With the deployment of medical communication systems which transfer data from within the hospital to physician-carried mobile communication devices via public cell phone and other networks, the need for encrypting such sensitive data may become significant. In applications where patient medical data has to be further stored or processed outside the hospital, such as on a public or shared server or a cell phone system file server, there may be a need for file handling methods which preclude accessing or reassembling the patient's data other than by a password protected physician handheld.
While encryption and authentication technologies are currently available, such technologies only allow transmission of data from the encryption point to the decryption point, with no further protection offered post decryption. In instances, where data needs to be decrypted at an intermediate point for further processing (such as for message delivery or routing purposes), standard encryption techniques are not sufficient.
Current laws applicable to medical data in the USA, such as HIPAA, require that any server storing patient medical data be secure with access limitations and written agreements to control access to the data. However, in wide implementations, such controls, although systematically possible, are not fool-proof. A fool-proof system for managing such scenarios is required where, even if the security of a server is breached, data located within the server cannot be reassembled into meaningful parts.
Physicians, nurses and other medical caregivers use medical information in diagnosing diseases and treating patients. Medical information is collected from patients and may be in many different forms. A patient's medical information may consist of descriptions of the patient's present or past illnesses, laboratory data, images and any physician comments or notes. When a patient presents a physician with a medical complaint, all or part of his medical information may be used in diagnosing his illness and determining its treatment. Therefore, it is important that treating physicians gain access to a patients' medical data before diagnosing or rendering of a treatment plan. It is also important for physicians to directly communicate their findings and orders for inclusion in the patients' medical records.
Currently, the best method of accessing complete and immediate medical records is for physicians and nurses to be at the same location as their patients and their medical data. Although, there are ways to communicate medical data to physicians who are not physically located on-site, none provide a convenient, efficient and reliable method for communicating this information. While systems exist where the physician, on his own accord, may dial into a hospital database and sort through the data to obtain a particular patient's data for a particular study/test etc., no system provides a communication system methodology where data and cover information for such data is traceably delivered to the physician and such communications and associated data are tracked and auditable. None provide a method for communicating medical data in emergency situations when patient well being relies on immediate evaluation of such data. Further, none of the currently available methods enable physicians to directly enter orders and comments into patients' medical record from remote locations.
Therefore, there is a need for a system and a method that may provide convenient, efficient and timely access to medical records and also allow physicians and other caregivers to enter orders and comments into patients' medical charts.