1. Field
This disclosure relates to devices, systems, and secure methods of distributing private medical information among doctors, patients, imaging centers, medical centers, treatment centers, and hospitals, and more specifically, distribution of medical images to consulting physicians.
2. Description of the Related Art
Hospitals and doctors' offices are the stewards of private patient medical information. Every time a patient visits a doctor, clinic or hospital, their private personal and medical information is recorded. The personal and medical information is stored in hospital databases, which can consist of picture archiving and communication systems (“PACS”), relational databases, content addressable storage systems, and computer files, among other storage methods.
Under certain likely scenarios, this personal and medical information must be accessible by medical personnel outside of the doctor's office or hospital. It is not uncommon for a hospital to seek outside expert doctors to consult on interpreting lab results and medical images to improve chances of diagnosis. These outside doctors require access to the medical information databases inside the doctor's offices and hospitals to make their diagnosis and perform their job. Similarly, a patient may seek an outside doctor's advice herself, either to see a specialist in a field, or to get a second opinion.
One option is to grant electronic access to the patient's information, but current hospital access systems have a number of issues. Hospitals are reluctant to grant access to their databases to outside doctors automatically, and often require that even internal doctors fill out paperwork, apply for access, and wait long periods before access is available. Further, many medical facilities require their doctors to remember and type into their computer complicated Uniform Resource Locator (URL) strings. Moreover, there is a lack of seamless access to the medical information held or controlled by a doctor, clinic, hospital, a third-party imaging center, or in any cloud-based medical data repository (collectively referred to as “MDRs”). MDRs are reluctant to provide seamless access to client entities for several reasons.
One reason MDRs are reluctant to provide seamless access to client entities is that MDRs contain private personal information. Unless an MDR restricts access to this information, the unauthorized release of a person's medical history and images could violate the patient's privacy and cause severe embarrassment. Thus, MDRs restrict access to a patient's medical records to small set of users, and carefully scrutinize any users applying for access to the information.
Another issue is that MDRs must comply with all current and future health information laws and regulations. One such federal regulation scheme is the Health Insurance Portability and Accountability Act (HIPAA) which regulates the use and disclosure of Protected Health Information. The regulations may require any access to equipment containing health information to be carefully controlled and monitored. Access to hardware and software must be limited to properly authorized individuals in some cases. HIPAA also may require authentication of any entity that communicates with an MDR, such as authentication through the use of corroborating password systems, two or three-way handshakes, telephone callback procedures, and token systems. HIPAA also seeks to ensure that the data within an MDR's systems have not been altered or accessed in an unauthorized manner. Any violation of HIPAA can result in an investigation by federal authorities and civil money penalties.
Thus, MDRs are reluctant to grant access to their electronic records. An outside doctor who requires access to patient medical information databases inside an MDR must often wait for months or years while an investigation occurs and clearance procedures are performed. Consequently, many outside doctors avoid applying for direct access to hospital databases, and instead seek other methods of access to their patient's medical information.
Some doctors seek a physical delivery of electronic records to their offices for evaluation. These electronic records are often transported on a CD-ROM, DVD, or other portable storage media such as a USB key, memory card or stick, flash drive, thumb drive, optical disc, or portable disk drive. Either the patient requests the records from their MDR and supplies them for the doctor, or the doctor can acquire the portable media directly from the MDR. The doctor then can load the images from the portable media onto his local computer and use them for diagnosis.
There are numerous problems with accessing the medical information in this manner. Portable media has limited storage capacity, and the size of medical records and medical images have grown substantially. For example, image formats often are comprised of multiple 2D slice images to create a 3D image, growing an image files size. Further, if the images contain fourth dimension time information, the file sizes can grow rapidly. Thus, the larger hi-tech medical images may not be able to be transported by portable media, or would require additional portable media that consumes additional time, cost, and effort to create. Further, portable media is often accessed at a slow rate compared to permanent media such as a hard drive. Thus, it may take a while for the media to load on the doctor's computer.
A doctor might also try to access a patient's medical information through an electronic network such as the Internet. For example, an MDR may give out a specific URL for a doctor to use to gain access. However, because HIPAA and other laws and regulations may prohibit the sending of a URL that grants access to medical information through email or another near-instant electronic communication method due to the lack of data security, a long URL must be communicated to the doctor by voice or printout. A URL string is usually very long, and thus it takes a significant amount of time for the doctor to enter and manually type such a URL into his web browser. Further, human copying and manual data entry increases the chance to transpose characters or create errors in the URL that prevent access to the data and create user frustration.
Thus, a method of access that is responsive to the needs of security, health information laws and regulations, and ease of access is desired. These and other problems are addressed by the embodiments described below.