1. Field of the Invention
The present invention relates to distributed information protection and control and, more particularly, to a Trusted Record system for medical and other providers that employs a patient-carried data card with large-capacity record storage, and a client/server network with card-reader capabilities and software that maintains a robust security framework for ensuring confidentiality by allowing others to have access to the patient's full set of records via computer, in accordance with a hierarchical permissions policy
2. Description of the Background
Network technology is invaluable for sharing resources across networks. However, this is a perilous proposition in some contexts, where laws or policies impose strict confidentiality requirements on some shared information. For example, in the medical context doctors and health care providers need a reliable and secure approach to assembling comprehensive patient records from distributed sources. The sources may include multiple provider facilities (clinics and hospitals each of which maintains their own patient database, and each database changing each time the provider is visited by a particular patient. Outright sharing of the data is difficult due to the security requirements imposed by the Health Insurance Portability and Accountability Act (HIPPA). Consequently, there is a great need for a reliable method of consolidating and processing an individual's data amongst diverse provider networks that can assemble relevant patient information despite the diversity in their classification and/or coding, and which will not compromise the requisite confidentiality of the patient.
Smartcards have been proposed as a potential solution. For example, U.S. Pat. No. 5,832,488 by Eberhardt issued Nov. 3, 1998 shows a computer system and method for storing medical histories using a smartcard to store data. The smartcard is convenient, about the size of a credit card, and any new medical data about the individual is simply added to the smartcard. Each time the patient visits a provider, the entire medical history of the individual can be easily retrieved. The smartcard makes it possible for an individual's medical history to be “read” by a computer, displayed on the computer's monitor, printed, or transmitted. When the individual is examined by a physician all observations are added. This allows individuals to carry on their person a complete and consolidated medical history of themselves. However, existing smartcard technology severely limits the amount of data, and the smartcard is unsuitable for large records such as radiography image files. In addition, privacy is maintained simply by encrypting the patient identifier to preclude unauthorized persons from accessing a given person's medical history. The patent fails to suggest any scheme to maintain passwords or other authorization to access the data, and it does not account for the needs of the various attending physicians, residents, nurses, etc., all who may have differing rights to view and/or change the medical history
Generally, access to information can be controlled in any number of ways, for example, by passwords, authentication tokens, a server-based authentication certification system, or any combination of the foregoing. However, with conventional techniques, once access to a file is granted to a user, the access to the information contained in file is virtually without limit. The user can, for example, modify the file, copy the file, display the file, print the file, e-mail the file, and/or transfer the file to another information system via a network. After the file is distributed outside of the immediate control, security for the distributed file is left to the discretion of those who obtain a copy.
It would, therefore, be greatly advantageous to provide a Trusted Record system that employs a large-capacity personal record store, and a robust security framework for maintaining confidentiality by allowing others to have access at a remote location to the full set of records via computer, in accordance with a hierarchical permissions policy.