WO2010135578A2 - Systèmes d'informations de soins de santé utilisant des identifiants d'objet dépourvus d'informations de santé personnelles - Google Patents

Systèmes d'informations de soins de santé utilisant des identifiants d'objet dépourvus d'informations de santé personnelles Download PDF

Info

Publication number
WO2010135578A2
WO2010135578A2 PCT/US2010/035654 US2010035654W WO2010135578A2 WO 2010135578 A2 WO2010135578 A2 WO 2010135578A2 US 2010035654 W US2010035654 W US 2010035654W WO 2010135578 A2 WO2010135578 A2 WO 2010135578A2
Authority
WO
WIPO (PCT)
Prior art keywords
health care
information
provider
name
health
Prior art date
Application number
PCT/US2010/035654
Other languages
English (en)
Other versions
WO2010135578A3 (fr
Inventor
Carl Kesselman
Stephan G. Erberich
Frank Siebenlist
Sam X. Sun
Karl Czajkowski
Laura Pearlman
Original Assignee
Carl Kesselman
Erberich Stephan G
Frank Siebenlist
Sun Sam X
Karl Czajkowski
Laura Pearlman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Carl Kesselman, Erberich Stephan G, Frank Siebenlist, Sun Sam X, Karl Czajkowski, Laura Pearlman filed Critical Carl Kesselman
Publication of WO2010135578A2 publication Critical patent/WO2010135578A2/fr
Publication of WO2010135578A3 publication Critical patent/WO2010135578A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation

Definitions

  • This disclosure relates to health care information systems, including systems which communicate health care information between different health care providers.
  • Health care information often needs to be exchanged between different institutions, such as between different health care providers.
  • Health Insurance Portability and Accountability Act of 1966 HIPAA
  • This act includes administrative simplification provisions which require national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
  • the administration simplification provisions also impose stringent security and privacy requirements on health care data.
  • a name generating system may generate an object name for each of the health care objects.
  • the object name of each health care object may include provider information indicative of the identity of the health care provider which manages the health care object.
  • the provider information may include information indicative of the National Provider ID of the health care provider.
  • the object name of each health care object may include object information indicative of the identity of the health care object.
  • the object information may not contain any personal health information.
  • the object information may be randomly generated.
  • the object information may include information enabling the integrity of the object information to be verified.
  • a name delivery system may deliver the object names generated by the name generating system.
  • a communication system may receive the object information from a health care information access system and, in response, provide the information about the health care object, named in part with the object information, to the health care information access system.
  • the health care information provider system may include a security system configured to limit access to the information about the health care objects to only authorized heath care information access systems.
  • At least one of the health care objects may include a health care record, the name of a health care patient, and/or a health care patient study.
  • the name generating system and the object resolution system may both be under the control of a common health care provider.
  • a health care information access system may access information about health care objects that are each managed by a health care provider.
  • the health care information access system may include a user interface configured to receive an object name for each of the health care objects.
  • the object name of each health care object may include provider information and object information.
  • the health care information access system may include a provider identification system configured to identify the health care provider that manages each health care object based on the provider information in the object name of the health care object.
  • the provider identification system may be configured to identify the health care provider that manages each health care object based on a National Provider ID in the provider information.
  • the health care information access system may include a security system configured to provide each health care information provider system with information identifying the health care information access system. This may enable the health care information provider system to verify the authority of the health care information access system to obtain the information about the health care object managed by each health care information provider system.
  • FIG. 1 is an example of a health care information system.
  • FIG. 2 is an example of a health care information provider system.
  • FIG. 3 are examples of object names for health care objects.
  • FIG. 4 is an example of a health care information access system.
  • Each health care information access system may be configured to access information about health care objects. These objects may include patient medical records, names and other information about health care patients, and/or health care studies.
  • Each health care information provider system may be configured to provide information about one or more health care objects. These objects may include patient medical records, names and other information about health care patients, and/or health care studies.
  • the network communication infrastructure may be configured to facilitate communication of requests for health care information from the health care information access systems to the health care information provider systems.
  • the requests may seek information about and/or copies of one or more health care objects.
  • An example is a request for a copy of a medical imaging study.
  • These health care objects may contain private health information, as commonly defined by federal and local laws.
  • the requests may come from a variety of different types of health care providers, such as hospital, doctor offices, clinics, and/or midwives.
  • the health care information provider system illustrated in FiG. 2 may be used as one or more of the health care information provider systems illustrated in FIG. 1. Conversely, one or more of the health care information provider systems illustrated in FiG. 1 may be of a type that is different from the health care information provider system illustrated in FiG. 2.
  • the health care information provider system illustrated in FiG. 2 may include a name generating system 201 , a name delivery system 203, an object resolution system 205, a security system 207, and/or a communication system 209.
  • the health care identification provider system may include additional components not illustrated in FiG. 2. Examples include databases, local authentication systems, and other software components and services.
  • the name generating system 201 may be configured to generate an object name for each of the health care objects.
  • Each object name may include provider information and object information.
  • Other information may be included, such as handle attributes in accordance with an object naming convention, such as the one described in U.S. Patent 6,135,646 to Kahn et al., the entire of which is incorporated herein by reference.
  • the attributes may include information such as the hospital name and authentication information which may be used by administrators managing the hospital name space.
  • This provider information naming convention changes in provider names may not necessarily require any change in the provider information which forms part of the object name.
  • the object information portion of each object name may be indicative of the identity of the health care object.
  • the object information may not contain any personal health information.
  • the object information may not include the name of the patient, the address of the patient, the age of the patient, the sex of the patient, or any other information about the identity of the individual about whom the information pertains.
  • the object information include any such personal health information in any encrypted form which might be subject to decryption through the use of a decryption key.
  • the object information may be randomly generated.
  • the object information may be a randomly-generated number.
  • the name generating system 201 may be configured to include information enabling the integrity of the object information, the provider information, or both, to be verified. For example, the name generating system 201 may calculate a check sum for any or all of these fields of information and may include that check sum as part of the object name. Standard cryptographic check sums such as SHA may be used.
  • the name delivery system 203 may be configured to deliver the object names generated by and delivered from the name generating system 201. Because the object name may be structured so as not to divulge private health information, any standard network delivery protocol may be used to deliver the name. In addition, because the object naming and resolution is decoupled from the access to the object, the configurations of who to deliver to, how, and when may be adjusted to conform to the information sharing workflow. The name delivery system 203 may be configured to deliver these names over the network communication infrastructure illustrated in FiG. 1 via standard network protocols and/or to a user of the health care information provider system through a user interface (not shown), such as a web browser, email client or other specialized application.
  • a user interface not shown
  • the object resolution system 205 may be configured to utilize this location information for the purpose of seeking and obtaining the information about the health care object, or may simply return the location information so that the information about the health care object may be accessed by a different system.
  • the name resolution system may return the network address and path (e.g., URL) to one or more storage servers that hold the referenced information (e.g., a patient X-ray), or may provide the application entity title of a DICOM storage device that holds the information (e.g., radiological images).
  • the name resolution system may in addition or instead return a copy of the health care object (e.g., patient X-ray).
  • the security system 207 may be configured to limit access to the information about the health care objects to only authorized health care information access systems. For example, the security system 207 may request a user name and password from each health care information access system and, before granting access to the requested health care information, verify that the entered user name and password is correct.
  • the security system 207 may perform further checks to ensure that the querying health care information access system is entitled to receive the requested health care information. For example, the security system 207 may be configured to verify that the requesting health care information access system has a business associates agreement with the institution that is managing the health care object about which information is sought.
  • the communication system 209 may be configured to receive the object information from a health care information access system. In response, the communication system may be configured to provide the requesting health care information access system with the requested information.
  • the communication system 209 may include such components as a network interface card and related software and hardware systems that facilitate communication between different computers in a network environment.
  • FIG. 3 illustrates examples of object names for health care objects.
  • each object name may include provider information.
  • the provider information may be indicative of the identity of the health care provider which manages the health care object.
  • the provider information may be in the form of a National Provider ID. As illustrated in FiG. 3, this may take the form of the digits "888,” followed by a decimal, followed by the prefix USNPI, followed by a 7", and followed finally by a unique handle.
  • each object name may include object information.
  • the object information may be randomly generated, such as a randomly generated number. As explained above, this number may not include any personal health information, even in a form which can be decrypted with a decryption key.
  • the provider information and object information that forms each object name may be in a form and/or with content that is different from what is illustrated in FIG. 3.
  • the provider identification system 403 may be configured to identify the health care provider that manages each health object, based on the provider information in the object name of the health care object.
  • the provider information includes a National Provider ID
  • the provider identification system 403 may include a database which associates each national provider ID with an actual provider.
  • the identification of a provider may include a network address or other type of location at which a request for information about a health care object managed by the provider may be sent.
  • a National Provider ID is not provided, another type of managed name space may be used.
  • the database may include information which associates the provider information in the form in which it is provided with the network addresses or other type of location information for the provider. Any unique name may be used for each provider.
  • CHI-Appliance The Center for Health Informatics (CHI) has created a networked system (CHI-Appliance) to enable HIPAA compliant data exchange Medical professionals or health providers can utilize the CHI-Appliance to release clinical information for (i) treatment, payment or health-care operations (TPO) or (11) limited / de-identified data for research under HlPAA policy enforcement by the system
  • Part of the system is _ policy engine which enables a well-defmed and appropriately authorized release of a medical record from the local provider to the intended remote recipient, e g another provider engaged in TPO of the patient or a research affiliate engaged in an IRB approved study which receives a PHI removed and coded version of the medical record
  • the system uses a secure data management system to reference the medical record and to securely transport the medical record over public networks, e g Internet, to the intended recipient
  • the recipient also equipped with the system is receiving the reference and based on the recipient's policy will execute a secure data transfer
  • the recipient's system may recode the data depending on local provider conventions using the policy engine and consumes the medical record into the provider hospital information systems, e g EMR, PACS etc
  • a doctor at hospital A wants to share an MRI image set with a sub-specialist at practice B for second opinion
  • the patient agrees and signs waiver of consent to release the medical image record to the sub-specialist
  • the images are send from the clinical PACS (image archive) to the local CHI-Appliance (publication event)
  • the IT support of hospital A enters a release policy (HIPAA policy enforcement rule) for this record into the system (policy definition)
  • the system finds the record and its matching policy and notifies practice B that an image record is ready for release
  • the system at practice B validates the notification with the local record policy and determines it is able to obtain the record (unique HIPAA compliant naming of the image record)
  • the images are then requested from the appliance of hospital A and send to practice B (peer to-peer secure transfer)
  • the images are now recoded to match the local medical record number and entered into the image review system
  • the images are no ready for consultation

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Medical Informatics (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • Public Health (AREA)
  • Biomedical Technology (AREA)
  • Primary Health Care (AREA)
  • General Business, Economics & Management (AREA)
  • Epidemiology (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

La présente invention concerne un système de fourniture d'informations de soins de santé pouvant fournir des informations concernant des objets de soins de santé gérés par un prestataire de soins de santé. Un système de génération de nom peut générer un nom d'objet pour chacun des objets de soins de santé. Le nom d'objet de chaque objet de soins de santé peut comprendre des informations de prestataire indiquant l'identité du prestataire de soins de santé qui gère l'objet de soins de santé. Le nom d'objet de chaque objet de soins de santé peut comprendre des informations d'objet indiquant l'identité de l'objet de soins de santé. Les informations d'objet n'étant pas dénuées d'informations de santé personnelles quelconques, même sous un format pouvant être déchiffré par une clé de déchiffrement. Un système de résolution d'objet peut recevoir des informations d'objet indiquant l'identité de chaque objet de soins de santé et fournir en réponse des informations concernant l'objet de soins de santé. Le système de résolution d'objet peut comprendre des informations d'emplacement mettant en corrélation les informations d'objet pour chaque objet avec des informations indiquant l'emplacement des informations concernant chaque objet de soins de santé dans le prestataire de soins de santé. Un système de communication peut recevoir les informations d'objet d'un système d'accès aux informations de soins de santé et, en réponse, fournir les informations concernant l'objet de soins de santé, nommé en partie à l'aide des informations d'objet, au système d'accès aux informations de soins de santé.
PCT/US2010/035654 2009-05-20 2010-05-20 Systèmes d'informations de soins de santé utilisant des identifiants d'objet dépourvus d'informations de santé personnelles WO2010135578A2 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US18007409P 2009-05-20 2009-05-20
US61/180,074 2009-05-20
US22141009P 2009-06-29 2009-06-29
US61/221,410 2009-06-29

Publications (2)

Publication Number Publication Date
WO2010135578A2 true WO2010135578A2 (fr) 2010-11-25
WO2010135578A3 WO2010135578A3 (fr) 2011-02-24

Family

ID=43126776

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2010/035654 WO2010135578A2 (fr) 2009-05-20 2010-05-20 Systèmes d'informations de soins de santé utilisant des identifiants d'objet dépourvus d'informations de santé personnelles

Country Status (1)

Country Link
WO (1) WO2010135578A2 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012129372A2 (fr) * 2011-03-22 2012-09-27 Nant Holdings Ip, Llc Objets de gestion de soins de santé
US10120978B2 (en) 2013-09-13 2018-11-06 Michigan Health Information Network Shared Services Method and process for transporting health information
US11631479B2 (en) * 2017-08-04 2023-04-18 Clinerion Ltd. Patient recruitment system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030130873A1 (en) * 2001-11-19 2003-07-10 Nevin William S. Health care provider information system
JP2004030128A (ja) * 2002-06-25 2004-01-29 Nec Software Kyushu Ltd 健康医療情報共有システム,健康医療情報共有方法および健康医療情報共有プログラム
US20060218013A1 (en) * 2005-03-24 2006-09-28 Nahra John S Electronic directory of health care information
US20080288407A1 (en) * 2007-05-16 2008-11-20 Medical Management Technology Group, Inc. Method, system and computer program product for detecting and preventing fraudulent health care claims

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030130873A1 (en) * 2001-11-19 2003-07-10 Nevin William S. Health care provider information system
JP2004030128A (ja) * 2002-06-25 2004-01-29 Nec Software Kyushu Ltd 健康医療情報共有システム,健康医療情報共有方法および健康医療情報共有プログラム
US20060218013A1 (en) * 2005-03-24 2006-09-28 Nahra John S Electronic directory of health care information
US20080288407A1 (en) * 2007-05-16 2008-11-20 Medical Management Technology Group, Inc. Method, system and computer program product for detecting and preventing fraudulent health care claims

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012129372A2 (fr) * 2011-03-22 2012-09-27 Nant Holdings Ip, Llc Objets de gestion de soins de santé
WO2012129372A3 (fr) * 2011-03-22 2012-12-27 Nant Holdings Ip, Llc Objets de gestion de soins de santé
GB2502750A (en) * 2011-03-22 2013-12-04 Nant Holdings Ip Llc Healthcare Management objects
US11017897B2 (en) 2011-03-22 2021-05-25 Nant Holdings Ip, Llc Healthcare management objects
US20210241899A1 (en) * 2011-03-22 2021-08-05 Nant Holdings Ip, Llc Healthcare management objects
US10120978B2 (en) 2013-09-13 2018-11-06 Michigan Health Information Network Shared Services Method and process for transporting health information
US10311203B2 (en) 2013-09-13 2019-06-04 Michigan Health Information Network Shared Services Method and process for transporting health information
US10832804B2 (en) 2013-09-13 2020-11-10 Michigan Health Information Network Shared Services Method and process for transporting health information
US11631479B2 (en) * 2017-08-04 2023-04-18 Clinerion Ltd. Patient recruitment system

Also Published As

Publication number Publication date
WO2010135578A3 (fr) 2011-02-24

Similar Documents

Publication Publication Date Title
US10530760B2 (en) Relationship-based authorization
US20190258616A1 (en) Privacy compliant consent and data access management system and methods
JP5008003B2 (ja) 患者の再識別のためのシステムおよび方法
US20070203754A1 (en) Network health record and repository systems and methods
US20110112970A1 (en) System and method for securely managing and storing individually identifiable information in web-based and alliance-based networks using a token mechanism
US20110246231A1 (en) Accessing patient information
US10902382B2 (en) Methods for remotely accessing electronic medical records without having prior authorization
Li A service-oriented approach to interoperable and secure personal health record systems
Leng et al. Application of hyperledger in the hospital information systems: A survey
US20190354721A1 (en) Techniques For Limiting Risks In Electronically Communicating Patient Information
Petrakis et al. A mobile app architecture for accessing EMRs using XDS and FHIR
Rai et al. Patient-centric multichain healthcare record
Wang et al. Health data security sharing method based on hybrid blockchain
Taloba et al. A framework for secure healthcare data management using blockchain technology
US20110060607A1 (en) Health care information systems
US20060026039A1 (en) Method and system for provision of secure medical information to remote locations
AlZghoul et al. Towards nationwide electronic health record system in Jordan
WO2010135578A2 (fr) Systèmes d'informations de soins de santé utilisant des identifiants d'objet dépourvus d'informations de santé personnelles
Diaz et al. Scalable management architecture for electronic health records based on blockchain
Kovach et al. MyMEDIS: a new medical data storage and access system
Bergmann et al. An eConsent-based system architecture supporting cooperation in integrated healthcare networks
Puranik et al. CoreMedi: Secure Medical Records Sharing Using Blockchain Technology
Sanzi et al. Integrating Trust Profiles, Trust Negotiation, and Attribute Based Access Control
Miya et al. Healthcare Transformation Using Blockchain Technology in the Era of Society 5.0
Kumar Blockchain framework for medical healthcare records

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10778416

Country of ref document: EP

Kind code of ref document: A2

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10778416

Country of ref document: EP

Kind code of ref document: A2