WO2000026823A1 - A system for protection of unauthorized entry into accessing records in a record database - Google Patents

A system for protection of unauthorized entry into accessing records in a record database Download PDF

Info

Publication number
WO2000026823A1
WO2000026823A1 PCT/US1999/026090 US9926090W WO0026823A1 WO 2000026823 A1 WO2000026823 A1 WO 2000026823A1 US 9926090 W US9926090 W US 9926090W WO 0026823 A1 WO0026823 A1 WO 0026823A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
record
database
query
access
Prior art date
Application number
PCT/US1999/026090
Other languages
French (fr)
Other versions
WO2000026823A9 (en
Inventor
Norton Garfinkle
Original Assignee
Garfinkle Limited Partnership Ii
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Garfinkle Limited Partnership Ii filed Critical Garfinkle Limited Partnership Ii
Priority to AU24733/00A priority Critical patent/AU2473300A/en
Publication of WO2000026823A1 publication Critical patent/WO2000026823A1/en
Publication of WO2000026823A9 publication Critical patent/WO2000026823A9/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records

Definitions

  • the present invention relates to an improved system for protecting from unauthorized access to and/or entry into records of individuals in a database, and more particularly to a system for protecting medical records in a national medical record database.
  • a person's entire record includes record fragments recorded at different times, and usually recorded and stored at different physical locations. These record fragments include records stored on paper and film and more recently digital data records.
  • the doctor's office, hospital, HMO, or other medical entity that prepares the record usually stores the record at a physical location it selects, using its own addressing and security systems to access and protect the record.
  • the entity that prepares the record usually considers the record to be its property, rather than the property of the patient.
  • the present state of medical records provides relatively good physical security for the records. Digital records stored in a database are typically accessible only over a secure local network. In addition, there is today no practical way to access a complete medical history of a person when different record fragments are stored by different health care entities. Transfer of data between health care entities is slow at best and not practical at all in many instances due to incompatibility of the databases.
  • the national medical record database could reside in one or more physical databases.
  • the data could also reside in the databases of the health care entities that prepared them with hyper-links to a patient's record in each database so that the entire record could be assembled via the Internet using web browser technology.
  • a combination of physical and virtual databases could be used.
  • each person will have a medical identification (ID) for use in addressing the national medical record database when storing data in it or retrieving data from it.
  • ID medical identification
  • This ID could be preexisting personal numbers, special PIN numbers selected in secret, or a specific number issued by the manager of the national record database. While the advantages of a national medical database in providing improved care are clear, such a database raises data security concerns. Today, most medical records are not accessible over a public network. With a national medical record database, most medical records would be accessible. Today, an authorized or unauthorized person must know not only whose record he or she wants, but also where the record is kept and how to access records from that database. Today without increased security the unauthorized person may need to know only a person's medical ID and how to access the national medical database.
  • a feature of the present invention is a system that protects a record of an individual in a central database from access by unauthorized parties. More particularly, the present invention can protect against unauthorized access of a record in a central database accessible via a public network such as, e.g., the Internet.
  • the present invention contemplates records in a central database (e.g., a national medical record database or a central financial database) protected by personal identification codes.
  • Personal identification codes can include a person's assigned ID code. Examples of a person's assigned ID code include, e.g., a Universal Health Identification number, a Social Security number, or other alphanumeric string.
  • personal identification codes can also include biometrics, such as, e.g., one or more digital codes generated by one or more biometric physical characteristics of a person. Biometric physical characteristics of a person can include, e.g., an encoded finger print, a voice print, a signature print or a retinal scan.
  • These personal identification codes can be used to control access to a central database.
  • the personal identification codes can be used to grant access to certain approved individuals to the central database, and to identify and grant access to a particular record/file within the central database.
  • a feature of this invention is a system that protects from access by unauthorized parties, a record of an individual in a record database, generally and a record in a database accessible via a public network more particularly.
  • this invention contemplates records in a record database (for example, a national medical record database) protected by a digital code generated by a physical characteristic of the person (e.g., an encoded finger print, voice print, signature scan, or retinal scan) attached to each person's protected record in the database in addition to a person's assigned ID code (e.g., Social Security Number). Access via the ID can be selected in accordance with preestablished instructions mandated by the individual. For example, some individuals will be more interested in medical personnel having ready access to their record and can specify instructions consistent with this concern. In addition, some individuals may be concerned about the privacy of certain parts of their medical history, but not others, and can specify instructions consistent with this concern.
  • a record database for example, a national medical record database
  • a digital code generated by a physical characteristic of the person e.g., an encoded finger print, voice print, signature scan, or retinal scan
  • ID code e.g., Social Security Number
  • a protected record cannot be entered or accessed from the national database unless the request is accompanied by the physical characteristic code that matches the physical characteristic code associated with the protected record.
  • Each individual, who participates in the national medical database can provide via a transducer a physical characteristic sample (e.g., a voiceprint, fingerprint or signature). This sample can be digitally encoded and attached to a person ' s entire record in the national database.
  • the record can also be stored in the database of the healthcare provider who generates the record and those records can be accessible by that healthcare provider without requiring the physical identifier code if the individual agrees to such access.
  • health care providers can continue to maintain their own databases for the records they generate and.
  • the record can be stored also in the national database, where records can be accessed from authorized terminals by predesignated professionals authorized by the individual using that person's ID.
  • access to protected records can require, in addition to the person's ID, the person's physical characteristic code, which is encoded as part of the request message.
  • the system in one embodiment, can require the physical presence of the individual.
  • a transducer associated with the terminal at which the request is made can transduce and encode the physical characteristic of the person whose protected record is sought and who is authorizing
  • a method for maintaining an individual's record in a record database with access to the record controlled by the individual features the steps of linking a plurality of data input/output terminals to a record database via a network, assigning each individual an ID number code, transducing an identifying characteristic of each individual to a digital identifying characteristic code, storing said ID number code and said digital identifying characteristic code in an ID and identifying code database, calculating an access code by algorithmically combining said ID number code and said digital identifying characteristic code, storing an individual's record in said record database accessible by said access code, querying said record database from one of said plurality of data input/output terminals by transmitting a query that includes sending a query ID number code, and a query digital identifying characteristic code, calculating a query access code by algorithmically combining said query ID number code and said query digital identifying characteristic code, and retrieving a query record from said record database using said query access code, comparing said query ID number code and said query identifying characteristic code transmitted in said querying step
  • a method for maintaining an individual's record in a record database with access to the record controlled by the individual features including steps of linking a plurality of data input/output terminals to a record database via a network, assigning each individual an ID number code, storing said ID number code in an ID database, transducing an identifying characteristic of each individual to a digital identifying characteristic code, storing said digital identifying characteristic code in an identifying characteristics code database, calculating an access code by algorithmically combining said ID number code and said digital identifying characteristic code, storing said access code in an access code database, storing an individual's record in said record database accessible by said access code, querying said record database from one of said plurality of data input/output terminals by transmitting a query that includes sending a query ID number code, and a query digital identifying characteristic code, calculating a query access code by algorithmically combining said query ID number code and said query digital identifying characteristic code, and retrieving a query record from said record database using said query access code, comparing said query ID
  • Another example embodiment features a method for maintaining an individual's record in a record database with access to the record controlled by the individual, including the steps of linking a plurality of data input/output terminals to a record database via a network, assigning each individual an ID number code, transducing an identifying characteristic of each individual to a digital identifying characteristic code, calculating an access code by algorithmically combining said ID number code and said digital identifying characteristic code, storing said access code in an access code database, storing an individual's record in said record database accessible by said access code, querying said record database from one of said plurality of data input/output terminals by transmitting a query that includes, sending a query ID number code, and a query digital identifying characteristic code, calculating a query access code by algorithmically combining said query ID number code and said query digital identifying characteristic code, and retrieving a query record from said record database using said query access code, comparing said query access code with said access code stored in said access code database, transmitting said record along with said ID number code to said one of
  • FIG. 1 is a block diagram showing an example workflow providing a patient access to a medical record by using an ID code and a biometric code;
  • FIG. 2 is a block diagram showing another example workflow with enhanced security features
  • FIG. 3 illustrates another workflow method for providing patient medical record access with additional security features
  • FIG. 4 illustrates yet another patient medical record access method having security features.
  • FIG. 1 illustratively depicts a block diagram 100 including an example workflow by which a patient 102 can gain access to a record associated with patient 102 at a requesting site
  • the block diagram 100 begins with the patient 102 or a person authorized by the patient 102, inputting or being assigned personal identification codes such as, e.g., an ID number code 104 and a biometric code 106.
  • the personal identification codes 104. 106. can be used to confirm the identity of a person 120 requesting access to a central records database 116.
  • the ID number code 104 and biometric code 106 are inputted into an ID & biometric database 112 as shown by lines 108 and 110, respectively.
  • the ID & biometric database 112 can verify that there is a match between the ID number and biometric inputted into ID number code 104 and biometric code 106 and the records stored in ID & biometric database 112.
  • ID code 104 and biometric code 106 match the records of approved lists of IDs stored in ID & biometric database 112, then access can be granted to a particular record using an ID code 114 which can be used to identify a particular record/file in the central records database 116.
  • the ID code 114 can be used to query records database 1 16 to obtain the individual record for patient 102.
  • the individual record can be associated with the ID code 114 and can then be transmitted back to the requesting site 120 for use by, e.g., an authorized user such as a doctor.
  • Requesting site 120 could be a doctor's office or a hospital, for example.
  • FIG. 2 illustratively depicts a block diagram 200 including another example workflow by which patient 102 can gain access to a record associated with patient 102 at a requesting site 120 according to another embodiment of the present invention.
  • the block diagram 200 depicts an another example method which provides enhanced security features.
  • the method of block diagram 200 includes using a special access code 204 to identify (i.e., index) records in a records database 216, instead of ID code 114.
  • the block diagram 200 begins similarly to diagram 100. As in the technique of FIG.
  • ID number code 104 and biometric code 106 can be used to confirm the identity of a person such as, e.g., a patient 102, requesting access to a record/file in central records database 216.
  • the ID number code 104 and biometric code 106 can be inputted into ID & biometric database 112 as shown as lines 108 and 110, respectively. If both the ID number code 104 and biometric code 106 match an approved list in ID & biometric database 112, then a special access code 204 can be calculated.
  • the special access code 204 can be calculated by an access code calculator 202 which can receive as input the verified ID number code and biometric code 220.
  • the access code calculator 202 can calculate the special access code 204 by combining the individual's ID number code 104 with one or more biometric codes 106 according to an algorithm, yielding an algorithmic result.
  • One embodiment of the special access code 204 could be a hash digest.
  • the access code 204 can be calculated by executing an algorithm as shown below in Table 1.
  • Special access code 204 can provide access to a separate records database 216, and can be used to identify and grant access to a particular record/file stored in the records database 216.
  • the technique of the present invention illustrated in FIG. 2 provides a higher level of security than that of FIG. 1.
  • the special access code 204 of FIG. 2 used to grant access to and to identify records in the central records database 216, is not known to any individual (i.e., including the individual accessing the information), a higher level of security is maintained.
  • the special access code 204 never leaves the confines of the central record database 216.
  • the central record database 216 itself does not contain any names or other identifying information beyond the special access code 204. If an approved access code
  • an individual record associated with the access code 204 can be accessed from the record database 216.
  • the record can be delivered/transmitted 208 with the access code to an access code match module 210 which can also receive an ID code and access code 206.
  • Access code match module 210 can then associate the individual record with the ID.
  • Access code match module 210 can then transmit the ID and individual record 212 to an individual record with ID storage module 214 which can then be accessed by the authorized requesting individual.
  • the individual record can be sent back to the requesting individual with the original ID code for identification proposes. No other identifiable information, including the special access code 204, need be transmitted back.
  • the individual record After the individual record is downloaded and has been used, it can be eliminated or destroyed at the local level to maintain privacy requirements, e.g., using an automatic routine.
  • FIG. 3 illustratively depicts a block diagram of another method 300 providing an even higher level of security than that shown in FIG. 2.
  • method 300 uses a central database 316 that contains only the records/files and special access codes 322 needed to grant access to and to identify particular records/files in records database 316.
  • the method 300 differs from method 200 in several ways.
  • Method 300 maintains an ID codes database 304 and a biometric database 306.
  • ID number code 104 can be stored 108 in ID database 304.
  • Storing ID number codes 104 in ID database 304 permits a verification comparing an input ID number code 104 to stored ID codes in ID database 304.
  • biometric code 106 can be stored 110 in biometric database 306.
  • Storing biometric codes 106 in biometric database 306 permits a verification comparing an input biometric code 106 to stored biometric codes in biometric database 306.
  • Using separate databases 304 and 306 for ID and biometric codes, respectively, increases security since the codes 104 and 106, which together can grant access to the records database 316, are not associated with each other in any single database.
  • the ID number code 104 and biometric code 106 can be matched to stored ID and biometric codes in ID database 304 and biometric database 306, respectively, to verify that the codes 104 and 106 are valid. Then, as in the previous method, the ID and biometric codes can be inputted as shown with lines 108 and 110 into an access code calculator 302 where the codes 104 and 106 can be combined with an algorithm, such as, e.g., that shown in table 1 , to produce a special access code 304. Access code 304 can then be stored in an access code database 320
  • the special access code 304 can be inputted into access code database 320 where the calculated access code 304 can be compared to stored access codes and verified by matching the calculated access code to access codes stored in the access code database 320.
  • This comparison/verification confirms the identity of the requesting individual since only one unique access code can be generated by combining the ID code 104 and biometric code 106.
  • the access code can then be provided to the records database 316 as shown by line 322.
  • the central record database 316 itself does not contain any names or other identifying information beyond the special access code 304. If an approved access code 322 is generated, then an individual record associated with the access code 322 can be accessed from the record database 316. Once a record has been accessed via an approved access code 322, the record can be delivered/transmitted 308 with the access code 322 to an access code match module 310 which can also receive an ID code and access code 306 from the access code calculator 302. Access code match module 310 can then associate the individual record with the ID.
  • Access code match module 310 can then transmit the ID and individual record 312 to an individual record with ID temporary storage module 314 which can then be accessed by the authorized requesting individual as shown by line 318.
  • the individual record can be sent back to the requesting individual with the original ID code 104 for identification proposes. No other identifiable information, including the special access code 320, need be transmitted back.
  • FIG. 4 illustratively depicts a block diagram of another method 40 that increases security of records database 316 even further by eliminating the ID database 304 and biometric database 306, altogether. As in the method 300 described above with reference to FIG.
  • the technique of method 400 combines the ID number code 104 and biometric code 106 with an algorithm to produce a unique special access code 304. If the special access code 304 matches an approved code in access code database 320, then access can be granted to the particular record associated with the valid special access code 322. The technique can continue as described with reference to FIG. 3.
  • the method 400 of FIG. 4 can provide additional security over method 300 by not maintaining an ID database 304 and biometric database 306 that could possibly be compromised.
  • Method 400 works on the premise that biometric codes 106 are unique throughout the human population and can therefore be used, with the ID code 104, to generate unique access codes 304.
  • Special access codes 30 can be confirmed as valid by the access code database 320 if they correspond to a particular code stored in the access code database 320.
  • the special access codes 204 and 304 are not known outside the central records database 316 or perhaps the access code database 320. Similar steps for transmitting records back to the requesting site can also be followed.
  • a protected record cannot be entered or accessed from the central database 216 and 316 unless a valid ID code 104 and one or more valid biometric physical characteristic codes 106 accompany the request.
  • biometric codes 106 can be time-stamped in order to protect against fraud and to insure only current requests are approved (to prevent biometric re-use from illegally intercepted transmissions).
  • Each individual who participates in the central database 216 and 316, provides, e.g., via a transducer, one or more physical biometric characteristic samples such as, e.g., a voice sample, fingerprint, or a signature. These samples can be digitally encoded, can be attached, can possibly be placed in an encrypted form, and can be associated with a person's entire record in the central database. Alternatively, as described in methods 200, 300 and 400, special access codes 204 and 304 can be generated/calculated when a record is initially created or modified via an algorithm that combines the biometric samples 106 and assigned
  • ID code 104 Although unknown to the individual, these special access codes 204 and 304 can be attached to the record and in one embodiment, can only be generated via the correct ID code 104 and biometric code 106.
  • ID codes 104 can be stored on magnetic and smart card systems
  • the ID code 104 can be recreated by a system that in one embodiment, accepts two or more biometric codes, or other enhanced identity verification, to provide a highly accurate procedure to confirm an individual's identity.
  • Access to records can be restricted in accordance with pre-established instructions mandated by the individual. For example, some individuals can be more interested in medical personnel having ready access to their record and can specify instructions consistent with this desire. In addition, some individuals may be concerned about the privacy of certain parts of their medical history, but not other parts, and can therefore, e.g., specify instructions consistent with these concerns. People that have approval or authorization from an individual can be provided, in one embodiment, the ability to access that individual's record via that individual's ID and their own biometric identifier code or codes. Approved people can produce a special access code 204 and 304, if required, that could grant them access to a particular individual's records.
  • an authorized person can, e.g., by using the individual's ID and their own biometric characteristic codes, be granted access to a particular individual's records.
  • biometric codes can also provide an added level of security by, e.g., allowing precise tracking of who has accessed an individual's records over a period of time.
  • access to the central records database 216 and 316 can be rendered harmless to privacy concerns, because names and other common forms of information used to identify individuals are absent from the medical records database 316.
  • This feature provides an added benefit to researchers, such as, e.g., epidemiological and clinical medical researchers in a medical records database, who can be given access to the central database 216 and 316 without risk of identifying particular individuals since any identification data is encoded, encrypted or not even in a readily accessible form.
  • the present invention can require the physical presence of the individual to provide biometric code 106 input.
  • a transducer associated with the entry terminal at which the request is made can transduce and encode the physical biometric characteristics 106 of the person whose protected record is sought and who is authorizing the request.
  • the biometric code or codes 106 can also be time-stamped for additional security.
  • the records themselves in the central records database 216 and 316 can be encrypted.
  • central record databases 216 and 316 following establishment of central record databases 216 and 316, some organizations can be authorized to continue to maintain their own separate databases for records that they generate, and, subject to agreement by the individual, can continue to control access to their respective databases.
  • records that are in a central database 216 and 316 can also, subject to agreement by the individual, be stored in the database of the organization that generates the record such as, e.g., a healthcare provider, or a financial organization.
  • the separately stored records can be accessible by the organization without requiring the biometric identifier code 106, i.e., if the individual agrees to such access.

Abstract

A method for maintaining an individual's records in a record database (116). For example, a national medical record database protected by a digital code (104) generated by a physical characteristic of the person such as an encoded finger print, voice print, signature scan, or retinal scan that can be attached to a person's protected record (110) in the database in addition to a person's assigned ID code (104) such as a Social Security Number (116). Access via the ID can be selected in accordance with pre-established instructions mandated by an individual (118). For example, some individuals (102) will be more interested in medical personnel having ready access to their record and can specify instructions consistent with this concern. Some individuals (102) may be concerned with the privacy of certain parts of their medical history while others may not be concerned and can specify instructions consistent with this concern.

Description

SYSTEM FOR PROTECTING FROM UNAUTHORIZED ENTRY INTO AND/ORACCESS TO RECORDS IN A RECORD DATABASE
Field of the Invention
The present invention relates to an improved system for protecting from unauthorized access to and/or entry into records of individuals in a database, and more particularly to a system for protecting medical records in a national medical record database.
Background of the Invention
As a person moves from birth to death, health care providers make records of his or her state of health and the medical intervention provided. A person's entire record includes record fragments recorded at different times, and usually recorded and stored at different physical locations. These record fragments include records stored on paper and film and more recently digital data records.
The doctor's office, hospital, HMO, or other medical entity that prepares the record usually stores the record at a physical location it selects, using its own addressing and security systems to access and protect the record. The entity that prepares the record usually considers the record to be its property, rather than the property of the patient. The present state of medical records provides relatively good physical security for the records. Digital records stored in a database are typically accessible only over a secure local network. In addition, there is today no practical way to access a complete medical history of a person when different record fragments are stored by different health care entities. Transfer of data between health care entities is slow at best and not practical at all in many instances due to incompatibility of the databases.
Relatively recent technologies, such as the Internet and large database managers, have made it practical to have a national medical record database where a health care provider could easily and immediately access a patient's medical records prepared by any entity at any time. Access can be over a public network such as the Internet using web browser technology. The national medical record database could reside in one or more physical databases. The data could also reside in the databases of the health care entities that prepared them with hyper-links to a patient's record in each database so that the entire record could be assembled via the Internet using web browser technology. A combination of physical and virtual databases could be used. In any case, each person will have a medical identification (ID) for use in addressing the national medical record database when storing data in it or retrieving data from it. This ID could be preexisting personal numbers, special PIN numbers selected in secret, or a specific number issued by the manager of the national record database. While the advantages of a national medical database in providing improved care are clear, such a database raises data security concerns. Today, most medical records are not accessible over a public network. With a national medical record database, most medical records would be accessible. Today, an authorized or unauthorized person must know not only whose record he or she wants, but also where the record is kept and how to access records from that database. Tomorrow without increased security the unauthorized person may need to know only a person's medical ID and how to access the national medical database.
It is thus desirable that a more secure way of controlling access to a record such as, e.g., a medical record, be provided. Summary of the Invention
A feature of the present invention is a system that protects a record of an individual in a central database from access by unauthorized parties. More particularly, the present invention can protect against unauthorized access of a record in a central database accessible via a public network such as, e.g., the Internet.
The present invention contemplates records in a central database (e.g., a national medical record database or a central financial database) protected by personal identification codes. Personal identification codes can include a person's assigned ID code. Examples of a person's assigned ID code include, e.g., a Universal Health Identification number, a Social Security number, or other alphanumeric string. Personal identification codes can also include biometrics, such as, e.g., one or more digital codes generated by one or more biometric physical characteristics of a person. Biometric physical characteristics of a person can include, e.g., an encoded finger print, a voice print, a signature print or a retinal scan.
These personal identification codes (assigned ID codes and biometrics) can be used to control access to a central database. For example, the personal identification codes can be used to grant access to certain approved individuals to the central database, and to identify and grant access to a particular record/file within the central database.
Various methods can be used to control access to the contents of the central database according to the present invention. Several exemplary techniques are described for establishing a secure central record database according to the present invention.
A feature of this invention is a system that protects from access by unauthorized parties, a record of an individual in a record database, generally and a record in a database accessible via a public network more particularly.
-J- Briefly, this invention contemplates records in a record database (for example, a national medical record database) protected by a digital code generated by a physical characteristic of the person (e.g., an encoded finger print, voice print, signature scan, or retinal scan) attached to each person's protected record in the database in addition to a person's assigned ID code (e.g., Social Security Number). Access via the ID can be selected in accordance with preestablished instructions mandated by the individual. For example, some individuals will be more interested in medical personnel having ready access to their record and can specify instructions consistent with this concern. In addition, some individuals may be concerned about the privacy of certain parts of their medical history, but not others, and can specify instructions consistent with this concern.
In one embodiment of the invention, a protected record cannot be entered or accessed from the national database unless the request is accompanied by the physical characteristic code that matches the physical characteristic code associated with the protected record. Each individual, who participates in the national medical database, can provide via a transducer a physical characteristic sample (e.g., a voiceprint, fingerprint or signature). This sample can be digitally encoded and attached to a person's entire record in the national database. The record can also be stored in the database of the healthcare provider who generates the record and those records can be accessible by that healthcare provider without requiring the physical identifier code if the individual agrees to such access. For the foreseeable future, following the establishment of a national medical database, health care providers can continue to maintain their own databases for the records they generate and. subject to agreement by the individual, can continue to control access to their respective databases. The record can be stored also in the national database, where records can be accessed from authorized terminals by predesignated professionals authorized by the individual using that person's ID. In contrast, access to protected records can require, in addition to the person's ID, the person's physical characteristic code, which is encoded as part of the request message. To authorize access to or entries into records with a highest level of protection, the system, in one embodiment, can require the physical presence of the individual. Here a transducer associated with the terminal at which the request is made, can transduce and encode the physical characteristic of the person whose protected record is sought and who is authorizing
the request.
In one embodiment of the invention, a method for maintaining an individual's record in a record database with access to the record controlled by the individual features the steps of linking a plurality of data input/output terminals to a record database via a network, assigning each individual an ID number code, transducing an identifying characteristic of each individual to a digital identifying characteristic code, storing said ID number code and said digital identifying characteristic code in an ID and identifying code database, calculating an access code by algorithmically combining said ID number code and said digital identifying characteristic code, storing an individual's record in said record database accessible by said access code, querying said record database from one of said plurality of data input/output terminals by transmitting a query that includes sending a query ID number code, and a query digital identifying characteristic code, calculating a query access code by algorithmically combining said query ID number code and said query digital identifying characteristic code, and retrieving a query record from said record database using said query access code, comparing said query ID number code and said query identifying characteristic code transmitted in said querying step with said identifying characteristic code and said ID number code stored in said ID and identifying code database, transmitting said record with said ID number code to said one of said plurality of data input/output terminals in response to said querying step only if the codes compared in said comparing step match within predetermined
limits.
In another embodiment, a method for maintaining an individual's record in a record database with access to the record controlled by the individual features is described including steps of linking a plurality of data input/output terminals to a record database via a network, assigning each individual an ID number code, storing said ID number code in an ID database, transducing an identifying characteristic of each individual to a digital identifying characteristic code, storing said digital identifying characteristic code in an identifying characteristics code database, calculating an access code by algorithmically combining said ID number code and said digital identifying characteristic code, storing said access code in an access code database, storing an individual's record in said record database accessible by said access code, querying said record database from one of said plurality of data input/output terminals by transmitting a query that includes sending a query ID number code, and a query digital identifying characteristic code, calculating a query access code by algorithmically combining said query ID number code and said query digital identifying characteristic code, and retrieving a query record from said record database using said query access code, comparing said query ID number code with said ID number stored in said ID database and comparing said query identifying characteristic code with said identifying characteristic code stored in said identifying characteristic code database, comparing said query access code with said access code stored in said access code database, transmitting said record along with said ID number code to said one of said plurality of data input/output terminals in response to said querying step only if the codes compared in said comparing steps match within predetermined limits. Another example embodiment features a method for maintaining an individual's record in a record database with access to the record controlled by the individual, including the steps of linking a plurality of data input/output terminals to a record database via a network, assigning each individual an ID number code, transducing an identifying characteristic of each individual to a digital identifying characteristic code, calculating an access code by algorithmically combining said ID number code and said digital identifying characteristic code, storing said access code in an access code database, storing an individual's record in said record database accessible by said access code, querying said record database from one of said plurality of data input/output terminals by transmitting a query that includes, sending a query ID number code, and a query digital identifying characteristic code, calculating a query access code by algorithmically combining said query ID number code and said query digital identifying characteristic code, and retrieving a query record from said record database using said query access code, comparing said query access code with said access code stored in said access code database, transmitting said record along with said ID number code to said one of said plurality of data input/output terminals in response to said querying step only if the codes compared in said comparing step match within predetermined limits.
Further features and advantages of the invention, as well as the structure and operation of various embodiments of the invention, are described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers generally indicate identical, functionally similar, and/or structurally similar elements. The drawing in which an element first appears is indicated by the leftmost digits in the corresponding reference number. Brief Description of the Drawings
The foregoing and other features and advantages will be better understood from the following detailed description of a preferred embodiment of the invention with reference to the drawings, wherein: FIG. 1 is a block diagram showing an example workflow providing a patient access to a medical record by using an ID code and a biometric code;
FIG. 2 is a block diagram showing another example workflow with enhanced security features;
FIG. 3 illustrates another workflow method for providing patient medical record access with additional security features; and
FIG. 4 illustrates yet another patient medical record access method having security features.
Detailed Description of a Preferred Embodiment of the Invention
The preferred embodiment of the invention is discussed in detail below. While specific implementations are discussed, it should be understood that this is done for illustration purposes only. A person skilled in the relevant art will recognize that other components and configurations may be used without parting from the spirit and scope of the invention.
FIG. 1 illustratively depicts a block diagram 100 including an example workflow by which a patient 102 can gain access to a record associated with patient 102 at a requesting site
120 according to one embodiment of the present invention. In one embodiment, the block diagram 100 begins with the patient 102 or a person authorized by the patient 102, inputting or being assigned personal identification codes such as, e.g., an ID number code 104 and a biometric code 106. The personal identification codes 104. 106. can be used to confirm the identity of a person 120 requesting access to a central records database 116. The ID number code 104 and biometric code 106 are inputted into an ID & biometric database 112 as shown by lines 108 and 110, respectively. The ID & biometric database 112 can verify that there is a match between the ID number and biometric inputted into ID number code 104 and biometric code 106 and the records stored in ID & biometric database 112. If both the ID code 104 and biometric code 106 match the records of approved lists of IDs stored in ID & biometric database 112, then access can be granted to a particular record using an ID code 114 which can be used to identify a particular record/file in the central records database 116. The ID code 114 can be used to query records database 1 16 to obtain the individual record for patient 102. The individual record can be associated with the ID code 114 and can then be transmitted back to the requesting site 120 for use by, e.g., an authorized user such as a doctor. Requesting site 120 could be a doctor's office or a hospital, for example.
FIG. 2 illustratively depicts a block diagram 200 including another example workflow by which patient 102 can gain access to a record associated with patient 102 at a requesting site 120 according to another embodiment of the present invention. The block diagram 200 depicts an another example method which provides enhanced security features. The method of block diagram 200 includes using a special access code 204 to identify (i.e., index) records in a records database 216, instead of ID code 114. The block diagram 200 begins similarly to diagram 100. As in the technique of FIG.
1, personal identification codes (ID number code 104 and biometric code 106) can be used to confirm the identity of a person such as, e.g., a patient 102, requesting access to a record/file in central records database 216. The ID number code 104 and biometric code 106 can be inputted into ID & biometric database 112 as shown as lines 108 and 110, respectively. If both the ID number code 104 and biometric code 106 match an approved list in ID & biometric database 112, then a special access code 204 can be calculated. The special access code 204 can be calculated by an access code calculator 202 which can receive as input the verified ID number code and biometric code 220. The access code calculator 202 can calculate the special access code 204 by combining the individual's ID number code 104 with one or more biometric codes 106 according to an algorithm, yielding an algorithmic result. One embodiment of the special access code 204 could be a hash digest. In one embodiment of the invention the access code 204 can be calculated by executing an algorithm as shown below in Table 1.
ID Code + Biometric Code(s) + Algorithm = Computed Special Access Code - Access to Protected Record
Table 1. Special access code 204 can provide access to a separate records database 216, and can be used to identify and grant access to a particular record/file stored in the records database 216. The technique of the present invention illustrated in FIG. 2 provides a higher level of security than that of FIG. 1. In particular, since the special access code 204 of FIG. 2, used to grant access to and to identify records in the central records database 216, is not known to any individual (i.e., including the individual accessing the information), a higher level of security is maintained. The special access code 204 never leaves the confines of the central record database 216. The central record database 216 itself does not contain any names or other identifying information beyond the special access code 204. If an approved access code
204 is generated, then an individual record associated with the access code 204 can be accessed from the record database 216. Once a record has been accessed via an approved access code 204, the record can be delivered/transmitted 208 with the access code to an access code match module 210 which can also receive an ID code and access code 206. Access code match module 210 can then associate the individual record with the ID. Access code match module 210 can then transmit the ID and individual record 212 to an individual record with ID storage module 214 which can then be accessed by the authorized requesting individual. Thus the individual record can be sent back to the requesting individual with the original ID code for identification proposes. No other identifiable information, including the special access code 204, need be transmitted back. After the individual record is downloaded and has been used, it can be eliminated or destroyed at the local level to maintain privacy requirements, e.g., using an automatic routine.
FIG. 3 illustratively depicts a block diagram of another method 300 providing an even higher level of security than that shown in FIG. 2. As in the technique of FIG. 2, method 300 uses a central database 316 that contains only the records/files and special access codes 322 needed to grant access to and to identify particular records/files in records database 316. The method 300 differs from method 200 in several ways.
Method 300 maintains an ID codes database 304 and a biometric database 306. ID number code 104 can be stored 108 in ID database 304. Storing ID number codes 104 in ID database 304 permits a verification comparing an input ID number code 104 to stored ID codes in ID database 304. Similarly, biometric code 106 can be stored 110 in biometric database 306. Storing biometric codes 106 in biometric database 306 permits a verification comparing an input biometric code 106 to stored biometric codes in biometric database 306. Using separate databases 304 and 306 for ID and biometric codes, respectively, increases security since the codes 104 and 106, which together can grant access to the records database 316, are not associated with each other in any single database. Instead, the ID number code 104 and biometric code 106 can be matched to stored ID and biometric codes in ID database 304 and biometric database 306, respectively, to verify that the codes 104 and 106 are valid. Then, as in the previous method, the ID and biometric codes can be inputted as shown with lines 108 and 110 into an access code calculator 302 where the codes 104 and 106 can be combined with an algorithm, such as, e.g., that shown in table 1 , to produce a special access code 304. Access code 304 can then be stored in an access code database 320
Before granting access to the records database 316, the special access code 304, just calculated by the access code calculator 302, can be inputted into access code database 320 where the calculated access code 304 can be compared to stored access codes and verified by matching the calculated access code to access codes stored in the access code database 320.
This comparison/verification confirms the identity of the requesting individual since only one unique access code can be generated by combining the ID code 104 and biometric code 106. The access code can then be provided to the records database 316 as shown by line 322.
The central record database 316 itself does not contain any names or other identifying information beyond the special access code 304. If an approved access code 322 is generated, then an individual record associated with the access code 322 can be accessed from the record database 316. Once a record has been accessed via an approved access code 322, the record can be delivered/transmitted 308 with the access code 322 to an access code match module 310 which can also receive an ID code and access code 306 from the access code calculator 302. Access code match module 310 can then associate the individual record with the ID.
Access code match module 310 can then transmit the ID and individual record 312 to an individual record with ID temporary storage module 314 which can then be accessed by the authorized requesting individual as shown by line 318. Thus the individual record can be sent back to the requesting individual with the original ID code 104 for identification proposes. No other identifiable information, including the special access code 320, need be transmitted back. After the individual record is downloaded and has been used, it can be eliminated or destroyed at the local level to maintain privacy requirements, e.g., using an automatic routine. FIG. 4 illustratively depicts a block diagram of another method 40 that increases security of records database 316 even further by eliminating the ID database 304 and biometric database 306, altogether. As in the method 300 described above with reference to FIG. 3, the technique of method 400 combines the ID number code 104 and biometric code 106 with an algorithm to produce a unique special access code 304. If the special access code 304 matches an approved code in access code database 320, then access can be granted to the particular record associated with the valid special access code 322. The technique can continue as described with reference to FIG. 3.
The method 400 of FIG. 4 can provide additional security over method 300 by not maintaining an ID database 304 and biometric database 306 that could possibly be compromised. Method 400 works on the premise that biometric codes 106 are unique throughout the human population and can therefore be used, with the ID code 104, to generate unique access codes 304. Special access codes 30 can be confirmed as valid by the access code database 320 if they correspond to a particular code stored in the access code database 320. As in the above described methods 200 and 300, that also use access codes 204 and 304, the special access codes 204 and 304 are not known outside the central records database 316 or perhaps the access code database 320. Similar steps for transmitting records back to the requesting site can also be followed.
In all the above-described methods, a protected record cannot be entered or accessed from the central database 216 and 316 unless a valid ID code 104 and one or more valid biometric physical characteristic codes 106 accompany the request. These biometric codes 106 can be time-stamped in order to protect against fraud and to insure only current requests are approved (to prevent biometric re-use from illegally intercepted transmissions).
Each individual, who participates in the central database 216 and 316, provides, e.g., via a transducer, one or more physical biometric characteristic samples such as, e.g., a voice sample, fingerprint, or a signature. These samples can be digitally encoded, can be attached, can possibly be placed in an encrypted form, and can be associated with a person's entire record in the central database. Alternatively, as described in methods 200, 300 and 400, special access codes 204 and 304 can be generated/calculated when a record is initially created or modified via an algorithm that combines the biometric samples 106 and assigned
ID code 104. Although unknown to the individual, these special access codes 204 and 304 can be attached to the record and in one embodiment, can only be generated via the correct ID code 104 and biometric code 106.
If an individual loses or forgets the individual's ID code 104 (i.e., ID codes 104 can be stored on magnetic and smart card systems), the ID code 104 can be recreated by a system that in one embodiment, accepts two or more biometric codes, or other enhanced identity verification, to provide a highly accurate procedure to confirm an individual's identity.
Access to records can be restricted in accordance with pre-established instructions mandated by the individual. For example, some individuals can be more interested in medical personnel having ready access to their record and can specify instructions consistent with this desire. In addition, some individuals may be concerned about the privacy of certain parts of their medical history, but not other parts, and can therefore, e.g., specify instructions consistent with these concerns. People that have approval or authorization from an individual can be provided, in one embodiment, the ability to access that individual's record via that individual's ID and their own biometric identifier code or codes. Approved people can produce a special access code 204 and 304, if required, that could grant them access to a particular individual's records. In one embodiment, an authorized person can, e.g., by using the individual's ID and their own biometric characteristic codes, be granted access to a particular individual's records. The use of biometric codes can also provide an added level of security by, e.g., allowing precise tracking of who has accessed an individual's records over a period of time.
Separately, access to the central records database 216 and 316 can be rendered harmless to privacy concerns, because names and other common forms of information used to identify individuals are absent from the medical records database 316. This feature provides an added benefit to researchers, such as, e.g., epidemiological and clinical medical researchers in a medical records database, who can be given access to the central database 216 and 316 without risk of identifying particular individuals since any identification data is encoded, encrypted or not even in a readily accessible form. To authorize access to records with a highest level of protection, the present invention can require the physical presence of the individual to provide biometric code 106 input. In such an embodiment, a transducer associated with the entry terminal at which the request is made, can transduce and encode the physical biometric characteristics 106 of the person whose protected record is sought and who is authorizing the request. As described before, the biometric code or codes 106 can also be time-stamped for additional security. Additionally, the records themselves in the central records database 216 and 316 can be encrypted.
In one embodiment, following establishment of central record databases 216 and 316, some organizations can be authorized to continue to maintain their own separate databases for records that they generate, and, subject to agreement by the individual, can continue to control access to their respective databases. In one embodiment, records that are in a central database 216 and 316 can also, subject to agreement by the individual, be stored in the database of the organization that generates the record such as, e.g., a healthcare provider, or a financial organization. The separately stored records can be accessible by the organization without requiring the biometric identifier code 106, i.e., if the individual agrees to such access.
While the invention has been described in terms of a preferred embodiment, those skilled in the art will recognize that the invention can be practiced with modification within the spirit and scope of the appended claims. Particularly, while the invention has been described in connection with protecting an individual's records in medical record database, it will be appreciated that the invention is applicable to the protection of an individual's records in any database.

Claims

Claims
Having thus described my invention, what I claim as new and desire to secure by Letters Patent is as follows:
L A method for maintaining an individual's record in a record database with access to the record controlled by the individual, comprising the steps of: linking a plurality of data input/output terminals to a record database via a network; assigning each individual an ID number code; transducing an identifying characteristic of each individual to a digital identifying characteristic code; storing said ID number code and said digital identifying characteristic code in an ID and identifying code database; storing an individual's record in said record database accessible by an ID code; querying said record database from one of said plurality of data input/output terminals by transmitting a query that includes said ID number code, and said identifying characteristic code; comparing said ID number code and said identifying characteristic code transmitted in said querying step with said identifying characteristic code and said ID number code stored in said ID and identifying code database; transmitting said record to said one of said plurality of data input/output terminals in response to said querying step only if the codes compared in said comparing step match within predetermined limits.
2. The method according to claim 1 wherein said record database is maintained in encrypted form.
3. The method according to claim 1 wherein said record database is a national medical record database.
4. The method according to claim 1 wherein said record database is a national record database established by a government agency or mandated by a government or by a government agency.
5. The method according to claim 1 wherein said record database is a medical record database.
6. The method according to claim 1 wherein said record database is a national medical record database established by a government agency or mandated by a government or by a government agency.
7. The method according to claim 1 including the further step of entering and/or updating a record in response to said addressing step only if the codes compared in said step match within a predetermined time period.
8. The method according to claim 1 wherein said plurality of data inputs/output terminals are linked to said record database by a wide area, publicly accessible network.
9. The method according to claim 8 wherein said network utilizes the Internet and/or worldwide web.
10. The method according to claim 1 wherein said transducing step is carried out contemporaneously with said addressing step.
11. The method according to claim 7 wherein said transducing step is carried out contemporaneously with said addressing step.
12. The method according to claim 8 wherein said transducing step is carried out contemporaneously with said addressing step.
13. The method according to claim 9 wherein said transducing step is carried out contemporaneously with said addressing step.
14. The method according to claim 2 wherein said record database is a national medical record database.
15. The method according to claim 2 wherein said record database is a national record database established by a government agency or mandated by a government or by a government agency.
16. The method according to claim 2 wherein said record database is a medical record database.
17. The method according to claim 2 wherein said record database is a national medical record database established by a government agency or mandated by a government or by a government agency.
18. The method according to claim 2 including the further step of entering and/or updating a record in response to said addressing step only if the codes compared in said step match within a predetermined time period.
19. The method according to claim 2 wherein said plurality of data inputs/output terminals are linked to said record database by a wide area, publicly accessible network.
20. The method according to claim 19 wherein said network utilizes the Internet and/or the worldwide web.
21. The method according to claim 2 wherein said transducing step is carried out contemporaneously with said addressing step.
22. The method according to claim 18 wherein said transducing step is carried out contemporaneously with said addressing step.
23. The method according to claim 19 wherein said transducing step is carried out contemporaneously with said addressing step.
24. The method according to claim 20 wherein said transducing step is carried out contemporaneously with said addressing step.
25. A method for maintaining an individual's record in a record database with access to the record controlled by the individual, comprising the steps of: linking a plurality of data input/output terminals to a record database via a network; assigning each individual an ID number code; transducing an identifying characteristic of each individual to a digital identifying characteristic code; storing said ID number code and said digital identifying characteristic code in an ID and identifying code database; calculating an access code by algorithmically combining said ID number code and said digital identifying characteristic code;
storing an individual's record in said record database accessible by said access code; querying said record database from one of said plurality of data input/output terminals by transmitting a query that includes sending a query ID number code, and a query digital identifying characteristic code, calculating a query access code by algorithmically combining said query ID number code and said query digital identifying characteristic code, and retrieving a query record from said record database using said query access code; comparing said query ID number code and said query identifying characteristic code transmitted in said querying step with said identifying characteristic code and said ID number code stored in said ID and identifying code database; transmitting said record with said ID number code to said one of said plurality of data input/output terminals in response to said querying step only if the codes compared in said comparing step match within predetermined limits.
26. A method for maintaining an individual's record in a record database with access to the record controlled by the individual, comprising the steps of: linking a plurality of data input/output terminals to a record database via a network; assigning each individual an ID number code; storing said ID number code in an ID database; transducing an identifying characteristic of each individual to a digital identifying characteristic code; storing said digital identifying characteristic code in an identifying characteristics code database; calculating an access code by algorithmically combining said ID number code and said digital identifying characteristic code; storing said access code in an access code database; storing an individual's record in said record database accessible by said access code; querying said record database from one of said plurality of data input/output terminals by transmitting a query that includes sending a query ID number code, and a query digital identifying characteristic code, calculating a query access code by algorithmically combining said query ID number code and said query digital identifying characteristic code, and retrieving a query record from said record database using said query access code; comparing said query ID number code with said ID number stored in said ID database and comparing said query identifying characteristic code with said identifying characteristic code stored in said identifying characteristic code database; comparing said query access code with said access code stored in said access code database; transmitting said record along with said ID number code to said one of said plurality of data input/output terminals in response to said querying step only if the codes compared in said comparing steps match within predetermined limits.
27. A method for maintaining an individual's record in a record database with access to the record controlled by the individual, comprising the steps of: linking a plurality of data input/output terminals to a record database via a network; assigning each individual an ID number code; transducing an identifying characteristic of each individual to a digital identifying characteristic code; calculating an access code by algorithmically combining said ID number code and said digital identifying characteristic code; storing said access code in an access code database; storing an individual's record in said record database accessible by said access code; querying said record database from one of said plurality of data input/output terminals by transmitting a query that includes sending a query ID number code, and a query digital identifying characteristic code, calculating a query access code by algorithmically combining said query ID number code and said query digital identifying characteristic code, and retrieving a query record from said record database using said query access code; comparing said query access code with said access code stored in said access code database; transmitting said record along with said ID number code to said one of said plurality of data input/output terminals in response to said querying step only if the codes compared in said comparing step match within predetermined limits.
PCT/US1999/026090 1998-11-04 1999-11-04 A system for protection of unauthorized entry into accessing records in a record database WO2000026823A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU24733/00A AU2473300A (en) 1998-11-04 1999-11-04 A system for protection of unauthorized entry into accessing records in a recorddatabase

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US18552898A 1998-11-04 1998-11-04
US09/185,528 1998-11-04
US38557599A 1999-08-30 1999-08-30
US09/385,575 1999-08-30

Publications (2)

Publication Number Publication Date
WO2000026823A1 true WO2000026823A1 (en) 2000-05-11
WO2000026823A9 WO2000026823A9 (en) 2002-04-11

Family

ID=26881222

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/026090 WO2000026823A1 (en) 1998-11-04 1999-11-04 A system for protection of unauthorized entry into accessing records in a record database

Country Status (2)

Country Link
AU (1) AU2473300A (en)
WO (1) WO2000026823A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001049369A1 (en) 1999-12-30 2001-07-12 Medtronic, Inc. User authentication in medical device systems
WO2002031738A1 (en) * 2000-10-11 2002-04-18 Healthtrio, Inc. System for communication of health care data
WO2002073456A1 (en) * 2001-03-14 2002-09-19 The Pharmacy Guild Of Australia, An Organisation Of Employers Registered Under The Workplace Relations Act (Commonwealth) Of Pharmacy Guild House Method and system for sharing personal health data
WO2002073455A1 (en) * 2001-03-14 2002-09-19 C.R. Group Pty Limited Method and system for secure information
US7310734B2 (en) 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
US7428494B2 (en) 2000-10-11 2008-09-23 Malik M. Hasan Method and system for generating personal/individual health records
US7440904B2 (en) 2000-10-11 2008-10-21 Malik M. Hanson Method and system for generating personal/individual health records
US7475020B2 (en) 2000-10-11 2009-01-06 Malik M. Hasan Method and system for generating personal/individual health records
US7509264B2 (en) 2000-10-11 2009-03-24 Malik M. Hasan Method and system for generating personal/individual health records
US7533030B2 (en) 2000-10-11 2009-05-12 Malik M. Hasan Method and system for generating personal/individual health records
US7949545B1 (en) 2004-05-03 2011-05-24 The Medical RecordBank, Inc. Method and apparatus for providing a centralized medical record system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5193855A (en) * 1989-01-25 1993-03-16 Shamos Morris H Patient and healthcare provider identification system
US5579393A (en) * 1994-06-21 1996-11-26 Escan, Inc. System and method for secure medical and dental record interchange
US5644778A (en) * 1993-11-02 1997-07-01 Athena Of North America, Inc. Medical transaction system
US5659741A (en) * 1995-03-29 1997-08-19 Stuart S. Bowie Computer system and method for storing medical histories using a carrying size card
US5664109A (en) * 1995-06-07 1997-09-02 E-Systems, Inc. Method for extracting pre-defined data items from medical service records generated by health care providers

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5193855A (en) * 1989-01-25 1993-03-16 Shamos Morris H Patient and healthcare provider identification system
US5644778A (en) * 1993-11-02 1997-07-01 Athena Of North America, Inc. Medical transaction system
US5579393A (en) * 1994-06-21 1996-11-26 Escan, Inc. System and method for secure medical and dental record interchange
US5659741A (en) * 1995-03-29 1997-08-19 Stuart S. Bowie Computer system and method for storing medical histories using a carrying size card
US5664109A (en) * 1995-06-07 1997-09-02 E-Systems, Inc. Method for extracting pre-defined data items from medical service records generated by health care providers

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6961448B2 (en) 1999-12-30 2005-11-01 Medtronic, Inc. User authentication in medical device systems
WO2001049369A1 (en) 1999-12-30 2001-07-12 Medtronic, Inc. User authentication in medical device systems
US7685003B2 (en) 2000-10-11 2010-03-23 Healthtrio Llc System for communication of health care data
US8626534B2 (en) 2000-10-11 2014-01-07 Healthtrio Llc System for communication of health care data
US7475020B2 (en) 2000-10-11 2009-01-06 Malik M. Hasan Method and system for generating personal/individual health records
US7831446B2 (en) 2000-10-11 2010-11-09 Healthtrio Llc System for communication of health care data
US7720691B2 (en) 2000-10-11 2010-05-18 Healthtrio Llc System for communication of health care data
AU2002211889B2 (en) * 2000-10-11 2005-07-28 Healthtrio Llc System for communication of health care data
US7693730B2 (en) 2000-10-11 2010-04-06 Healthtrio Llc System for communication of health care data
US7533030B2 (en) 2000-10-11 2009-05-12 Malik M. Hasan Method and system for generating personal/individual health records
US7428494B2 (en) 2000-10-11 2008-09-23 Malik M. Hasan Method and system for generating personal/individual health records
US7440904B2 (en) 2000-10-11 2008-10-21 Malik M. Hanson Method and system for generating personal/individual health records
US7509264B2 (en) 2000-10-11 2009-03-24 Malik M. Hasan Method and system for generating personal/individual health records
WO2002031738A1 (en) * 2000-10-11 2002-04-18 Healthtrio, Inc. System for communication of health care data
US7664660B2 (en) 2000-10-11 2010-02-16 Healthtrio Llc System for communication of health care data
US7310734B2 (en) 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
WO2002073456A1 (en) * 2001-03-14 2002-09-19 The Pharmacy Guild Of Australia, An Organisation Of Employers Registered Under The Workplace Relations Act (Commonwealth) Of Pharmacy Guild House Method and system for sharing personal health data
AU2002240703C1 (en) * 2001-03-14 2009-09-17 Kalenda Pty Ltd Method and system for secure information
WO2002073455A1 (en) * 2001-03-14 2002-09-19 C.R. Group Pty Limited Method and system for secure information
GB2392524B (en) * 2001-03-14 2005-06-15 C R Group Pty Ltd Method and system for secure information
GB2392524A (en) * 2001-03-14 2004-03-03 C R Group Pty Ltd Method and system for secure information
AU2002240703B2 (en) * 2001-03-14 2009-01-29 Kalenda Pty Ltd Method and system for secure information
US8543410B2 (en) 2001-03-14 2013-09-24 Svx Group Pty Limited Method and system providing advice and services to consumers
GB2390457A (en) * 2001-03-14 2004-01-07 Pharmacy Gulid Of Australia Lt Method and system for sharing personal health data
US8239218B1 (en) 2004-05-03 2012-08-07 The Medical RecordBank, Inc. Method and apparatus for providing a centralized medical record system
US7949545B1 (en) 2004-05-03 2011-05-24 The Medical RecordBank, Inc. Method and apparatus for providing a centralized medical record system

Also Published As

Publication number Publication date
AU2473300A (en) 2000-05-22
WO2000026823A9 (en) 2002-04-11

Similar Documents

Publication Publication Date Title
US11750617B2 (en) Identity authentication and information exchange system and method
US9947000B2 (en) Universal secure registry
US20190258616A1 (en) Privacy compliant consent and data access management system and methods
US9489486B2 (en) Records access and management
US20030074564A1 (en) Encryption system for allowing immediate universal access to medical records while maintaining complete patient control over privacy
US20120131657A1 (en) Apparatus and Method for Authenticated Multi-User Personal Information Database
WO2004053654A2 (en) Method of and system for controlling access to personal information records
EP1340149A2 (en) Verification engine for user authentication
JP2005505863A (en) Data processing system for patient data
WO2000026823A1 (en) A system for protection of unauthorized entry into accessing records in a record database
US7363658B2 (en) Personal information intermediary method
US7689829B2 (en) Method for the encryption and decryption of data by various users
US20040236941A1 (en) Method for secure transfer of information
JP2002324050A (en) Personal authentication data providing system and method
Meinel et al. Identity Management in Telemedicine
JP2002297800A (en) Personal information managing method and personal information inputting method
AU2015201813A1 (en) Privacy compliant consent and data access management system and method
AU2011254071A1 (en) Privacy compliant consent and data access management system and method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

AK Designated states

Kind code of ref document: C2

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: C2

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

COP Corrected version of pamphlet

Free format text: PAGES 1/4-4/4, DRAWINGS, REPLACED BY NEW PAGES 1/4-4/4; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

122 Ep: pct application non-entry in european phase