SYSTEM AND METHOD OF NOTIFYING DESIGNATED ENTITIES OF ACCESS TO PERSONAL MEDICAL RECORDS | Patent Publication Number 20100063841
US 20100063841 A1Frank Zanka
Robert Matthew D'Ambrosia
A medical information server and corresponding methods are disclosed for processing of personal medical information, providing some or all of the medical information to authorized requesting entities, and providing notifications of access to personal medical records to designated entities. The server may receive a request for personal medical record information from a communications device of a requesting entity; authenticate and authorize the request; send the requested information to the authorized requesting entity; and send notification of the access to one or more designated entities. The server may further update an access history pertaining to the personal medical record to note the access. The server may further receive a request for the access history of a personal medical record, and send the requested access history information to the authorized requesting entity. Additionally, the server may send notification of the access to the history to one or more designated entities.
- 1. A medical information server adapted to:nreceive a request for information pertaining to a personal medical record from a first communications device operated by a first entity;send the requested information to the first communications device; andsend a notification of access to the personal medical record by the first entity to a second communications device operated by a second entity.
- 13. A method of processing medical information, comprising:nreceiving a request for information pertaining to a personal medical record from a first communications device;sending the requested information to the first communications device; andsending a notification of access to the personal medical record by the first communications device to a second communications device.
- 20. A medical information server, comprising:na database for storing a plurality of personal medical records, and a list of authorized access entities;a network interface adapted to send and receive communications to and from a network; anda processor adapted to:nreceive a request for information pertaining to a personal medical record from a first communications device by way of the network interface;access the requested information from the database;send the requested information to the first communications device by way of the network interface; andsend a notification of the access to the personal medical record information to a second communications device via the network interface.
- 30. A method of determining abuse of emergency room (ER) visits, comprising:nsending a request for information pertaining to a medical record of a patient seeking medical treatment to a medical record server by way of a communications network;receiving the requested information by way of the communications network, wherein information includes data related to visits to ER made by the patient; andexamining the information to determine whether the patient has abused ER visits.
This invention relates generally to medical information management systems, and in particular, to a system and method of notifying one or more designated entities of access to a personal medical record.
Many databases have been created that hold personal medical records for access by authorized health-related entities. Typically, some these databases serve special purposes, such as providing personal medical record information to first responders or other health care providers during emergency situations. Examples of such databases have been described in pending patent applications entitled “System and Method for Aggregating and Providing Subscriber Medical Information to Medical Units,†Ser. No. 11/223,653, filed on Sep. 8, 2005 and “System and Method of Aggregating and Disseminating In-Case-of-Emergency Medical and Personal Information,†Ser. No. 11/734,776, filed on Apr. 12, 2007, which are both incorporated herein by reference.
In such systems, a subscriber provides consent to the entity operating the database to store and disseminate his/her medical record information to authorized health-related entities during emergency or other situations. The subscriber completes an electronic medical form, or an electronic medical record is created by an electronic data integration (EDI) interface, which serves to create the medical record in the database. The subscriber is also provided an access code, which may be electronically coded on a magnetic card, bracelet, or other item worn or carried by the subscriber. When the subscriber is involved in a medical emergency situation, a first responder attending to the subscriber obtains his/her access code and uses it to access the subscriber medical record information from the database. The first responder uses the information in medically treating the patient.
The dissemination of individual medical record information generally triggers concern regarding privacy. In the U.S., Congress enacted the Health Insurance Portability and Accountability Act (HIPPA) which prescribes regulations for the use and disclosure of protected health information. A purpose of HIPPA is to protect individual health information so that the public feels confident in disclosing personal health information and knowing that there are safeguards in place for the protection of the information.
Even with such safeguards in place, the security of the information is still not flawless. Unscrupulous people may gain access to subscribers access codes or otherwise gain unauthorized access to their medical record information. Additionally, even entities that are authorized to access subscribers medical records may misuse the information or not guard it successfully. If subscribers or other designated entities were to be notified of who is accessing their respective medical records, they may police the access and ultimately better protect the information. The notification of access to subscribers medical records may have additional applications beyond the protection of information.
An aspect of the invention relates to a medical information server adapted to receive a request for information pertaining to a personal medical record from a first communications device operated by a first entity; send the requested information to the first communications device; and send a notification of access to the personal medical record by the first entity to a second communications device operated by a second entity. The second entity receiving the notification of the access may be the person to which the medical record pertains. In another aspect, the medical information server is further adapted to authenticate and authorize the request for the information. In yet another aspect, the medical information server is further adapted to update an access history pertaining to the personal medical record to note the access to the medical record by the first entity.
In another aspect, the medical information server is adapted to receive a request for information pertaining to an access history of a personal medical record from a communications device, and send the requested access history information to the communications device of the requesting entity. In yet another aspect, the medical information server is adapted to send a notification of the access to the access history information to another communications device. In still another aspect, the medical information server is adapted to authenticate and authorize the request for the access history information.
In still other aspects, the information related to the personal medical record may include one or more of the following: personal and demographic information, in-case-of-emergency information, medical insurance and primary care information, and health information. In yet another aspect, the information pertaining to an access history of a personal medical record may include one or more of the following: information related to an identity of the requesting entity (e.g., person, place, or combination thereof), information related to a date of access to the access history, information related to a time of access to the access history, and information related to a reason for access to the access history.
In another aspect, the entity requesting the personal medical record information may be a health care provider that is medically treating or about to treat the person to which the medical record pertains. In yet another aspect, the entity being provided the notification of the access may be the person to which the medical record pertains, one or more emergency contact persons designated by the person to which the medical record pertains, the person's health insurer, a disease management provider, a government health agency and/or plan, emergency response agency, etc.
Another aspect relates to a method of determining abuse of emergency room (ER) visits, comprising sending a request for information pertaining to a medical record of a patient seeking medical treatment to a medical record server by way of a communications network; receiving the requested information by way of the communications network, wherein information includes data related to visits to ER made by the patient; and examining the information to determine whether the patient has abused ER visits. In another aspect, the method further comprises reporting the abuse to another entity if abuse of ER visits has been determined. In still another aspect, the method further comprises denying medical treatment to the patient if abuse of ER visits has been determined.
Other aspects, advantages and novel features of the present invention will become apparent from the following detailed description of the invention when considered in conjunction with the accompanying drawings.
In particular, the communications system 100 comprises a communications network 102, a medical information server 104, a notifying entity communications device 106, and an access entity communications device 108. The communications network 102 may be any type of network that facilitates the communication of digital information between various entities. For example, the communications network 102 may include a local area network (LAN), a wide area network (WAN), such as the Internet, a private network, a cellular telephone network, any combination thereof, and others. The communications network 102 may communicate digital information using any of a number of protocols, such as Internet Protocol (IP), Asynchronous Transfer Mode (ATM), wireless protocols such as WiFi, Bluetooth, IEEE 802.11, any combination thereof, and others.
The medical information server 104 is communicatively coupled to the communications network 102, and includes a database comprising a plurality of personal medical records and a list of authorized entities for access of the records. The medical information server 104 performs at least three function: First, the medical information server 104 maintains the personals medical records, such as by creating personal medical records upon request, updating personal medical records upon request, and deleting personal medical records upon request. Second, the medical information server 104 provides personal medical record information to authorized requesting entities via the communications network 102. Third, the medical information server 104 provides notification of access to personal medical records to designated entities via the communications network 102. The medical information server 104 may be any device that is capable of communicating with any other device via the communications network 102.
The notifying entity communications device 106 is communicatively coupled to the communications network 102. As discussed in more detail further herein, the notifying entity communications device 106 is an example of an entity designated to receive notification of access to a personal medical record. The accessing entity communications network 108 is communicatively coupled to the communications network 102. As discussed in more detail further herein, the accessing entity communications device 108 is an example of an authorized entity requesting and receiving a personal medical record information from the medical information server 104. The notifying and accessing entity communications devices 106 and 108 may be any device that is capable of communicating with any other device via the communications network 102.
Once the medical information server 104 authenticates and authorizes the request, the server 104 accesses the personal medical record information from a local or remote database, and sends the requested information to the accessing entity communications device 108 by way of the communications network 102 (block 206). Additionally, the medical information server 104 also determines the identity of the designated notifying entity by examining the personal medical record, and then sends a notification of the access to the personal medical record by the accessing entity to the notifying entity communications device 106 by way of the communications network 102 (block 208). The notification may be sent via a number of communications protocols, such as email, short message service (SMS), multimedia messaging service (MMS), automated voice response, system integrated message, asynchronous messaging, and others.
The medical information server 104 also updates an access history of the personal medical record to note the accessing of the information by the accessing entity. The update to the access history may include information related to the accessing of the information, such as the identity of the accessing entity (e.g., person or company name, contact information, etc.), date of access, time of access, reason for access (e.g., emergency room (ER) visit), location of access (e.g., communication device type), etc. Although the operations of the method 200 are described with a particular order, it shall be understood that the method may be implemented in any order to achieve substantially the same results. If the notifying entity is the person to which the medical record pertains (or a relative, friend, or other designated party), he or she may be able to monitor the accessing of the information for the purpose of detecting unauthorized access or misuse of the information.
Under each of the field categories, there may be several subcategories or fields. For example, under the personal and demographic category, the subcategories or fields may include person's last name (e.g., Doe), middle initial (e.g., M.), first name (e.g., John), gender (e.g., Male), age (e.g., 49), and others. Under the in-case-of-emergency category, the subcategories or fields may include first contact name (e.g., Jane W. Doe), first contact telephone (e.g., 555-123-4567), first contact email (e.g., jane.doe@domain-name.com), first contact relationship (e.g., Wife), second contact name (e.g., Tom W. Doe), and others.
Under the medical insurance and primary care category, the subcategories or fields may include insurance carrier (e.g., Global Health Net), policy no. (e.g., DFY73GED), group no. (e.g., 325476), health care provider (e.g., CureAll Health Group), primary physician (e.g., Dr. Marcus W. Lum), and others. Under the personal health information category, the subcategories or fields may include primary condition (e.g., Diabetes), blood type (e.g., A+), current medication (e.g., Glucovance), frequency (e.g., Twice a Day), allergies (e.g., Penicillin) and others.
Under the access notification category, the subcategories or fields may include first notifying entity (e.g., John M. Doe (Default)), first notification means (e.g., Email—john.doe@subscriber.com), second notifying entity (e.g., Jane W. Doe), second notification means (e.g., SMS—jane.doe@domain-name.com), third notifying entity (e.g., CureAll Health Group), and others. Under the access history category, the subcategories or fields may include accessing entity, date of access, time of access, reason for access (e.g., General Hospital, June 20, 2008, 3:45 PM, and ER Visit, etc.), and others.
With respect to the method 200 previously described, the medical information server 104 sends some or all of the information within the personal and demographic, in-case-of-emergency, medical insurance and primary care, and personal health categories to the authorized accessing entity per block 206. Also, the medical information server 104 sends notification of the access to the one or more entities identified in the access notification category per block 208. Additionally, the medical information server 104 updates the access history category with information regarding the access per block 210.
Once the request has been authenticated and authorized, the medical information server 404 sends the requested access history information to the accessing entity communications device 408 via the communications network 402 (block 456). Additionally, the medical information server 404 updates the access history (block 458), and sends a notification of the access to the notifying entity communications device 406 via the communications network 402 (block 460). In this example, the notifying entity communications device 406 has been identified in the personal medical record as an entity that is to receive notifications of access to the medical record. Although the operations of the method 450 are described with a particular order, it shall be understood that the method may be implemented in any order to achieve substantially the same results.
In response to the request, the medical information server 504 authenticates and authorizes the request (block 554). This is to ensure that the health care provider is authorized to gain access to the requested personal medical record. Once the request has been authenticated and authorized, the medical information server 504 sends the requested information to the health care provider communications device 508 via the communications network 502 (block 556). The health care provider uses the information to better provide patient care to the patient and/or for other purposes.
Additionally, the medical information server 504 sends a notification of the access to the personal medical record by the health care provider to the health insurer communications device 506 via the communications network 502 (block 558). In this example, the health insurer is identified in the personal medical record as an entity that is to receive notifications of access to the medical record. The health insurer then uses the notification information for performing better patient care management and/or for other purposes (block 560). For example, the health insurer may use the information to provide better disease management programs, claims management, suggest physicians or specialists, suggest follow-up procedures, suggest alternative drugs, etc. Although the operations of the method 550 are described with a particular order, it shall be understood that the method may be implemented in any order to achieve substantially the same results.
In response to the request, the medical information server 604 authenticates and authorizes the request (block 654). Again, this is to ensure that the health care provider is authorized to gain access to the requested medical record. Once the request has been authenticated and authorized, the medical information server 604 sends the requested information to the health care provider communications device 608 via the communications network 602 (block 656). The health care provider uses the information to better provide patient care to the patient and/or for other purposes.
Additionally, the medical information server 604 sends a notification of the access to the personal medical record by the health care provider to the disease management provider communications device 606 via the communications network 602 (block 658). In this example, the disease management provider is identified in the personal medical record as an entity that is to receive notifications of access to the medical record. The disease management provider then uses the notification information for performing patient disease care management and/or for other purposes (block 660). For example, the disease management provider may use the information to customize a plan for better managing the disease (e.g., chronic disease) for the person to which the medical record pertains. Although the operations of the method 650 are described with a particular order, it shall be understood that the method may be implemented in any order to achieve substantially the same results.
In response to the request, the medical information server 704 authenticates and authorizes the request (block 754). Again, this is to ensure that the health care provider is authorized to gain access to the requested personal medical record. Once the request has been authenticated and authorized, the medical information server 704 sends the requested information to the health care provider communications device 708 via the communications network 702 (block 756). The health care provider uses the information to better provide patient care to the patient and/or for other purposes.
Additionally, the medical information server 704 sends a notification of the access to the personal medical record by the health care provider to the government health agency and/or plan communications device 706 via the communications network 702 (block 758). In this example, the government health plan is identified in the personal medical record as an entity that is to receive notifications of access to the medical record. The government health agency and/or plan then uses the notification information for improving the management of public health and/or for other purposes (block 760). Although the operations of the method 750 are described with a particular order, it shall be understood that the method may be implemented in any order to achieve substantially the same results.
In response to the request, the medical information server 804 accesses the personal medical record information and sends it to the listening device 808 via the communications network 802 (block 856). As in the previous embodiments, the medical information server 804 may authenticate and authorize the request prior to sending the information to the listening device 808. The medical information server 804 also sends notification of the access to the medical record to the notifying entity communications device 806 via the communications network 802 (block 858). The listening device 808 also sends the personal medical record information to the health care provider network 810 (block 860). The health care provider may use the information to verify the accuracy of the information it currently has, and update the information based on the information received from the medical information server 804. There may be other uses for the information. Although the operations of the method 850 are described with a particular order, it shall be understood that the method may be implemented in any order to achieve substantially the same results.
Once the processor 902 has authenticated and authorized the request, the processor retrieves the personal medical record information from the memory/database 906 (block 926). It shall be understood that that the memory/database may comprise one or more of the same or distinct memory elements. For example, the memory/database 906 may comprise variants of random access memory (RAM), variants of read only memory (ROM), variants of magnetic hard disk, variants of optical disc, other volatile or non-volatile memory, or any combination thereof. The memory/database 906 need not be all local to the processor 902 but may be remote and accessible via the network interface 904.
Once the processor 902 has accessed the requested personal medical record information, it sends the information to the requesting entity via the network interface 904 (block 928). The processor 902 also examines the personal medical record to ascertain the identity of one or more entities designated to receive notification of the access to the personal medical record (block 930). Once the processor 902 obtains the identity of the one or more notifying entities, it sends the access notification to the one or more notifying entities via the network interface 904 (block 932). The processor 902 further updates the access history to reflect the access of the personal medical record by the requesting entity (block 934). Although the operations of the method 920 are described with a particular order, it shall be understood that the method may be implemented in any order to achieve substantially the same results.
Once the processor 902 has authenticated and authorized the request, the processor retrieves the requested access history from the memory/database 906 (block 946). The processor 902 then sends the access history information to the requesting entity via the network interface 904 (block 948). The processor 902 also sends notification of the access to one or more designated entities via the network interface 904 (block 950). Although the operations of the method 940 are described with a particular order, it shall be understood that the method may be implemented in any order to achieve substantially the same results.
In particular, according to the method 1000, a patient visits an emergency room (ER) seeking medical treatment (block 1002). Pursuant to the ER visit, the corresponding emergency department (ED) sends a request for information pertaining to the medical record of the patient to the medical information server (block 1004). After authenticating and authorizing the request, the medical information server sends the information to the ED (block 1006). The information includes the access history which contains data related to ER visits made by the patient. The ED then examines the information to determine the frequency and nature of the ER visits (block 1008). Depending on the determined frequency of the ER visits, the ED may determine that the patient has been abusing ER visits, report the abuses to the patient's health insurer or government or law enforcement agency, and/or deny treatment or the issuance of prescription drugs (block 1010).
While the invention has been described in connection with various embodiments, it will be understood that the invention is capable of further modifications. This application is intended to cover any variations, uses or adaptation of the invention following, in general, the principles of the invention, and including such departures from the present disclosure as come within the known and customary practice within the art to which the invention pertains.