WO2001086479A2 - System for providing information prescriptions - Google Patents

System for providing information prescriptions Download PDF

Info

Publication number
WO2001086479A2
WO2001086479A2 PCT/US2001/013868 US0113868W WO0186479A2 WO 2001086479 A2 WO2001086479 A2 WO 2001086479A2 US 0113868 W US0113868 W US 0113868W WO 0186479 A2 WO0186479 A2 WO 0186479A2
Authority
WO
WIPO (PCT)
Prior art keywords
information
individual
prescriptions
access
providing
Prior art date
Application number
PCT/US2001/013868
Other languages
French (fr)
Other versions
WO2001086479A3 (en
Inventor
Terry Knapp
Original Assignee
Terry Knapp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Terry Knapp filed Critical Terry Knapp
Priority to AU2001255778A priority Critical patent/AU2001255778A1/en
Publication of WO2001086479A2 publication Critical patent/WO2001086479A2/en
Publication of WO2001086479A3 publication Critical patent/WO2001086479A3/en

Links

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H70/00ICT specially adapted for the handling or processing of medical references
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H80/00ICT specially adapted for facilitating communication between medical practitioners or patients, e.g. for collaborative diagnosis, therapy or health monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Definitions

  • This system relates to the field of information delivery and, in particular, to a system for managing and tracking an individual's access to and retrieval of prescribed information, and for support of legally valid acknowledgment and attestation by the individual to the receipt and understanding of the information and agreement to the stipulations described in the information.
  • organ donor agreements including, but not limited to: organ donor agreements, real estate broker agreements, financing arrangements, medical and surgical procedure authorizations, on line software license agreements, and the like.
  • the individual is provided with a set of information which constitutes an "information prescription" in that the set of information is typically predetermined in scope and content, and the individual is requested to read and understand the information. The individual must then attest to receipt of the information and agreement to the terms and conditions contained therein.
  • the information prescription may be prescribed to the individual as a condition precedent to receipt of goods, services, and the like from a provider or the individual may seek out the information prescription in order to access goods, services, and the like.
  • the provider (doctor or hospital), or other responsible professional or business entity, is held legally accountable for delivery of this information in a complete and consistent manner. Therefore, every provider or other responsible professional or business entity must obtain legally defensible informed consent from the patient before instituting treatment or administering certain drugs or medical devices, conducting clinical research, using sensitive personal patient data, collecting tissue or organs for donation or banking, or obtaining medical power-of-attorney or living wills, and the like. Not only is this task daunting, but the physician or other responsible entity is without an adequate audit trail to demonstrate that the information was not only provided to the patient but also understood by the patient.
  • the traditional nature of medical practice is that the time spent by the physician in patient education is typically compressed into a portion of an office visit, where the patient arrives unprepared and leaves without having had adequate time to fully ponder the information that was provided, while the physician is unsure how much of the presentation of information was understood by the patient.
  • This traditional information transfer process reduces the likelihood that the patient makes the effort to raise their questions with the physician in a follow up communication.
  • This problem is often better addressed in the area of surgical procedures, where the patient is typically more prepared to understand the teaching provided by the surgeon, since the surgery is typically authorized after a number of prior physician visits and the repeated presentation of information during this series of meetings reduces the likelihood that the patient fails to understand at least the basic information that is presented.
  • the system for providing information prescriptions provides a data access transaction environment (including Data Informed Consent) in its entirety, in order to reduce the cost of providing relevant medical information to patients as well as to ensure that the prescribed information was provided to the patient and this information was understood by the patient, Moreover, there presently is no method by which the patient can attest to the receipt of and understanding of the information prescribed by the provider or other responsible entity and agree to the recommendations of the provider or other responsible entity attendant to that information in a manner that cannot be repudiated.
  • This system for providing information prescriptions maintains a time and date stamped log, that identifies: providers or other responsible entity, patients, the set of information prescribed for each patient, the purpose for which the prescribed set of information is used.
  • the system for providing information prescriptions also provides for multimedia information content that is archived and versioned for future reference to assure the integrity of the transaction.
  • the system for providing information prescriptions also includes the capability to test the patient's understanding of the information and provides the patient with a mechanism to generate inquiries and to access additional information relating to the prescribed set of information.
  • the provider or other responsible entity is therefore able to utilize the resources available from many sources to provide the patient with relevant information in a timely and efficient manner.
  • the system for providing information prescriptions also contains the mechanisms by which the patient can attest to the viewing and understanding of the information and to the acceptance of the providers treatment and product use recommendations such that the patient ' s consent is thereby informed and the attestation cannot be legally repudiated.
  • the present system for providing information prescriptions introduces a new paradigm in the field of information delivery and the secure attestation by an individual to terms and conditions associated with a transaction related to the delivered information.
  • Various means of securing the data are available, such as symmetric and asymmetric encryption key systems and protected lists.
  • Various means of authentication of users are available, including digital signatures, passwords, biometrics and smart cards.
  • the security of data is addressed through the means of a public key infrastructure and digital certificate issuance to authorized and authenticated users.
  • Each transaction participant consists of a client company, care provider, other responsible entity, or information source that holds a general Digital Certificate to authenticate that company, provider or information source.
  • Each Digital Certificate bears a unique identifier to ensure that it can be tracked.
  • Each Digital Certificate issued is accompanied by a set of requirements governing its use that are designed for compliance with regulations and the access limitations defined by the issuer.
  • Each patient is authenticated and issued a Digital Certificate or other means of authentication to use in the generation of a Dynamic Data Informed Consent and for use in providing information to the patient and tracking the use of this information by the patient, and for logging, archiving and tracking patient sign-off for understanding of the information and for treatment and product use authorization.
  • the medium for data transmission among the parties served by the system for providing information prescriptions is any electronic data communication system, such as: the Internet, Intranet, Virtual Private Network (VPN), Wide Area Network, and the like.
  • the system for providing information prescriptions acts as a compliance clearinghouse for the data flow and maintains a log of patients, category of data, purpose for which the data is used, time and date stamped.
  • the system for providing information prescriptions maintains the audit trail of all uses of data, together with audit analysis software to determine if any breach of the system ' s authorization structure occurs.
  • the system for providing information prescriptions supports and records transactions entailing legally valid authorization fortreatment and product use based on receipt and understanding of the information.
  • Figure 2 illustrates additional details of the data informed consent system
  • Figures 3 and 4 illustrate in flow diagram form the operation of the system for providing information prescriptions of Figures 1A & 1B in processing a typical transaction
  • Figure 5 illustrates in block diagram form the structure of the Dynamic Data
  • the system for providing information prescriptions ensures that the individual who receives the information understands the information and acquiesces to the terms and conditions associated with the transaction for which the information is relevant.
  • this system for providing information prescriptions enables medical professionals to verify that a prescribed set of information was provided to the patient and this information was understood by the patient.
  • the Information Prescription System provides a data access transaction environment (including Data Informed Consent) in its entirety, in order to reduce the cost of providing relevant medical information to patients as well as to ensure that the information was provided to the patient and this information was understood by the patient.
  • the example of a medical information delivery scenario is used herein to illustrate the concepts of the Information Prescription System but this example is not intended to limit the scope and applicability of the Information Prescription System to the multitude of other fields and analogous applications where this paradigm is also applicable.
  • Figures 1 A & 1 B illustrate in block diagram form the overall architecture of the Information Prescription System 101 and a typical environment in which it is operational.
  • the present Information Prescription System 101 is incorporated into a data storage and processing complex 100 that is connected to at least one communication medium CM (such as the Public Switched Telephone Network, or a wireless network, or the Internet, or other switched data network) to thereby enable individuals to obtain communication connections with the Information Prescription System 101.
  • CM such as the Public Switched Telephone Network, or a wireless network, or the Internet, or other switched data network
  • the data storage and processing system 100 on which the Information Prescription System 101 resides includes: interactive web server WS1 , communications and data router DR1 , a plurality of servers S1-Sn which function to manage a plurality of databases and provide an interface to the Information Prescription System 101 and the Dynamic Data Informed Consent System 102.
  • the Information Prescription System 101 includes various data management processes, some of which are described below.
  • the individuals who access the Information Prescription System 101 are typically equipped with a personal computer, hand held computing device, cellular communication device, telephone station set or other data interface device, collectively termed "terminal equipment" T1-Tn herein.
  • a typical terminal equipment T1 can be equipped with a processor PC, display device D, Web browser software AB, and one or more databases or data storage devices, such as database E which is used to store information retrieved from the sites served by the Internet and database F which stores programs used to operate the processor PC.
  • the data communication connection between the individual's terminal equipment T1 and the Information Prescription System 101 can be via the Internet, using the well known personal computer modem and Internet browser technology available at the individual's terminal equipment T1.
  • the physical connection that supports this data communication connection is typically effected from individual's terminal equipment T1 through the Local Exchange Carrier LEC1 of the Public Switched Telephone Network (PSTN) to the Internet CM which is also connected thereto.
  • PSTN Public Switched Telephone Network
  • the Internet CM is also connected to a Local Exchange Carrier LEC2 which serves the communications and data router DR1 of the Information Prescription System 101.
  • providers are typically equipped with a provider communication system P that enables the provider to communicate with the data storage and processing complex 100 via the Internet CM.
  • the provider communication system typically is equipped with a plurality of databases, such as database C, which may store information, and database D, which may store information for access by the individuals, such as educational scripts. This information may alternatively be incorporated, in whole or in part, into a standalone interactive teaching system (not shown).
  • database C which may store information
  • database D which may store information for access by the individuals, such as educational scripts.
  • This information may alternatively be incorporated, in whole or in part, into a standalone interactive teaching system (not shown).
  • there are a multitude of information vendors who maintain information repositories illustrated in conceptual form in Figure 1 A as information vendor Web site IV.
  • the information vendor Web site IV typically consists of a data router/server DR2, Web server software WS2 and a plurality of databases, such as database A for storing prescription drug data for access by patients, and database B for storing access control software and data to enable the information vendor to authenticate a patient's right of access, create an information audit trail, and manage the information transaction.
  • the information vendor Web site IV can optionally be equipped with one or more stand-alone interactive teaching systems (not shown).
  • the confidential exchange of information implies that the information is exchanged or shared with the trusted other who is trusted to keep the information secret, i.e. the trusted other will not disclose the information to others.
  • Privacy This comprises the state of being free from unsanctioned intrusion. Privacy is often confused with security. Security implies safety from intrusion, while privacy invokes the ability of a person to avoid intrusion unless that person authorizes the intrusion.
  • Security This comprises the level to which data is safe from unauthorized use. Security requires mechanisms which protect the data from unauthorized use.
  • the dynamic process of authorization or revocation of authorization via operation of a security mechanism is the exercise of privacy.
  • Data Informed Consent The process by which a patient is informed about their rights under the law, and the responsibilities of parties who use their personalized information (General Advisory), as well as the manner in which their data is used, managed and protected (Specific Advisory). This process provides for interactive patient control of disclosure authorization and the revocation thereof (Dynamic Consent).
  • Data Informed Consent dictates what client companies (providers, payers, drug and device manufacturers, research organizations, e-health companies) can do with the patient's data - hence a two-way interaction: the present system informs the patient of the various options; patients consent to client companies accessing their data via the present system pursuant to the parameters specified by the patient.
  • Clients - The term "client” is used to identify any of the class of providing health care businesses or other responsible entities that interact with the patient, such as: health care providers, product vendors, information vendors, e-health companies, payers, laboratories, research organizations, attorneys, data storage companies, and the like.
  • the components of the Information Prescription system include: A public key infrastructure (PKI) that provides robust encryption of all data routed through the Information Prescription system. Encryption modalities other than PKI may be employed to implement this function.
  • PKI public key infrastructure
  • Digital certificates to provide ongoing authentication of approved parties, and associated constraints on use and attestations provided by the parties to whom they are issued. Other means of authentication such as passwords, biometrics and smart cards may be used to implement this function.
  • Dynamic Data Informed Consent The Dynamic Data Informed Consent system 102 is cooperatively operative with, and may be part of, the Information Prescription System 101 and functions to interactively manage the information exchange with the patient and maintain a confidential audit trail of the information accesses and retrievals by the patient.
  • This Dynamic Data Informed Consent system 102 is described in detail in the above-noted U.S.
  • Dynamic Data Informed Consent segment 102 of the present Information Prescription System 101 typically includes the following: 1.) There is a duty not to use or disclose information except as authorized by the patient, or as explicitly permitted by legislation or regulations.
  • Clients are permitted to use the information only for purposes compatible with and directly related to the purposes for which the information was collected or received, or for which they are authorized to disclose the information.
  • the Dynamic Data Informed Consent System 102 ensures the integrity and confidentiality of information; and b.) The Dynamic Data Informed Consent System 102 protects against any reasonably anticipated threats or hazards to the security or integrity of the information and unauthorized uses or disclosures of the information. Architecture of the Dynamic Data Informed Consent System
  • FIG. 2 illustrates additional details of the Dynamic Data Informed Consent System 102 in conceptual block diagram form to illustrate the functionality of this system.
  • the Dynamic Data Informed Consent System 102 functions to regulate the exchange of proprietary patient specific data among the plurality of clients served by the Dynamic Data Informed Consent System 102.
  • the Dynamic Data Informed Consent System 102 in a typical embodiment, itself comprises one or more servers 221 , 222 which interface the Dynamic Data Informed Consent System 102 to the various elements contained in the data storage and processing system 100.
  • the Dynamic Data Informed Consent System 102 can be viewed as a plurality of components, which can be implemented as an integrated facility or portions thereof can be outsourced to other vendors.
  • the data storage function can optionally be implemented within Dynamic Data Informed Consent System 102 as an Information Management System (IMS1)
  • the Public Key Infrastructure (PKI) can optionally be implemented within Dynamic Data Informed Consent System 102.
  • the Information Management System (IMS1) includes a data storage manager 251 , administrator interface terminal 254 and its associated data storage devices 252, 253, which stores the proprietary patient specific data.
  • the core element of the Dynamic Data Informed Consent System 102 is the dynamic Data Informed Consent Management system (DIG Management).
  • the Public Key Infrastructure (PKI) comprises a subscriber manager 220 and a key management element 230, shared between the Data Informed Consent Management system (DIC Management) and the Public Key Infrastructure (PKI).
  • the Public Key Infrastructure (PKI) includes a digital certificate processing element 240.
  • the Data Informed Consent Management system typically comprises one or more servers 221 , 222 to manage interactions with patients and clients.
  • the Data Informed Consent Management system (DIC Management) includes a patient/client subscription module comprising the RA Control Center 225, an associated administrator data terminal device 226 and data storage elements 227.
  • a digital certificate module comprising the CA Control Center 223, an associated administrator data terminal device 224 and data storage elements 228, is provided.
  • the Data Informed Consent Management system (DIC Management) includes a data informed consent module 260, comprising DIC Control Center 261 , an associated administrator data terminal device 262 and data storage elements 263, 264. The operation of these elements is described below. Dynamic Data Informed Consent Transaction
  • Dynamic Data Informed Consent System 102 For clients and patients to be served by the Dynamic Data Informed Consent System 102, their identity must be verified and ensured in future transactions. This is typically accomplished by use of the well known paradigm of Digital Certificates.
  • a patient or client wishes to avail themselves of the services of the Dynamic Data Informed Consent System 102, they establish a communication connection via data communication medium CM to the Dynamic Data Informed Consent System 102 and interconnect with servers 221 , 222 via communication paths WA.
  • the Dynamic Data Informed Consent System 102 then executes a script via RA Control Center 225 and certificate processing system 240, to identify the patient/client and record their identity and set of permissions in the registration database stored in memory 227.
  • the Dynamic Data Informed Consent System 102 in well known fashion issues a Digital Certificate via certificate processing system 240, which Digital Certificate is transmitted via servers 221 , 222 and communication paths WA to the patient/client to thereby authorize future access to the Dynamic Data Informed Consent System 102.
  • Dynamic Data Informed Consent System 102 When Digital Certificates are issued by the Dynamic Data Informed Consent System 102 to clients, these parties can access the Dynamic Data Informed Consent System 102 to assure compliance with a patient's dynamic data informed consent when accessing patients' proprietary patient specific data and providing data to patients.
  • the patients are also provided with Digital Certificates, which they use to access the Dynamic Data Informed Consent System 102 to create the Data Informed Consent for the patient's personal data.
  • the patient via data communication medium 201 , accesses the Dynamic Data Informed Consent System 102 and, in particular, the Data Informed Consent module 260 to create a Data Informed Consent file for the patient's proprietary patient specific data which is stored in informed consent database memory 263.
  • This data informed consent data created by the patient is the basis of empowering the clients to access, exchange and process the patients' proprietary patient specific data. It is apparent that the patient can create the data informed consent data via the submission of a paper form, which is then input into the Dynamic Data Informed Consent System 102 by clerical staff. In either case, the data informed consent stored in Dynamic Data Informed Consent System 102 is the basis for the transactions described herein.
  • FIG. 5 illustrates in block diagram form the structure of the Dynamic Data Informed Consent Domain.
  • the patient has a one to one mapping to a Data Informed Consent, since the Dynamic Data Informed Consent System 102 maintains a single Data Informed Consent for each patient.
  • the Data Informed Consent is mapped to up to n clients, although at any time there may be no clients authorized under the patient's Data Informed Consent.
  • the patient has a one to one correspondence to an audit trail file maintained by the Dynamic Data Informed Consent System 102.
  • the audit trail file is mapped to up to n Data Informed Consent Updates, although at any time there may be no Data Informed Consent Updates authorized under the patient's Data Informed Consent.
  • the Data Informed Consent Updates are mapped to up to n clients, although at any time there may be no clients authorized under the patient's Data Informed Consent Updates.
  • the patient's audit trail file is mapped to up to n Health Information Transactions, although at any time there may be no Health Information Transactions authorized under the patient's Data Informed Consent.
  • each Health Information Transaction is mapped to up to n transmitting and n receiving clients, although at any time there may be no clients authorized under the patient's Data Informed Consent. Operation of the Information Prescription System
  • FIGs 3 and 4 illustrate in flow diagram form the operation of the Information Prescription System 101 of Figures 1 A & 1 B in processing a typical transaction.
  • Digital Certificates are issued to clients, these parties can access the Information Prescription System 101 to assure compliance when transacting with or accessing the Information Prescription System 101.
  • the patients are also provided with Digital Certificates, which they use to access the Information Prescription System 101 to create the Data Informed Consent for the patient's data and for the access of information, with the associated audit trail creation.
  • the patient accesses the Information Prescription System 101 and, in particular, the Data Informed Consent Management module 201 to create a Data Informed Consent file for the patient's personal data which is stored in memory in one or more data storage systems, such as a rules-driven relational database system.
  • the provider at step 301 instructs the patient to retrieve a predetermined set of information ("information prescription") for review prior to a conference scheduled between the patient and the provider.
  • the information can reside in a single location or can be distributed across many locations.
  • an initial segment of the information prescription may reside on the provider's information system P
  • a second segment may reside on the data storage and processing system 100
  • a third segment may reside on an information vendor information system IV.
  • the issuance of an information prescription can be implemented electronically at step 302 by the provider, using provider information system P, encrypting the patient personal data, using PKI software and interface supplied by the company (PrivaComp, Inc.) that operates the Information Prescription System 101.
  • the provider's Digital Certificate, issued by the Information Prescription System 101 , at step 303 is attached and the "wrapped" data is sent through the PKI encryption module 203 to ensure security of the transaction.
  • the data access request flows to the Information Prescription System 101 Certificate Authority and Certificate Management module 202 at step 304 where the authorization of the provider is verified, as a client of the Information Prescription System 101.
  • the verified request is then forwarded to Data Informed Consent module 201 at step 305 to be processed and the granted request is output through PKI encryption module 203 and transmitted over the data transmission medium 103 at step 306 to the patient's terminal device T1 to thereby enable the patient to execute the information prescription issued by the provider.
  • the information prescription is self defining, in that it identifies the patient and all segments of information (and optionally their sources) that are to be retrieved by the patient.
  • the information prescription can optionally also establish thresholds for each segment of the information, where the threshold defines the required minimum patient comprehension level for the received information, as measured by the entity providing the information.
  • step 307 An additional optional feature of this process is executed at step 307 where the Information Prescription System 101 generates a Digital Certificate, which is transmitted overthe data transmission medium 103 to client information vendor(s) IV who may then process the patient personal data transmitted by the provider and/or the Information Prescription System 101 to enable the patient to access data stored in the information vendor system IV.
  • the patient can initiate the information retrieval process.
  • the patient receives an information prescription from the Information Prescription System 101 via the Internet CM at their terminal device T1.
  • the patient (or other individual) may initiate an information access independent of the provider.
  • the patient then initiates a communication connection at step 402 to the Information Prescription System 101 via the Internet (as described above) in well known manner using terminal device T1.
  • the Information Prescription System 101 receives the information prescription from the patient and verifies the authenticity of the information prescription via the operation of the Dynamic Data Informed Consent System 102, as described above.
  • the Information Prescription System 101 provides the patient with access to a predetermined set of information that is stored in database G, which information constitutes a portion of the information defined in the information prescription.
  • the patient's access of this information and, optionally, the test results obtained via queries provided to the patient as part of the information retrieval process are time stamped and recorded in a transaction file in database H to thereby provide an audit trail for future reference.
  • the Information Prescription System 101 at step 406 routes the patient to the repository of the next segment of the information contained in the information prescription, if there is another segment. If not, the patient is routed to step 412 as described below.
  • the information vendor's information system IV can be accessed via the URL of this Web site, so the patient is automatically provided with the next portion of the information defined in the information prescription.
  • the access to the information vendor Web site IV is accomplished by the Information Prescription System 101 at step 407 transmitting an information access request to the information vendor Web site IV in encrypted form as described above, including the Digital Certificate that was issued to the patient.
  • the information vendor Web site IV processes the information request by validating the permission of the patient to retrieve the identified information, then provides the patient with access to this information and creates an audit trail of the information access and, optionally, the test results obtained via queries provided to the patient as part of the information retrieval process.
  • the information retrieval process data is time stamped and recorded in a transaction file in database B at step 409 to thereby provide an audit trail for future reference.
  • the audit trail data including identification of the patient, the data accesses and test results, are transmitted to the Information Prescription System 101 at step 410 for storage in the transaction file associated with this patient at step 411.
  • the Information Prescription System 101 obtains a digital signature sign-off by the patient, that cannot be repudiated, confirming patient understanding of the information and agreement to physician-recommended treatment and product use, or other responsible entity-recommended authorization.
  • the Information Prescription System 101 Upon the conclusion of all of the information accesses defined in the information prescription, or upon termination of the session by the patient, the Information Prescription System 101 at step 413 transmits an encrypted message to the provider's (or other responsible entities) information system P to advise the provider or other responsible entity of the patient's use of the information prescription, and whether the patient has executed the entirety of the information prescription.
  • the provider or other responsible entity can make use of resources available from many sources to provide the patient with information relating to a particular illness or medical condition or related transaction.
  • the provider or other responsible entity exercises control overthe nature and content of the information by defining the information content of the information prescription, receives verification of the patient's use (in whole or in part) of the information prescription, and receives legally-valid, patient consent (authorization) that cannot be repudiated, for recommended treatment and/or product use, or other legally-required authorization in accordance with the information provided (i.e., legally defensible "informed consent").
  • the Information Prescription System 101 may remain connected to the patient's terminal device T1 for the entirety of the communication connection in order that the Information Prescription System 101 monitor the transaction and record the data relating to the patient's access of the information contained in the information prescription.
  • the Information Prescription System 101 can facilitate the transfer of the data communication connection to an information vendor and simply receive data from the information vendor relating to the patient's access of the information contained in the information prescription. In either case, the Information Prescription System 101 maintains a record of the information prescription and its use for future validation of the patient's access to the information contained in the information prescription. Summary
  • the Information Prescription System is a dynamic patient authorization management tool that differs from existing data management systems in that it enables medical professionals or other responsible entities to prescribe a set of information for the patient to review.
  • the Information Prescription System provides a data access transaction environment (including Data Informed Consent) in its entirety, in order to reduce the cost of providing relevant medical and related information to patients as well as to ensure that the prescribed information was provided to the patient and that this information was understood by the patient and that the recommendations were accepted by the patient.

Abstract

The system for providing information prescriptions enables medical professionals and other responsible entities to prescribe a set of information for the individual to review in order to obtain legally-valid authorization of the individual. This system maintains a time and date stamped log, that identifies: providers, other responsible entities, patients, the set of information prescribed for each patient, the purpose for which the prescribed set of information is used. The Information Prescription System also includes the capability to test the patient's understanding of the information and provides the patient with a mechanism to generate inquiries and to access additional information relating to the prescribed set of information. The Information Prescription System also provides the means for the patient to electronically sign a consent (authorization) to for treatment and for product (drug and/or medical device) usage.

Description

SYSTEM FOR PROVIDING INFORMATION PRESCRIPTIONS
Cross Reference to Related Applications
This application is a continuation-in-part of U.S. Patent Application No: 09/430,331 titled "System for Providing Dynamic Data Informed Consent To Provide
Data Privacy and Security In Database Systems and in Networked Communications."
Field of the Invention
This system relates to the field of information delivery and, in particular, to a system for managing and tracking an individual's access to and retrieval of prescribed information, and for support of legally valid acknowledgment and attestation by the individual to the receipt and understanding of the information and agreement to the stipulations described in the information.
Problem
It is a problem in the field of information delivery to individuals to provide adequate and timely information to an individual as well as to ensure that the individual reads the information, understands its contents, has an opportunity to raise questions relating to the information provided, and have the questions answered.
There are many environments in which this process is found including, but not limited to: organ donor agreements, real estate broker agreements, financing arrangements, medical and surgical procedure authorizations, on line software license agreements, and the like. In these situations, the individual is provided with a set of information which constitutes an "information prescription" in that the set of information is typically predetermined in scope and content, and the individual is requested to read and understand the information. The individual must then attest to receipt of the information and agreement to the terms and conditions contained therein. The information prescription may be prescribed to the individual as a condition precedent to receipt of goods, services, and the like from a provider or the individual may seek out the information prescription in order to access goods, services, and the like.
A typical example of this information prescription scenario is found in the field of medicine. There is a plethora of medical information available to patients in printed form and over the Internet, which medical information covers the entire spectrum of information relating to: medical and surgical procedures, illnesses, prescription drugs, treatments, alternative medicine, medical practitioners, care facilities, insurance coverage, government programs, and the like. This wealth of information is presently not organized in any manner to enable a patient to access the information that they desire in a convenient manner. Therefore, this wealth of information is not being used by many of the patients who need this information. An ancillary problem is that physicians expend a significant amount of time and effort in patient education, having to distill the wealth of medical information into a coherent, focused and understandable presentation for each patient and relating to each medical issue of that patient. The provider (doctor or hospital), or other responsible professional or business entity, is held legally accountable for delivery of this information in a complete and consistent manner. Therefore, every provider or other responsible professional or business entity must obtain legally defensible informed consent from the patient before instituting treatment or administering certain drugs or medical devices, conducting clinical research, using sensitive personal patient data, collecting tissue or organs for donation or banking, or obtaining medical power-of-attorney or living wills, and the like. Not only is this task daunting, but the physician or other responsible entity is without an adequate audit trail to demonstrate that the information was not only provided to the patient but also understood by the patient. Thus, the traditional nature of medical practice is that the time spent by the physician in patient education is typically compressed into a portion of an office visit, where the patient arrives unprepared and leaves without having had adequate time to fully ponder the information that was provided, while the physician is unsure how much of the presentation of information was understood by the patient. This traditional information transfer process reduces the likelihood that the patient makes the effort to raise their questions with the physician in a follow up communication. This problem is often better addressed in the area of surgical procedures, where the patient is typically more prepared to understand the teaching provided by the surgeon, since the surgery is typically authorized after a number of prior physician visits and the repeated presentation of information during this series of meetings reduces the likelihood that the patient fails to understand at least the basic information that is presented. However, there is a lack of an effective audit trail to demonstrate that the patient was provided with adequate information and the information that was provided was understood by the patient. A further aspect of this problem is that drug and medical device manufacturers are required to provide drug and medical device use information to their doctor customers in the form of printed materials that describe the proper usage of the drug (dose, frequency, mode of use) or medical device as well as known side effects, contraindications, warnings and the like. This printed information is typically included in the packaging with the drugs or devices. However, this information is rarely read by or presented to the patient and less frequently understood by the patient. Therefore, the entire field of medical information delivery as it is presently constituted is grossly inadequate for the needs of all the parties involved. The effective rate of information transfer from the medical professionals to the patients is very low and the medical professionals do not presently have any reliable, consistent and incontrovertible mechanism to verify that the information was provided to the patient and was understood by the patient. These problems, articulated for the field of medical information delivery, are analogous to problems found in numerous other fields, where an important segment of the information delivery is the fact that the individual who receives the information understands the information and acquiesces to the terms and conditions associated with the transaction for which the information is relevant. There presently is no viable solution to these problems.
Solution The above described problems are solved and a technical advance achieved by the present system for providing information prescriptions which ensures that the individual who receives the information understands the information and acquiesces to the terms and conditions associated with the transaction for which the information is relevant. In the field of medical information delivery, for example, this system for providing information prescriptions enables medical professionals to prescribe a set of information for the patient to review. The system for providing information prescriptions provides a data access transaction environment (including Data Informed Consent) in its entirety, in order to reduce the cost of providing relevant medical information to patients as well as to ensure that the prescribed information was provided to the patient and this information was understood by the patient, Moreover, there presently is no method by which the patient can attest to the receipt of and understanding of the information prescribed by the provider or other responsible entity and agree to the recommendations of the provider or other responsible entity attendant to that information in a manner that cannot be repudiated. This system for providing information prescriptions maintains a time and date stamped log, that identifies: providers or other responsible entity, patients, the set of information prescribed for each patient, the purpose for which the prescribed set of information is used. The system for providing information prescriptions also provides for multimedia information content that is archived and versioned for future reference to assure the integrity of the transaction. The system for providing information prescriptions also includes the capability to test the patient's understanding of the information and provides the patient with a mechanism to generate inquiries and to access additional information relating to the prescribed set of information. The provider or other responsible entity is therefore able to utilize the resources available from many sources to provide the patient with relevant information in a timely and efficient manner. The system for providing information prescriptions also contains the mechanisms by which the patient can attest to the viewing and understanding of the information and to the acceptance of the providers treatment and product use recommendations such that the patient ' s consent is thereby informed and the attestation cannot be legally repudiated. Thus, the present system for providing information prescriptions introduces a new paradigm in the field of information delivery and the secure attestation by an individual to terms and conditions associated with a transaction related to the delivered information. Various means of securing the data are available, such as symmetric and asymmetric encryption key systems and protected lists. Various means of authentication of users are available, including digital signatures, passwords, biometrics and smart cards. In the present embodiment, the security of data is addressed through the means of a public key infrastructure and digital certificate issuance to authorized and authenticated users. Each transaction participant consists of a client company, care provider, other responsible entity, or information source that holds a general Digital Certificate to authenticate that company, provider or information source. Each Digital Certificate bears a unique identifier to ensure that it can be tracked. Each Digital Certificate issued is accompanied by a set of requirements governing its use that are designed for compliance with regulations and the access limitations defined by the issuer. Each patient is authenticated and issued a Digital Certificate or other means of authentication to use in the generation of a Dynamic Data Informed Consent and for use in providing information to the patient and tracking the use of this information by the patient, and for logging, archiving and tracking patient sign-off for understanding of the information and for treatment and product use authorization.
The medium for data transmission among the parties served by the system for providing information prescriptions is any electronic data communication system, such as: the Internet, Intranet, Virtual Private Network (VPN), Wide Area Network, and the like. The system for providing information prescriptions acts as a compliance clearinghouse for the data flow and maintains a log of patients, category of data, purpose for which the data is used, time and date stamped. The system for providing information prescriptions maintains the audit trail of all uses of data, together with audit analysis software to determine if any breach of the system ' s authorization structure occurs. The system for providing information prescriptions supports and records transactions entailing legally valid authorization fortreatment and product use based on receipt and understanding of the information.
Brief Description of the Drawing Figures 1A & 1B illustrate in block diagram form the overall architecture of the system for providing information prescriptions and a typical environment in which it is operational;
Figure 2 illustrates additional details of the data informed consent system; Figures 3 and 4 illustrate in flow diagram form the operation of the system for providing information prescriptions of Figures 1A & 1B in processing a typical transaction; and Figure 5 illustrates in block diagram form the structure of the Dynamic Data
Informed Consent Domain. Detailed Description
The system for providing information prescriptions (termed "Information Prescription System" herein) ensures that the individual who receives the information understands the information and acquiesces to the terms and conditions associated with the transaction for which the information is relevant. In the field of medical information delivery, for example, this system for providing information prescriptions enables medical professionals to verify that a prescribed set of information was provided to the patient and this information was understood by the patient. The Information Prescription System provides a data access transaction environment (including Data Informed Consent) in its entirety, in order to reduce the cost of providing relevant medical information to patients as well as to ensure that the information was provided to the patient and this information was understood by the patient. The example of a medical information delivery scenario is used herein to illustrate the concepts of the Information Prescription System but this example is not intended to limit the scope and applicability of the Information Prescription System to the multitude of other fields and analogous applications where this paradigm is also applicable.
Figures 1 A & 1 B illustrate in block diagram form the overall architecture of the Information Prescription System 101 and a typical environment in which it is operational. In particular, the present Information Prescription System 101 is incorporated into a data storage and processing complex 100 that is connected to at least one communication medium CM (such as the Public Switched Telephone Network, or a wireless network, or the Internet, or other switched data network) to thereby enable individuals to obtain communication connections with the Information Prescription System 101. The data storage and processing system 100 on which the Information Prescription System 101 resides, includes: interactive web server WS1 , communications and data router DR1 , a plurality of servers S1-Sn which function to manage a plurality of databases and provide an interface to the Information Prescription System 101 and the Dynamic Data Informed Consent System 102. The Information Prescription System 101 includes various data management processes, some of which are described below. The individuals who access the Information Prescription System 101 are typically equipped with a personal computer, hand held computing device, cellular communication device, telephone station set or other data interface device, collectively termed "terminal equipment" T1-Tn herein. A typical terminal equipment T1 can be equipped with a processor PC, display device D, Web browser software AB, and one or more databases or data storage devices, such as database E which is used to store information retrieved from the sites served by the Internet and database F which stores programs used to operate the processor PC. The data communication connection between the individual's terminal equipment T1 and the Information Prescription System 101 can be via the Internet, using the well known personal computer modem and Internet browser technology available at the individual's terminal equipment T1. The physical connection that supports this data communication connection is typically effected from individual's terminal equipment T1 through the Local Exchange Carrier LEC1 of the Public Switched Telephone Network (PSTN) to the Internet CM which is also connected thereto. The Internet CM is also connected to a Local Exchange Carrier LEC2 which serves the communications and data router DR1 of the Information Prescription System 101.
In this environment, there are numerous other entities that can make use of the Information Prescription System 101 and its capabilities, or can be accessed by the Information Prescription System 101 as is described below. For example, providers are typically equipped with a provider communication system P that enables the provider to communicate with the data storage and processing complex 100 via the Internet CM. The provider communication system typically is equipped with a plurality of databases, such as database C, which may store information, and database D, which may store information for access by the individuals, such as educational scripts. This information may alternatively be incorporated, in whole or in part, into a standalone interactive teaching system (not shown). Similarly, there are a multitude of information vendors who maintain information repositories, illustrated in conceptual form in Figure 1 A as information vendor Web site IV. The information vendor Web site IV typically consists of a data router/server DR2, Web server software WS2 and a plurality of databases, such as database A for storing prescription drug data for access by patients, and database B for storing access control software and data to enable the information vendor to authenticate a patient's right of access, create an information audit trail, and manage the information transaction. The information vendor Web site IV can optionally be equipped with one or more stand-alone interactive teaching systems (not shown).
There is a plethora of medical information available to patients in printed form and over the Internet, which medical information covers the entire spectrum of information relating to: medical and surgical procedures, illnesses, prescription drugs, treatments, alternative medicine, medical practitioners, care facilities, insurance coverage, government programs, legal issues surrounding research and tissue and organ donation, and the like. This wealth of information is presently not organized in any manner to enable a patient to access the information that they desire in a convenient manner. Therefore, this wealth of information is not being used by many of the patients who need this information. An ancillary problem is that physicians expend a significant amount of time and effort in patient education, having to distill the wealth of medical information into a coherent, focused and understandable presentation for each patient and relating to each medical issue of that patient. Not only is this task daunting, but the physician is without an adequate audit trail to demonstrate that the information was not only provided to the patient but also understood by the patient. Moreover, the physician or other responsible entity has no means to assure that the information presented to a patient over a network has been received, understood and accepted by the patient. Thus, the traditional nature of medical practice is that the time spent by the physician in patient education is typically compressed into a portion of an office visit, where the patient arrives unprepared and leaves without having had adequate time to fully ponder the information that was provided, while the physician is unsure how much of the presentation of information was understood by the patient, even if the patient has signed an informed consent attestation. This traditional information transfer process reduces the likelihood that the patient makes the effort to raise their questions with the physician in a follow up communication. This problem is only marginally better addressed in the area of surgical procedures, where the patient may be more prepared to understand the teaching provided by the surgeon, since the surgery is typically authorized after a number of prior physician visits and the (assumed) repeated presentation of information during this series of meetings may reduces the likelihood that the patient fails to understand at least the basic information that is presented. However, there is a lack of an effective audit trail to demonstrate that the patient was provided with adequate information and the information that was provided was understood by the patient. A further aspect of this problem is that drug and medical device manufacturers are required to provide drug and medical device use information to their physician customers in the form of printed materials that describe the proper usage of the drug (dose, frequency, mode of use) or devices as well as known side effects, contraindications, warnings and the like. This printed information is typically included in the packaging with the drugs and is rarely presented to the patient and less frequently understood. Therefore, the entire field of medical information delivery as it is presently constituted is grossly inadequate for the needs of all the parties involved. The effective rate of information transfer from the medical professionals to the patients is very low and the medical professionals do not presently have any mechanism to verify that the information was provided to the patient or was understood by the patient. Definitions: Confidentiality - This comprises a secret communication with another party
(trusted other). The confidential exchange of information implies that the information is exchanged or shared with the trusted other who is trusted to keep the information secret, i.e. the trusted other will not disclose the information to others.
Privacy - This comprises the state of being free from unsanctioned intrusion. Privacy is often confused with security. Security implies safety from intrusion, while privacy invokes the ability of a person to avoid intrusion unless that person authorizes the intrusion.
Security- This comprises the level to which data is safe from unauthorized use. Security requires mechanisms which protect the data from unauthorized use. The dynamic process of authorization or revocation of authorization via operation of a security mechanism is the exercise of privacy. Data Informed Consent -The process by which a patient is informed about their rights under the law, and the responsibilities of parties who use their personalized information (General Advisory), as well as the manner in which their data is used, managed and protected (Specific Advisory). This process provides for interactive patient control of disclosure authorization and the revocation thereof (Dynamic Consent). In other words Data Informed Consent dictates what client companies (providers, payers, drug and device manufacturers, research organizations, e-health companies) can do with the patient's data - hence a two-way interaction: the present system informs the patient of the various options; patients consent to client companies accessing their data via the present system pursuant to the parameters specified by the patient.
Clients - The term "client" is used to identify any of the class of providing health care businesses or other responsible entities that interact with the patient, such as: health care providers, product vendors, information vendors, e-health companies, payers, laboratories, research organizations, attorneys, data storage companies, and the like..
The components of the Information Prescription system include: A public key infrastructure (PKI) that provides robust encryption of all data routed through the Information Prescription system. Encryption modalities other than PKI may be employed to implement this function.
Digital certificates to provide ongoing authentication of approved parties, and associated constraints on use and attestations provided by the parties to whom they are issued. Other means of authentication such as passwords, biometrics and smart cards may be used to implement this function. A data center and service center managed by a controlling entity to manage both the issuance of digital certificates to participants (client companies and patients), and the management of Data Informed Consent. While the example is focused on the use of electronic apparatus for data storage, data exchange, data security, and privacy, it is expected that portions of this system may entail the use of traditional paper-based forms and processes. This example is used due to its pertinence to the present needs of this industry and is intended to be illustrative of the concepts embodied in the Information Prescription system and is not intended to limit the scope of the Information Prescription system as embodied in the claims appended hereto. Dynamic Data Informed Consent The Dynamic Data Informed Consent system 102 is cooperatively operative with, and may be part of, the Information Prescription System 101 and functions to interactively manage the information exchange with the patient and maintain a confidential audit trail of the information accesses and retrievals by the patient. This Dynamic Data Informed Consent system 102 is described in detail in the above-noted U.S. Patent Application titled "System for Providing Dynamic Data Informed Consent To Provide Data Privacy and Security In Database Systems and in Networked Communications," and the disclosure contained in that application is hereby incorporated into this application to the extent necessary to support this description. The general provisions that the Dynamic Data Informed Consent segment 102 of the present Information Prescription System 101 typically includes the following: 1.) There is a duty not to use or disclose information except as authorized by the patient, or as explicitly permitted by legislation or regulations.
2.) Clients are permitted to use the information only for purposes compatible with and directly related to the purposes for which the information was collected or received, or for which they are authorized to disclose the information.
3.) Clients are required to maintain reasonable and appropriate administrative, technical, and physical safeguards. a.) The Dynamic Data Informed Consent System 102 ensures the integrity and confidentiality of information; and b.) The Dynamic Data Informed Consent System 102 protects against any reasonably anticipated threats or hazards to the security or integrity of the information and unauthorized uses or disclosures of the information. Architecture of the Dynamic Data Informed Consent System
Figure 2 illustrates additional details of the Dynamic Data Informed Consent System 102 in conceptual block diagram form to illustrate the functionality of this system. The Dynamic Data Informed Consent System 102 functions to regulate the exchange of proprietary patient specific data among the plurality of clients served by the Dynamic Data Informed Consent System 102. The Dynamic Data Informed Consent System 102, in a typical embodiment, itself comprises one or more servers 221 , 222 which interface the Dynamic Data Informed Consent System 102 to the various elements contained in the data storage and processing system 100. The Dynamic Data Informed Consent System 102 can be viewed as a plurality of components, which can be implemented as an integrated facility or portions thereof can be outsourced to other vendors. For example, the data storage function can optionally be implemented within Dynamic Data Informed Consent System 102 as an Information Management System (IMS1), and the Public Key Infrastructure (PKI) can optionally be implemented within Dynamic Data Informed Consent System 102. The Information Management System (IMS1) includes a data storage manager 251 , administrator interface terminal 254 and its associated data storage devices 252, 253, which stores the proprietary patient specific data. The core element of the Dynamic Data Informed Consent System 102 is the dynamic Data Informed Consent Management system (DIG Management). The Public Key Infrastructure (PKI) comprises a subscriber manager 220 and a key management element 230, shared between the Data Informed Consent Management system (DIC Management) and the Public Key Infrastructure (PKI). in addition, the Public Key Infrastructure (PKI) includes a digital certificate processing element 240.
The Data Informed Consent Management system (DIC Management) typically comprises one or more servers 221 , 222 to manage interactions with patients and clients. The Data Informed Consent Management system (DIC Management) includes a patient/client subscription module comprising the RA Control Center 225, an associated administrator data terminal device 226 and data storage elements 227. Similarly, a digital certificate module, comprising the CA Control Center 223, an associated administrator data terminal device 224 and data storage elements 228, is provided. Finally, the Data Informed Consent Management system (DIC Management) includes a data informed consent module 260, comprising DIC Control Center 261 , an associated administrator data terminal device 262 and data storage elements 263, 264. The operation of these elements is described below. Dynamic Data Informed Consent Transaction
For clients and patients to be served by the Dynamic Data Informed Consent System 102, their identity must be verified and ensured in future transactions. This is typically accomplished by use of the well known paradigm of Digital Certificates. When a patient or client wishes to avail themselves of the services of the Dynamic Data Informed Consent System 102, they establish a communication connection via data communication medium CM to the Dynamic Data Informed Consent System 102 and interconnect with servers 221 , 222 via communication paths WA. The Dynamic Data Informed Consent System 102 then executes a script via RA Control Center 225 and certificate processing system 240, to identify the patient/client and record their identity and set of permissions in the registration database stored in memory 227. The Dynamic Data Informed Consent System 102 in well known fashion issues a Digital Certificate via certificate processing system 240, which Digital Certificate is transmitted via servers 221 , 222 and communication paths WA to the patient/client to thereby authorize future access to the Dynamic Data Informed Consent System 102.
When Digital Certificates are issued by the Dynamic Data Informed Consent System 102 to clients, these parties can access the Dynamic Data Informed Consent System 102 to assure compliance with a patient's dynamic data informed consent when accessing patients' proprietary patient specific data and providing data to patients. The patients are also provided with Digital Certificates, which they use to access the Dynamic Data Informed Consent System 102 to create the Data Informed Consent for the patient's personal data. Thus, the patient, via data communication medium 201 , accesses the Dynamic Data Informed Consent System 102 and, in particular, the Data Informed Consent module 260 to create a Data Informed Consent file for the patient's proprietary patient specific data which is stored in informed consent database memory 263. This data informed consent data created by the patient is the basis of empowering the clients to access, exchange and process the patients' proprietary patient specific data. It is apparent that the patient can create the data informed consent data via the submission of a paper form, which is then input into the Dynamic Data Informed Consent System 102 by clerical staff. In either case, the data informed consent stored in Dynamic Data Informed Consent System 102 is the basis for the transactions described herein.
Domain Definition for the Dynamic Data Informed Consent System
Figure 5 illustrates in block diagram form the structure of the Dynamic Data Informed Consent Domain. In particular, the correspondence among the various data elements in the Dynamic Data Informed Consent System 102 is illustrated. Thus, the patient has a one to one mapping to a Data Informed Consent, since the Dynamic Data Informed Consent System 102 maintains a single Data Informed Consent for each patient. The Data Informed Consent is mapped to up to n clients, although at any time there may be no clients authorized under the patient's Data Informed Consent. Similarly, the patient has a one to one correspondence to an audit trail file maintained by the Dynamic Data Informed Consent System 102. The audit trail file is mapped to up to n Data Informed Consent Updates, although at any time there may be no Data Informed Consent Updates authorized under the patient's Data Informed Consent. The Data Informed Consent Updates are mapped to up to n clients, although at any time there may be no clients authorized under the patient's Data Informed Consent Updates. The patient's audit trail file is mapped to up to n Health Information Transactions, although at any time there may be no Health Information Transactions authorized under the patient's Data Informed Consent. Similarly, each Health Information Transaction is mapped to up to n transmitting and n receiving clients, although at any time there may be no clients authorized under the patient's Data Informed Consent. Operation of the Information Prescription System
Figures 3 and 4 illustrate in flow diagram form the operation of the Information Prescription System 101 of Figures 1 A & 1 B in processing a typical transaction. When Digital Certificates are issued to clients, these parties can access the Information Prescription System 101 to assure compliance when transacting with or accessing the Information Prescription System 101. The patients are also provided with Digital Certificates, which they use to access the Information Prescription System 101 to create the Data Informed Consent for the patient's data and for the access of information, with the associated audit trail creation. Thus, the patient accesses the Information Prescription System 101 and, in particular, the Data Informed Consent Management module 201 to create a Data Informed Consent file for the patient's personal data which is stored in memory in one or more data storage systems, such as a rules-driven relational database system. In a typical interaction, the provider at step 301 instructs the patient to retrieve a predetermined set of information ("information prescription") for review prior to a conference scheduled between the patient and the provider. The information can reside in a single location or can be distributed across many locations. For example, an initial segment of the information prescription may reside on the provider's information system P, a second segment may reside on the data storage and processing system 100, and a third segment may reside on an information vendor information system IV. The issuance of an information prescription can be implemented electronically at step 302 by the provider, using provider information system P, encrypting the patient personal data, using PKI software and interface supplied by the company (PrivaComp, Inc.) that operates the Information Prescription System 101. The provider's Digital Certificate, issued by the Information Prescription System 101 , at step 303 is attached and the "wrapped" data is sent through the PKI encryption module 203 to ensure security of the transaction. The data access request flows to the Information Prescription System 101 Certificate Authority and Certificate Management module 202 at step 304 where the authorization of the provider is verified, as a client of the Information Prescription System 101. The verified request is then forwarded to Data Informed Consent module 201 at step 305 to be processed and the granted request is output through PKI encryption module 203 and transmitted over the data transmission medium 103 at step 306 to the patient's terminal device T1 to thereby enable the patient to execute the information prescription issued by the provider. All transactions, once cleared through the Certificate/signature validation step 304, result in the Information Prescription System 101 generating appropriate audit log entries. Thus, the information prescription is self defining, in that it identifies the patient and all segments of information (and optionally their sources) that are to be retrieved by the patient. The information prescription can optionally also establish thresholds for each segment of the information, where the threshold defines the required minimum patient comprehension level for the received information, as measured by the entity providing the information. An additional optional feature of this process is executed at step 307 where the Information Prescription System 101 generates a Digital Certificate, which is transmitted overthe data transmission medium 103 to client information vendor(s) IV who may then process the patient personal data transmitted by the provider and/or the Information Prescription System 101 to enable the patient to access data stored in the information vendor system IV.
Once the patient has received the information prescription and the associated Digital Certificate, they can initiate the information retrieval process. At step 401 , the patient receives an information prescription from the Information Prescription System 101 via the Internet CM at their terminal device T1. Alternatively, in some applications, the patient (or other individual) may initiate an information access independent of the provider. Such a case can be the retrieval of information to initiate an organ donor process. In either case, the patient then initiates a communication connection at step 402 to the Information Prescription System 101 via the Internet (as described above) in well known manner using terminal device T1. At step 403, the Information Prescription System 101 receives the information prescription from the patient and verifies the authenticity of the information prescription via the operation of the Dynamic Data Informed Consent System 102, as described above. Once the information prescription has been validated and the audit trail file of this transaction created in database H, the Information Prescription System 101 at step 404, for example, provides the patient with access to a predetermined set of information that is stored in database G, which information constitutes a portion of the information defined in the information prescription. At step 405, the patient's access of this information and, optionally, the test results obtained via queries provided to the patient as part of the information retrieval process, are time stamped and recorded in a transaction file in database H to thereby provide an audit trail for future reference. Once the patient has completed their access of this segment (if there is such a segment in this transaction) of the information prescription, the Information Prescription System 101 at step 406 routes the patient to the repository of the next segment of the information contained in the information prescription, if there is another segment. If not, the patient is routed to step 412 as described below.
For example, the information vendor's information system IV can be accessed via the URL of this Web site, so the patient is automatically provided with the next portion of the information defined in the information prescription. The access to the information vendor Web site IV is accomplished by the Information Prescription System 101 at step 407 transmitting an information access request to the information vendor Web site IV in encrypted form as described above, including the Digital Certificate that was issued to the patient. At step 408, the information vendor Web site IV processes the information request by validating the permission of the patient to retrieve the identified information, then provides the patient with access to this information and creates an audit trail of the information access and, optionally, the test results obtained via queries provided to the patient as part of the information retrieval process. The information retrieval process data is time stamped and recorded in a transaction file in database B at step 409 to thereby provide an audit trail for future reference. In addition, the audit trail data, including identification of the patient, the data accesses and test results, are transmitted to the Information Prescription System 101 at step 410 for storage in the transaction file associated with this patient at step 411. Upon completion of distribution of the information to the patient, at Step 412 the Information Prescription System 101 obtains a digital signature sign-off by the patient, that cannot be repudiated, confirming patient understanding of the information and agreement to physician-recommended treatment and product use, or other responsible entity-recommended authorization. Upon the conclusion of all of the information accesses defined in the information prescription, or upon termination of the session by the patient, the Information Prescription System 101 at step 413 transmits an encrypted message to the provider's (or other responsible entities) information system P to advise the provider or other responsible entity of the patient's use of the information prescription, and whether the patient has executed the entirety of the information prescription.
In this manner, the provider or other responsible entity can make use of resources available from many sources to provide the patient with information relating to a particular illness or medical condition or related transaction. The provider or other responsible entity exercises control overthe nature and content of the information by defining the information content of the information prescription, receives verification of the patient's use (in whole or in part) of the information prescription, and receives legally-valid, patient consent (authorization) that cannot be repudiated, for recommended treatment and/or product use, or other legally-required authorization in accordance with the information provided (i.e., legally defensible "informed consent"). The Information Prescription System 101 may remain connected to the patient's terminal device T1 for the entirety of the communication connection in order that the Information Prescription System 101 monitor the transaction and record the data relating to the patient's access of the information contained in the information prescription. Alternatively, the Information Prescription System 101 can facilitate the transfer of the data communication connection to an information vendor and simply receive data from the information vendor relating to the patient's access of the information contained in the information prescription. In either case, the Information Prescription System 101 maintains a record of the information prescription and its use for future validation of the patient's access to the information contained in the information prescription. Summary
The Information Prescription System is a dynamic patient authorization management tool that differs from existing data management systems in that it enables medical professionals or other responsible entities to prescribe a set of information for the patient to review. The Information Prescription System provides a data access transaction environment (including Data Informed Consent) in its entirety, in order to reduce the cost of providing relevant medical and related information to patients as well as to ensure that the prescribed information was provided to the patient and that this information was understood by the patient and that the recommendations were accepted by the patient.

Claims

What is Claimed:
1. A system for providing information prescriptions, operational in a data communication network which serves a plurality of providers, other responsible entities, and information vendors, where said system for providing information prescriptions is accessible by a plurality of individuals, said system for providing information prescriptions comprising: means, responsive to receipt of a request from a provider that defines both a set of information and a individual, for verifying authorization of said provider to issue an information prescription; and means for generating an information prescription that defines said set of information and identifies said individual.
2. The system for providing information prescriptions of claim 1 further comprising: means for transmitting said information prescription to said individual.
3. The system for providing information prescriptions of claim 2 wherein said means for generating comprises: means for identifying at least one information vendor to provide said individual with access to said set of information.
4. The system for providing information prescriptions of claim 3 wherein said means for generating further comprises: means for transmitting said information prescription to said identified at least one information vendor.
5. The system for providing information prescriptions of claim 4 further comprising: means, located at said identified at least one information vendor and responsive to said individual accessing said identified at least one information vendor via said data communication network, for authenticating said individual by comparing an information prescription received from said means for transmitting with an identity of said individual; and means, responsive to said individual being authenticated, for providing said individual with access to at least a portion of said set of information.
6. The system for providing information prescriptions of claim 5 further comprising: means, located at said identified at least one information vendor, for monitoring access of said individual to said at least a portion of said set of information; and means, located at said identified at least one information vendor, for generating an audit trail record of said information access, said audit trail record including at least one of: individual identification, information prescription identification, time stamp of said information access, duration of said information access, results of tests provided to said individual as part of said information access, degree of completion of said information access, digital signature sign-off by the individual confirming individual understanding of the information and agreement to stipulations contained in said information.
7. The system for providing information prescriptions of claim 6 further comprising: means, located at said identified at least one information vendor, for transmitting said audit trail record to said means for generating to indicate said individual accessing said at least a portion of said set of information.
8. The system for providing information prescriptions of claim 7 further comprising: means for storing a received audit trail record in a memory.
9. The system for providing information prescriptions of claim 8 further comprising: means for transmitting data to said provider indicative of receipt of said audit trail record for said individual.
10. The system for providing information prescriptions of claim 1 further comprising: means, responsive to said individual accessing said system for providing information prescriptions via said data communication network, for authenticating said individual by comparing said generated information prescription with an identity of said individual; and means, responsive to said individual being authenticated, for providing said individual with access to at least a portion of said set of information.
11. The system for providing information prescriptions of claim 10 further comprising: means for monitoring access of said individual to said at least a portion of said set of information; means for generating an audit trail record of said information access, said audit trail record including at least one of: individual identification, information prescription identification, time stamp of said information access, duration of said information access, results of tests provided to said individual as part of said information access, degree of completion of said information access; and means for storing said audit trail record in a memory.
12. The system for providing information prescriptions of claim 11 further comprising: means for transmitting data to said provider indicative of generation of said audit trail record for said individual.
13. The system for providing information prescriptions of claim 11 further comprising: means for obtaining a digital signature sign-off by the individual, that cannot be repudiated, confirming individual understanding of the information and agreement to stipulations contained in said information; and means for storing said digital signature in said memory.
14. The system for providing information prescriptions of claim 13 further comprising: means for transmitting data to said provider indicative of generation of said audit trail record and said digital signature for said individual.
15. The system for providing information prescriptions of claim 11 wherein said means for generating comprises: means for identifying at least one information vendor to provide said individual with access to at least a portion of said set of information.
16. The system for providing information prescriptions of claim 15 further comprising: means, located at said identified at least one information vendor and responsive to said individual accessing said identified at least one information vendor via said data communication network, for authenticating said individual by comparing an information prescription received from said means for transmitting with an identity of said individual; and means, responsive to said individual being authenticated, for providing said individual with access to at least a portion of said set of information.
17. The system for providing information prescriptions of claim 16 further comprising: means, located at said identified at least one information vendor, for monitoring access of said individual to said at least a portion of said set of information; and means, located at said identified at least one information vendor, for generating an audit trail record of said information access, said audit trail record including at least one of: individual identification, information prescription identification, time stamp of said information access, duration of said information access, results of tests provided to said individual as part of said information access, degree of completion of said information access.
18. The system for providing information prescriptions of claim 17 further comprising: means, located at said identified at least one information vendor, for transmitting said audit trail record to said means for generating to indicate said individual accessing said at least a portion of said set of information.
19. The system for providing information prescriptions of claim 18 wherein said means for storing is responsive to a received audit trail record for storing said received audit trail record in said memory.
20. The system for providing information prescriptions of claim 19 further comprising: means for transmitting data to said provider indicative of receipt of said audit trail record for said individual.
21. The system for providing information prescriptions of claim 19 further comprising: means for obtaining a digital signature sign-off by the individual, that cannot be repudiated, confirming individual understanding of the information and agreement to stipulations contained in said information; and means for storing said digital signature in said memory.
22. The system for providing information prescriptions of claim 21 further comprising: means for transmitting data to said provider indicative of generation of said audit trail record and said digital signature for said individual.
23. A method of operating a system for providing information prescriptions, operational in a data communication network which serves a plurality of providers and information vendors, where said system for providing information prescriptions is accessible by a plurality of individuals, said system for providing information prescriptions comprising the steps of: verifying, in response to receipt of a request from a provider that defines both a set of information and a individual, authorization of said provider to issue an information prescription; and generating an information prescription that defines said set of information and identifies said individual.
24. The method of operating a system for providing information prescriptions of claim 23 further comprising the step of: transmitting said information prescription to said individual.
25. The method of operating a system for providing information prescriptions of claim 24 wherein said step of generating comprises: identifying at least one information vendorto provide said individual with access to said set of information.
26. The method of operating a system for providing information prescriptions of claim 25 wherein said step of generating further comprises: transmitting said information prescription to said identified at least one information vendor.
27. The method of operating a system for providing information prescriptions of claim 26 further comprising the steps of: authenticating at said identified at least one information vendor and in response to said individual accessing said identified at least one information vendor via said data communication network, said individual by comparing an information prescription received in said step of transmitting with an identity of said individual; and providing, in response to said individual being authenticated, said individual with access to at least a portion of said set of information.
28. The method of operating a system for providing information prescriptions of claim 27 further comprising the steps of: monitoring at said identified at least one information vendor, access of said individual to said at least a portion of said set of information; and generating at said identified at least one information vendor, an audit trail record of said information access, said audit trail record including at least one of: individual identification, information prescription identification, time stamp of said information access, duration of said information access, results of tests provided to said individual as part of said information access, degree of completion of said information access, digital signature sign-off by the individual confirming individual understanding of the information and agreement to stipulations contained in said information.
29. The method of operating a system forproviding information prescriptions of claim 28 further comprising the step of: transmitting from said identified at least one information vendor, said audit trail record to said system for providing information prescriptions to indicate said individual accessing said at least a portion of said set of information.
30. The method of operating a system for providing information prescriptions of claim 29 further comprising the step of: system for providing information prescriptions storing a received audit trail record in a memory.
31. The method of operating a system forproviding information prescriptions of claim 30 further comprising: transmitting data to said provider indicative of receipt of said audit trail record for said individual.
32. The method of operating a system for providing information prescriptions of claim 23 further comprising the steps of: authenticating, in response to said individual accessing said system for providing information prescriptions via said data communication network, said individual by comparing said generated information prescription with an identity of said individual; and providing , in response to said individual being authenticated, said individual with access to at least a portion of said set of information.
33. The method of operating a system for providing information prescriptions of claim 32 further comprising the steps of: monitoring access of said individual to said at least a portion of said set of information; generating an audit trail record of said information access, said audit trail record including at least one of: individual identification, information prescription identification, time stamp of said information access, duration of said information access, results of tests provided to said individual as part of said information access, degree of completion of said information access; and storing said audit trail record in a memory.
34. The method of operating a system for providing information prescriptions of claim 33 further comprising the step of: transmitting data to said provider indicative of generation of said audit trail record for said individual.
35. The method of operating a system for providing information prescriptions of claim 33 further comprising the steps of: obtaining a digital signature sign-off by the individual, that cannot be repudiated, confirming individual understanding of the information and agreement to stipulations contained in said information; and storing said digital signature in said memory.
36. The method of operating a system for providing information prescriptions of claim 35 further comprising the step of: transmitting data to said provider indicative of generation of said audit trail record and said digital signature for said individual.
37. The method of operating a system for providing information prescriptions of claim 33 wherein said step of generating comprises: identifying at least one information vendorto provide said individual with access to at least a portion of said set of information.
38. The method of operating a system for providing information prescriptions of claim 37 further comprising the steps of: authenticating at said identified at least one information vendor and responsive to said individual accessing said identified at least one information vendor via said data communication network, said individual by comparing an information prescription received from said means for transmitting with an identity of said individual; and providing, in response to said individual being authenticated, said individual with access to at least a portion of said set of information.
39. The method of operating a system for providing information prescriptions of claim 38 further comprising the steps of: monitoring at said identified at least one information vendor, access of said individual to said at least a portion of said set of information; and generating at said identified at least one information vendor, an audit trail record of said information access, said audit trail record including at least one of: individual identification, information prescription identification, time stamp of said information access, duration of said information access, results of tests provided to said individual as part of said information access, degree of completion of said information access.
40. The method of operating a system for providing information prescriptions of claim 39 further comprising the step of: transmitting from said identified at least one information vendor, said audit trail record to said system for providing information prescriptions to indicate said individual accessing said at least a portion of said set of information.
41. The method of operating a system for providing information prescriptions of claim 40 wherein said step of storing is responsive to a received audit trail record for storing said received audit trail record in said memory.
42. The method of operating a system forproviding information prescriptions of claim 41 further comprising the step of: transmitting data to said provider indicative of receipt of said audit trail record for said individual.
43. The method of operating a system for providing information prescriptions of claim 41 further comprising the steps of: obtaining a digital signature sign-off by the individual, that cannot be repudiated, confirming individual understanding of the information and agreement to stipulations contained in said information; and storing said digital signature in said memory.
44. The method of operating a system for providing information prescriptions of claim 43 further comprising the step of: transmitting data to said provider indicative of generation of said audit trail record and said digital signature for said individual.
45. A system for providing information prescriptions, operational in a data communication network which serves a plurality of individuals and information vendors, where said system for providing information prescriptions is accessible by a plurality of individuals, said system for providing information prescriptions comprising: means, responsive to receipt of a request from a provider or other responsible entity that defines a set of information, for verifying authorization of said provider to issue an information prescription; and means for generating an information prescription that defines said set of information.
46. The system for providing information prescriptions of claim 45 further comprising: means, responsive to said individual accessing said system for providing information prescriptions via said data communication network, for authenticating said individual; and means, responsive to said individual being authenticated, for providing said individual with access to at least a portion of said set of information.
47. The system for providing information prescriptions of claim 46 further comprising: means for monitoring access of said individual to said at least a portion of said set of information; means for generating an audit trail record of said information access, said audit trail record including at least one of: individual identification, information prescription identification, time stamp of said information access, duration of said information access, results of tests provided to said individual as part of said information access, degree of completion of said information access; and means for storing said audit trail record in a memory.
48. The system for providing information prescriptions of claim 47 further comprising: means for obtaining a digital signature sign-off by the individual, that cannot be repudiated, confirming individual understanding of the information and agreement to stipulations contained in said set of information; and means for storing said digital signature in said memory.
49. The system for providing information prescriptions of claim 48 further comprising: means for transmitting data to said provider indicative of generation of said audit trail record and said digital signature for said individual.
50. A method of operating a system for providing information prescriptions, operational in a data communication network which serves a plurality of individuals and information vendors, where said system for providing information prescriptions is accessible by a plurality of individuals, saidπiethod of operating a system for providing information prescriptions comprising the steps of: verifying, in response to receipt of a request from a provider that defines a set of information, authorization of said provider to issue an information prescription; and generating an information prescription that defines said set of information.
51. The method of operating a system for providing information prescriptions of claim 50 further comprising the steps of: authenticating, in response to said individual accessing said system for providing information prescriptions via said data communication network, said individual; and providing, in response to said individual being authenticated, said individual with access to at least a portion of said set of information.
52. The method of operating a system for providing information prescriptions of claim 51 further comprising the steps of: monitoring access of said individual to said at least a portion of said set of information; generating an audit trail record of said information access, said audit trail record including at least one of: individual identification, information prescription identification, time stamp of said information access, duration of said information access, results of tests provided to said individual as part of said information access, degree of completion of said information access; and storing said audit trail record in a memory.
53. The method of operating a system for providing information prescriptions of claim 52 further comprising the steps of: obtaining a digital signature sign-off by the individual, that cannot be repudiated, confirming individual understanding of the information and agreement to stipulations contained in said set of information; and storing said digital signature in said memory.
54. The method of operating a system forproviding information prescriptions of claim 53 further comprising the step of: transmitting data to said provider indicative of generation of said audit trail record and said digital signature for said individual.
PCT/US2001/013868 2000-05-05 2001-04-30 System for providing information prescriptions WO2001086479A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001255778A AU2001255778A1 (en) 2000-05-05 2001-04-30 System for providing information prescriptions

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US56514400A 2000-05-05 2000-05-05
US09/565,144 2000-05-05

Publications (2)

Publication Number Publication Date
WO2001086479A2 true WO2001086479A2 (en) 2001-11-15
WO2001086479A3 WO2001086479A3 (en) 2003-06-05

Family

ID=24257372

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/013868 WO2001086479A2 (en) 2000-05-05 2001-04-30 System for providing information prescriptions

Country Status (2)

Country Link
AU (1) AU2001255778A1 (en)
WO (1) WO2001086479A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004038604A1 (en) * 2002-10-25 2004-05-06 Vivantti Pty Ltd A new method for storing data
WO2006000060A1 (en) * 2004-06-29 2006-01-05 Mca Medicorp (International) Pty Ltd A method and software product for establishing informed consent
US20150113430A1 (en) * 2010-02-23 2015-04-23 Farmacia Electronica, Inc. Method and system for consumer-specific communication based on cultural normalization techniques

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108786104A (en) * 2018-04-27 2018-11-13 北京鲸世科技有限公司 Game running method, apparatus and system, storage medium, electronic device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0766165A2 (en) * 1995-08-31 1997-04-02 Fujitsu Limited Licensee notification system
US5689565A (en) * 1995-06-29 1997-11-18 Microsoft Corporation Cryptography system and method for providing cryptographic services for a computer application
US5857028A (en) * 1996-01-11 1999-01-05 Frieling; Edward Computer access control by finger anatomy and comprehension testing
US5996076A (en) * 1997-02-19 1999-11-30 Verifone, Inc. System, method and article of manufacture for secure digital certification of electronic commerce
WO2000017837A1 (en) * 1998-09-18 2000-03-30 Vtl Link Methods and apparatus for authenticating informed consent

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5689565A (en) * 1995-06-29 1997-11-18 Microsoft Corporation Cryptography system and method for providing cryptographic services for a computer application
EP0766165A2 (en) * 1995-08-31 1997-04-02 Fujitsu Limited Licensee notification system
US5857028A (en) * 1996-01-11 1999-01-05 Frieling; Edward Computer access control by finger anatomy and comprehension testing
US5996076A (en) * 1997-02-19 1999-11-30 Verifone, Inc. System, method and article of manufacture for secure digital certification of electronic commerce
WO2000017837A1 (en) * 1998-09-18 2000-03-30 Vtl Link Methods and apparatus for authenticating informed consent

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004038604A1 (en) * 2002-10-25 2004-05-06 Vivantti Pty Ltd A new method for storing data
WO2006000060A1 (en) * 2004-06-29 2006-01-05 Mca Medicorp (International) Pty Ltd A method and software product for establishing informed consent
US20150113430A1 (en) * 2010-02-23 2015-04-23 Farmacia Electronica, Inc. Method and system for consumer-specific communication based on cultural normalization techniques

Also Published As

Publication number Publication date
AU2001255778A1 (en) 2001-11-20
WO2001086479A3 (en) 2003-06-05

Similar Documents

Publication Publication Date Title
Seol et al. Privacy-preserving attribute-based access control model for XML-based electronic health record system
CN107835182B (en) Electronic prescription system based on block chain and processing method
CN107896213B (en) Electronic prescription data storage method
US9419951B1 (en) System and method for secure three-party communications
TW510997B (en) Privacy and security method and system for a world-wide-web site
US20060004588A1 (en) Method and system for obtaining, maintaining and distributing data
CN110008746A (en) Medical records storage, shared and safety Claims Resolution model and method based on block chain
CN111261250B (en) Medical data sharing method and device based on block chain technology, electronic equipment and storage medium
US20060085347A1 (en) Method and apparatus for managing personal medical information in a secure manner
KR101925322B1 (en) Method for providing medical counseling service including digital certification, digital signature, and forgery prevention
WO2006118628A2 (en) Personal control of healthcare information and related systems, methods, and devices
Arbabi et al. A survey on blockchain for healthcare: Challenges, benefits, and future directions
EP1226524A2 (en) System for providing dynamic data informed consent to provide data privacy and security in database systems and in networked communications
Andriole Security of electronic medical information and patient privacy: what you need to know
KR20130045902A (en) Anonymous healthcare and records system
US10348695B1 (en) Secure access to individual information
CN114065261A (en) Block chain-based distributed trusted data sharing platform, method and system
KR20010083533A (en) Electronic prescription delivery/management system and method using a computer network
US10929509B2 (en) Accessing an interoperable medical code
Neuhaus et al. Survey on healthcare IT systems: standards, regulations and security
US20210005293A1 (en) System and method for providing access of a user's health information to third parties
JP2000331101A (en) System and method for managing information related to medical care
KR100945819B1 (en) Personal health record service method and system using mobile devices
WO2001086479A2 (en) System for providing information prescriptions
Kohane et al. Health information identification and de-identification toolkit.

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AU BR CA CN JP KR MX

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP