GB2368435A - Prescription administration system - Google Patents

Prescription administration system Download PDF

Info

Publication number
GB2368435A
GB2368435A GB0026425A GB0026425A GB2368435A GB 2368435 A GB2368435 A GB 2368435A GB 0026425 A GB0026425 A GB 0026425A GB 0026425 A GB0026425 A GB 0026425A GB 2368435 A GB2368435 A GB 2368435A
Authority
GB
United Kingdom
Prior art keywords
prescription
administration system
central database
patient
dispenser
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0026425A
Other versions
GB0026425D0 (en
Inventor
David Walter Chadwick
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Salford
Original Assignee
University of Salford
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Salford filed Critical University of Salford
Priority to GB0026425A priority Critical patent/GB2368435A/en
Publication of GB0026425D0 publication Critical patent/GB0026425D0/en
Publication of GB2368435A publication Critical patent/GB2368435A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H20/00ICT specially adapted for therapies or health-improving plans, e.g. for handling prescriptions, for steering therapy or for monitoring patient compliance
    • G16H20/10ICT specially adapted for therapies or health-improving plans, e.g. for handling prescriptions, for steering therapy or for monitoring patient compliance relating to drugs or medications, e.g. for ensuring correct administration to patients
    • G16H20/13ICT specially adapted for therapies or health-improving plans, e.g. for handling prescriptions, for steering therapy or for monitoring patient compliance relating to drugs or medications, e.g. for ensuring correct administration to patients delivered from dispensers
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Abstract

In a prescription administration system, an electronic prescription is generated by a prescriber, the prescription including an electronic verification which identifies the prescriber, the prescription is transferred to a central database which may be accessed by a multiplicity of dispensers, a dispenser upon receiving instructions to dispense the prescription locates the prescription on the central database and retrieves the prescription, the dispenser dispenses the prescription and adds to the prescription details of the dispensing plus an electronic verification which identifies the dispenser.

Description

PRESCRIPTION ADMINISTRATION SYSTEM The present invention relates to a prescription administration system.
In the United Kingdom a prescription is written by a doctor or other practitioner onto a specially formatted paper slip. A patient (or somebody acting for the patient) takes the prescription to a pharmacy of their choice. The patient signs the prescription and gives it to a pharmacist who dispenses the prescribed item. The prescription is signed by the pharmacist and is sent to a government run settlement agency (the United Kingdom Prescription Price Authority (PPA) ). The PPA may issue money to the pharmacist to cover the cost of the item that was dispensed. Many patients are exempt from payment for prescribed items. An exempted patient does not need to provide proof of exemption in order for a prescribed item to be dispensed, but merely ticks a box on the back of the prescription. The PPA may issue money to the pharmacist to cover the cost of the item that was dispensed.
A key advantage of the present system is that a patient can go to any pharmacist to obtain a prescribed item. Furthermore, the patient does not have to go in person but can send a relative or friend.
The existing prescription administration system has a number of disadvantages.
Hand-written prescriptions often contain errors in drug names or drug doses, or are illegible to a dispensing pharmacist. The system suffers from a significant amount of fraud (a current estimate is nOD million per year in the UK). The system is inefficient, often with data starting at a computer system of a doctor, being printed to a prescription, then input to a computer system at a pharmacist, then printed out and posted to the PPA where it is input to the PPA's computer system. It is an object of the present invention to provide a prescription administration system which overcomes at least some of the above disadvantages. According to the invention there is provided a prescription administration system in which an electronic prescription is generated by a prescriber, the prescription including an electronic verification which identifies the prescriber, the prescription is transferred to a central database which may be accessed by a multiplicity of dispensers, a dispenser upon receiving instructions to dispense the prescription locates the prescription on the central database and retrieves the prescription, the dispenser dispenses the prescription and adds to the prescription details of the dispensing plus an electronic verification which identifies the dispenser. The invention provides a prescription administration system which avoids the inefficiency of the known paper based prescription system, whilst retaining the key advantage of allowing a patient to have a prescribed item dispensed by any pharmacist that is included in the system. Furthermore, it is believed that the use of electronic verification will minimise fraud within the prescription system.
The details of the dispensing may simply be the date upon which dispensing took place. The details could include other information, for example the replacement of a branded drug with a generic equivalent drug. The central database will provide access to timely data about prescribing patterns, the costs of drugs prescribed, and other information which will be of use in the management of an efficient prescription system. Preferably, the dispenser forwards a copy of the dispensed prescription to a settlement agency. Preferably, the dispenser forwards details of the dispensed prescription to the prescriber. The details may then be added to an electronic patient record (EPR) held by the prescriber.
Preferably, the system is provided with verification checking means arranged to interpret the electronic verification in order to determine the identity of the prescriber or dispenser, and to reject any prescription that does not include a valid verification. Preferably, a patient that receives a prescribed item adds to the prescription an electronic verification which identifies the patient and confirms that the prescription item has been dispensed. The verification may be added by a proxy acting for the patient. Where this is done the verification will be that of the proxy.
Suitably, the patient adds information to the prescription to claim exemption from payment for the prescribed item prior to adding the electronic verification to the prescription. Preferably, the settlement agency arranges payment for the prescription and deletes the prescription from the central database.
Preferably, the central database includes a unique identifier allocated to each person encompassed by the prescription administration system, and a prescription for a given person is stored in the central database using the unique identifier allocated to that person. Suitably, the prescription is retrieved by the dispenser from the central database by using an electronic verification of the identity of the patient. Preferably, the central database includes information specific to a patient. Suitably, the prescription is retrieved by the dispenser from the central database using the information specific to that patient. Suitably, the central database includes information specific to a prescription, and the prescription is retrieved by the dispenser from the central database using the information specific to that prescription. Preferably, the central database includes pointers to other databases which contain information specific to the patient. This will allow hospitals to tell what drugs GPs have prescribed, and vice-versa (prior art systems have no way of knowing if a patient has actually received their prescribed drugs or not, or how long the course should last). Preferably, authorisation information is associated with each prescriber and each dispenser. Preferably, authorisation to prescribe and authorisation to dispense are provided by professional bodies external to the system. Suitably, authorisation may be independently granted and removed without informing the administrators of the system.
Preferably, the system is provided with authorisation information checking means arranged to locate the authorisation information associated with the prescriber or dispenser of the prescription, and to reject the prescription if it has not been prescribed or dispensed by an authorised prescriber or dispenser. Preferably, the authorisation information is used to police access to the central database, a valid authorisation being required in order to access the central database Preferably, the system uses asymmetric encryption, and the electronic verification is a digital signature generated using a private key belonging to the person whose identity is verified by the electronic verification.
Preferably, a user of the system is provided with an electronic token that includes a private key, a certified public key, a public key corresponding to a private key of a trusted third party certification authority, and a shared secret that is known to the user and is required in order to activate the electronic token. The shared secret may be a personal identification number or a password or a pass-phrase.
Preferably, the electronic token contains additional information pertinent to the user. For example, the electronic token may contain information regarding a medical condition of the user.
Preferably, a user is required to provide a digital signature in order to gain access to the central database, the digital signature being used to determine the identity of the user and together with authorisation information held in the central database to determine whether the user is authorised to gain access to the central database.
Suitably, the prescription is encrypted directly or indirectly using a public key and is subsequently decoded using an associated private key. This provides confidentiality of the prescription. Preferably, the prescription is made confidential through encryption directly or indirectly with the public key of the recipient before transfer across a network. Preferably, the prescription is an attribute certificate according to the X. 509 standard, the prescribed items being identified as a complex X. 500 attribute type. Preferably, authorisation information is provided in the form of attribute certificates, and these are validated in order to determine whether a user is to be allowed access to the central database.
Preferably, a prescriber's authorization is contained in an X. 509 attribute certificate and this is validated prior to dispensing in order to determine whether the prescriber authorised to write prescriptions. Preferably, the central database is built according to the data models of the X. 500 standard and is accessible via internationally standardized protocols. A specific embodiment of the invention will now be described by way of example only, with reference to the accompanying figure. The Figure shows schematically a prescription administration system in which prescriptions are communicated electronically to and from a central database. The database may be accessed by doctors (or other prescribers), pharmacists and by a settlement agency.
The prescription administration system is based upon the use of digital signatures and asymmetric encryption. Asymmetric encryption utilises two keys that work together as a pair: one key encrypts the data and the other key decrypts the data. A digital signature created by asymmetric encryption uses a public signature verification key to decrypt the signature and a private signing key to encrypt the signature. An electronic prescription is a digitally signed electronic document that is created using the private signing key of the person that generates the prescription (i. e. the doctor or other prescriber).
Each prescribing member of the medical profession, for example a General Medical Practitioner (GP), hospital doctor or nurse practitioner is issued with a unique electronic token. Each pharmacist is issued with a unique electronic token. In addition to this, each patient is optionally issued with a unique electronic token (in practice this means that each resident of the prescribing domain, which may be for example the United Kingdom, is issued with an electronic token).
The electronic token contains one or more private keys which are unique to the owner, corresponding certified public keys which are also unique to the owner and the Certification Authority's public key which is the root of trust in the system. The electronic token may also contain a role assignment certificate (see below). The electronic prescribing process will work equally well if the key holders have one key pair for all tasks, or two key pairs (where one key pair is used for creating and validating digital signatures and a second key pair is used for encrypting/decrypting data) or three key pairs (where a third key pair is used for logging on to the central database). The process being described here is independent of the number of key pairs being used. The electronic token may be stored in software as an encrypted file, for example on a personal computer used by a prescriber. Alternatively, the electronic token may be stored in hardware, for example in a smart card. The owner of an electronic token will have a secret which is shared with the electronic token and is required to authorise use of the electronic token. The shared secret could for example be a four digit personal identification number (PIN) that is known only to the owner and the electronic token, or it could be a password or a pass-phrase.
Each prescriber is given an electronic role assignment attribute certificate issued and digitally signed by their governing body to say that they are entitled to prescribe prescriptions. For example, the General Medical Council in the UK may issue the role assignment attribute certificate to a GP to say that he holds the role of GP. Similarly, each pharmacist is given an electronic role assignment certificate issued and digitally signed by their governing body to say that they are entitled to dispense prescriptions. For example, in the UK, the Royal College of Pharmacists may issue them to say the dispenser is a qualified pharmacist. The role assignment attribute certificates are held in their holder's electronic tokens, and copies of them are stored in the central database. A role assignment attribute certificate can be revoked at any time by the governing body to remove the role (privileges) from a given person. For example, the role attribute certificate of a doctor that has been struck-off may be revoked. The lists of revoked role assignment certificates are held in the same central database as the role assignment certificates. The operator of the prescription administration system, for example, the Secretary of State for Health (or his proxy) determines the privileges attached to each role, and configures the central database with this information. This could be done via access control lists or by issuing digitally signed role specification attribute certificates. The privileges attached to the role of prescriber in this case is to write prescriptions to the central database, the privileges attached to the role of pharmacist/dispenser is to retrieve and update dispensed prescriptions in the central database. The privilege attached to the role of settlement agency is to remove dispensed prescriptions from the central database. The system operator can change the privileges at any time, according to administration policy.
An electronic prescription comprises an attribute certificate issued to the patient (holder/subject) by the prescriber. The attribute certificate contains the electronic prescription as a complex attribute type, formatted according to an appropriate Standard (for example [ENV]). The electronic prescription is digitally signed by the prescriber.
Each person (patient, prescriber, dispenser) has an entry in the central database. Patients are identified using a unique global number, to preserve anonymity. For example, in the UK the nationally unique NHS number can be used, thereby providing a unique identifier of each patient. Dispensers and prescribers are identified by unique user friendly names, to aid recognition. In the UK, the NHS X. 500 standard 0001 [NHS] can be used to create meaningful names for prescribers and dispensers. NHS Standard 0001 describes a structure for a national directory service based on X. 500 schema, in which every hospital, GP surgery, doctor etc, is given a user friendly name. The naming is hierarchically based e. g. Country=GB, Organisation=NHS, Locality= Greater Manchester, Organisation=Hope Hospital, OrgUnit=Pathology, CommonName=Dr G Hicks.
Each patient's entry in the central database will include the patient's name and address, issued prescription (s), their entitlement to free prescriptions, their public key certificate, the name of their GP, and pointers to their Electronic Patient Records (EPRs). A patient's virtual Electronic Health Record (EHR) comprises a number of EPRs held at different locations. For example, a patient may have an EPR held by his or her local GP, and in addition may have an EPR at a hospital in which the patient has received treatment. The pointers to the patient's EPRs could be held as uniform resource locators (URLs), a common form of network pointer used by the World Wide Web. Providing pointers in this manner will allow GPs to easily contact Hospital systems, and vice versa. The central database is only accessible to prescribers and pharmacists via strongly authenticated and encrypted connections, thereby ensuring that only authorized people can access the database, and that the confidentiality of the prescriptions is preserved as they traverse the network. A prescriber (or pharmacist) is required to log in to the central database by signing a log-in prompt using their private key. The electronic signature is validated using the corresponding public key certificate held in the central database, and this strongly authenticates the caller. Next the authorization information for the authenticated caller is inspected (for example, this could be contained in access control lists or role assignment and role specification attribute certificates) and access to the central database is allowed only if the authorisation indicates that the prescriber (or pharmacist) is an authorised person. The electronic prescriptions are stored in the central database, so that a patient can visit any pharmacy in order to have the prescription dispensed. The prescription administration system is used as follows: a patient visits his or her doctor. The doctor may be using a personal computer (PC) which supports an electronic patient management system or a decision support system such as Prodigy [Prodigy] that provides advice regarding which drug to prescribe. A"Prescribe" button is visible on the monitor of the PC. The doctor enters the prescription onto an electronic form and then types his or her shared secret into the PC to enable the electronic token (which is stored in software on the PC, or via an inserted hardware token) to generate a digital signature which is appended to the electronic prescription. This provides the prescription with authenticity, and confirmation of the name of the prescriber. The electronic prescription is transferred to the central database via a network, and is encrypted during transfer. A copy of the prescription is sent to the patient's Electronic Patient Record (EPR) in the surgery, so that a permanent history of prescribing is kept.
In the ordinary course of events, the electronic prescription is only encrypted whilst it is sent over the network (using the public key of the recipient system), and it is not stored encrypted on the central database. However, if it is desired to encrypt the prescription immediately after prescribing and to keep it encrypted up to the point of dispensing, for example if the patient is being treated for an illness which they wish to remain confidential, then the prescription is encrypted using three public keys: the public key of the prescriber, the public key of the settlement agency, and the public key of either the patient or his/her chosen pharmacist. This choice is determined by the patient, who must be in possession of his hardware based electronic token in order for the first option to be chosen. If the second option is chosen the patient cannot subsequently change his mind and go to a different pharmacist after the prescription is encrypted. In these cases the prescriptions remain encrypted whilst stored on the central database, and can only be decrypted by the three parties: the original prescriber, the settlement agency, and the pharmacist (using his patient's or his own private key).
The central database examines the digital signature of the prescriber to determine the identity of the prescriber. The database checks its authorization information (for example, role specification attribute certificates or access control lists issued by the system administrator) to determine whether the prescriber is an authorised prescriber and allowed to submit a prescription to the database. A prescription that is found to have been issued by an unauthorised person will not be written into the patient's entry in the central database. The system may alert a member of staff attending to the central database, so that they make take appropriate action (for example contact the police if there has been an attempt to issue a fraudulent prescription).
If the electronic prescription is found to have been issued by an authorised prescriber, then it is written into the patient's entry in the central database. The digital signature of the prescriber is retained with the prescription in the central database. Those prescriptions held at the central database that are not encrypted, technically may be read by staff who operate the central database, and so operational controls are needed to forbid this. Those prescriptions held at the central database that are encrypted may not be read by anyone other than the prescriber, the patient or his chosen dispenser, and the settlement agency. The patient or somebody acting on the patient's behalf can attend any pharmacy in the domain served by the central database to pick up his/her prescribed items. For the cases where the patients are in possession of their hardware based electronic tokens, the patient inserts his hardware electronic token into a device connected to an appropriately configured computer at the pharmacy, along with his or her shared secret. The device used to read the electronic token may be similar to the handheld device used to read a credit card in a French retail outlet, and the shared secret could be a personal identification number (PIN) to be typed into a calculator style keyboard which is connected to the device.
The patient is identified from data held in the electronic token, and the pharmacist's computer interrogates the central database using the identification data to locate the patient's prescription. The pharmacist is required to log in to the central database by signing a log-in prompt with his or her private key. The electronic signature is validated using the corresponding public key certificate, and once authenticated, the pharmacist's privileges are inspected (for example, access control lists or role specification attribute certificates) to see if he has access to the central database. Access will only be allowed if the privileges indicate that the pharmacist is an authorised person. The prescription is then retrieved from the central database and displayed on the pharmacist's computer monitor. The pharmacist may not be required to log in to the central database each time a prescription is to be retrieved, but may instead log in once at the beginning of a working day and have a permanent connection open to it. Where encryption of the prescription is required, the prescription may be encrypted using (directly or indirectly) either the patient's public key or the pharmacist's public key before it is transferred to the central database by the prescriber. Once transferred from the central database to the pharmacist's computer, the pharmacist uses either his own private key or the private key of the patient, which has been provided via the patient's electronic token, to decrypt the prescription. The pharmacist's system may now check that the prescription is authentic and signed by an authorized prescriber. This is done by checking the signature on the prescription (to authenticate the prescriber) then checking the role assignment certificate of the prescriber (to check that he has the role of prescriber). If either of these checks fails the prescription is not authentic. In addition to being displayed on the pharmacist's computer monitor, the decoded prescription may in addition be printed out to aid the pharmacist in his dispensing. The pharmacist's computer interrogates the central database to determine whether the patient is to be charged for the dispensed prescription. The pharmacist dispenses the prescribed item (s) to the patient. Once the prescription has been dispensed, the pharmacist may amend the prescription to include dispensing changes that have been made to the original prescription, (for example substitution of branded for generic drugs, or substitution of tablet strength), and also to add additional information (for example when a course of drugs is expected to be completed). The pharmacist then types his or her shared secret into the computer to enable the electronic token (which is stored in software or hardware on the pharmacist's computer) to generate a digital signature which is appended to the dispensed electronic prescription. The signature authenticates that the prescription has been dispensed and who has dispensed it. The prescription now bears two digital signatures, that of the prescriber and that of the pharmacist. The signature of the pharmacist covers the prescription as dispensed, including any changes made by the pharmacist, whilst the prescriber's signature continues to cover only the prescription as originally generated.
If the patient is required to sign the prescription, for example if the patient receives free prescriptions, then the patient also digitally signs the dispensed prescription including any changes made to it. This is done using the private key held on the electronic token of the patient. The signature of the patient proves two things: a) that the patient identified by the signature was the recipient, and b) that the dispensed items were actually received. If the patient is claiming free prescriptions this claim can also be added by the patient prior to signing. The doubly or triply signed electronic prescription (signed by the prescriber, the dispenser and optionally the patient) is sent over the network to the central database. If not already encrypted, the prescription will be encrypted during transfer using the public key of the central database. The central database uses the pharmacist's privileges to ensure that the pharmacist is authorized to write dispensed prescriptions to the central database, and then replaces the original prescription with the dispensed prescription (as an atomic operation). In the case of partial dispensing, the procedure is the same as for complete dispensing, except that only those items that have actually been dispensed will be indicated on the electronic dispensed prescription and this will be securely written back to the central database. This can happen as many times as necessary until complete dispensation has occurred or it is decided that complete dispensation is not necessary.
Once dispensing has completed, the pharmacist forwards details of the dispensed prescription (with any amendments) to the prescriber for inclusion in the patient's EPR record of dispensing, using a pointer stored in the central database. Finally, a copy of the doubly or triply signed prescription as dispensed is forwarded by the pharmacist to the settlement agency. If the prescription is not already encrypted then it will be encrypted during transfer to these parties using their public keys. The settlement agency will decrypt the prescription using a private key that is held confidentially at the settlement agency. As mentioned above, the prescription includes the digital signatures of the prescriber and pharmacist, and optionally the patient. The settlement agency determines the identities of the prescriber and pharmacist using the digital signatures. The settlement agency may interrogate the database of role assignment attribute certificates, to determine whether the prescriber and pharmacist are authorised. If the authorisation is correct, then the settlement agency will update the account of the pharmacist. The settlement agency will then delete the dispensed prescription from the central database. The central database will strongly authenticate the settlement agency before doing so, by asking it to digitally sign a log in prompt, and after validating the signature will check that the agency is authorized to delete the prescription. A prescription that is found to have been dispensed by an unauthorised person will not be accepted by the settlement system. When this occurs, the settlement system may alert a member of staff of the settlement agency, so that they make take appropriate action (for example contact the police if an unauthorised person has dispensed the prescription). The prescription may include the digital signature of the patient, if the patient is entitled to free prescriptions. Where this is the case, the settlement agency will determine the identity of the patient via the digital signature and examine the central database to confirm that the patient is entitled to free prescriptions. Examples of settlement agencies are: in the United Kingdom the Prescriptions Pricing Authority (PPA) is the agency for prescriptions issued by general medical practitioners; and an internal hospital accounting system is the agency where the prescriptions are issued by hospital practitioners.
The information recorded by the central database has value-added uses. For example, the pointers to the EPR will allow both primary and secondary health carers to determine which drugs the other party has prescribed, and which have been dispensed. The name of the patient's GP will allow electronic discharge notes to be sent from a hospital to the GP. The audit log of the central database will be of use to a national health agency for auditing and planning purposes. In an alternative embodiment of the system, the patient may obtain a prescribed item without using his or her electronic token, for example the token may have been lost. The prescriber gives the patient a paper comfort slip which bears identification information. The comfort slip is not actually needed by the electronic prescription scheme, but gives the patient the comfort factor of knowing that they have been provided with a prescription. It will also help the pharmacist to authenticate the patient who is not in possession of their electronic token. The comfort slip could additionally be a copy of the electronic prescription and act as a picking list for the pharmacist.
Once at the pharmacy, the patient gives the slip to the pharmacist, who enters the identification information into his computer. This information is used to locate the prescription on the central database. In the absence of the paper comfort slip (for example the patient may loose it), the patient may prove their identity to the pharmacist by verbal or other means, who may then locate the prescription on the central database by entering information specific to that patient, for example name, date of birth and postcode. The patient cannot digitally sign the prescription without his electronic token and shared secret. Where the patient's signature is required and the patient is not in possession of his electronic token or shared secret, a paper version of the prescription is printed out and hand signed by the patient as a record.
The electronic token of a patient may hold essential medical information relating to that patient. For example, a diabetic patient could have his or her abbreviated previous medical record on the card, including insulin doses etc. This information could be read by a medical practitioner in an emergency (an encouragement for patients to carry their tokens at all times). For mobile clinicians, e. g. hospital in-patients and GP home visits, prescriptions may still be generated without a PC physically connected to a network. A clinician will carry a hand-held device that is either permanently on-line to the central database using wireless technology, or is off-line and contains excerpts of the database for each current patient. The device may also hold other useful software such as a decision support drugs database showing for example the generic equivalents of branded drugs.
The clinician prescribes the necessary drugs, enters his electronic token and shared secret, digitally signs the prescription and securely transfers the prescription across the wireless network into the patient's entry in the central database. The prescription may optionally be encrypted as before. In the case of an offline hand held device, the prescription is written to the local database excerpts on the device. After the consultation the clinician connects to the network and downloads the prescriptions to the central database in a secure manner (digitally signed and encrypted). If hospital dispensation is required before the doctor has completed his rounds, and the hand held device is off-line, the dispensation will be recorded manually and then input to the electronic prescription in due course after it appears in the central database. In hospitals where some drugs are dispensed on the ward, and some from the hospital pharmacy, the method of partial dispensation previously described is used.
The prescription administration system requires an associated Certification Authority. The Certification Authority authenticates each person and entity involved in the scheme (i. e. patients, prescribers, pharmacists, the Secretary of State for Health, the professional governing bodies etc. ), and issues them with certified public keys.
The X. 509 (2001) standard [X509] provides an internationally agreed standard format for the format of digital signatures, public key certificates, and attribute certificates in which the underlying technology is asymmetric encryption. The standard specifies data templates, but the contents of actual implementations are decided during implementation.
The role assignment certificates and role specification certificates are a X. 509 (2001) standard data construct called an Attribute Certificate (AC). The X. 509 (2001) standard specifies a data construct called a Certificate Revocation List (CRL) that can be used to remove the role (privileges) from a person, as well as their public key certificates. An X. 500/LDAP database which holds both certificates and CRL's is essential to the smooth operation of an X. 509 based public key infrastructure. This database may be combined with the central prescription database, or may be set up separately from the central prescription database. The electronic prescription is an X. 509 Attribute Certificate with the prescribed item identified as a complex attribute type.
References [X509] Draft Revised ITU-T Recommendation X. 5091 ISO/IEC 9594-8 (2001): "Information technology-Open Systems Interconnection-The Directory: Public Key and Attribute Certificate Frameworks" [ENV] European Pre-standard ENV 13607 Health informatics--Messages for the exchange of information on medicine prescriptions, CEN TC251, 1999 [NHS] National Health Service Standard NHS 0001, Directory Services, Second Edition, 1999 [Prodigy] For full details about the Prodigy software and project, see http://www. schin. ncl. ac. uk/prodigy

Claims (28)

  1. CLAIMS 1. A prescription administration system in which an electronic prescription is generated by a prescriber, the prescription including an electronic verification which identifies the prescriber, the prescription is transferred to a central database which may be accessed by a multiplicity of dispensers, a dispenser upon receiving instructions to dispense the prescription locates the prescription on the central database and retrieves the prescription, the dispenser dispenses the prescription and adds to the prescription details of the dispensing plus an electronic verification which identifies the dispenser.
  2. 2. A prescription administration system according to claim 1, wherein the dispenser forwards a copy of the dispensed prescription to a settlement agency.
  3. 3. A prescription administration system according to claim 1, wherein the dispenser forwards details of the dispensed prescription to the prescriber.
  4. 4. A prescription administration system according to any of claims 1 to 3, wherein the system is provided with verification checking means arranged to interpret the electronic verification in order to determine the identity of the prescriber or dispenser, and to reject any prescription that does not include a valid verification.
  5. 5. A prescription administration system according to any preceding claim, wherein a patient that receives a prescribed item adds to the prescription an electronic verification which identifies the patient and confirms that the prescription item has been dispensed.
  6. 6. A prescription administration system according to claim 5, wherein the patient adds information to the prescription to claim exemption from payment for the prescribed item prior to adding the electronic verification to the prescription.
  7. 7. A prescription administration system according to claim 2 or any claim dependent thereon, wherein the settlement agency arranges payment for the prescription and deletes the prescription from the central database.
  8. 8. A prescription administration system according to any preceding claim, wherein the central database includes a unique identifier allocated to each person encompassed by the prescription administration system, and a prescription for a given person is stored in the central database using the unique identifier allocated to that person.
  9. 9. A prescription administration system according to claim 8, wherein the prescription is retrieved by the dispenser from the central database by using an electronic verification of the identity of the patient.
  10. 10. A prescription administration system according to claim 8, wherein the central database includes information specific to a patient.
  11. 11. A prescription administration system according to claim 10, wherein the prescription is retrieved by the dispenser from the central database using the information specific to that patient.
  12. 12. A prescription administration system according to claim 8, wherein the central database includes information specific to a prescription, and the prescription is retrieved by the dispenser from the central database using the information specific to that prescription.
  13. 13. A prescription administration system according to any preceding claim, wherein the central database includes pointers to other databases which contain information specific to the patient.
  14. 14. A prescription administration system according to any preceding claim, wherein authorisation information is associated with each prescriber and each dispenser.
  15. 15. A prescription administration system according to claim 14, wherein authorisation to prescribe and authorisation to dispense are provided by professional bodies external to the system.
  16. 16. A prescription administration system according to claim 14 or claim 15, wherein the system is provided with authorisation information checking means arranged to locate the authorisation information associated with the prescriber or dispenser of the prescription, and to reject the prescription if it has not been prescribed or dispensed by an authorised prescriber or dispenser.
  17. 17. A prescription administration system according to any of claims 14 to 16, wherein the authorisation information is used to police access to the central database, a valid authorisation being required in order to access the central database
  18. 18. A prescription administration system according to any preceding claim, wherein the system uses asymmetric encryption, and the electronic verification is a digital signature generated using a private key belonging to the person whose identity is verified by the electronic verification.
  19. 19. A prescription administration system according to claim 18, wherein a user of the system is provided with an electronic token that includes a private key, a certified public key, a public key which corresponds to a private key held by a trusted third party certification authority, and a shared secret that is known to the user and is required in order to activate the electronic token.
  20. 20. A prescription administration system according to claim 19, wherein the electronic token contains additional information pertinent to the user.
  21. 21. A prescription administration system according to claim 17 or any claim dependent thereon, wherein a user is required to provide a digital signature in order to gain access to the central database, the digital signature being used to determine the identity of the user and together with authorisation information held in the central database to determine whether the user is authorised to gain access to the central database.
  22. 22. A prescription administration system according to any of claims 18 to 21, wherein the prescription is encrypted directly or indirectly using a public key and is subsequently decrypted using an associated private key.
  23. 23. A prescription administration system according to any of claims 18 to 22, wherein the prescription is made confidential through encryption directly or indirectly with the public key of the recipient before transfer across a network.
  24. 24. A prescription administration system according to any preceding claim, wherein the prescription is an attribute certificate according to the X. 509 standard, the prescribed items being identified as a complex X. 500 attribute type.
  25. 25. A prescription administration system according to any preceding claim, wherein authorisation information is provided in the form of attribute certificates, and these are validated in order to determine whether a user is to be allowed access to the central database.
  26. 26. A prescription administration system according to any preceding claim, wherein a prescriber's authorization is contained in an X. 509 attribute certificate and this is validated prior to dispensing in order to determine whether the prescriber is authorised to write prescriptions.
  27. 27. A prescription administration system according to any preceding claim, where the central database is built according to the data models of the X. 500 standard and is accessible via internationally standardized protocols.
  28. 28. A prescription administration system substantially as hereinbefore described with reference to the accompanying figure.
GB0026425A 2000-10-28 2000-10-28 Prescription administration system Withdrawn GB2368435A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0026425A GB2368435A (en) 2000-10-28 2000-10-28 Prescription administration system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0026425A GB2368435A (en) 2000-10-28 2000-10-28 Prescription administration system

Publications (2)

Publication Number Publication Date
GB0026425D0 GB0026425D0 (en) 2000-12-13
GB2368435A true GB2368435A (en) 2002-05-01

Family

ID=9902148

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0026425A Withdrawn GB2368435A (en) 2000-10-28 2000-10-28 Prescription administration system

Country Status (1)

Country Link
GB (1) GB2368435A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004086262A1 (en) * 2003-03-28 2004-10-07 Alchemist Healthcare Limited System and method of pharmaceutical prescription and distribution
WO2005111953A1 (en) * 2004-05-14 2005-11-24 Ecebs Limited Improved ticketing scheme
NL1029537C2 (en) * 2005-07-15 2007-01-29 Holding F M Van Der Vaart B V Method and device for automated prescription dispensing of packaged medicines, as well as a label to be used for this.
CN1998028A (en) * 2004-05-14 2007-07-11 埃塞博斯有限公司 Improved ticketing scheme
EP2151776A1 (en) * 2008-08-08 2010-02-10 Medisana AG Device for accompanying therapy and controlling medication for people
US11355235B2 (en) 2011-07-15 2022-06-07 Fresenius Medical Care Deutschland Gmbh Method and device for remote monitoring and control of medical fluid management devices
US11424934B2 (en) 2017-04-26 2022-08-23 Fresenius Medical Care Holdings, Inc. Securely distributing medical prescriptions

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4847764A (en) * 1987-05-21 1989-07-11 Meditrol, Inc. System for dispensing drugs in health care institutions
WO1997017671A1 (en) * 1995-11-08 1997-05-15 Automated Prescription Systems, Inc. An automated medical prescription fulfillment system including bar code scanner
GB2310301A (en) * 1996-02-14 1997-08-20 Alexander James Munro Dispensing medicinal products

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4847764A (en) * 1987-05-21 1989-07-11 Meditrol, Inc. System for dispensing drugs in health care institutions
US4847764C1 (en) * 1987-05-21 2001-09-11 Meditrol Inc System for dispensing drugs in health care instituions
WO1997017671A1 (en) * 1995-11-08 1997-05-15 Automated Prescription Systems, Inc. An automated medical prescription fulfillment system including bar code scanner
GB2310301A (en) * 1996-02-14 1997-08-20 Alexander James Munro Dispensing medicinal products

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004086262A1 (en) * 2003-03-28 2004-10-07 Alchemist Healthcare Limited System and method of pharmaceutical prescription and distribution
GB2416611A (en) * 2003-03-28 2006-02-01 Alchemist Healthcare Ltd System and method of pharmaceutical prescription and distribution
WO2005111953A1 (en) * 2004-05-14 2005-11-24 Ecebs Limited Improved ticketing scheme
CN1998028A (en) * 2004-05-14 2007-07-11 埃塞博斯有限公司 Improved ticketing scheme
JP2007537524A (en) * 2004-05-14 2007-12-20 エセブス・リミテッド Improved ticketing system
CN1998028B (en) * 2004-05-14 2015-02-11 埃塞博斯有限公司 Improved ticketing scheme
NL1029537C2 (en) * 2005-07-15 2007-01-29 Holding F M Van Der Vaart B V Method and device for automated prescription dispensing of packaged medicines, as well as a label to be used for this.
EP1762969A3 (en) * 2005-07-15 2007-05-16 Holding F.M. van der Vaart B.V. Method and device for the automated dispensing of packaged medicines on prescription as well as a label to be used therewith
EP2151776A1 (en) * 2008-08-08 2010-02-10 Medisana AG Device for accompanying therapy and controlling medication for people
US11355235B2 (en) 2011-07-15 2022-06-07 Fresenius Medical Care Deutschland Gmbh Method and device for remote monitoring and control of medical fluid management devices
US11869660B2 (en) 2011-07-15 2024-01-09 Fresenius Medical Care Deutschland Gmbh Method and device for remote monitoring and control of medical fluid management devices
US11424934B2 (en) 2017-04-26 2022-08-23 Fresenius Medical Care Holdings, Inc. Securely distributing medical prescriptions

Also Published As

Publication number Publication date
GB0026425D0 (en) 2000-12-13

Similar Documents

Publication Publication Date Title
US11636776B2 (en) Unified identification protocol in training and health
CN107835182B (en) Electronic prescription system based on block chain and processing method
US9419951B1 (en) System and method for secure three-party communications
US20190156938A1 (en) System, method and data model for secure prescription management
WO2001009701A1 (en) Network-based information management system for the creation, production, fulfillment, and delivery of prescription medications and other complex products and services
US8607332B2 (en) System and method for the anonymisation of sensitive personal data and method of obtaining such data
US20030051144A1 (en) Dynamic electronic chain-of-trust document with audit trail
US20060259330A1 (en) Electronic prescription system for internet pharmacies and method threfor
US20030088771A1 (en) Method and system for authorizing and certifying electronic data transfers
WO2007002355A2 (en) System for storing medical records accessed using patient biometrics
JP2002032344A (en) Method and device for providing contents
Yang et al. A smart-card-enabled privacy preserving e-prescription system
US20120029938A1 (en) Anonymous Healthcare and Records System
JP2004527818A (en) Personal data database system and method for controlling access to a personal data database
GB2368435A (en) Prescription administration system
JP2002245162A (en) System/method/program for providing medical service and recording medium with the program recorded thereon
KR20000071940A (en) System for electronically transmitting prescription by using smart card
KR20120086902A (en) System for electronic prescription and operation method therefor, hospital apparatus, encryption management apparatus, relay apparatus, and pharmacy apparatus
KR20070000653A (en) Safekeeping system for electronic prescription using digital signature and method thereof
US9129099B1 (en) Portable health record system and method
KR100561314B1 (en) System and Method Of Managing Medical Data
Mundy et al. Security issues in the electronic transmission of prescriptions
JP2000293603A (en) Area medical information system and electronic patient card
Blohel Onconet: A secure infrastructure to improve cancer patients' care
KR20010087920A (en) Method for Transmitting and Managing Doctor's Prescription to Pharmacy in a Secured Manner

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)