WO2021209837A1 - A system and method of controlling accessibility of data - Google Patents

A system and method of controlling accessibility of data Download PDF

Info

Publication number
WO2021209837A1
WO2021209837A1 PCT/IB2021/052253 IB2021052253W WO2021209837A1 WO 2021209837 A1 WO2021209837 A1 WO 2021209837A1 IB 2021052253 W IB2021052253 W IB 2021052253W WO 2021209837 A1 WO2021209837 A1 WO 2021209837A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
module
entity
profile
owner
Prior art date
Application number
PCT/IB2021/052253
Other languages
French (fr)
Inventor
Roshan Khan
Original Assignee
Roshan Khan
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Roshan Khan filed Critical Roshan Khan
Publication of WO2021209837A1 publication Critical patent/WO2021209837A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Definitions

  • the embodiment herein generally relates to controlling data accessibility.
  • the invention relates to a system and method of controlling accessibility and usage of data of patients and doctors by an owner or an authorized entity.
  • a main object of the present disclosure is to provide details of data usage and/or access to an owner and/or to an authorized entity.
  • Another object of the present disclosure is to provide a method of enabling an owner and/or an authorized entity to control accessibility and/or usage of data.
  • Yet another object of the present disclosure is to provide details of tracking data update, usage and/or access to an owner and/or to an authorized entity.
  • Still another object of the present disclosure is to provide a method for enabling an admin and/or an authorized entity to define and/or modify usage and/or accessibility of data.
  • an embodiment herein provides a system and method of controlling accessibility and/or usage of data.
  • the system for controlling accessibility and usage of data comprises an owner interface, an admin interface, an entity interface.
  • the owner interface is configured for an owner, wherein the owner is a user owning the data.
  • the admin interface is configured for an admin, wherein the admin is an authorized user controlling the accessibility and usage of the data of the owner in the system.
  • the entity interface is configured for an entity, wherein the entity is an authorized user accessing the data in the system.
  • the owner interface includes a consent management module, a data management module and a Smart contracts module.
  • the smart contracts module is configured for notifying and rewarding the owner on identifying an entity accessing the data of the owner.
  • the admin interface includes an entity categorization module, a profile data classification module, a profile categorization module, an entity category weightage assignment module, an access control definition module, a profile owner assignment module, a weightage value assignment module, and a profile category weightage assignment module.
  • the entity interface includes an entity details module, and a data access module.
  • FIG.1 illustrates a system of admin interface 101 for controlling accessibility and usage of data 100, according to an embodiment herein;
  • FIG.2 illustrates a system of owner interface 201 for controlling accessibility and usage of data 200, according to an embodiment herein;
  • Fig.3 illustrates a system of entity interface 301 for controlling accessibility and usage of data 300, according to an embodiment herein; and [00021] Fig.4 illustrates a method 400 of controlling accessibility and usage of data, according to an embodiment herein.
  • Blockchain is a technology for storing data.
  • the data in a blockchain is stored in a plurality of blocks, wherein the blocks are linked to each other.
  • a blockchain network is a network of a plurality of communication devices including a computer or laptop or a mobile phone.
  • Each communication device is a node, wherein the plurality of nodes is connected to each other through internet.
  • the nodes broadcast information, relay information and store the information in a new block in a blockchain for ensuring immutability and transparency of data.
  • profile data is patients’ medical history. It includes health information, medical reports, diagnostic reports and other medical data of a patient.
  • profile data is doctors’ professional history. It includes professional experience, education, skills of a doctor.
  • an owner is a user owning the profile data of a patient.
  • the owner can include a patient, a doctor, a healthcare provider and a healthcare system provider.
  • an owner is a user owning the profile data of a doctor.
  • an admin is an authorized user controlling the accessibility and usage of the profile data of the patient in a system.
  • the admin can include a patient, a doctor, a healthcare provider, the owner or an authorized institution.
  • an admin is an authorized user controlling the accessibility and usage of the profile data of the doctor in a system.
  • An entity is an authorized user accessing the profile data in the system.
  • the system can include a plurality of entities including insurance companies, healthcare providers, doctors, medical research institutions, or an authorized entity.
  • the entity accesses the profile data of patients in the system.
  • the entity accesses the profile data of doctors in the system.
  • Fig.1 illustrates a system for controlling accessibility of data, according to an embodiment.
  • the system 100 comprises of an admin interface 101, a plurality of modules including an entity categorization module 102, a profile data classification module 104, a profile categorization module 110, an entity category weightage assignment module 106, an access control definition module 108, a profile owner assignment module 116, a weightage value assignment module 114, a profile category weightage assignment module 112, a plurality of broadcasting nodes 120, 122, 124, 126, 128 a plurality of relay nodes 130, 132, 134 a mining node 140, and a blockchain including a plurality of blocks but not limited to 150, 152, 154, 156, 160.
  • the admin accesses an admin system, wherein the admin system is a device including a mobile phone, a laptop, a computer, or an electronic communication device.
  • the admin accesses the admin interface 101 in the admin system.
  • the admin system or plurality of admin systems are configured as the broadcasting nodes 120, 122, 124, 126, and 128.
  • the admin interface 101 is configured for the admin or a plurality of admin, wherein the admin interface 101 includes the plurality of modules 102, 104, 106, 108, 108, 110, 112, 114, 116.
  • the profile classification module 104 is configured for dividing profile data into multiple levels based on criticality. The profile data of a patient is divided into levels including but not limited to basic data, personal data, medical data. In another embodiment, the profile data of a doctor is divided into multiple levels including but not limited to basic data, personal data, and professional history.
  • the profile categorization module 110 is configured for assigning the divided profiles to a plurality of categories based on profile data.
  • the categories for dividing profile data of patient include but not limited to profession, age, location.
  • the categories for dividing profile data of doctor include but not limited to age, specialty, and location.
  • the entity categorization module 102 is configured for assigning the entities to a plurality of categories based on details of entities.
  • the categories include but not limited to location, market.
  • the entity category weightage assignment module 106 is configured for allotting weightages to the plurality of categories of entities.
  • the weightages are allotted based on parameters including but not limited to demand, importance, and criticality.
  • the profile category weightage assignment module 112 is configured for allotting weightages to the plurality of categories of profiles. In some embodiments, the weightages are allotted based on parameters including but not limited to demand, importance, and criticality.
  • the access control definition module 108 is configured for defining an access of profile data by specifying the category of entity and specifying the category of profile for providing access of the specified category of profile to the specified category of entity.
  • the profile owner assignment module 116 is configured for assigning the ownership of a profile data to the owner.
  • the weightage value assignment module 114 is configured for assigning a digital token value to the weightages allotted to the profile data.
  • digital tokens are created in a digital token module using a conventional blockchain framework.
  • the conventional blockchain frameworks include but not limiting to Etherurm, Hyperledger fabric.
  • the admin interface 101 is configured on the plurality of broadcasting nodes 120, 122, 124, 126, 128. [00044] In an embodiment, the plurality of broadcasting nodes 120, 122, 124,
  • the plurality of broadcasting nodes 120, 122, 124, 126, 128 create a plurality of transactions using the plurality of modules 106, 108, 110, 112, 114 configured in the admin interface 101.
  • the plurality of broadcasting nodes 120, 122, 124, 126, 128 are configured for broadcasting the plurality of transactions to the plurality of relay nodes 130, 132, 134.
  • the broadcasting nodes 120, 122, 124, 126, 128 are connected to the relay nodes through internet.
  • the plurality of relay nodes 130, 132, 134 propagates the received transactions from the plurality of broadcasting nodes 120, 122, 124, 126, 128 to every other relay node 130, 132, 134.
  • all the relay nodes 130, 132, 134 verify the received transactions for ensuring correct formatting, valid signatures, and check most current version of blockchain for ensuring the transactions are performed by the admin.
  • the relay nodes need to be wary of malicious or spam transactions. Forwarding a transaction without verification by a relay node can cause blockchain network to quickly collapse due to a flood of junk transactions.
  • the plurality of relay nodes 130, 132, 134 on verifying and ensuring the validity of the transactions from the broadcasting nodes 120, 122, 124, 126, 128 transmit the transactions to the mining node 140.
  • the mining node 140 is in a process of creating a new block 160, and adds the transactions to the new block 160.
  • the new block 160 is added to a blockchain.
  • the newly created block 160 is broadcast across all nodes, confirming the block's 160 transactions.
  • the broadcasting node 120 creates a transaction using the entity category weightage assignment module 106
  • the broadcasting node 122 creates a transaction using the access control definition module 108
  • the broadcasting node 124 creates a transaction using the profile owner assignment module 116
  • the broadcasting node 126 creates a transaction using the weightage value assignment module 114
  • the broadcasting node 128 creates a transaction using the profile category weightage assignment module 112.
  • the broadcasting node 120 and 122 broadcast the transactions to the relay node 130
  • the broadcasting node 124 broadcasts the transaction to the relay node 132
  • the broadcasting node 126, 128 broadcasts the transaction to the relay node 134.
  • the relay node 130 propagates the transaction to the other relay nodes 132, 134; the relay node 132 propagates the transaction to the other relay nodes 130, 134; the relay node 134 propagates the transaction to the other relay nodes 130, 132.
  • the relay nodes 132, 134 verify the transaction received from the relay node 130; the relay nodes 130, 134 verify the transaction received from the relay node 132; the relay nodes 130, 132 verify the transaction received from the relay node 134.
  • the verified transactions from the plurality of relay nodes 130, 132, 134 are transmitted to the mining node 140 for creating the new block 160.
  • mining nodes 160 there is a plurality of mining nodes 160.
  • the mining nodes collect as many transactions as possible. Due to memory constraints, a maximum limit is configured on the number of transactions included in a block. Although all mining nodes collect transactions and organize them into blocks, only one of the mining nodes, i.e the first mining node to create and broadcast the block, adds a new block to the blockchain. On broadcasting the new block to the rest of the blockchain network, all the other mining nodes stop working on creating the old block and start working on a new block.
  • Fig.2 illustrates a system of owner interface for controlling accessibility of data.
  • the system 200 includes an owner interface 201, a consent management module 208, a data management module 210, a Smart Contracts module 212, a plurality of broadcasting nodes 220, 222, 224, a plurality of relay nodes 230, 232, 234, a mining node 240, a plurality of blocks 250, 252, 254, 256, 260.
  • the owner interface 201 includes the plurality of modules including a consent management module 208, a data management module 210, and a Smart contracts module 212.
  • the consent management module 208 is provided for recording and managing consents provided by the owner of the profile data for permitting accessibility and usage of the profile data to the admin.
  • the profile data is profile data of a patient
  • the consent management module 208 includes a patient consent module, a doctor consent module, and a healthcare provider consent module.
  • the patient consent module is configured for specifying consent of the patient for providing access of the profile data of the patient to the admin.
  • the doctor consent module is configured for specifying consent of the doctor for providing access of the patient’s data to the admin.
  • the healthcare provider consent module is configured for specifying consent of the healthcare provider for providing access of the patient’s data to the admin.
  • the consent can be specified by the patient, the doctor, the health care provider on a basis of the ownership of the profile data.
  • the consent management module 208 includes a doctor consent module.
  • the doctor consent module is configured for specifying consent of the doctor for providing access of the doctor’s data to the admin.
  • the owner interface 201 is configured on the plurality of broadcasting nodes 220, 222, 224.
  • a transaction is created when the consent is provided in the patient consent module, doctor consent module, healthcare provider consent module using the consent management module 208.
  • the transaction is broadcasted to the relay node 230 through the broadcasting node 220.
  • the data management module 210 is configured for controlling the accessibility of the profile data based on the consents provided in the consent management module 208.
  • the data management module 210 is connected to the consent management module 208.
  • the smart contracts module 212 is configured for storing, managing and executing smart contracts using blockchain.
  • the consent specified by the owner using the consent management module 208 in the owner interface 201 is created as a consent smart contract for executing a transaction.
  • the broadcasting node 222 broadcasts the transaction to the relay node 232.
  • the consent smart contract provides data access of a profile data to an entity based on the consent provided by the owner in the consent management module 208.
  • a data access smart contract is created in the smart contracts module 212.
  • the smart contract is created for notifying the owner in the owner interface 201 on identifying an entity accessing profile data of the owner in the entity interface 301.
  • a digital token smart contract is created for rewarding the owner with digital tokens based on a digital token value of a profile data on identifying at least one entity accessing and/or using the profile data [00063]
  • the owner can be rewarded using a means not limited to digital tokens.
  • services and resources are associated with the digital tokens.
  • the services and resources are provided for transacting using the digital tokens by the owner.
  • the digital tokens can be redeemed for services including but not limited to obtaining discounts, accessing new products and features.
  • the transactions are broadcasted by the broadcasting nodes 220, 222, 224 to the plurality of relay nodes 230, 232, 234.
  • the plurality of relay nodes 230, 232, 234 verifies and propagates the plurality of transactions among the relay nodes 230, 232, 234.
  • the verified transactions from the plurality of relay nodes 230, 232, 234 are transmitted to the mining node 240.
  • the mining node 240 creating a new block 260, adds the received transaction to the new block 260 of a blockchain for ensuring confidentiality, integrity of the block and also previous blocks.
  • Fig.3 illustrates a system of entity interface for accessing data, according to an embodiment.
  • the system 300 includes an entity interface 301 including a plurality of modules including an entity details module 302, a data access module 304, a plurality of broadcasting nodes 310, 312, a plurality of relay nodes 320, 322, a mining node 330, a plurality of blocks 332, 334, 336, 338, 340.
  • the entity accesses the entity system, wherein the entity system is a device including a mobile phone, a laptop, a computer, or an electronic communication device.
  • the entity accesses the entity interface 301 in the entity system.
  • the entity provides details of the entity in the entity details module 302.
  • the entity details module 302 creates a transaction, wherein the transaction is broadcasted by the broadcasting node 310 to the relay node 320.
  • the relay node 320 propagates the transaction to the other relay node 322.
  • the data access module 304 is configured for creating a data access request based on a requirement of the entity.
  • the data access module 304 is also configured for displaying the profile data requested by the entity.
  • the data access module 304 creates a transaction, wherein the transaction is broadcasted to the relay node 322 by the broadcasting node 312.
  • the relay node 322 propagates the transaction to the other relay node 320 for verification.
  • the verified transactions from the relay nodes 320, 322 are transmitted to the mining node 330.
  • the mining node 330 creating a new block 340 adds the transactions to the new block 340 in the blockchain.
  • the plurality of admin systems, the entity systems, the owner system and blockchain network are connected through a communication network, preferably internet.
  • the owner interface 201, the admin interface 101 and the entity interface 301 are connected to the blockchain network through the communication network.
  • the blockchain network is a private consortium blockchain.
  • access to the blockchain network is restricted.
  • An invitation is required from the blockchain network for participating as a “node” and as part of the transaction, blocks creation process.
  • Fig.4 illustrates a method of controlling accessibility of data, according to an embodiment herein.
  • the method of controlling accessibility of data comprises the following steps.
  • the levels of profile data of patient include, but not limited to basic data consisting name, phone number and email ID; personal Data consisting date of birth, gender, height, weight, blood group; medical data consisting health conditions by the profile data classification data module 104 in the admin interface 101.
  • the levels of profile data of a doctor include basic data consisting name, phone number and email ID; personal Data consisting date of birth, gender, height, weight, blood group; professional data consisting of qualifications, certifications, experience, skills.
  • a main advantage of the present disclosure is that control of accessibility of data is provided to an owner.
  • Another advantage of the present disclosure is that usage of profile data of patients and doctors can be controlled and tracked by an owner.
  • Still another advantage of the present disclosure is that details of usage of patients and doctors data are provided to an owner.
  • Yet another advantage of the present disclosure is that the method and system provides privacy of profile data of patients and doctors.
  • Another advantage of the present disclosure is that the system ensures high governance and privacy.
  • Still another advantage of the present disclosure is that the system provides fine granularity with a precise level of accuracy in data access control for selection, definition of access modalities.
  • Yet another advantage of the present disclosure is that the system provides perfect traceability of data as well as access to data.

Abstract

The present invention discloses a system and method of controlling accessibility of data. The system includes an owner interface 201, an admin interface 101, an entity interface 301. The owner interface 201 is configured for an owner, wherein the owner is a user owning the data. The admin interface 101 is configured for an admin, wherein the admin is an authorized user controlling the accessibility and usage of the data of the owner in the system. The entity interface 301 is configured for an entity, wherein the entity is an authorized user accessing the data in the system.

Description

A SYSTEM AND METHOD OF CONTROLLING
ACCESSIBILITY OF DATA
Figure imgf000003_0001
[0001] The embodiment herein generally relates to controlling data accessibility.
More specifically, the invention relates to a system and method of controlling accessibility and usage of data of patients and doctors by an owner or an authorized entity.
BACKGROUND AND PRTOR ART [0002] Patients’ data and doctors’ data contain a lot of information which can be used in various researches and health studies. The data generates monetary income and economical returns to the numerous entities accessing and using it. [0003] However, there have been wide scale instances of leaks and breaches of patients’ and doctors’ data in multiple jurisdictions around the world. Patients and medical professionals are not well equipped in maintaining medical data securely as they lack awareness on data leaks and data privacy laws. Also, patient and doctor’s data breaches are unwelcome due to stigmatization of certain diseases and chronic conditions in the society. The high security and privacy regulations present in the health data sector need a cautious care when personal medical data are handled. Better personal data governance empowers patients and doctors for managing their pathology. [0004] Therefore, there is a need for providing control of data accessibility and usage to an owner or to an authorized entity. In particular, there is a need for a system and method of controlling and managing accessibility and usage of patients’ and doctor’s data by an owner or an authorized entity. OBJECTS
[0005] Some of the objects of the present disclosure are described herein below: [0006] A main object of the present disclosure is to provide details of data usage and/or access to an owner and/or to an authorized entity.
[0007] Another object of the present disclosure is to provide a method of enabling an owner and/or an authorized entity to control accessibility and/or usage of data. [0008] Yet another object of the present disclosure is to provide details of tracking data update, usage and/or access to an owner and/or to an authorized entity.
[0009] Still another object of the present disclosure is to provide a method for enabling an admin and/or an authorized entity to define and/or modify usage and/or accessibility of data.
[00010] The other objects and advantages of the present disclosure will be apparent from the following description when read in conjunction with the accompanying drawings, which are incorporated for illustration of preferred embodiments of the present invention and are not intended to limit the scope thereof. SUMMARY
[00011] In view of the foregoing, an embodiment herein provides a system and method of controlling accessibility and/or usage of data.
[00012] In accordance with an embodiment, the system for controlling accessibility and usage of data comprises an owner interface, an admin interface, an entity interface. The owner interface is configured for an owner, wherein the owner is a user owning the data. The admin interface is configured for an admin, wherein the admin is an authorized user controlling the accessibility and usage of the data of the owner in the system. The entity interface is configured for an entity, wherein the entity is an authorized user accessing the data in the system.
[00013] In accordance with an embodiment, the owner interface includes a consent management module, a data management module and a Smart contracts module. In an embodiment, the smart contracts module is configured for notifying and rewarding the owner on identifying an entity accessing the data of the owner. [00014] In accordance with an embodiment, the admin interface includes an entity categorization module, a profile data classification module, a profile categorization module, an entity category weightage assignment module, an access control definition module, a profile owner assignment module, a weightage value assignment module, and a profile category weightage assignment module. [00015] In accordance with an embodiment, the entity interface includes an entity details module, and a data access module. [00016] These and other aspects of the embodiments will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications may be made within the scope of the embodiments without departing from the spirit thereof, and the embodiments include all such modifications.
BRTEE DESCRIPTION OF DRAWINGS [00017] The detailed description is set forth with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The use of the same reference numbers in different figures indicates similar or identical items.
[00018] Fig.1 illustrates a system of admin interface 101 for controlling accessibility and usage of data 100, according to an embodiment herein;
[00019] Fig.2 illustrates a system of owner interface 201 for controlling accessibility and usage of data 200, according to an embodiment herein;
[00020] Fig.3 illustrates a system of entity interface 301 for controlling accessibility and usage of data 300, according to an embodiment herein; and [00021] Fig.4 illustrates a method 400 of controlling accessibility and usage of data, according to an embodiment herein.
DETAILED DESCRIPTION OE THE PREFERRED EMBODIMENTS [00022] The embodiments and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments and detailed in the following description. Descriptions of well-known components and processing techniques are omitted so as to not unnecessarily obscure the embodiments. The examples used are intended merely to facilitate an understanding of ways in which the embodiments may be practiced and to further enable those of skill in the art to practice the embodiments. Accordingly, the examples should not be construed as limiting the scope of the embodiments. [00023] As mentioned above, there is a need for providing a control of data accessibility to an owner. In particular, there is a need for controlling accessibility and usage of profile data by the owner for securing and tracking usage of data of patients and doctors. The embodiments achieve this by providing “A system and method of controlling accessibility of data”. Referring now to the drawings, and more particularly to Figs. 1 through 4, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments.
[00024] Blockchain is a technology for storing data. The data in a blockchain is stored in a plurality of blocks, wherein the blocks are linked to each other. A blockchain network is a network of a plurality of communication devices including a computer or laptop or a mobile phone. Each communication device is a node, wherein the plurality of nodes is connected to each other through internet. The nodes broadcast information, relay information and store the information in a new block in a blockchain for ensuring immutability and transparency of data. [00025] In an embodiment, profile data is patients’ medical history. It includes health information, medical reports, diagnostic reports and other medical data of a patient.
[00026] In another embodiment, profile data is doctors’ professional history. It includes professional experience, education, skills of a doctor.
[00027] In an embodiment, an owner is a user owning the profile data of a patient. The owner can include a patient, a doctor, a healthcare provider and a healthcare system provider. In another embodiment, an owner is a user owning the profile data of a doctor.
[00028] In an embodiment, an admin is an authorized user controlling the accessibility and usage of the profile data of the patient in a system. In an embodiment, the admin can include a patient, a doctor, a healthcare provider, the owner or an authorized institution. In another embodiment, an admin is an authorized user controlling the accessibility and usage of the profile data of the doctor in a system.
[00029] An entity is an authorized user accessing the profile data in the system. The system can include a plurality of entities including insurance companies, healthcare providers, doctors, medical research institutions, or an authorized entity. In an embodiment, the entity accesses the profile data of patients in the system. In another embodiment, the entity accesses the profile data of doctors in the system.
[00030] Fig.1 illustrates a system for controlling accessibility of data, according to an embodiment. [00031] The system 100 comprises of an admin interface 101, a plurality of modules including an entity categorization module 102, a profile data classification module 104, a profile categorization module 110, an entity category weightage assignment module 106, an access control definition module 108, a profile owner assignment module 116, a weightage value assignment module 114, a profile category weightage assignment module 112, a plurality of broadcasting nodes 120, 122, 124, 126, 128 a plurality of relay nodes 130, 132, 134 a mining node 140, and a blockchain including a plurality of blocks but not limited to 150, 152, 154, 156, 160.
[00032] In an embodiment, the admin accesses an admin system, wherein the admin system is a device including a mobile phone, a laptop, a computer, or an electronic communication device. The admin accesses the admin interface 101 in the admin system. The admin system or plurality of admin systems are configured as the broadcasting nodes 120, 122, 124, 126, and 128.
[00033] In an embodiment, the admin interface 101 is configured for the admin or a plurality of admin, wherein the admin interface 101 includes the plurality of modules 102, 104, 106, 108, 108, 110, 112, 114, 116. [00034] In an embodiment, the profile classification module 104 is configured for dividing profile data into multiple levels based on criticality. The profile data of a patient is divided into levels including but not limited to basic data, personal data, medical data. In another embodiment, the profile data of a doctor is divided into multiple levels including but not limited to basic data, personal data, and professional history. Basic data consists of name, phone number and email ID, personal data consists of date of birth, gender, height, weight, blood group, professional data includes, qualifications, certifications, experience, skills and medical data consists of health conditions [00035] In an embodiment, the profile categorization module 110 is configured for assigning the divided profiles to a plurality of categories based on profile data. In some embodiments, the categories for dividing profile data of patient include but not limited to profession, age, location. In another embodiment, the categories for dividing profile data of doctor include but not limited to age, specialty, and location.
[00036] In an embodiment, the entity categorization module 102 is configured for assigning the entities to a plurality of categories based on details of entities. In some embodiments, the categories include but not limited to location, market. [00037] In an embodiment, the entity category weightage assignment module 106 is configured for allotting weightages to the plurality of categories of entities.
In some embodiments, the weightages are allotted based on parameters including but not limited to demand, importance, and criticality. [00038] In an embodiment, the profile category weightage assignment module 112 is configured for allotting weightages to the plurality of categories of profiles. In some embodiments, the weightages are allotted based on parameters including but not limited to demand, importance, and criticality. [00039] In an embodiment, the access control definition module 108 is configured for defining an access of profile data by specifying the category of entity and specifying the category of profile for providing access of the specified category of profile to the specified category of entity.
[00040] In an embodiment, the profile owner assignment module 116 is configured for assigning the ownership of a profile data to the owner.
[00041] In an embodiment, the weightage value assignment module 114 is configured for assigning a digital token value to the weightages allotted to the profile data.
[00042] In an embodiment, digital tokens, a crypto currency, are created in a digital token module using a conventional blockchain framework. The conventional blockchain frameworks include but not limiting to Etherurm, Hyperledger fabric.
[00043] In an embodiment, the admin interface 101 is configured on the plurality of broadcasting nodes 120, 122, 124, 126, 128. [00044] In an embodiment, the plurality of broadcasting nodes 120, 122, 124,
126, 128 create a plurality of transactions using the plurality of modules 106, 108, 110, 112, 114 configured in the admin interface 101. [00045] In an embodiment, the plurality of broadcasting nodes 120, 122, 124, 126, 128 are configured for broadcasting the plurality of transactions to the plurality of relay nodes 130, 132, 134. In an embodiment, the broadcasting nodes 120, 122, 124, 126, 128 are connected to the relay nodes through internet. [00046] In an embodiment, the plurality of relay nodes 130, 132, 134 propagates the received transactions from the plurality of broadcasting nodes 120, 122, 124, 126, 128 to every other relay node 130, 132, 134.
[00047] In an embodiment, all the relay nodes 130, 132, 134 verify the received transactions for ensuring correct formatting, valid signatures, and check most current version of blockchain for ensuring the transactions are performed by the admin. The relay nodes need to be wary of malicious or spam transactions. Forwarding a transaction without verification by a relay node can cause blockchain network to quickly collapse due to a flood of junk transactions.
[00048] In an embodiment, the plurality of relay nodes 130, 132, 134 on verifying and ensuring the validity of the transactions from the broadcasting nodes 120, 122, 124, 126, 128 transmit the transactions to the mining node 140.
[00049] In an embodiment, the mining node 140 is in a process of creating a new block 160, and adds the transactions to the new block 160. The new block 160 is added to a blockchain. The newly created block 160 is broadcast across all nodes, confirming the block's 160 transactions.
[00050] In a preferred embodiment, the broadcasting node 120 creates a transaction using the entity category weightage assignment module 106, the broadcasting node 122 creates a transaction using the access control definition module 108, the broadcasting node 124 creates a transaction using the profile owner assignment module 116, the broadcasting node 126 creates a transaction using the weightage value assignment module 114, the broadcasting node 128 creates a transaction using the profile category weightage assignment module 112. In an embodiment, the broadcasting node 120 and 122 broadcast the transactions to the relay node 130, the broadcasting node 124 broadcasts the transaction to the relay node 132, the broadcasting node 126, 128 broadcasts the transaction to the relay node 134. In an embodiment, the relay node 130 propagates the transaction to the other relay nodes 132, 134; the relay node 132 propagates the transaction to the other relay nodes 130, 134; the relay node 134 propagates the transaction to the other relay nodes 130, 132. In an embodiment, the relay nodes 132, 134 verify the transaction received from the relay node 130; the relay nodes 130, 134 verify the transaction received from the relay node 132; the relay nodes 130, 132 verify the transaction received from the relay node 134. In an embodiment, the verified transactions from the plurality of relay nodes 130, 132, 134 are transmitted to the mining node 140 for creating the new block 160.
[00051] In an embodiment, there is a plurality of mining nodes 160. The mining nodes collect as many transactions as possible. Due to memory constraints, a maximum limit is configured on the number of transactions included in a block. Although all mining nodes collect transactions and organize them into blocks, only one of the mining nodes, i.e the first mining node to create and broadcast the block, adds a new block to the blockchain. On broadcasting the new block to the rest of the blockchain network, all the other mining nodes stop working on creating the old block and start working on a new block.
[00052] Fig.2 illustrates a system of owner interface for controlling accessibility of data. The system 200 includes an owner interface 201, a consent management module 208, a data management module 210, a Smart Contracts module 212, a plurality of broadcasting nodes 220, 222, 224, a plurality of relay nodes 230, 232, 234, a mining node 240, a plurality of blocks 250, 252, 254, 256, 260.
[00053] The owner interface 201 includes the plurality of modules including a consent management module 208, a data management module 210, and a Smart contracts module 212.
[00054] In an embodiment, the consent management module 208 is provided for recording and managing consents provided by the owner of the profile data for permitting accessibility and usage of the profile data to the admin. [00055] In an embodiment, wherein the profile data is profile data of a patient, the consent management module 208 includes a patient consent module, a doctor consent module, and a healthcare provider consent module. The patient consent module is configured for specifying consent of the patient for providing access of the profile data of the patient to the admin. The doctor consent module is configured for specifying consent of the doctor for providing access of the patient’s data to the admin. The healthcare provider consent module is configured for specifying consent of the healthcare provider for providing access of the patient’s data to the admin. In an embodiment, the consent can be specified by the patient, the doctor, the health care provider on a basis of the ownership of the profile data.
[00056] In another embodiment, wherein the profile data is profile data of a doctor, the consent management module 208 includes a doctor consent module. The doctor consent module is configured for specifying consent of the doctor for providing access of the doctor’s data to the admin.
[00057] In an embodiment, the owner interface 201 is configured on the plurality of broadcasting nodes 220, 222, 224. [00058] A transaction is created when the consent is provided in the patient consent module, doctor consent module, healthcare provider consent module using the consent management module 208. The transaction is broadcasted to the relay node 230 through the broadcasting node 220.
[00059] The data management module 210 is configured for controlling the accessibility of the profile data based on the consents provided in the consent management module 208. The data management module 210 is connected to the consent management module 208.
[00060] The smart contracts module 212 is configured for storing, managing and executing smart contracts using blockchain. The consent specified by the owner using the consent management module 208 in the owner interface 201 is created as a consent smart contract for executing a transaction. The broadcasting node 222 broadcasts the transaction to the relay node 232. In an embodiment, the consent smart contract provides data access of a profile data to an entity based on the consent provided by the owner in the consent management module 208.
[00061] In an embodiment, a data access smart contract is created in the smart contracts module 212. The smart contract is created for notifying the owner in the owner interface 201 on identifying an entity accessing profile data of the owner in the entity interface 301.
[00062] In an embodiment, a digital token smart contract is created for rewarding the owner with digital tokens based on a digital token value of a profile data on identifying at least one entity accessing and/or using the profile data [00063] In another embodiment, the owner can be rewarded using a means not limited to digital tokens.
[00064] In an embodiment, services and resources are associated with the digital tokens. The services and resources are provided for transacting using the digital tokens by the owner. In an embodiment, the digital tokens can be redeemed for services including but not limited to obtaining discounts, accessing new products and features.
[00065] The transactions are broadcasted by the broadcasting nodes 220, 222, 224 to the plurality of relay nodes 230, 232, 234. The plurality of relay nodes 230, 232, 234 verifies and propagates the plurality of transactions among the relay nodes 230, 232, 234. The verified transactions from the plurality of relay nodes 230, 232, 234 are transmitted to the mining node 240. The mining node 240 creating a new block 260, adds the received transaction to the new block 260 of a blockchain for ensuring confidentiality, integrity of the block and also previous blocks.
[00066] Fig.3 illustrates a system of entity interface for accessing data, according to an embodiment. [00067] The system 300 includes an entity interface 301 including a plurality of modules including an entity details module 302, a data access module 304, a plurality of broadcasting nodes 310, 312, a plurality of relay nodes 320, 322, a mining node 330, a plurality of blocks 332, 334, 336, 338, 340.
[00068] The entity accesses the entity system, wherein the entity system is a device including a mobile phone, a laptop, a computer, or an electronic communication device. The entity accesses the entity interface 301 in the entity system.
[00069] The entity provides details of the entity in the entity details module 302. The entity details module 302 creates a transaction, wherein the transaction is broadcasted by the broadcasting node 310 to the relay node 320. The relay node 320 propagates the transaction to the other relay node 322.
[00070] The data access module 304 is configured for creating a data access request based on a requirement of the entity. The data access module 304 is also configured for displaying the profile data requested by the entity. The data access module 304 creates a transaction, wherein the transaction is broadcasted to the relay node 322 by the broadcasting node 312. The relay node 322 propagates the transaction to the other relay node 320 for verification. [00071] The verified transactions from the relay nodes 320, 322 are transmitted to the mining node 330. The mining node 330 creating a new block 340, adds the transactions to the new block 340 in the blockchain.
[00072] In an embodiment, the plurality of admin systems, the entity systems, the owner system and blockchain network are connected through a communication network, preferably internet. The owner interface 201, the admin interface 101 and the entity interface 301 are connected to the blockchain network through the communication network.
[00073] In an embodiment, the blockchain network is a private consortium blockchain. In the private consortium blockchain, access to the blockchain network is restricted. An invitation is required from the blockchain network for participating as a “node” and as part of the transaction, blocks creation process. [00074] Fig.4 illustrates a method of controlling accessibility of data, according to an embodiment herein. [00075] In an embodiment, the method of controlling accessibility of data comprises the following steps.
[00076] Providing consent by an owner, using a consent management module 208 in the owner interface 201 for specifying access of a profile to the admin.
[00077] Dividing the profile data into multiple levels of data based on a criticality wherein the levels of profile data of patient include, but not limited to basic data consisting name, phone number and email ID; personal Data consisting date of birth, gender, height, weight, blood group; medical data consisting health conditions by the profile data classification data module 104 in the admin interface 101. In another embodiment, the levels of profile data of a doctor include basic data consisting name, phone number and email ID; personal Data consisting date of birth, gender, height, weight, blood group; professional data consisting of qualifications, certifications, experience, skills.
[00078] Categorizing the divided profiles of patients, based on parameters including but not limited to profession, age, location using the profile categorization module 110 in the admin interface 101. In another embodiment, divided profiles of doctors are categorized based on parameters including but not limited to specialty, age, location.
[00079] Categorizing the entities, based on parameters including but not limited to location, market, using the entity categorization module 102 in the admin interface 101.
[00080] Allotting weightage to the categorized profile data based on parameters, like importance, demand and criticality according to a requirement of the admin, using the profile category weightage assignment module 112 in the admin interface 101.
[00081] Allotting weightage to the categorized entities based on parameters, like importance, demand and criticality according to a requirement of the admin, using the entity category weightage assignment module 106 in the admin interface 101. [00082] Specifying the entity categories accessing the categories of the profile using the access control definition module 108 in the admin interface 101. [00083] Assigning a digital token value to the categories of the profile data, using the weightage value assignment module 115 in the admin interface 101.
[00084] A main advantage of the present disclosure is that control of accessibility of data is provided to an owner. [00085] Another advantage of the present disclosure is that usage of profile data of patients and doctors can be controlled and tracked by an owner.
[00086] Still another advantage of the present disclosure is that details of usage of patients and doctors data are provided to an owner.
[00087] Yet another advantage of the present disclosure is that the method and system provides privacy of profile data of patients and doctors.
[00088] Another advantage of the present disclosure is that the system ensures high governance and privacy.
[00089] Still another advantage of the present disclosure is that the system provides fine granularity with a precise level of accuracy in data access control for selection, definition of access modalities.
[00090] Yet another advantage of the present disclosure is that the system provides perfect traceability of data as well as access to data.
[00091] Another advantage of the present disclosure is that the system ensures immutability of data. [00092] Yet another advantage of the present disclosure is that the system provides transparency of data as it gives auditability of access control transaction management by third parties. The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed is for the purpose of description and not of limitation. Therefore, while the embodiments have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments can be practiced with modification within the spirit and scope of the embodiments as described.

Claims

Claim:
1. A system for controlling accessibility and usage of data, comprising: an owner interface 201 configured for an owner, wherein the owner is a user owning the data; an admin interface 101 configured for an admin, wherein the admin is an authorized user controlling the accessibility and usage of the data of the owner in the system; an entity interface 301 configured for an entity, wherein the entity is an authorized user accessing the data in the system; characterized in that the owner interface 201 includes a consent management module 208, a data management module 210, a smart contracts module 212; the admin interface 101 includes an entity categorization module 102, a profile data classification module 104, a profile categorization module 110, an entity category weightage assignment module 106, an access control definition module 108, a profile owner assignment module 116, a weightage value assignment module 114, a profile category weightage assignment module 112; the entity interface 301 includes an entity details module 302, a data access module 304; and the smart contracts module 212 is configured for notifying and rewarding the owner on identifying an entity accessing the data of the owner.
2. The system as claimed in claim 1, wherein the owner is rewarded using digital token created in a digital token module in the admin interface 101.
3. The system as claimed in claim 1, wherein the profile classification module 104 is configured for dividing profile data into multiple levels.
4. The system as claimed in claim 3, wherein the profile categorization module
110 is configured for assigning the divided profiles to a plurality of categories based on profile data.
5. The system as claimed in claim 1, wherein the entity categorization module 102 is configured for assigning the entities to a plurality of categories based on entity details.
6. The system as claimed in claim 5, wherein the entity category weightage assignment module 106 is configured for allotting weightages to the plurality of categories of entities.
7. The system as claimed in claim 4, wherein the profile category weightage assignment module 112 is configured for allotting weightages to the plurality of categories of profiles.
8. The system as claimed in claim 1, wherein the access control definition module 108 is configured for defining an access of profile data to an entity.
9. The system as claimed in claim 1, wherein the profile owner assignment module 116 is configured for assigning the ownership of a profile data to the owner
10. The system as claimed in claim 6, wherein the weightage value assignment module 114 is configured for assigning a digital token value to the weightages allotted to the profile data.
11. The system as claimed in claim 1, wherein the consent management module 208 is configured for managing consents provided by the owner of the profile data for permitting accessibility and usage of the profile data to the admin.
12. The system as claimed in claim 10, wherein the data management module 210 is configured for controlling the accessibility of the profile data based on the consents provided in the consent management module 208
13. The system as claimed in claim 1, wherein the data access module 304 is configured for creating a data access request by the entity and displaying the profile data requested by the entity.
14. The system as claimed in claim 1, wherein the entity details module 302 is configured for the entity to provided entity details.
15. The system as claimed in claim 1, wherein the data is profile data of a patient or a doctor.
16. A method for controlling accessibility and usage of data, comprising the steps of: providing consent by an owner, using a consent management module 208 in the owner interface 201 for specifying access of a profile to the admin; dividing the profile data into multiple levels of data by the profile data classification module 104; categorizing the divided profiles using the profile categorization module 110; categorizing the entities using the entity categorization module 102; allotting weightage to the categorized profile data using the profile category weightage assignment module 112 in the admin interface 101; allotting weightage to the categorized entities using the entity category weightage assignment module 106 in the admin interface 101; specifying the entity categories accessing the categories of the profile using the access control definition module 108 in the admin interface 101; and assigning a digital token value to the categories of the profile data, using the weightage value assignment module 115 in the admin interface 101.
17. The method as claimed in claim 16, wherein the multiple levels of profile data of patient include basic data consisting name, phone number and email ID; personal data consisting date of birth, gender, height, weight, blood group; medical data consisting health conditions.
18. The method as claimed in claim 16, wherein the multiple levels of profile data of doctor include basic data consisting name, phone number and email ID; personal data consisting date of birth, gender, height, weight, blood group; professional data consisting of qualifications, certifications, experience, skills.
PCT/IB2021/052253 2020-04-15 2021-03-18 A system and method of controlling accessibility of data WO2021209837A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202041016300 2020-04-15
IN202041016300 2020-04-15

Publications (1)

Publication Number Publication Date
WO2021209837A1 true WO2021209837A1 (en) 2021-10-21

Family

ID=78084294

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2021/052253 WO2021209837A1 (en) 2020-04-15 2021-03-18 A system and method of controlling accessibility of data

Country Status (1)

Country Link
WO (1) WO2021209837A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110957025A (en) * 2019-12-02 2020-04-03 重庆亚德科技股份有限公司 Medical health information safety management system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110957025A (en) * 2019-12-02 2020-04-03 重庆亚德科技股份有限公司 Medical health information safety management system

Similar Documents

Publication Publication Date Title
US7996241B2 (en) Process, knowledge, and intelligence management through integrated medical management system for better health outcomes, utilization cost reduction and provider reward programs
Bae et al. National estimates of the impact of electronic health records on the workload of primary care physicians
Anderson et al. Reduced cost of specialty care using electronic consultations for Medicaid patients
US9202066B2 (en) Integrated health care systems and methods
Mehrotra et al. The effect of different attribution rules on individual physician cost profiles
US8756076B2 (en) HIPAA-compliant third party access to electronic medical records
Bar-Dayan et al. Using electronic health records to save money
Leary et al. The specialist nursing workforce caring for men with prostate cancer in the UK
US20110264550A1 (en) System for Developing Direct Relationships Between Service Providers and Consumers for the Healthcare and Other Privacy and Security sensitive Industries
Stadler et al. Teledermatology in times of COVID‐19
WO2014088593A1 (en) Integrated health care systems and methods
Nourazari et al. Can improved specialty access moderate emergency department overuse? Effect of neurology appointment delays on ED visits
Feldman et al. A cross-sectional study of all clinicians’ conflict of interest disclosures to NHS hospital employers in England 2015-2016
Stewart de Ramirez et al. Screening for Social Determinants of Health: Active and Passive Information Retrieval Methods
WO2020231590A1 (en) Healthcare data cloud system, server and method
US20220336089A1 (en) Resource efficient computer-implemented surgical resource allocation system and method
Jasmontaitė-Zaniewicz et al. The GDPR made simple (r) for SMEs
US11604895B2 (en) Permission monitoring and data exchange
WO2021209837A1 (en) A system and method of controlling accessibility of data
Girishan Prabhu et al. Overlapping shifts to improve patient safety and patient flow in emergency departments
Hickey Insuring contraceptive equity
Yunus et al. A proposed framework based electronic medical records (ERM) for implementation of technology acceptance in healthcare service
Baird et al. Stakeholder bias in best practice advisories: an ethical perspective
Vest et al. Usage of query-based health information exchange after event notifications
Reines et al. Can eConsults Save Medicaid?

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21788177

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21788177

Country of ref document: EP

Kind code of ref document: A1