AU2006235788A1 - Patient data control system - Google Patents
Patient data control system Download PDFInfo
- Publication number
- AU2006235788A1 AU2006235788A1 AU2006235788A AU2006235788A AU2006235788A1 AU 2006235788 A1 AU2006235788 A1 AU 2006235788A1 AU 2006235788 A AU2006235788 A AU 2006235788A AU 2006235788 A AU2006235788 A AU 2006235788A AU 2006235788 A1 AU2006235788 A1 AU 2006235788A1
- Authority
- AU
- Australia
- Prior art keywords
- data
- patient data
- patient
- location
- data control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Landscapes
- Medical Treatment And Welfare Office Work (AREA)
Description
AUSTRALIA
Patents Act 1990 COMPLETE SPECIFICATION Invention Title: PATIENT DATA CONTROL SYSTEM PATIENT DATA CONTROL SYSTEM FIELD OF THE INVENTION O This invention relates to a patient data control system. In particular it relates to a 5 system for control of data for multiple clients using multiple providers of medical ¢€3 services but is not limited to such.
00oO 00oO BACKGROUND ART Cc In the vast majority of instances, providers are responsible when dealing with 10 sensitive information; however there have been cases where patient information has Sbeen sent via email in an unencrypted format, rendering the patient information available if intercepted over the Internet. Apart from the security concerns associated with sending information over the Intemrnet, email programs do not allow providers or divisions to store and manage data in a central place. Email is merely a means of communication and is not a workflow or data management tool.
Therefore the present system such as shown in Figure 2 does not provide a system with any guaranteed security. The current method for health program management and patient referrals is via ad hoc fax, phone or email based communication. These methods are unreliable; can result in incomplete referrals; take longer than electronic referrals to execute; and do not adhere to government regulations on patient privacy regulations, i.e. do not use Public Key Infrastructure (PKI) for user authentication and encryption of patientdata combined with system user roles to govern correct access to patient data; The current systems are merely a means of communication and are not a workflow or data management tool. In particular they require double or triple manual handling of data collation and reporting and therefore the likelihood of errors is substantial and the likelihood of breach of patient data security is substantial.
It is therefore an object of the invention to provide an improved patient control system that overcomes or at least ameliorates the problems of the prior art.
IO BRIEF DESCRIPTION OF THE INVENTION
O
In accordance with the invention there is provided a patient data control system Scomprising: a public database access network able to have a secure connection at a O first location to the public database access network, the secure connection undertaken by data encryption and authentication; a storage database at a secure remote location; a data entry means at the first location for inputting data to and accessing data from 00 the storage base through the secure connection of the public database access network 00 and including a first filter means; the first filter means able to de-identify the data Cc entered for transmission to the secure location such that a de-identified record is 10 provided at the storage database at a secure remote location; wherein the data can be O used for authorised remote access without inclusion of identity.
There can also be provided a data entry means at a second location for inputting data to and accessing data from the storage base through the secure connection of the public database access network and including a second filter means; the second filter means able to de-identify the data entered for transmission to the secure location such that a de-identified record is provided at the storage database at a secure remote location; data receiving means at a second location and including a second filter means for using an accessing key for accessing a form of the data from the storage database.
Also in the patient data control system there can be included a scheduling means between the data entry means at the first location and a data entry means at the second location wherein a referral of a patient can occur between a first professional at the first location and the second professional at the second location and a referral information can be placed on the secure remote location and accessible by the second professional when provided with an access key.
The system can have the scheduling means operating over a public database access network able to have a secure connection at the first and second location to the public database access network, the secure connection undertaken by data encryption and authentication.
IDAn initial authorisation by data encryption and authentication can allow continuing secure connection over the public database access network between the authorised Sparties and the secure remote location.
O C) Also in accordance with the invention there is provided a method of patient data control including the steps of: receiving a first set of patient data; de-identifying the 00 first set of patient data; providing the de-identified patient data to a remote location; 00 providing an access key allowing another party to access the de-identified patient data Cc at the remote location; wherein confidential medical information is retained securely 'C 10 but is accessible to authorised parties having the access key.
The step of providing the de-identified data to a remote location can use a public database access network able to have a secure connection at a first location to the public database access network, the secure connection undertaken by data encryption and authentication.
The step of allowing another party to access the de-identified data at the remote location includes use of a second filter, which limits the amount and form of the deidentified data at the remote location that can be accessed.
The step of allowing another party to access the de-identified data at the remote location can include using the second filter includes a means of re-identifying the data by an access key provided through a secondary route.
Any one or more of the authorised parties having the access key can access a plurality of de-identified patient data to allow interrogation of statistical or other review of characteristics of the patient data.
The system therefore provides a patient control system that is a secure, online, webbased managed health program and e-referral system.
The system of the invention adheres to government regulations on patient privacy regulations, i.e. do not use Public Key Infrastructure (PKI) for user authentication and O encryption of patient data combined with system user roles to govern correct access to patient data. The system also includes an application process in order to grant correct role based access into a referral system governed by a Divisions of General Practice, O health agency or other government-authorised community, which is deploying the referral system.
00 Further the system provide limits on referrals usage within a managed health program; 00 manages health program budgets and invoicing; creates patient data files for GPs and Cc primary health providers; Still further the system creates de-identified statistical patient data files for Divisions of General Practice, health agencies or other communities deploying the referral system; creates activity files and audit trails of system usage; provides for centralised data management including hosting in a secure data centre, backing up of data files and the implementation of a disaster recovery plan for the patient data.
The system can include a system clock to schedule events including reminders and notification of deadlines for compliance with government regulations for Health Program referrals and therefore is not merely a means of communication but a workflow or data management tool that does not require manual data collation and reporting.
The program for secure electronic patient referral (e-ReferralTM) has successfully employed PDCA (Plan Do Check Act) principles to achieve a solution with high levels of uptake, a high level of security, great workflow improvements and a 350% uptake in patient referrals compared to former non-electronic patient referral processes.
e-ReferralTM is a secure, online service for referring patients and managing patient cases or care plans. An e-ReferralTM is an electronic referral, and is created via the e- ReferralTM online service. Divisions of General Practice, health agencies, general practitioners, specialists and other health service providers all can use e-ReferralTM as a tool to create and manage referrals, patient cases (or plans) and to provide reporting.
4
NO
The e-ReferralTM service is contracted at the Division of General Practice (DGP) or SAgency level. This means that the DGP or Agency needs to have a contract with O control centre before individual providers can use the e-ReferralTM service. This is due to the DGP or Agency needs to approve all users of the e-ReferralTM service, as this is an end-to-end referral and data management system. By maintaining user 00 access to the system, the Division or Agency ensures the most secure environment for 00 the transmission of, and access to, patient data.
(N
\0 10 All users of the e-ReferralTM service need to apply for an individual certificate from Sthe Health eSignature Authority (HeSA) before they can access the e-ReferralTM service. This includes staff from the divisions or agencies that will be Administrators in e-ReferralTM. The Health eSignature Authority (HeSA) is the section responsible for Public Key Infrastructure (PKI) registrations in the health sector. Public Key Infrastructure (PKI) is an Information Technology (IT) infrastructure that enables the secure exchange of data and has been adopted by the Australian Government to provide a robust system of security for online health transactions.
The collection of referrals into a central point ensures that the data collected by the division is complete and accurate. The program avoids any paperwork mishaps and missing data that occur in traditional forms of communication (ie; fax, phone and email). Therefore there are time savings in the collection of data and the reporting capabilities of the system allows the Program Managers to more easily analyse patient referral activity and as a direct result make informed decisions on how to better structure the referral programs; The program increases GP access to primary health care providers efficiently and effectively, the program has the capacity to work in the framework of the Medicare Benefits Scheme (MBS) Better Access to Mental Health Care package as endorsed by the Council of Australian Governments (COAG); the program has the capacity to work within a broad spectrum of Chronic Disease programs including aged care, diabetes, practice support, Lifescripts program, O supporting mental health nurses. The system includes training for users.
O
The program has the capacity to collate and aggregate de-identified patient health O data, including recall and reminder systems. This collection of de-identified data allows for collection of data for evidence-based medicine.
00 All stages of the information life cycle of the system are encrypted and proved 00 rthrough two-factor authentication.
¢C Therefore: 0 10 a) Login is verified through 2 factor authentication (smartcard and role based 0 access) b) Browsing through system is through 2 factor authentication (smartcard and role based access) c) Any additions/deletions/modifications to the system is through 2 factor authentication (smartcard and role based access) d) Reports generated by the end user is performed through 2 factor authentication (smartcard and role based access) e) Communications through parties within the system (such as a Doctor to Psychologist or administrator) is through 2 factor authentication (smartcard and role based access) Information (or Health Object) Life cycle The system is also unique in that every portion of the health object (be it a patient record and/or referral) is protected by 2 factor authentication (smartcard and role based access).
The Health Object can be described (using a referral as an example) as: eReferral eReferral eReferral eReferral eReferral eReferral eReferral Record Creation Review 1 Review 2 Review 3 Review 4 Closed Reporting Destruction 1 if If if if if le if Health Object Life Cycle
\O
The above shows that the system itself enforces dual factor authentication (smart card c and role based access) for every period of the lifecycle of the artefacts that the system O produces. The object itself is never left in a state when it is in a decrypted format and is only accessible by the creator of the referral (in the above example) and the receiver of the referral. All other data is encrypted parts of it are 'released' depending on the 00oO smartcard used by the end user and the role assigned to them.
00oO Mc, No other system would enforce two factor authentication on the entire object lifecycle as the SD system. Most systems would enforce two factor authentication only on the Login stage or signing stage of the life cycle.
BRIEF DESCRIPTION OF THE DRAWINGS In order that the invention is more readily understood an embodiment will be described by way of illustration only with reference to the drawings wherein: Figure 1 is a diagrammatic view of the overview of the system in accordance with an embodiment of the invention; Figure 2 is a diagrammatic view of the prior art system; Figure 3 is a diagrammatic view of Figure 4 is a diagrammatic view of a structural system of the first user of the system of Figure 1; Figure 5 is a diagrammatic view of the security system of a structural system of the first user of the system of Figure 1; Figure 6 is a diagrammatic view of the interrelation of the system of the first user and second user of the system of Figure 1; There are also shown screenshots of a computerised form of the system of the invention wherein: Screenshot 1 Administrator Welcome Screen Screenshot 2 Administrator Menu Screenshot 2A Manage Program Variables Screenshot 3 View Referrals (De-identified) Screenshot 4 Download Minimum Data Set Screenshot 5 Manage Session Payments \O Screenshot 6 Manage Additional Payments
O
0Screenshot 7 Manage Registration Requests Screenshot 8 View Users O Screenshot 9 View Reports Screenshot 10 Download Documents Screenshot 11 GP Welcome Screen 00 Screenshot 12 GP Create New Referral 00 Screenshot 13 View My Referral C Screenshot 14 View Sessions O 10 Screenshot 15 Outcome Tool Calculator
O
SScreenshot 16 Document Downloads Screenshot 17 Psychologist Menu Screenshot 18 Specialist View Referrals Screenshot 19 Specialist Outcome Tool Calculator Screenshot 20 Specialist Manage Profile Screenshot 21 Specialist Download Documents DESCRIPTION OF A PREFERRED EMBODIMENT OF THE INVENTION Patient Control System Elements The patient data control system is a secure, online, web-based managed health program and e-referral system.
The patient control system provides a means for Divisions of General Practice, other health agencies, general practitioners and primary health care providers ("specialists") to create and manage referrals, patient cases (or plans) and to provide reporting.
The patient data control system is contracted at the Division of General Practice (DGP), or Agency level. This means that the DGP or Agency needs to have a contract with the control centre before individual providers can use the PDCS service.
The DGP or Agency needs to approve all users of the PDCS service, as this is an endto-end referral and data management system. By maintaining user access to the system, the Division or Agency ensures the most secure environment for the Ntransmission of, and access to, patient data. This allows the DGP to approve user
O
access to the system within a local community or network, specify the type of activity that each user group can perform, determine how information should be captured and O shared and ensure that data security requirements are being met.
General practitioners will benefit from having a history of all their referrals and 00 requests and being able to view the progress of referred patients. They also benefit 00 rfrom having a referral database so they can refer patients to specialists or consultants with particular areas of expertise.
,0 OSpecialists and consultants are also set up as users of the Patient Data Control System. They will be accessed by a network of GPs, can make their areas of expertise available to GPs, and can share patient progress with the GP in order to recommend further treatment or therapies.
The Patient Data Control System has benefits for a DGP or health agency in that it adheres to the Government-defined data security best practices. This means that your providers will be meeting their obligations in regards to the privacy and security of patient information. The system also ensures your providers are meeting the minimum data requirements for a specific health program and for individual referrals. There is a saving of time for medical staff by eliminating faxing and paper records, and ensuring all records are stored in one place for quicker access. The system provides a secure, central repository for the storage and management of all data related to individual providers and their referred patients. This means Project Managers can focus on health program outcomes rather than collating data. The system enforces user compliance with Government health programs eg minimum data requirements. It allows your health programs to be adjusted on the fly with advanced real-time reporting functionality. The system provides reporting at the provider and divisional level, thus allowing you to meet your health program reporting requirements. The system can be accessed 24 hours a day, 7 days a week from anywhere in the world via the Internet.
SPatient Control System Workflow The referral form ensures the GP enters all the required information (known as the minimum data set) to create a referral and the psychologists are set up on the system, O thereby providing an end-to-end flow of information between referrer and referee.
The patient care plan is available for the referrer and referee to view at all stages of the case, whether the status of the case is just opened, in progress or closed.
00 00 At the divisional level, the program reporting requirements generates around Cc different reports (de-identified) for the division project managers in real time, thus 10 allowing them to adjust their programs while they are in progress. The outcome is Smore effective program management versus the usual ineffective methods of data collection and reporting.
The principal focus of the patient data control system is to ensure that patient data is shared in a secure electronic environment. The patient data control system utilises HeSA PKI certificates for the identification of GPs, providers (psychologists) and approved division staff. In addition the referral system only uses de-identified data to protect patient privacy. It should be pointed out also that the referrals are only made once signed patient consent has been obtained by the GP.
In addition to meeting government objectives for the protection of patient privacy, The e-Referral has also achieved greatly improved workflow efficiency, which has had an exponential improvement on manual patient data exchange. Two entities can now send a referral within a few minutes compared to an estimated time of up to half and hour required for faxed based communication. Furthermore, the division's project manager has been able to increase work throughput and focus on program outcomes instead of data management, which is now automatically delivered in various report, tables, graphs and statistical outcomes. The electronic e-Referrals system also introduces prompting and feedback mechanisms for notices of referral, reminders for follow up and even help in the management of eReferral decision making and scheduling.
The outcome creates a ready uptake from the manual system and at the same time the O division project manager have had their data management workflow substantially 0 reduced allowing them to focus on the real outcomes of program study and patient benefits. Furthermore, the system connectivity to a wide national network utilising O HESA PKI certificates is ready and capable of integration to existing health systems.
The key benefits are that the system is user friendly, saves time and is cost efficient 00oO and provides for a cost reduction. It also meets requirements of privacy legislation.
00oO However fundamentally there is a reduction of paperwork (paperless office approach), Cc with receipt references to track e-Referrals and an audit friendly system to ensure ,O 10 correct medical referrals. Further there are flexible set-up options available.
PKI Security The patient data control system uses Public Key Infrastructure (PKI) to ensure the security and privacy of patient data.
A public key infrastructure is an arrangement that provides for trusted third party vetting of, and vouching for, user identities. It also allows binding of public keys to users. This is usually carried out by software at a central location together with other coordinated software at distributed locations. The public keys are typically in certificates.
The term is used to mean both the certificate authority and related arrangements as well as, more broadly and somewhat confusingly, the use of public key algorithms in electronic communications. The latter sense is erroneous since PKI methods are not required to use public key algorithms.
(source wikipedia http://en. wikipedia.org/wiki/Public key infrastructure) Encryption is a method of scrambling data so that it becomes unintelligible. By encrypting data when it is passed between users and when it is stored in our databases, we ensure that unauthorised access will not result in breaches of sensitive information.
Authentication is a means of ascertaining the identity of a user before allowing them access to information. The Patient Data Control system works by utilising government (Medicare) issued Health eSignature Authority (HeSA) individual certificates to authenticate users accessing our system. (Note that the Patient Data Control System is not limited to use of HESA issued certificates and can utilise certificates issued by any suitable Gatekeeper Accredited Certificate Authority.)
\O
A combination of encryption and authentication means that patient information (such as name, address, date of birth and other identifying information) is only viewable by O the referring GP and by the Specialist (referee). This is because the identifying data is only decrypted when the individual certificates of the GP and Specialist users are present and have been authenticated. In fact, not even the Division's Project Managers 00 or technical developers can view patient information, as all information is stored in an 00 encrypted format and can only be decrypted with the referring GP's and Specialist's Cc individual certificates.
,0 C At a high-level, the user logs onto their computer using an individual certificate (smartcard/ikey) issued by HeSA (see previous FAQ). They then go to our e- Referral
T
M service at internet address where we can detect that they have a certificate installed on their computer. We use this certificate to verify the credentials of the user against the HeSA server. Once the credentials of the user are verified, the e- ReferralTM system ascertains the user's role and allows the user to access the features of the system that the role is associated with.
First, contact the project manager at the division or agency that you belong to. Once they have given clearance, please go to the intemrnet address and click on the 'log-in' button. The first time you enter e-ReferralTM, you will need to fill out a registration form. This form allows the division or agency to approve your access to the system.
There is no log-in to e-ReferralTM. This means you don't need to remember any user ids or passwords. As soon as you go to our website at and click on the 'Log-in' button we will detect that you have a certificate installed on your computer and we will authenticate you against the HeSA server. Once the authentication step is complete, you are automatically logged-in to the site and presented with the features available to your user type.
e-ReferralTM does not require you to install special software or hardware. The service can be accessed using your usual web browser, so if you have Internet access and can surf the web, then you can access the e-ReferralTM service. We recommend minimum 12 INO browser versions as follows: Internet Explorer 6.0, Firefox 1.5, Netscape Browser Opera 8.0 and Safari O HeSA individual certificates do have minimum computer requirements for installation.
00 e-ReferralTM is one of the most secure health referral solutions on the market. It uses 00 oO both encryption and authentication to ensure the security and privacy of patient data.
,O 10 Encryption is a method of scrambling data so that it becomes unintelligible. You have Sprobably seen encrypted data before. It looks like this: 126i/IldZCyABgSGilKI=. By encrypting data when it is passed between users and when it is stored in our databases, we ensure that unauthorised access will not result in breaches of sensitive information.
Authentication is a means of ascertaining the identity of a user before allowing them access to information. e-ReferralTM works by utilising government (Medicare) issued Health eSignature Authority (HeSA) individual certificates to authenticate users accessing our system.
A combination of encryption and authentication means that patient information (such as name, address, date of birth and other identifying information) is only viewable by the referring GP and by the Specialist (referee). This is because the identifying data is only decrypted when the individual certificates of the GP and Specialist users are present and have been authenticated. In fact, not even the Division's Project Managers or technical developers can view patient information, as all information is stored in an encrypted format and can only be decrypted with the referring GP's and Specialist's individual certificates.
The Project Manager at the division or agency usually manages users on e-ReferralTM.
e-ReferralTM is convenient to use as determined by feedback from providers and divisions in beta version has been very positive. Because e-ReferralTM is a web-based technology, the interfaces are user friendly and intuitive to use. e-ReferralTM is such a IDprofessional-looking system that GPs create referrals in e-ReferralTM while their patients are looking on.
C.)
O Providers can encrypt information, such as referrals, and send it via email using their HeSA certificate. In the vast majority of instances, providers are responsible when dealing with sensitive information; however there have been cases where patient 00 information has been sent via email in an unencrypted format, rendering the patient 00 information available if intercepted over the Internet. Apart from the security c concerns associated with sending information over the Internet, email programs do not allow providers or divisions to store and manage data in a central place. Email is merely a means of communication and is not a workflow or data management tool.
Specialists who have been approached by a division or agency to register for e- ReferralTM can join this service and receive referrals from GPs via this service.
Specialists may register under a number of divisions, and can thus increase the number of referrals they receive.
Minimal training is required for e-ReferralTM but can be provided in initial training sessions for all new users of e-ReferralTM.
The referral form ensures the GP enters all the required information (known as the minimum data set) to create a referral and the psychologists are set up on the system, thereby providing an end-to-end flow of information between referrer and referee.
The patient care plan is available for the referrer and referee to view at all stages of the case, whether the status of the case is just opened, in progress or closed.
At the divisional level, the program reporting requirements generates around different reports (de-identified) for the division project managers in real time, thus allowing them to adjust their programs while they are in progress. The outcome is more effective program management versus the usual ineffective methods of data collection and reporting.
The principal focus of the e-ReferralTM program was to ensure that patient data was 14 INO shared in a secure electronic environment. The eReferral solution utilises HeSA PKI 0 certificates for the identification of GPs, providers (psychologists) and approved division staff. In addition the referral system only uses de-identified data to protect O patient privacy. It should be pointed out also that the referrals are only made once signed patient consent has been obtained by the GP.
00 In addition to meeting government objectives for the protection of patient privacy, 00 The e-Referral has also achieved greatly improved workflow efficiency, which has Cc had an exponential improvement on manual patient data exchange. Two entities can C 10 now send a referral within a few minutes compared to an estimated time of up to half and hour required for faxed based communication. Furthermore, the division's project manager has been able to increase work throughput and focus on program outcomes instead of data management, which is now automatically delivered in various report, tables, graphs and statistical outcomes. The electronic e-Referrals system also introduces prompting and feedback mechanisms for notices of referral, reminders for follow up and even help in the management of eReferral decision making and scheduling.
The outcome creates a ready uptake from the manual system and at the same time the division project manager have had their data management workflow substantially reduced allowing them to focus on the real outcomes of program study and patient benefits. Furthermore, the system connectivity to a wide national network utilising HESA PKI certificates is ready and capable of integration to existing health systems.
The Tiers of operation are as follow: Hosted Internet domain based exchange G2G eg. Public network communication between an embassy and a consulate G2B eg. Health care professionals and municipality offices on private documents G2C eg. Secure voting on general elections by voters in the community O B2B 0eg. Private health professionals exchanging patient information or a retail store Sreporting to the central office on daily turnover O B2C eg. Providing a secure banking access and removing the impact of hoax emails entering the arena between the customer and the bank Internet entry point 00 C2C 00 r- eg. Securing the internet chat rooms from various rogue elements and threats to our younger community The security levels that can be incorporated are as follows: Sbasic level password access base approach smart card with certificate and password high level solution soft certificates for server to server (S2S) based functions 0 Hardware Security Module (HSM) for mass volume solutions Custom based solutions available The key benefits are that the system is user friendly, saves time and is cost efficient and provides for a cost reduction. It also meets requirements of privacy legislation.
However fundamentally there is a reduction of paperwork (paperless office approach), with receipt references to track e-Referrals and an audit friendly system to ensure correct medical referrals. Further there are flexible set-up options available.
Patient Data System Workflow Apply for Access All users of the Patient Data Control System need to apply for an individual certificate from the Health eSignature Authority (HeSA) before they can access the Patient Data Control system. This includes staff from the divisions or agencies that will be Administrators in the Patient Data Control system. The Health eSignature Authority (HeSA) is the organisation currently responsible for Public Key Infrastructure (PKI) registrations in the health sector. Public Key Infrastructure (PKI) is an Information Technology (IT) infrastructure that enables the secure exchange of data and has been NO adopted by the Australian Government to provide a robust system of security for online health transactions.
C)
o At a high-level, the user logs onto their computer using an individual certificate (smartcard/ikey) issued by HeSA. They then go to the Patient Data Control system at internet address where we can detect that they have a certificate installed on their 00 computer. We use this certificate to verify the credentials of the user against the HeSA 00 server. Once the credentials of the user are verified, the eReferral system ascertains Cc the user's role and allows the user to access the features of the system that the role is associated with.
The first time they access the site, each user fills out the Patient Data Control system registration form. A user with Administrator access to the Patient Data Control system then approves the user registration form. Once approved, the user can access and start using the system.
User Roles Users access the Patient Data Control System via a website. Three types of users have access: 'Administrator' usually a Project Manager from a Division of General Practice or a Health Agency; 'GP' general practitioner; 'Specialist' provides consultant medical services.
User roles in Patient Data Control System can be customised to a health program, for example a nurse or other primary health care provider could fulfil the user role of 'Specialist'.
The features available in the Patient Data Control system are set according to the type of user accessing the service.
Administrator features: Approve user access to the system.
Put a cap or limit on the number of referrals for users.
17 IN View individual referrals (personal information is de-identified) 0 0 View the activity for each provider (GP or Specialist).
Generate reports based on de-identified patient data and activity data each O available in a number of different formats (including graphical).
0 Send system level messages to either individual or multiple recipient 00 GP features: 00 oO SGenerate referrals.
C* Attach additional scanned notes/documents to Patient/Referral record 0 Access all referrals in one place.
View referral history and the status of each referral.
View patient progress.
Access a database of specialists by area of expertise.
0 Send system level messages to either individual or multiple recipient Specialist features: Stores all referrals in one place.
Add patient case notes and share these with the referring GPs.
Add areas of expertise so that GPs can refer the correct patients.
0 Attach additional scanned notes/documents to Patient/Referral record Send system level messages to either individual or multiple recipient Centralised Database Patient Data file Community Data Reports Activity Data File Hosting Environment From a given document, which has specific private information an approved user can request to encrypt that document to send as required. Once user is approved the document is encrypted by the system as shown in the pictorial examples.
The secure document can be sent directly from the original program to an email IO program. At which stage the user is checked for their authentication to send documents. Once clear the email is again encrypted by the system to go.
Various procedure flows are available here and are client and software specific.
O C) Once all security clearances have been approved on the document, the email and the individual user, the message can now proceed to the intended recipient. Receipts are 00oO recorded and are available for reference and auditing purposes.
00oO can customise all options relevant to client needs and security levels required.
(Ni ,O 10 As the document arrives to the intended recipient, they are required to pass a security 0 access before opening and decrypting the document. Once they are approved the document decryption proceeds as is pictorially shown. Again at every stage receipts are available that track information flow that may be required for an audit.
eReferral is an online patient referral, case management and reporting service.
If you are a Division of General Practice, Aged Care Provider or health agency, the eReferral service is a seamless way for you to provide electronic referrals and case management to your network.
You can use eReferral for specific health programs or you can roll it out as your preferred patient referral and case management system.
And, as eReferral is contracted at the divisional or agency level, it puts you in charge of the system. This is because you approve user access to the system, specify the type of activity that each user group can perform, determine how information should be captured and shared and ensure your data security requirements are being met.
Program Managers at your division or agency will benefit as eReferral stores all the referral information in a central place, meaning that the Program Managers can focus on their job rather than on collating data.
General practitioners will benefit from having a history of all their referrals and IDrequests and being able to view the progress of referred patients. They also benefit from having a referral database so they can refer patients to specialists or consultants with particular areas of expertise.
Specialists and consultants are also set up as users of eReferral. They will be accessed by a network of GPs, can make their areas of expertise available to GPs, and can share 00 patient progress with the GP in order to recommend further treatment or therapies.
00 M Security
(N
,O 10 eReferral is one of the most secure patient referral systems on the market. By using C)eReferral you can be assured that your health service providers are meeting their obligations under the Australian Government's Electronic Transactions Act 1999, for the secure transmission of electronic data. This is because adheres to the governmentdefined security technology best practices.
Users access eReferral via the website. Three types of users have access to eReferral: 'Administrator' usually a Project Manager from your Division of General Practice or at the health agency. 'GP' general practitioner. 'Specialist' provides consultant medical services. It is worth noting that the user roles in eReferral can be customised to your needs, for example a nurse or other health worker could fulfil the user role of 'Specialist'.
The first time they access the site, each user fills out the eReferral registration form.
A user with Administrator access to eReferral then approves the user registration form. Once approved, the user can access and start using the system.
The features available in eReferral are set according to the type of user accessing the service.
Administrator features: 0 Approve user access to the system.
0 Put a cap or limit on the number of referrals for users.
0 View individual referrals (personal information is de-identified) INO View the activity for each provider (GP or Specialist).
0 Generate up to 25 different reports each available in a number of different Sformats (including graphical).
O Send system level messages to either individual or multiple recipient GP features: 00 Generate referrals.
00 0 Attach additional scanned notes/documents to Patient/Referral record 0 Access all referrals in one place.
IND
View referral history and the status of each referral.
View patient progress.
Access a database of specialists by area of expertise.
Send system level messages to either individual or multiple recipient Specialist features: Stores all referrals in one place.
Add patient case notes and share these with the referring GP.
0 Add areas of expertise so that GPs can refer the correct patients.
Attach additional scanned notes/documents to Patient/Referral record Send system level messages to either individual or multiple recipient 0 eReferral Benefits eReferral has benefits for your division or health agency in that it adheres to the Government-defined data security best practices. This means that your providers will be meeting their obligations in regards to the privacy and security of patient information. The system also ensures your providers are meeting the minimum data requirements for a specific health program and for individual referrals. There is a saving of time for medical staff by eliminating faxing and paper records, and ensuring all records are stored in one place for quicker access. The system provides a secure, central repository for the storage and management of all data related to individual providers and their referred patients. This means Project Managers can focus on health program outcomes rather than collating data. The system enforces user \O compliance with Government health programs eg minimum data requirements. It allows your health programs to be adjusted on the fly with advanced real-time Sreporting functionality. The system provides reporting at the provider and divisional 0 O level, thus allowing you to meet your health program reporting requirements. The system can be accessed 24 hours a day, 7 days a week from anywhere in the world via the Internet.
00 00
IN
U--
0',
(N
Claims (15)
1. A patient data control system comprising: a public database access network able to have a secure connection O at a first location to the public database access network, the secure connection undertaken by data encryption and authentication; a storage database at a secure remote location; oO a data entry means at the first location for inputting data to and oO 00 accessing data from the storage base through the secure connection of the Cc public database access network and including a first filter means; IN 10 the first filter means able to de-identify the data entered for Stransmission to the secure location such that a de-identified record is provided at the storage database at a secure remote location; wherein the data can be used for authorised remote access without inclusion of identity.
2. A patient data control system according to claim 1 including: a data entry means at a second location for inputting data to and accessing data from the storage base through the secure connection of the public database access network and including a second filter means; the second filter means able to de-identify the data entered for transmission to the secure location such that a de-identified record is provided at the storage database at a secure remote location; data receiving means at a second location and including a second filter means for using an accessing key for accessing a form of the data from the storage database.
3. A patient data control system according to claim 1 or 2 including a scheduling means between the data entry means at the first location and a data entry means at the second location wherein a referral of a patient can occur between a first professional at the first location and the second professional at the second location and a referral information can be placed on the secure remote location and accessible by the second professional when provided with an access key. I4. A patient data control system according to claim 3 including the scheduling means operating over a public database access network able to have a secure connection at the first and second location to the public database access O network, the secure connection undertaken by data encryption and authentication. 00 5. A patient data control system according to any one of the preceding claims 00 wherein an initial authorisation by data encryption and authentication allows Cc continuing secure connection over the public database access network between ,OC 10 the authorised parties and the secure remote location.
6. A method of patient data control including the steps of: receiving a first set of patient data; de-identifying the first set of patient data providing the de-identified patient data to a remote location; providing an access key allowing another party to access the de- identified patient data at the remote location; wherein confidential medical information is retained securely but is accessible to authorised parties having the access key.
7. A method of patient data control according to claim 6 wherein the step of providing the de-identified data to a remote location uses a public database access network able to have a secure connection at a first location to the public database access network, the secure connection undertaken by data encryption and authentication.
8. A method of patient data control according to claim 6 or 7 wherein the step of allowing another party to access the de-identified data at the remote location includes use of a second filter which limits the amount and form of the de- identified data at the remote location that can be accessed.
9. A method of patient data control according to claim 8 wherein the step of allowing another party to access the de-identified data at the remote location IND includes using the second filter includes a means of re-identifying the data by an access key provided through a secondary route. C-) c, O 10. A method of patient data control according to any one of claims 6 to 9 wherein any one or more of the authorised parties having the access key can access a plurality of de-identified patient data to allow interrogation of statistical or other 00oO review of characteristics of the patient data. 00oO Mc 11. A method of patient data control according to any one of claims 6 to 9 wherein ,O 10 the data can be used for authorised remote access without inclusion of identity.
12. A method of patient data control according to any one of claims 6 to 9 wherein user roles to identify actors using the system and predefinition of access levels to system data.
13. A method of patient data control according to any one of claims 6 to 9 wherein an application process via an authorised community deploys the patient data control system.
14. A method of patient data control according to any one of claims 6 to 9 wherein there are provided controls on the system for predefined usage at user, role and global levels. A method of patient data control according to any one of claims 6 to 9 wherein rhe system includes an internal clock for scheduling events.
16. A method of patient data control according to any one of claims 6 to 9 wherein there is automatic generation of a patient data file based on the inputs by relative users.
17. A method of patient data control according to any one of claims 6 to 9 wherein there is generation of de-identified patient reports for system community analysis and review.
18. A method of patient data control according to any one of claims 6 to 9 wherein there is generation of activity data and audit trail for a patient data record.
19. A method of patient data control including every portion of the health object (be it a patient record and/or referral) is protected by 2 factor authentication. 00 00 .0 (-N A method of patient data control substantially as hereinbefore described with reference to the Figures.
21. A method of patient data control substantially as hereinbefore described with reference to the Figures and the Screenshots.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2006235788A AU2006235788A1 (en) | 2006-10-31 | 2006-10-31 | Patient data control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2006235788A AU2006235788A1 (en) | 2006-10-31 | 2006-10-31 | Patient data control system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2006235788A1 true AU2006235788A1 (en) | 2008-05-15 |
Family
ID=39409688
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2006235788A Abandoned AU2006235788A1 (en) | 2006-10-31 | 2006-10-31 | Patient data control system |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2006235788A1 (en) |
-
2006
- 2006-10-31 AU AU2006235788A patent/AU2006235788A1/en not_active Abandoned
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10764254B2 (en) | Systems and methods of secure data exchange | |
| Wolfond | A blockchain ecosystem for digital identity: improving service delivery in Canada’s public and private sectors | |
| US20190158275A1 (en) | Digital containers for smart contracts | |
| US9397998B2 (en) | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys | |
| US20090307755A1 (en) | System and method for facilitating cross enterprises data sharing in a healthcare setting | |
| US20160277374A1 (en) | System and method for securely storing and sharing information | |
| CN110957025A (en) | Medical health information safety management system | |
| US20060004588A1 (en) | Method and system for obtaining, maintaining and distributing data | |
| CN114026823A (en) | Computer system for processing anonymous data and method of operation thereof | |
| Halamka et al. | A WWW implementation of national recommendations for protecting electronic health information | |
| EP2880582A1 (en) | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment | |
| CN106533693B (en) | Access method and device of railway vehicle monitoring and overhauling system | |
| Rotondi et al. | Distributed ledger technology and European Union General Data Protection Regulation compliance in a flexible working context | |
| US20230141331A1 (en) | A method and a system for securing data, especially data of biotechnological laboratories | |
| Erler et al. | Threat Modeling to Design a Decentralized Health Data Management Application | |
| AU2006235788A1 (en) | Patient data control system | |
| Mazzocca et al. | A Survey on Decentralized Identifiers and Verifiable Credentials | |
| Scholl et al. | Security architecture design process for health information exchanges (HIEs) | |
| TWI790985B (en) | Data read authority control system based on block chain and zero-knowledge proof mechanism, and related data service system | |
| Doupi et al. | Implementing interoperable secure health information systems | |
| Perle et al. | Data security in the digital age: A consolidated guide for psychologists to understand Health Insurance Portability and Accountability Act-compliant telehealth. | |
| GOODWINE et al. | DEPARTMENT OF THE AIR FORCE | |
| Root | OISTE Foundation | |
| Kefallinos et al. | Secure PKI-enabled e-government infrastructures implementation: the SYZEFXIS-PKI case | |
| Wood | The Department of the Treasury Public Key Infrastructure (PKI) X. 509 Certificate Policy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MK4 | Application lapsed section 142(2)(d) - no continuation fee paid for the application |