1. Field of the Invention
The present invention relates to information management. In particular, the present invention relates to systems and methods for managing data in compliance with regulated privacy, security, and electronic transaction standards.
2. Background and Related Art
Information management has become an important part of business practice. For example, in the medical arena, information is gathered from patients, physician services, medical research, medical training, insurance policy underwriting, and the like. The medical information has proven to be beneficial to patients, physicians, other medial service providers, and other business entities. For example, insurance companies that provide life, health, disability income, long term care, casualty, and reinsurance policies routinely require medical information for analysis as to policy eligibility. Typically, the analysis of medical information includes reviewing such medical records as an attending physician""s statement, which is considered to be a very reliable record as it contains analyses and conclusions by a licensed medical professional. Medical records are also used in determining the amount of risk presented by an individual for a policy, and in determining causation and other issues relevant to insurance claim adjusting.
Currently, medical records are generally available, but are not easily accessible because of the confidential nature of the information. Accordingly, the medical records are protected by established professional conduct and by enacted legislation requiring the patient""s consent prior to disclosure of the medical record information. Further, a large majority of the medical record information is restricted to paper documentation that is located in the office file rooms of the medical service providers, restricting the sharing of information.
In order to prevent the expense of filling office space with voluminous records, some medical providers are migrating to electronic record systems, and are converting paper records to electronic records. However, like their paper counterparts, the electronic records typically remain isolated from external sources.
Currently, a delay is generally experienced when requesting information from a medical information repository, such as a physician""s office. The delay is due to the paper-only format of the records, the need for personnel time to pull the records and provide the requester with a copy thereof, and the low priority that is assigned to such requests by medical providers. Typically, the delay in underwriting insurance policies may cause applicants to lose interest, and cause a consequent loss of business to the insurer.
In an effort to shorten delays, some requesters utilize agents to travel to the various medical offices to manually retrieve copies of the medical records. Although this may partially accelerate the obtaining of the records, the cost in performing this service can be expensive and the technique does not address the problem of determining whether the retrieved record is complete, and whether other records exist. Moreover, even when the existence and location of a record are known, its relevance remains uncertain until retrieved and reviewed.
Health care providers and emergency medical technicians also have a need to access medical records. Health care providers and emergency medical technicians are typically required to make decisions regarding the care of a patient under circumstances in which paper records are unavailable. The inability for traditional techniques to provide medical record information to health care providers and emergency medical technicians increase the risk of improper treatment and the likelihood of medical malpractice.
A further complication in the providing of medical information to a particular requestor lies in the Health Insurance Portability and Accountability Act (HIPAA), which mandates regulations that govern privacy, security, and electronic transactions standards for health care information. The regulations require major changes in how health care organizations handle all facets of medical information management, including reimbursements, coding, security, and patient records. The regulations have a far-reaching impact on every department of every entity that provides or pays for health care.
For example, HIPAA requires that the medical entity enable patients to first view any and all patient-specific information that the entity may have concerning them, and that the medical entity enable patients to make annotations or comments pertinent to the information that the entity has provided. Further, patients may request that information be corrected. Accordingly, the entity is required to enable a patient-driven xe2x80x9ceditorial commentingxe2x80x9d capability. While the medical entity is not necessarily obligated to make any actual xe2x80x9ccorrectionsxe2x80x9d to their internal records, they are required to indicate that the patient has registered their comments or made certain suggested changes to their personal information.
Such requirements may generally be considered as a real detriment by many medical entities. Yet to others it represents an opportunity for the entity (e.g. a physician or others who may hold crucial clinical information, such as a prescription history) to document and publish the fact that the patient himself has actually viewed and verified as of a certain date the accuracy and completeness of their personal information that the entity has about them. In the case of retrieving and viewing a current prescription history, the patient-verified history would be very assuring to an emergency room physician that is treating the patient.
Accordingly, it would be an improvement in the art to enable affected entities to comply with the regulations that have been enacted, and to facilitate information management and exchange without breaching duties of confidentiality nor professional relationships.
The present invention relates to information management. In particular, the present invention relates to systems and methods for managing data in compliance with regulated privacy, security, and electronic transaction standards.
Implementation of the present invention takes place in association with one or more computer devices that are used in a system to manage data in compliance with regulated privacy, security, and electronic transaction standards. In one implementation, the system includes a single point of entry for external and/or internal requests, and/or a single point of exit for transmissions of information, wherein the transmissions include individually identifiable patient information to legitimate patient-approved requests. Implementation of the present invention further embraces the de-identification of information that may be selectively used and/or sold. The de-identification prevents the identification of patients corresponding to the medical information, thus allowing the information to be useful while still preserving professional confidences. Moreover, implementation of the present invention embraces fully digital authorizations and consents for retrieval from external data sources.
While the methods and processes of the present invention have proven to be particularly useful in the area of managing medical information, those skilled in the art can appreciate that the methods and processes can be used in a variety of different applications and in a variety of different areas of manufacture to manage information, such as academic information, financial information, and the like.
These and other features and advantages of the present invention will be set forth or will become more fully apparent in the description that follows and in the appended claims. The features and advantages may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. Furthermore, the features and advantages of the invention may be learned by the practice of the invention or will be obvious from the description, as set forth hereinafter.