an example of a health care information provider system.
[0023] FIG. 3 are examples of object names for health care objects.
[0024] FIG. 4 is an example of a health care information access system.
DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS
[0025] Illustrative embodiments are now discussed. Other embodiments may be used in addition or instead. Details which may be apparent or unnecessary may be omitted to save space or for a more effective presentation. Conversely, some embodiments may be practiced without all of the details which are disclosed.
[0026] FIG. 1 is an example of a health care information system. The health care information system may include one or more health care information access systems, such as health care information access systems 101 , 103, and 105. It may also include one or more health care information provider systems, such as health care information provider systems 107, 109, and 11 1. It may also include a network communication infrastructure, such as network communication infrastructure 1 13.
[0027] Each health care information access system may be configured to access information about health care objects. These objects may include patient medical records, names and other information about health care patients, and/or health care studies.
[0028] Each health care information provider system may be configured to provide information about one or more health care objects. These objects may include patient medical records, names and other information about health care patients, and/or health care studies.
[0029] The network communication infrastructure may be configured to facilitate communication of requests for health care information from the health care information access systems to the health care information provider systems. The requests may seek information about and/or copies of one or more health care objects. An example is a request for a copy of a medical imaging study. These health care objects may contain private health information, as commonly defined by federal and local laws. The requests may come from a variety of different types of health care providers, such as hospital, doctor offices, clinics, and/or midwives.
[0030] The network communication infrastructure may be configured to communicate responses to those requests from the health care information provider systems to the health care information access systems. The network communication infrastructure may include the internet, wide area networks, local area networks, virtual private networks, gateways, and/or any other type of network communication system or subsystem. The network communication infrastructure need not be specialized for this application, although firewalls and other standard network security services may be included.
[0031] FIG. 2 is an example of a health care information provider system.
[0032] The health care information provider system illustrated in FiG. 2 may be used as one or more of the health care information provider systems illustrated in FIG. 1. Conversely, one or more of the health care information provider systems illustrated in FiG. 1 may be of a type that is different from the health care information provider system illustrated in FiG. 2.
[0033] The health care information provider system illustrated in FiG. 2 may include a name generating system 201 , a name delivery system 203, an object resolution system 205, a security system 207, and/or a communication system 209. The health care identification provider system may include additional components not illustrated in FiG. 2. Examples include databases, local authentication systems, and other software components and services. [0034] The name generating system 201 may be configured to generate an object name for each of the health care objects.
[0035] Each object name may include provider information and object information.
[0036] The provider information may be indicative of the identity of the health care provider that manages the health care object which has been named. The provider information may include information indicative of the National Provider ID of the health care provider. The National Provider ID is administered by the Department of Health and Human Services. Names are prefixed with a field that identifies the name as being a health object identifier. This is followed by "USNPI" which uniquely identifies all providers in the United States. The National Provider ID may include a numeric suffix identifying the particular hospital. In other countries, administered provider namespaces may be used in place of the national provider ID without loss of functionality.
[0037] Other information may be included, such as handle attributes in accordance with an object naming convention, such as the one described in U.S. Patent 6,135,646 to Kahn et al., the entire of which is incorporated herein by reference. The attributes may include information such as the hospital name and authentication information which may be used by administrators managing the hospital name space. Through the use of this provider information naming convention, changes in provider names may not necessarily require any change in the provider information which forms part of the object name.
[0038] The object information portion of each object name may be indicative of the identity of the health care object. However, the object information may not contain any personal health information. For example, the object information may not include the name of the patient, the address of the patient, the age of the patient, the sex of the patient, or any other information about the identity of the individual about whom the information pertains. Nor may the object information include any such personal health information in any encrypted form which might be subject to decryption through the use of a decryption key. [0039] To facilitate the identification of health care objects devoid of any personal health information, the object information may be randomly generated. For example, the object information may be a randomly-generated number.
[0040] Because the object information may be randomly be generated, it may inherently lack any personal health information which can be extracted with the use of a decryption key. The name generating system 201 may be configured to generate such random numbers, all in accordance with known techniques. FiG. 3 sets forth examples of such random numbers and is discussed in more detail below.
[0041] The name generating system 201 may be configured to include information enabling the integrity of the object information, the provider information, or both, to be verified. For example, the name generating system 201 may calculate a check sum for any or all of these fields of information and may include that check sum as part of the object name. Standard cryptographic check sums such as SHA may be used.
[0042] The name delivery system 203 may be configured to deliver the object names generated by and delivered from the name generating system 201. Because the object name may be structured so as not to divulge private health information, any standard network delivery protocol may be used to deliver the name. In addition, because the object naming and resolution is decoupled from the access to the object, the configurations of who to deliver to, how, and when may be adjusted to conform to the information sharing workflow. The name delivery system 203 may be configured to deliver these names over the network communication infrastructure illustrated in FiG. 1 via standard network protocols and/or to a user of the health care information provider system through a user interface (not shown), such as a web browser, email client or other specialized application.
[0043] The object resolution system 205 may be configured to receive object information indicative of the identity of each health care object. The object resolution system may be configured to provide information about the health care object in response. [0044] The object resolution system 205 may be configured to provide a broad variety of information about each health care object in response. For example, the object resolution system 205 may be configured to provide information about how information about the health care object may be found. This may include, for example, location information correlating the object information for each object to information indicative of the location of the information about each health care object within the health care provider. For example, the object resolution system 205 may be configured to respond to a request for information about a specific health care object by stating where this information currently resides within the health care provider. The object resolution system 205 may be configured to utilize this location information for the purpose of seeking and obtaining the information about the health care object, or may simply return the location information so that the information about the health care object may be accessed by a different system. For example, the name resolution system may return the network address and path (e.g., URL) to one or more storage servers that hold the referenced information (e.g., a patient X-ray), or may provide the application entity title of a DICOM storage device that holds the information (e.g., radiological images). The name resolution system may in addition or instead return a copy of the health care object (e.g., patient X-ray).
[0045] The security system 207 may be configured to limit access to the information about the health care objects to only authorized health care information access systems. For example, the security system 207 may request a user name and password from each health care information access system and, before granting access to the requested health care information, verify that the entered user name and password is correct.
[0046] The security system 207 may perform further checks to ensure that the querying health care information access system is entitled to receive the requested health care information. For example, the security system 207 may be configured to verify that the requesting health care information access system has a business associates agreement with the institution that is managing the health care object about which information is sought. [0047] The communication system 209 may be configured to receive the object information from a health care information access system. In response, the communication system may be configured to provide the requesting health care information access system with the requested information. The communication system 209 may include such components as a network interface card and related software and hardware systems that facilitate communication between different computers in a network environment.
[0048] The name generating system 201 and/or the object resolution system 205 may both be under the control of the health care provider that is managing the requested health care information.
[0049] FIG. 3 illustrates examples of object names for health care objects. As illustrated in FiG. 3, each object name may include provider information. The provider information may be indicative of the identity of the health care provider which manages the health care object. As discussed above, the provider information may be in the form of a National Provider ID. As illustrated in FiG. 3, this may take the form of the digits "888," followed by a decimal, followed by the prefix USNPI, followed by a 7", and followed finally by a unique handle.
[0050] As also illustrated in FiG. 3, each object name may include object information. The object information may be randomly generated, such as a randomly generated number. As explained above, this number may not include any personal health information, even in a form which can be decrypted with a decryption key.
[0051] The provider information and object information that forms each object name may be in a form and/or with content that is different from what is illustrated in FIG. 3.
[0052] FIG. 4 is an example of a health care information access system.
[0053] As illustrated in FiG. 4, the health care information access system may include a user interface 401 , a provider identification system 403, an authentication system 405, a security system 407, and a communication system 409. [0054] The user interface 401 may be configured to receive an object name for each of the health care objects from a user of the system. The object name may take any of the forms discussed above in connection with FIGS. 2 and/or 3, or may be in any other form. The user interface may include a keyboard, mouse, touch screen, display, and/or any other type of user interface device. The object names may instead be provided from a different source, such as from a different source connected to the network communication infrastructure.
[0055] The provider identification system 403 may be configured to identify the health care provider that manages each health object, based on the provider information in the object name of the health care object. When the provider information includes a National Provider ID, the provider identification system 403 may include a database which associates each national provider ID with an actual provider. The identification of a provider may include a network address or other type of location at which a request for information about a health care object managed by the provider may be sent. When a National Provider ID is not provided, another type of managed name space may be used. The database may include information which associates the provider information in the form in which it is provided with the network addresses or other type of location information for the provider. Any unique name may be used for each provider.
[0056] As indicated above, the object information which is received through the user interface 401 may include information enabling the authenticity of the object information to be verified. For this purpose, the authentication system 405 may be configured to verify the authenticity of the object information, based on the information enabling the integrity of the object information to be verified. For example, if the information enabling the authenticity of the object information to be verified includes a check sum, the authentication system 405 may be configured to verify that the addition of all of the bits of the object information is consistent with the check sum.
[0057] The security system 407 may be configured to provide each health care information provider system with information identifying the health care information access system. This may enable the health care information provider system to verify the authority of the health care information access system to obtain the information about the health care object that is managed by each health care information provider. For example, the security system 407 may be configured to provide a user name and password to a health care information provider system. The security system 407 may also be configured to verify that it has a business associate's agreement with the institution that is providing the information about the health care object.
[0058] The communication system 409 may be configured to deliver the object information to the health care information provider system managed by the health care provider indicated by the provider information. The communication system may be configured to receive information about the health care object from the health care information provider system in response.
[0059] The various subsystems which have been described, such as the name generating system 201 , the name delivery system 203, the object resolution system 205, the security system 207, the communication system 209, the user interface 401 , the provider identification system 403, the authentication system 405, the security system 407, and the communication system 409, may be include computer hardware and software that are configured to perform each of the functions of these subsystems that have been described above, as well as other functions. This computer hardware may include one or more computer processors, support ships, memory storage devices, input/output devices, etc. The software may be stored on one or more of these memory devices.
[0060] The components, steps, features, objects, benefits and advantages which have been discussed are merely illustrative. None of them, nor the discussions relating to them, are intended to limit the scope of protection in any way. Numerous other embodiments are also contemplated. These include embodiments which have fewer, additional, and/or different components, steps, features, objects, benefits and advantages. These also include embodiments in which the components and/or steps are arranged and/or ordered differently.
[0061] Unless otherwise stated, all measurements, values, ratings, positions, magnitudes, sizes, and other specifications which are set forth in this specification, including in the claims which follow, are approximate, not exact. They are intended to have a reasonable range which is consistent with the functions to which they relate and with what is customary in the art to which they pertain.
[0062] All articles, patents, patent applications, and other publications which have been cited in this disclosure are hereby incorporated herein by reference.
[0063] The phrase "means for" when used in a claim is intended to and should be interpreted to embrace the corresponding structures and materials which have been described and their equivalents. Similarly, the phrase "step for" when used in a claim is intended to and should be interpreted to embrace the corresponding acts which have been described and their equivalents. The absence of these phrases in a claim mean that the claim is not intended to and should not be interpreted to be limited to any of the corresponding structures, materials, or acts or to their equivalents.
[0064] Nothing which has been stated or illustrated is intended or should be interpreted to cause a dedication of any component, step, feature, object, benefit, advantage, or equivalent to the public, regardless of whether it is recited in the claims.
[0065] The scope of protection is limited solely by the claims which now follow. That scope is intended and should be interpreted to be as broad as is consistent with the ordinary meaning of the language which is used in the claims when interpreted in light of this specification and the prosecution history which follows and to encompass all structural and functional equivalents.
Complete description of the technology
A brief summary of its purpose or utility.
The Center for Health Informatics (CHI) has created a networked system (CHI-Appliance) to enable HIPAA compliant data exchange Medical professionals or health providers can utilize the CHI-Appliance to release clinical information for (i) treatment, payment or health-care operations (TPO) or (11) limited / de-identified data for research under HlPAA policy enforcement by the system
Part of the system is _ policy engine which enables a well-defmed and appropriately authorized release of a medical record from the local provider to the intended remote recipient, e g another provider engaged in TPO of the patient or a research affiliate engaged in an IRB approved study which receives a PHI removed and coded version of the medical record The system uses a secure data management system to reference the medical record and to securely transport the medical record over public networks, e g Internet, to the intended recipient The recipient, also equipped with the system is receiving the reference and based on the recipient's policy will execute a secure data transfer The recipient's system may recode the data depending on local provider conventions using the policy engine and consumes the medical record into the provider hospital information systems, e g EMR, PACS etc
A brief summary of the background state of the art
Healthcare providers typically operate a closed IT network with firewall technology in place to bridge to public internet This closed network topology poses challenges for electronic medical record exchange Current systems solutions to overcome this problem are (i) virtual pπvate network (VPN), (11) demilitarized zone (DMZ) border networks, (in) honest brokers methodologies Each of these technologies has specific limitations which overall limits its use for general medical record exchange The purpose of the CHI-Appliance is to overcome these challenges by providing a definitive HIPAA enforcement within the appliance
Recent activities by commercial vendors m this field, e g http //www tradmgmarkets.com/ site/news/Stock%20News/2232935. indicate relevance as well as limit patentability
A brief summary of its advantages (or improvements) over existing practices including aspects believed to be novel and distinguishable from the background state of the art
Our system provides several key advantages over existing systems
1) Provide method for data publication that enforces HIPAA security requirements for protected health information (PHl)
2) Provides simplified deployment without impacting health provider's IT resources
3) Per user, per use case, per data policy enforcement
4) LAN / WAN network routing of medical records, rather then packages, via definitive policy enforcement
A brief statement regarding the technology's current state of development
An initial implementation of the disclosed technology is currently under development The current schedules are to have finished first stage development in June The implementation is based on the distributed version of the SELinux (CentOS http //www centos org) with additional code that was developed specifically for this usage
A detailed description of the manner of making and/or using the technology.
A doctor at hospital A wants to share an MRI image set with a sub-specialist at practice B for second opinion The patient agrees and signs waiver of consent to release the medical image record to the sub-specialist At hospital A the images are send from the clinical PACS (image archive) to the local CHI-Appliance (publication event) The IT support of hospital A enters a release policy (HIPAA policy enforcement rule) for this record into the system (policy definition) The system finds the record and its matching policy and notifies practice B that an image record is ready for release The system at practice B validates the notification with the local record policy and determines it is able to obtain the record (unique HIPAA compliant naming of the image record) The images are then requested from the appliance of hospital A and send to practice B (peer to-peer secure transfer) The images are now recoded to match the local medical record number and entered into the image review system The images are no ready for consultation
-12a-
INCORPORATED BY REFERENCE (RULE 20.6)

Claims

CLAIMS The invention claimed is:
1. A health care information provider system for providing information about health care objects managed by a health care provider, comprising: a name generating system configured to generate an object name for each of the health care objects, the object name of each health care object including: provider information indicative of the identity of the health care provider which manages the health care object; object information indicative of the identity of the health care object, the object information not containing any personal health information; and a name delivery system configured to deliver the object names generated by the name generating system; and an object resolution system configured to receive object information indicative of the identity of each health care object and to provide information about the health care object in response; a communication system configured to receive the object information from a health care information access system and to provide in response the information about the health care object named in part with the object information to the health care information access system.
2. The health care information provider system of claim 1 wherein the provider information includes information indicative of the National Provider ID of the health care provider.
3. The health care information provider system of claim 1 wherein the object information is randomly generated.
4. The health care information provider system of claim 1 wherein the object resolution system includes location information correlating the object information for each object to information indicative of the location of the information about each health care object within the health care provider.
- 13 -
5. The health care information provider system of claim 1 wherein the object information includes information enabling the integrity of the object information to be verified.
6. The health care information provider system of claim 1 further comprising a security system configured to limit access to the information about the health care objects to only authorized heath care information access systems.
7. The health care information provider system of claim 1 wherein at least one of the health care objects includes a health care record.
8. The health care information provider system of claim 1 wherein at least one of the health care objects includes the name of a health care patient.
9. The health care information provider system of claim 1 wherein at least one of the health care objects includes a health care patient study.
10. The health care information provider system of claim 1 wherein the name generating system and the object resolution system are both under the control of the health care provider.
1 1.A health care information access system for accessing information about health care objects, each managed by a health care provider, comprising: a user interface configured to receive an object name for each of the health care objects, the object name of each health care object including: provider information indicative of the identity of the health care provider which manages the health care object; and object information indicative of the identity of the health care object, the object information not containing any personal health information; a provider identification system configured to identify the health care provider that manages each health care object based on the provider information in the object name of the health care object; and a communication system configured to provide the object information for each health care object to a health care information provider system controlled by the health care provider managing the health care object as determined by the processing system and to receive information about the health care object from the health care information provider system in response.
- 14 -
12. The health care information access system of claim 1 1 wherein: the provider information includes information indicative of the National
Provider ID of the health care provider; and the provider identification system is configured to identify the health care provider that manages each health care object based on the National Provider
ID in the provider information.
13. The health care information access system of claim 1 1 wherein the object information is randomly generated.
14. The health care information access system of claim 1 1 wherein each object name is generated by a name generating system controlled by the health care provider which manages the health care object identified by the object name.
15. The health care information access system of claim 1 1 wherein the information about each health care object includes information indicative of the location of the information about each health care object within the health care provider.
16. The health care information access system of claim 1 1 wherein: the object information includes information enabling the authenticity of the object information to be verified; and the health care information access system includes an authentication system is configured to verify the authenticity of the object information based on the information enabling the integrity of the object information to be verified.
17. The health care information access system of claim 1 1 further comprising a security system configured to provide each health care information provider system with information identifying the health care information access system so as to enable the health care information provider system to verify the authority of the health care information access system to obtain the information about the health care object managed by each health care information provider system.
18. The health care information access system of claim 1 1 wherein at least one of the health care objects includes a health care record.
19. The health care information access system of claim 1 1 wherein at least one of the health care objects includes the name of a patient.
- 15 -
20. The health care information access system of claim 1 1 wherein at least one of the health care objects includes a patient study.
- 16 -
PCT/US2010/035654 2009-05-20 2010-05-20 Health care information systems using object identifiers devoid of personal health information WO2010135578A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US18007409P 2009-05-20 2009-05-20
US61/180,074 2009-05-20
US22141009P 2009-06-29 2009-06-29
US61/221,410 2009-06-29

Publications (2)

Publication Number Publication Date
WO2010135578A2 true WO2010135578A2 (en) 2010-11-25
WO2010135578A3 WO2010135578A3 (en) 2011-02-24

Family

ID=43126776

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2010/035654 WO2010135578A2 (en) 2009-05-20 2010-05-20 Health care information systems using object identifiers devoid of personal health information

Country Status (1)

Country Link
WO (1) WO2010135578A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012129372A3 (en) * 2011-03-22 2012-12-27 Nant Holdings Ip, Llc Healthcare management objects
US10120978B2 (en) 2013-09-13 2018-11-06 Michigan Health Information Network Shared Services Method and process for transporting health information
US11631479B2 (en) * 2017-08-04 2023-04-18 Clinerion Ltd. Patient recruitment system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030130873A1 (en) * 2001-11-19 2003-07-10 Nevin William S. Health care provider information system
JP2004030128A (en) * 2002-06-25 2004-01-29 Nec Software Kyushu Ltd Health care information sharing system, health care information sharing method, and health care information sharing program
US20060218013A1 (en) * 2005-03-24 2006-09-28 Nahra John S Electronic directory of health care information
US20090076960A2 (en) * 2007-05-16 2009-03-19 Medicalmanagement Technology Group, Inc. Method, systemand computer program product fordetecting and preventing fraudulent health care claims

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012129372A3 (en) * 2011-03-22 2012-12-27 Nant Holdings Ip, Llc Healthcare management objects
GB2502750A (en) * 2011-03-22 2013-12-04 Nant Holdings Ip Llc Healthcare Management objects
US11017897B2 (en) 2011-03-22 2021-05-25 Nant Holdings Ip, Llc Healthcare management objects
US20210241899A1 (en) * 2011-03-22 2021-08-05 Nant Holdings Ip, Llc Healthcare management objects
US10120978B2 (en) 2013-09-13 2018-11-06 Michigan Health Information Network Shared Services Method and process for transporting health information
US10311203B2 (en) 2013-09-13 2019-06-04 Michigan Health Information Network Shared Services Method and process for transporting health information
US10832804B2 (en) 2013-09-13 2020-11-10 Michigan Health Information Network Shared Services Method and process for transporting health information
US11631479B2 (en) * 2017-08-04 2023-04-18 Clinerion Ltd. Patient recruitment system

Also Published As

Publication number Publication date
WO2010135578A3 (en) 2011-02-24

Similar Documents

Publication Publication Date Title
US10530760B2 (en) Relationship-based authorization
US20190258616A1 (en) Privacy compliant consent and data access management system and methods
JP5008003B2 (en) System and method for patient re-identification
US20070203754A1 (en) Network health record and repository systems and methods
US20110112970A1 (en) System and method for securely managing and storing individually identifiable information in web-based and alliance-based networks using a token mechanism
US20110246231A1 (en) Accessing patient information
Li A service-oriented approach to interoperable and secure personal health record systems
US10902382B2 (en) Methods for remotely accessing electronic medical records without having prior authorization
Xu et al. Decentralized autonomous imaging data processing using blockchain
Petrakis et al. A mobile app architecture for accessing EMRs using XDS and FHIR
CA3043882A1 (en) Techniques for limiting risks in electronically communicating patient information
Vithanwattana et al. Securing future healthcare environments in a post-COVID-19 world: moving from frameworks to prototypes
US20110060607A1 (en) Health care information systems
Verma et al. MRDACE: An Intelligent Architecture for Secure Sharing and Traceability of the Medical Images and Patients’ Records
WO2010135578A2 (en) Health care information systems using object identifiers devoid of personal health information
AlZghoul et al. Towards nationwide electronic health record system in Jordan
Diaz et al. Scalable management architecture for electronic health records based on blockchain
Kovach et al. MyMEDIS: a new medical data storage and access system
Bergmann et al. An eConsent-based system architecture supporting cooperation in integrated healthcare networks
Puranik et al. CoreMedi: Secure medical records sharing using blockchain technology
Miya et al. Healthcare Transformation Using Blockchain Technology in the Era of Society 5.0
Sanzi et al. Integrating Trust Profiles, Trust Negotiation, and Attribute Based Access Control
Kumar et al. Blockchain framework for medical healthcare records
KR102636860B1 (en) Authentication and interlocking system and method of digital therapeutic app using one-time code
Pan et al. Whitepapers on imaging infrastructure for research part three: security and privacy

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10778416

Country of ref document: EP

Kind code of ref document: A2

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10778416

Country of ref document: EP

Kind code of ref document: A2