Conventionally, portable storage of data has been commercially available for electronically storing text, such as addresses and phone numbers, or for simple storage and access of a common type of digital media, such as music. These databases, commonly provided on flash memory cards or Universal Serial Bus (USB) tokens have nominal or no built-in security, since the intended use is for non-sensitive data storage and access for a single user. In other words, these products do not provide for the portable storage of secure, privatized data, and a means for multiple parties to access such protected data in a controlled way. There is a need for a portable, multi-user, secure database and a system and method for storage and retrieval of select data by an authorized user.
In particular, there is a need in the current fragmented health care system in the United States and in other countries for a generic database and network for the exchange of patient health information among different health-care providers. The U.S. health care system is made up of many entities spread over a large geographic area, with minimal or no communications or coordination among them for exchange of patient health data. Information is generally owned and kept by the health care provider generating the data, and will only be copied to another if expressly asked for. As a result, physicians do not have easy routine access to the patient's general medical records except for what they themselves produce. In addition, patients going from one health care provider to another usually do not have the relevant records and test results with them. This system results in a number of major problems including delays in diagnosis and treatment, inefficient use of time and resources, unnecessary repetition of tests, and errors in medical practices that could lead to thousands of deaths each year.
Finally, the physician's lack of immediate access to patient information also encourages fraud and abuse of our current health care system. The consequences of such abuse, which may include unnecessary and repetitive tests, for example, are increased insurance premiums, and, therefore, increased cost to the consumer. There is clearly a need, therefore, for a more accessible, portable, and efficient system for exchanging patient health information among different health-care providers.
There is also a need for a system and method of managing and accessing medical data that maintains a patient's privacy. In fact, as a result of the Health Insurance Portability and Accountability Act (HIPAA) enacted by Congress in 1996, U.S. health care providers are now mandated to maintain patient data in a private and secure manner. In accordance with HIPAA, patient health care information can only be divulged by a physician to other health care providers upon the consent of the patient.
Though some attempts have been made to implement an accessible electronic medical information system, none of them provide the accessibility, security, and portability needed to address the current problems in our health care system. U.S. Pat. No. 5,899,998 to McGauley et al., for example, discloses a method and system for maintaining and updating computerized medical records. The system includes a set of databases that propagate data from one database to the other over a network. Encryption techniques are used to maintain the security of the data only when it is being transmitted to other computers.
Similarly, U.S. Pat. No. 6,463,417 to Schoenberg discloses a method and system to allow access to patient data over a communications network. All patient medical records are stored on a number of computers. Access to these computers is only available via a communications network. Should the network fail, the access to the data will be lost. In addition, access to such a host-based database requires access to another provider's system or another insurance company's database, which may not be easily accessible due to business reasons.
U.S. Pat. No. 6,523,116 to Berman discloses a personal card that contains a public key to access a centralized database. The public key identifies the patient, whose medical record is needed, and allows access to the data. The card only provides the user access to the database. No medical data records are available on the card. The user needs either direct access or an access point that is connected to the computer that hosts the centralized database, generally through a network.
U.S. Pat. No. 5,832,488, to Eberhardt discloses storage of a patient's medical history on a smart card. The medical history on the card can be updated, and also stored on a computer database. The card is associated with an ID number, rather than a name, and only health care providers have a list to associate the ID number with a name. The data is not otherwise protected or secure, and there is no mechanism for a patient to selectively authorize a physician access to particular data records saved on the card. In summary, none of these systems provide a database that is portable and easily accessible to both health care providers and patients within an environment that adequately protects the patient's privacy.
These and other prior art systems and methods for providing a medical database, which include server-based storage, low-tech compact disc (CD) formats, or low-memory smart cards, have at least the following limitations. The server-based solutions do not allow off-line access to the data, the low-memory smart cards have very limited storage capability and are generally used only as identification tokens, and CDs are neither easy to use nor flexible enough to handle the necessary security requirements. Other limitations of the prior art include: the inability to provide integrated data across multiple providers; the inability to provide the patient (and the doctor) easy access to the patient's own medical data and medical history; and the lack of a standard format where the data can be easily stored in a secure form and “mined.”
Co-owned U.S. Pat. No. 7,661,146 to Karimzadeh, et al., entitled “A Method and System for Providing a Secure Multi-User Portable Database,” issued Feb. 9, 2010, discloses a secure multi-user portable database, e.g., on a smart card or on a smart phone or on another similar device, to allow the healthcare providers to store patient medical data securely on the device and to allow the patient to have viewing access to the data on it. The '146 patent discloses an authentication process between the patient card and the healthcare provider card, which includes both the patient and the doctor entering his or her ID and password into separate card readers and keeping both cards inserted in the card readers until the patient's card is read and updated by the healthcare provider. Accordingly, this authentication method relies on a pair of expensive card readers. In addition, there is no decoupling of the communication process for communicating (e.g., reading, writing and updating) the patient's data from the authentication process, both requiring the presence of both the doctor's and patient's cards in their respective card readers.
There is still a need, therefore, for a system and method for providing a secure communication channel, and hierarchical multi-user access to, secure data stored on a portable database.