In applications requiring privacy or security of electronic information, the state of the art is using rule-based security access, with a variety of recognition systems for each user. Unfortunately, this does not include a system for maintaining the security of information when it is electronically shared among different security domains.
Typically, information may be shared securely among organizations in paper format because of a lack of compatible electronic formats and appropriate privacy and security systems. The desired information may be physically copied and delivered. This makes it prone to delays, missing information, unregistered users, lack of clarity of what information is authorized to be transmitted, and unauthorized access by different people. All these are challenges with the current physical system in complying with security protocols.
As stated in the HIPAA regulations, rule-based security systems with passwords is the target practice. These systems are widely used throughout the government and industry. However they do not address how to actively share information across security domains managed separately. In many hospitals, the combination of being unable to predict who may need to provide care, especially in an emergency, and the challenges of maintaining a variety of accounts and passwords, each with limited access, results in each doctor and health professional being provided with access to all patients' information throughout the institution. These practices may expose healthcare providers to potential liability for not properly protecting sensitive Individual health information.
This is particularly challenging for Individuals with Developmental Disabilities, which are lifelong conditions with varying degrees of impairments. Individuals are often subject to more medical and other health conditions, and may have more emergencies. They may have others designated to act on their behalf in various capacities including medical, financial, and legal. Access to Personal Health Information (“PHI”) about health and related conditions is strictly regulated by HIPAA and other state and federal regulations, which complicates providing support and services.
Care and support for Individuals with Developmental Disabilities is often distributed among many people and organizations, including Parents, service providers, doctors and other health professionals, volunteers, and case managers and others appointed by various funding and regulatory jurisdictions. The responsibilities and privileges of different users (ranging from Parents or Guardians to health care professionals and staff members) may differ by funding sources and organizational structures, and thus a flexible system for determining who has access to what information is essential. For example, often an organization providing support to an Individual may have different groups with separate staff to provide different functions, and thus processes may be used to control who has access to what information by application and Individual; also a staff member with specialized capabilities, such as a behaviorist, has responsibilities that cut across other organizational boundaries and serve one or a few Individuals out of each grouping.
Individuals often change the organizations which provide support for them and thus users wish to be provided access to appropriate information covering past conditions and situations from other organizations. HIPAA and other regulations request that Individuals and their agents be able to update their PHI records. Changes in information may need to be shared and maintained among a range of people and authorities over many decades.
In the face of such challenges it becomes difficult for care providers to manage privacy and security of information and communications about the Individuals they serve, particularly in accordance with HIPAA regulations. Such limitations urgently call for a system that can facilitate secure entry, access, sharing, updating, storage, and management of information about an Individual.
Similar situations exist in many other industries. Banking and credit where many different organizations use and create information about people with a critical need for security and privacy. Proprietary information within and among organizations regarding product development, marketing, sales, and other areas of operations also benefit from such a system.