1. Field of the Invention
This invention relates to a network system and more particularly to a secure computer network system.
2. Background of the Invention
The advent of computers has lead to the electronic management of banking and finance transactions and records in past years with great success. One of the greatest problems facing these systems is file integrity and protection from unauthorized access. Encryption and encoding methodologies have been developed to help maintain the security of these information systems. Over time these encryption and encoding schemes had to evolve to more complicated levels to stay ahead of the continual advancements in hardware and computer software that threatened to provide decryption and decoding capabilities to undermine the security these systems once provided. 64 bit encryption/encoding platform gave way to 128 bit encryption encoding platform and yielded to a 256 bit encryption/encoding platform, which is currently under assault and must inevitable give way to a 512 bit platform that will eventually fail as well. The strength of these security systems is based on their level of complexity and as technology advances these levels are eventually overcome. These information systems will never be secure for any length of time if they continue to depend on encryption and encoding schemes as the foundation of their security strategies. The medical community's interest in adopting electronic medical records has encouraged the development of security strategies for that industry that do not depend entirely on encryption and encoding.
The medical community has relied on written medical records and handwritten medical prescriptions which the patient would hand carry to the pharmacist for filling. More recently, the medical community has begun to use computer systems for medical records and prescriptions. In addition to the file integrity and protection problems similar to the finance industry problems, HIPPA (health Insurance Portability and Accountablity Act) has set a national standard for the protection of medical records.
Boosted by a multi-billion dollar federal stimulus, the medical community is moving toward paperless, computer based medical and prescription systems. Multi-port access for a plurality of contributing medical professionals and multi-port access to data from a plurality of authorized record and prescription requestors presents substantial challenges to the design and implementation of these systems. Data integrity and protection and assuring the confidentiality of both record content and identity of the record owner remains a significant problem for these systems.
There have been many in the prior art who have attempted to solve these problems in the medical and financial community with varying degrees of success. None, however completely satisfies the requirements for a complete solution to the aforestated problem. The following U.S. Patents are attempts of the prior art to solve this problem.
U.S. Pat. No. 5,946,400 to Chaum, et al. discloses an information storage system including one or more information update terminals, a mapper, one or more partial-databases, and one or more query terminals, exchanging messages over a set of communication channels. An identifier-mapping mechanism provides (to an update terminal) a method for delegating control over retrieval of the data stored at the partial-databases to one or more mappers, typically operated by one or more trusted third parties. Update terminals supply information, that is stored in fragmented form by the partial-databases. Data-fragment identifiers and pseudonyms are introduced, preventing unauthorized de-fragmentation of information—thus providing compliance to privacy legislation—while at the same time allowing query terminals to retrieve (part of) the stored data or learn properties of the stored data. The mapper is necessarily involved in both operations, allowing data access policies to be enforced and potential abuse of stored information to be reduced. Introduction of multiple mappers acts to distribute information retrieval control among multiple trusted third parties. Introducing so-called ‘groupers’ increases the efficiency of data retrieval for a common set of queries and further reduces potential abuse of information.
U.S. Pat. No. 6,397,224 to Zubeldia, et al. discloses a system for anonymously linking a plurality of data records. Each data record comprises a plurality of elements for identifying an associated individual, including a first identity reference encoding module configured to encode a first encoded identity reference from a first subset of the identifying elements of a data record and a second identity reference encoding module configured to encode a second encoded identity reference from a second subset of the identifying elements of the data record. An anonymization code assignment module configured to assign to each of the first and second encoded identity references an identical anonymization code for anonymously representing the individual associated with the data record.
U.S. Pat. No. 6,442,687 to Savage discloses a system providing secure and anonymous communications over a network, which is accomplished by imposing mechanisms that separate users' actions from their identity. In one embodiment, involving use of the Internet, an http request, which normally contains both identity and action information, is separated in the first instance on the client side into action request and identity components, which are encrypted. The encrypted action and identity components are transmitted to a facility comprising an “identity server” and an “action server”, wherein the identity server receives the two encrypted request components and forwards the encrypted action request component to an action server. The identity server has the key to decrypt the identity component (but not the action component), and the action server has the key to decrypt the action component (but not the identity component). The action server decrypts the action request and forwards it to the third-party server. The third-party server sends the http response back to the action server. The action server receives and encrypts the action response, and forwards it to the identity server. The identity server, which has been holding the unencrypted user identity information, receives the encrypted action response (which it cannot decipher), and forwards it to the client system, wherein the user's browser software uses the action response in the normal manner, so as to create the appropriate displays and/or multimedia output.
U.S. Pat. No. 6,874,085 to Loo, et al. discloses a system whereby a medical record is partitioned into personal and medical data portions, and an identification code is concatenated into each portion. The personal data portion is encrypted so a patient's identity cannot be linked to the patient's medical data except by authorized viewers. Each portion of the secure medical record can be transferred over a network as separate files, and stored in a data storage system separately. Access to the entire medical record is thereby provided only to those who know the key for the personal data portion of the medical record. The system and method can be used to help ensure patient confidentiality while allowing patient medical records to be accessed over a network such as the Internet, providing physicians and patients quick access to their medical records. The system and method can be used to create a database of anonymous medical records useful for medical research.
U.S. Pat. No. 6,990,491 to Dutta, et al. discloses a system and method for data maintenance and privilege authorization. An accessibility database server receives an accessibility record request from a requestor that includes a user identifier and a requestor identifier. The requestor identifier may correspond to a user, a healthcare practitioner server, an insurance server, a transcoding proxy server, a portal server, a web server, an advertisement server, or a service provider. The accessibility database server compares the accessibility record request with the requestor's access permission to determine whether the requestor has access corresponding to the particular request. If the requestor is authorized for the particular request, the accessibility database server processes the accessibility record request.
U.S. Pat. No. 7,039,810 to Nichols discloses a system whereby sensitive data such as patient records are securely transferred between a programmer and a data encryption. A database residing on the programmer contains patient information obtained by at least one implantable medical device. A key source provides the programmer with a first key and the remote expert data center with a second key to be used in the encryption/decryption process. An encryption engine residing within the programmer encrypts the sensitive patient information contained within the database, using the first key. The programmer transmits the encrypted patient information to the remote expert data center via a data communications system such as a public network. A decryption engine residing within the remote expert data center decrypts the encrypted sensitive patient information using the second key.
U.S. Pat. No. 7,088,823 to Fetkovich discloses a method for controlling access to digital information based on a plurality of decryption keys sent by the information provider. A first type of decryption key instructs a user's host system to reproduce the digital information in accordance with a first level of reproduction quality degradation. Additional keys may specify other degradation levels. The quality of the digital information may be degraded based on a time condition or a use condition. Alternatively, only a portion of the information may be made viewable by a user. In order to obtain full and unrestricted access, the user must obtain a type of decryption key from the provider which removes all previous limitations on reproduction quality degradation.
U.S. Pat. No. 7,103,915 to Redlich, et al. discloses a method for securing data including establishing a group of security sensitive items, filtering data and extracting and separating the security items from remainder data. The filtered data are separately stored (locally on a PC or on another computer in a LAN or WAN or on the Internet.) A map may be generated. The filter and/or map may be destroyed or stored. The data input, extracted data and remainder data may be deleted from the originating computer. Encryption may be utilized to enhance security (including transfers of data, filter and map). Reconstruction of the data is permitted only in the presence of a predetermined security clearance. A plurality of security clearances may be used to enable a corresponding plurality of partial, reconstructed views of the plaintext (omitting higher security words). A computer readable medium containing programming instructions and an information processing system is encompassed.
U.S. Pat. No. 7,158,979 to Iverson, et al. discloses a method of de-identifying data, wherein the data to be de-identified is stored in a transaction table containing transactions and a personal information table containing identifiable information. The method includes the steps of generating a de-identification pointer associated with an individual in the personal information table, wherein the individual is associated with at least one transaction in the transaction table; creating a non-protected transaction table, wherein the non-protected transaction table includes a non-protected transaction reference and non-protected information associated with a transaction from the transactional table; and creating an index table including the identification and the non protected transaction reference. According to a preferred embodiment, the identification is advantageously unique and may also lack context to the individual. According to a further feature, the identification may be random or pseudo-random.
U.S. Pat. No. 7,165,175 to Kollmyer, et al. discloses an apparatus and method for selectively encrypting portions of data sent over a network between a server and a client. The apparatus includes parsing means for separating a first portion of the data from a second portion of the data, encrypting means for encrypting only of the first portion of the data, and combining means for combining the encrypted first portion of the data with the second portion of the data, wherein the second portion of the data is not encrypted. The apparatus further includes decrypting means installed at the client for decrypting the encrypted portion of the data. The apparatus is platform independent in terms of media format and data protocol. The encryption unit encrypts data transparently to the client based on the media format. The apparatus of the invention is implemented as one of an application and a plug-in object. The method for selectively encrypting portions of data which differ from each other in at least on characteristic sent over a network between a server and a client includes parsing the data into a first and second portion, encrypting only the first portion of the data, and sending the encrypted first portion and the second portion of the data over the network to the client. The method further includes receiving data from the server, determining whether a data stream is established between the server and the client, and negotiating an encryption key with a decryption shim of the client.
U.S. Pat. No. 7,237,268 to Fields discloses a method and system for providing a type of Managed/Secured File Transfer between one or more computers arraigned in server-client or peer-to-peer configuration. This method and system takes digital content in the form of a file, shreds this file into separate pieces and encrypts each piece separately. Once encrypted, each piece is stored into a database. Client applications can then access these pieces of digital content over a network, decrypt and reassemble each piece to be played in the case of audio/video content, or viewed in the case of visual content. In some embodiments, the content requested by the client application is stored into a second database in a shredded and encrypted format, whereas in other embodiments the content is reassembled into the original non-encrypted and non-shredded file format. This method and system can reside on a computer system, hand held device, or other device.
U.S. Pat. No. 7,254,837 to Fields discloses a method and system for providing a type of Managed/Secured File Transfer between one or more computers arraigned in server-client or peer-to-peer configuration. This method and system takes digital content in the form of a file, shreds this file into separate pieces and encrypts each piece separately. Once encrypted, each piece is stored into a database. Client applications can then access these pieces of digital content over a network, decrypt and reassemble each piece to be played in the case of audio/video content, or viewed in the case of visual content. In some embodiments, the content requested by the client application is stored into a second database in a shredded and encrypted format, whereas in other embodiments the content is reassembled into the original non-encrypted and non-shredded file format. This method and system can reside on a computer system, hand held device, or other device.
U.S. Pat. No. 7,310,651 to Dave, et al. discloses a medical communications and management system (MCMS) that is operative to compile, store, retrieve and transmit digitized medical information from a variety of medical imaging modalities, as well as digital information such as scanned in images, digital photographs, audio files, and digitized information corresponding to monitored physiological conditions, such as heart rate and the like. The MCMS is further operative to include personal patient identification information, such as retinal scans and fingerprints, and is capable of being archived to thus enable such digitized information to be readily accessed. To that end, it is contemplated that the MCMS of the present invention will be used in connection with an electronic medical record and facilitate compliance with HIPAA.
U.S. Pat. No. 7,322,047 to Redlich, et al. discloses a data security method, system and associated data mining enabling multiple users, each having a respective security clearance level to access security sensitive words, data objects, characters or icons. The method extracts security sensitive words, data objects, characters or icons from plaintext or other source documents to obtain (a) subsets of extracted data and (b) remainder data. The extracted data is, in one embodiment, stored in a multilevel security system (MLS) which separates extract data of different security levels with MLS guards. Some or all of the original data is reconstructed via one or more of the subsets of extracted data and remainder data only in the presence of a predetermined security level. In this manner, an inquiring party, with the proper security clearance, can data mine the data in the MLS secured storage.
U.S. Pat. No. 7,349,987 to Redlich, wet al. discloses a data security system having parsing and dispersion aspects enabling the user to parse, disperse and reconstruct the original, plain text data or data object, thereby enabling secure storage of the data. The original data may be maintained in its original state, encrypted or it may be destroyed. For example, financial data maintained by an institute, stored as is customary, be parsed with an algorithm, the parsed segments dispersed off-site (that is, separated and stored in extract and remainder stores or computer memories) and away from the financial institute, and, upon appropriate security clearance, the dispersed data can be reconstructed to duplicate the data. Large distribution of parsed data is contemplated by the system. The original data remains stable, operable and immediately useful in its customary storage location (or alternatively destroyed). The secured dispersed data is a back-up of the original data.
U.S. Pat. No. 7,380,120 to Garcia discloses a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.
U.S. Pat. No. 7,383,183 to Davis, et al. discloses systems and methods for transcribing private information. The method, includes receiving a first information segment during a first interview session, and receiving a second information segment during a second interview session, wherein the first information segment A includes private information and the second information segment includes only non-private information. The exemplary method also includes providing information in the first information segment to a first transcriber, providing information in the second information segment to a second transcriber, wherein the second transcriber has no communication with the first transcriber. The exemplary method further includes providing a combination of the information transcribed from the first and second information segments to a user or other recipient authorized to receive the private information.
U.S. Pat. No. 7,386,575 to Bashant et al. discloses a system and method for tracking and synchronizing related data elements in disparate storage systems. More particularly, the present invention provides a hub system for cross-referencing and maintaining storage system information for the efficient synchronization of related data elements in disparate storage systems.
U.S. Pat. No. 7,391,865 to Orsini, et al. discloses an invention providing a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.
U.S. Pat. No. 7,404,079 to Gudbjartsson, et al. discloses an invention providing an automated system for the processing of data packets, composed of personal identifiers and personal data, such that the personally identifiable data sent by one party may be considered anonymous once received by a second party. The invention uses secret sharing techniques to facilitate distributed key management of the mapping functions and strong authentication to allow the system to be operated remotely.
U.S. Pat. No. 7,418,474 to Schwab discloses methods and apparatus which provide secure interactive communication of text and image information between a central server computer and one or more client computers located at remote sites for the purpose of storing and retrieving files describing and identifying unique products, services, or individuals. Textual information and image data from one or more of the remote sites are stored separately at the location of the central server computer, with the image data being in compressed form, and with the textual information being included in a relational database with identifiers associated with any related image data. Means are provided at the central computer for management of all textural information and image data received to ensure that all information may be independently retrieved. Requests are entered from remote terminals specifying particular subject matter, and the system is capable of responding to multiple simultaneous requests. Textural information is recalled and downloaded for review, along with any subsequently requested image data, to be displayed at a remote site. Various modes of data and image formatting are also disclosed, including encryption techniques to fortify data integrity. The server computers may be interfaced with other computers to effect financial transactions, and images representing the subjects of transactions may be uploaded to the server computer to create temporary or permanent records of financial or legal transactions. A further feature of the system is the ability to associate an identification image with a plurality of accounts, transactions, or records.
U.S. Pat. No. 7,437,550 to Savage, et al. discloses an invention providing secure and private communication over a network, as well as persistent private storage and private access control to the stored information, which is accomplished by imposing mechanisms that separate a user's actions from their identity. The system provides (i) anonymous network browsing, in which event the anonymity system is unaware of both the user's identity and browsing activities, (ii) private network storage and retrieval of data such as passwords, profiles and files in a manner such that the data can be stored into the system and later retrieved without the system knowing the contents or owners of the data, and (James W. O'Brien & Charles L. Layc) the ability of the user to control and manage access to the remotely stored data without the system knowing the contents, owners, or accessors of the data.
U.S. Pat. No. 7,451,315 to Coltrera discloses a system whereby data input from multiple sites are collected and shared, using identifiers to maintain a link to sensitive portions of the data that were collected, without initially sharing the sensitive data. Unique record identifiers and parsed structure data information (PSD-Info) are used in connection with a checksum when sharing information without disclosing all of the sensitive data. Any shared subset data and the PSD-Info are encrypted with a private key and transmitted to a data recipient, who decrypts the information with a public key, verifying the identity of the sender. If later agreed by the parties, the sensitive data can be similarly transmitted. Maintaining a link between the shared information and the sensitive data that are withheld for confidential and privacy reasons provides proof for audit purposes, without disclosing the withheld data.
U.S. Pat. No. 7,480,622 to Dutta, et al. discloses a system for accessibility insurance coverage management. An insurance server receives a coverage request from a requestor that includes a user identifier corresponding to a user (i.e. policyholder). The insurance server matches the user identifier with a stored policyholder identifier and retrieves accessibility data corresponding to the matched policyholder identifier. If required, the insurance server updates the policyholder's accessibility data by receiving accessibility data from an accessibility database server. The insurance server identifies the policyholder's coverage using the user's accessibility data along with the user's policy information. The insurance server sends a message to the requestor which indicates an amount of the particular item corresponding to the coverage request the insurance server covers. The insurance server receives accessibility service bills on a frequent basis, such as monthly. The insurance server verifies the billing information, pays the bill, and updates policyholder claims paid to date information.
U.S. Pat. No. 7,484,245 to Friedman, et al. discloses a system and method for protecting the security of data. The data is packaged together with one or more permissions that designate what actions are allowed with respect to the data. The package can be opened when there is approval for doing so and the allowed permissions are maintained. The data is stored within a vault and there are a number of available security procedures that prevent the unauthorized access of the data.
U.S. Pat. No. 7,496,669 to Hirayama discloses an apparatus for transferring the title of content to an ID-assigning unit which assigns an ID to the content and transmits the content ID to a broadcasting unit via a tagging unit. A broadcasting apparatus then broadcasts the content ID and a receiver extracts the content ID from a received signal and transfers the content ID to a verification unit which determines whether or not the content ID received from a reception functional unit matches a stored content ID. If the content ID received from the reception unit matches a stored content ID, user information of the receiver is transmitted to a privacy-guarding unit. The privacy-guarding unit searches privacy-guarding items and, in accordance with a result of the search, only necessary user information presented by the verification unit is transmitted to a provider unit.
U.S. Pat. No. 7,496,767 to Evans discloses a secure content object protecting electronic documents from unauthorized use. The secure content object includes an encrypted electronic document, a multi-key encryption table having at least one multi-key component, an encrypted header and a user interface device. The encrypted document is encrypted using a document encryption key associated with a multi-key encryption method. The encrypted header includes an encryption marker formed by a random number followed by a derivable variation of the same random number. The user interface device enables a user to input a user authorization. The user authorization is combined with each of the multi-key components in the multi-key encryption key table and used to try to decrypt the encrypted header. If the encryption marker is successfully decrypted, the electronic document may be decrypted. Multiple electronic documents or a document and annotations may be protected by the secure content object.
U.S. Pat. No. 7,509,487 to Lu, et al. discloses secure communication between a resource-constrained device and remote network nodes over a network with the resource-constrained acting as a network node. The remote network nodes communicate with the resource-constrained device using un-modified network clients and servers. Executing on the resource-constrained device, a communications module implements one or more link layer communication protocols, operable to communicate with a host computer, operable to communicate with remote network nodes and operable to implement network security protocols thereby setting a security boundary inside the resource-constrained device.
U.S. Pat. No. 7,512,986 to Shen-Orr et al. discloses a system and a method for providing variable security mechanisms for securing digital content, in which a single security mechanism is not used for all content. Instead, at least one characteristic or feature of the security mechanism is varied between units, instances or categories of content. Therefore, even if unauthorized access is gained to a single unit of content, the overall integrity and security of the system for content distribution is not compromised. Preferably, security is provided through a general mechanism, which is then varied in order to provide variable, dissimilar security schemes for different types of content. By “type of content”, it is meant any of a single unit of content, a single instance of content or a single category of content. For example, for a category of content, the content may be characterized according to the identity of the content itself, such as the title of a movie for example, and/or according to the owner of a particular copy of the content. Thus, different security schemes may optionally and preferably be generated from a particular root structure. Related apparatus and methods are also provided.
U.S. Pat. No. 7,519,591 to Landi, et al. discloses systems and methods for protecting individual privacy (e.g., patient privacy) when individual data records (e.g., patient data records) are shared between various entities (e.g., healthcare entities). In one aspect, systems and methods are provided which implement secured key encryption for de-identifying patient data to ensure patient privacy, while allowing only the owners of the patient data and/or legally empowered entities to re-identify subject patients associated with de-identified patient data records, when needed.
U.S. Pat. No. 7,543,149 to Ricciardi, et al. discloses a method for securing patient identity comprising accessing an electronic medical records database including patient data for a plurality of patients. Each patient in the electronic medical records database is assigned a unique patient identifier. Patient data for a first patient, including a first patient identifier, is retrieved from the electronic medical records database. The first patient is de-identified from the patient data. De-identifying includes the creation of a first encoded patient identifier responsive to the first patient identifier. The de-identifying results in de-identified first patient data and includes the replacement of the first patient identifier with the first encoded patient identifier. The de-identified first patient data is transmitted to a data warehouse system. The method further comprises identifying a second patient in response to receiving report data that includes a second encoded patient identifier from the data warehouse system. The identifying includes the creation of a second patient identifier responsive to the second encoded patient identifier.
U.S. Pat. No. 7,546,334 to Redlich, et al. discloses a method, program and information processing system for filtering and securing data (security sensitive words-characters-data objects) in a source document. The adaptive filter uses a compilation of additional data (typically networked) and identifies the sensitive words/objects in the compilation of additional data, and retrieves contextual, semiotic and taxonomic words/objects from the compilation related to the sensitive words/objects. The resulting compiled filter is used to extract sensitive words/objects and retrieved data (words/objects) from the source document to obtain extracted data and remainder data therefrom. Contextual words, related to the security sensitive words/objects, are based upon statistical analysis of the additional data compilation. Semiotic words related words are synonyms, antonyms, and pseudonyms, syntactics relative to the target words and retrieved words, and pragmatics relative to the sensitive words and retrieved words.
U.S. Pat. No. 7,552,482 to Redlich, et al. discloses a method for securing data on a personal computer having security sensitive content grouped into security levels, each with a clearance code, includes filtering and extracting sensitive content by security level and separately storing the security content in remote extract stores. Remainder data is stored locally or remotely. A map for selected extract stores may be generated. The filter and/or map may be destroyed or stored. The data input, extracted data and remainder data may be deleted from the originating computer. Encryption may be utilized to enhance security (including transfers of data, filter and map). Reconstruction of the data is permitted only in the presence of a predetermined security clearance. Full or partial reconstruction is possible, based upon the security clearances. A computer readable medium containing programming instructions and an information processing system is encompassed.
U.S. Pat. No. 7,668,835 to Judd, et al. discloses a method of managing medical information. The method comprises the steps of receiving medical information in a format incompatible with the World Wide Web and converting the medical information to a format compatible with the World Wide Web. Further, the medical information is physically stored at a single location.
U.S. Pat. No. 7,702,755 to Schwab discloses methods and apparatus which provide secure interactive communication of text and image information between a central server computer and one or more client computers located at remote sites for the purpose of storing and retrieving files describing and identifying unique products, services, or individuals. Textual information and image data from one or more of the remote sites are stored separately at the location of the central server computer, with the image data being in compressed form, and with the textual information being included in a relational database with identifiers associated with any related image data. Means are provided at the central computer for management of all textural information and image data received to ensure that all information may be independently retrieved. Requests are entered from remote terminals specifying particular subject matter, and the system is capable of responding to multiple simultaneous requests. Textural information is recalled and downloaded for review, along with any subsequently requested image data, to be displayed at a remote site. Various modes of data and image formatting are also disclosed, including encryption techniques to fortify data integrity. The server computers may be interfaced with other computers to effect financial transactions, and images representing the subjects of transactions may be uploaded to the server computer to create temporary or permanent records of financial or legal transactions. A further feature of the system is the ability to associate an identification image with a plurality of accounts, transactions, or records.
U.S. Pat. No. 7,725,716 to Tidwell, et al. discloses methods and systems for securely requesting, retrieving, sending, and storing files. One aspect involves receiving a request for a file from a client device that identifies a user and the client device, encrypting the file using a session key based at least in part on the user and the client device, and transmitting the encrypted file to the client device. Other aspects of the invention include storing the encrypted file on the client device in encrypted form such that the file may only be decrypted or accessed by the particular user on that particular client device.
United States Patent Application 2002/0116227 to Dick discloses a method for searching for medical information executed by one or more computers. The invention comprises the steps of formulating a request for medical information concerning an individual or group of individuals, transmitting a record request to a record facilitator, the record facilitator determining which patient record sources to investigate, a record query being sent from the facilitator to the patient record sources which are appropriate, receiving a patient record report back from the patient record sources, normalizing and augmenting the patient record report before forwarding it back to the requester, and de-identifying the patient record to remove any identifying information.
United States Patent Application 2003/0021417 to Vasic, et al. discloses a computer system that contains cryptographic keys and cryptographic key identifiers. The system has a repository cryptographic engine that communicates securely with a remote cryptographic engine, and the repository cryptographic engine is associated with a user data store. The user data store includes a hidden link including a session key identifier encrypted with a protection key. The hidden link is associated with a remote data entity. A key data store associated with the repository server includes a session key encrypted with a session-key-protection key. The session key is used to encrypt and decrypt the remote data entity. The system also includes a repository key exchange module operable to exchange the session key with a remote key exchange module.
United States Patent Application 2004/0143594 to Kalies discloses a method for compiling, storing and organizing data, and gathering and reporting medical intelligence derived from patient-specific data. A patient's Minimum Data Set (“MDS”) data generated by health care facilities are merged with that patient's pharmacy data to create a comprehensive clinical/pharmacological data set for each patient. The data may first be encrypted to ensure patient privacy before being transmitted by the facility to a data repository via an electronic communication network. Upon receipt at the data repository, the data first must pass through a security screen. If the data is determined to be valid and virus-free, it is decrypted as necessary before being added to a data warehouse for use in a wide variety of therapeutic, statistical, and economic analyses. The data may be partially or completely “de-identified” to remove patient-identifying information so as to protect patient privacy.
United States Patent Application 2005/0165623 to Landi, et al. discloses systems and methods for protecting individual privacy (e.g., patient privacy) when individual data records (e.g., patient data records) are shared between various entities (e.g., healthcare entities). In one aspect, systems and methods are provided which implement secured key encryption for de-identifying patient data to ensure patient privacy, while allowing only the owners of the patient data and/or legally empowered entities to re-identify subject patients associated with de-identified patient data records, when needed.
Although the aforementioned prior art have contributed to the development of the art of electronic medical records systems that generally meets the record keeping needs of the individual medical establishments they fail to meet the medical record keeping needs of the individual patients. This is due in large part to the fact that these patents were designed to rely on the historical documentation or records that were generated by and originally designed for the medical establishments that created them. These information systems were designed to meet the needs of the individual medical establishment's they were created for. They were not designed to create a medical record from the patient's perspective. The doctor's records are the product of the medical information system designed to meet the needs of the doctor. The pharmacists records were designed to meet the needs of the pharmacist. The insurance companies records were designed to meet the insurance company's requirements. Copying parts of the doctor's records the pharmacist's records and the insurance company's records is not the same as designing a system to create the unique vantage point of the patient's record keeping requirements. The copy solution is flawed for the following reasons:
1. Redundant Information
When a doctor writes a prescription for a patient instructing a pharmacist to fill a medicine that will in part be paid by an insurance company we have a four party Medical transaction. All four parties record the transaction in their own way to make sure each completes it's part in the transaction. Providing the patient with a copy of this transaction in the body of a copy of each party's overall medical records for this patient will saddle the patient with at least three separate notations of this single event. This event will be buried somewhere in text of the information provide by each party and it would take a great deal of human effort to track down these redundancies, identify them and then correctly eliminate the duplications.
2. Incomplete Information
There is no overriding structure in place to make sure that every party involved in the care of this patient has provided their copy of what transpired for the patient. Reviewing the parties that provided information to determine which party if any is not represented in the body of work provided would take a great deal of human effort to research and compile.
3. Diverse Information Formats
There is no overriding structure in place to make reliable comparisons of the information provided by each party. Organizing patient information that is in text form that has been created by different information systems is a time consuming task requiring a lot of human intervention. Information systems that do not capture or provide the information in a computer accessible data format make any attempt to access and use the information a major undertaking that requires considerable human intervention.
4. Compilation of Historical Records Versus Recording the Transaction Process.
Creating a patient record by assembling the historical records that were created by each of the medical establishments that provided services for the patient will at best provide a patchwork quilt solution that suffers from the problems identified in 1 through 3 above. The patents reviewed above all begin with historical records. The medical records of these establishments are compilations of each encounter or transaction the patient had with that medical establishment. De identifying the compiled record of transactions to provide security or protection in the process of moving or communicating the patient's historical medical information is like locking the barn after the horse has left the building. It does nothing to provide security to the event that created the transaction or to the transaction itself as it occurs. This is the deficiency in the prior work that this invention intends to address. De identifying the transaction process as it occurs provides security to the transaction itself that the prior art fails to address and recording that de identified data as it is created in such a way as it can be re identified by those intended to have access to it produces a natural de identified patient centered record that is truly the patient's vantage point.
Therefore, it is an object of the present invention to provide an improved system apparatus or platform for the retention of and access to transaction information to allow the creation of a truly patient centered medical record information system.
Another object of this invention is to provide an information system based on recording live transactions in real time rather than attempting to manipulate historical records after the fact.
Another object of this invention is to provide an information system designed to receive inputs from and interact with every commercially viable communication methodology to facilitate recording all patient contacts and communications.
Another object of this invention is to deploy the same security strategies to all contacts and communications rather than focusing entirely on the traditionally recorded event where money changes hands.
Another object of this invention is to create a listing of enrolled individuals and organizations that permits any other enrolled member to choose the method of contacting the other member without revealing the contact details. Selecting the member and the contact method initiates the phone call or the e-mail without revealing the number dialed or the e-mail address of the other party. The party to be contacted will have the option to accept the communication now, latter, or to refuse it indefinitely at their discretion.
Another object of this invention is to collect transaction information in a form acceptable to data base manipulation that will allow computerized research of the information and allow cross links to other industry data bases for advanced research and development.
Another object of this invention is to collect transaction information in the normal course of business transactions that might indicate potentially dangerous or epidemic situations may occur or have already begun in such a manner that allows the immediate notification of the proper authorities without divulging the identities of the parties involve but providing all the profile or demographic information available about them to these authorities so they make take prudent action to protect the common welfare.
Another object of this invention is to provide an improved system and apparatus for ensuring the protection of the identities of all the participants in the transactions within the system that does not rely on encryption and encoding schemes that will fail as technology advances.
Another object of this invention is to provide a transaction platform capable of accepting any commercially acceptable form of payment such as credit card processing or direct checking account debits and credits in a manner that does not reveal the identity of the other transacting party, the transaction date or the amount of any particular transaction to the payment processor.
Another object of this invention is to facilitate a method of sending two communications one perhaps by mail or delivery and the other by c-mail or fax where each contains half of the information required to securely retrieve a data file from an unidentified secret e-mail location on the dark web. The secret e-mail location would have been assigned to the intended recipient upon enrollment and would only allow the recipient access from the recipient's registered computer when both parts of the two communications are combined.
Another object of this invention is to facilitate the identification of enrolled callers to an enrolled establishment's IVR platform so that the caller's voice mail experience can be customized based on knowing their identity and anticipating the purpose of their call.
Another object of this invention is to list all the communication mediums readily available to the party being contacted to allow the system to send a message alerting the intended party of a communication awaiting them that can not be delivered via the current available options for communicating.
Another object of this invention is to allow enrolled employees as part of their enrollment the opportunity to List their name, title, company name and address as they would normally provide in a standard business letter. The system would create a unique barcode to assign to this list of information that would be printed on this employee's snail mailed correspondences, delivered items, faxed materials, inter office memos and embedded into emails and file downloads. When these items are received and if required scanned the barcodes are machine read allowing for the automated delivery of these material to the intended party's I/Ocombox.
Another object of this invention is to provide an improved system and apparatus that provides profile and demographic database information creating the opportunity to link data bases across multiple industries while ensuring the individual privacy of all the participants.
The foregoing has outlined some of the more pertinent objects of the present invention. These objects should be construed as being merely illustrative of some of the more prominent features and applications of the invention. Many other beneficial results can be obtained by modifying the invention within the scope of the invention. Accordingly other objects in a full understanding of the invention may be had by referring to the summary of the invention, the detailed description describing the preferred embodiment in addition to the scope of the invention defined by the claims taken in conjunction with the accompanying drawings.