Secure portable medical information access systems and methods related thereto
Abstract
Using a secure portable reference to medical information, stored on a portable storage medium, various embodiments allow a patient to give to their doctor an easy-to-use access key that will enable access to desired medical information stored on a computer network. The secure portable reference provides greater transportability of medical records to a patient or medical data repository including a doctor's office, clinic, or hospital, while maintaining data security to satisfy medical data privacy regulations and expectations. Some described embodiments use encrypted information inside the secure portable reference to hide, for example, who is allowed access to the stored medical information, and the network location of the stored information. Some embodiments use a secret PIN to authenticate the user attempting access to the referenced medical information. The secure portable reference contains information on network resources used to enable download access to medical information, including medical records and medical images.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A computer-implemented method for managing access to an individual's medical data using one or more computer processors configured to execute the steps comprising:
generating a first personal identification number for a secure portable reference; using the first personal identification number to encrypt secure information used to access an individual's medical data stored on one or more databases; storing the secure information on the secure portable reference; storing, in the secure portable reference, a security module configured to decrypt at least a portion of the secure portable reference; storing, in the secure portable reference, computer-executable instructions configured to:
receive a second personal identification number from a user through a client device connected to the secure portable reference;
use the second personal identification number and the security module to decrypt the secure information stored on the secure portable reference;
request the individual's medical data from the one or more databases associated with the secure information stored on the secure portable reference;
receive the individual's medical data from the one or more databases associated with the secure information stored on the secure portable reference; and
provide a user interface for the client device, configured to process and display the individual's medical data from the one or more databases associated with the secure information stored on the secure portable reference.
2 . The method of claim 1 , further comprising:
storing, in the secure portable reference, computer-executable instructions configured to obtain a set of one or more personal identification numbers for the individual for each of the one or more databases; using the set of one or more personal identification numbers to encrypt the secure information used to access the individual's medical data stored on the one or more databases; storing, in the secure portable reference, the set of one or more personal identification numbers in the secure information; and storing, in the secure portable reference, computer-executable instructions configured to use the set of one or more personal identification numbers when requesting the individual's medical data from the one or more databases.
3 . The method of claim 1 , wherein the secure portable reference further comprises at least:
one or more sets of link data, wherein the sets of link data comprise unique resource location information for the individual's medical data; and a linking module configured to enable access to the individual's medical data using at least the unique resource location information.
4 . The method of claim 1 , wherein the secure portable reference further comprises one or more of the following:
a unique identification number for the individual; one or more distinct identifiers corresponding to one or more databases where the individual's medical data are stored; a date recorded timestamp; a last accessed timestamp; an expiration date timestamp; a total access counter to indicate the number of times the individual's medical data has been accessed; and an expiration counter to indicate the maximum number of times the individual's medical data may be accessed.
5 . The method of claim 1 , wherein generating the first personal identification number comprises selecting the first personal identification number by a user.
6 . The method of claim 1 , wherein generating the first personal identification number comprises generating the first personal identification number by a medical data repository.
7 . The method of claim 1 , further comprising storing the secure portable reference on a single portable storage medium.
8 . The method of claim 1 , further comprising transmitting the secure portable reference via email.
9 . A computer-implemented system for managing access to an individual's medical data comprising:
computer-readable storage media having stored thereon one or more executable software modules; a secure portable reference to the individual's medical data, configured to run computer-executable software on one or more computer processors, comprising:
one or more sets of link data, wherein the sets of link data comprise unique resource location information for the individual's medical data;
a linking module configured to enable access to the individual's medical data using at least the unique resource location information; a personal identification number; and
a security module configured to encrypt and decrypt at least a portion of the secure portable reference using the personal identification number;
wherein the portion of the secure portable reference is encrypted using the personal identification number and the security module.
10 . The system of claim 9 , wherein the secure portable reference further comprises one or more of the following:
a unique identification number for the individual; one or more distinct identification numbers corresponding to one or more databases where the individual's medical data are stored; a date recorded timestamp; a last accessed timestamp; an expiration date timestamp; a total access counter to indicate the number of times the individual's medical data has been accessed; and an expiration counter to indicate the maximum number of times the individual's medical data may be accessed.
11 . The system of claim 9 , wherein the personal identification number is encrypted in the secure portable reference.
12 . The system of claim 9 , wherein the secure portable reference further comprises computer-executable instructions configured to:
obtain a set of one or more personal identification numbers for the individual for each of the one or more databases; use the set of one or more personal identification numbers to encrypt the secure information used to access the individual's medical data stored on the one or more databases; store the set of one or more personal identification numbers in the secure information on the secure portable reference; and use the set of one or more personal identification numbers when requesting the individual's medical data from the one or more databases.
13 . The system of claim 9 , wherein one or more of the sets of link data further comprise a unique identification number for a medical data repository where the individual's medical data are stored.
14 . The system of claim 9 , wherein one or more of the sets of link data further comprises a unique identification number for the individual.
15 . A non-transient computer-readable medium comprising computer-executable instructions for accessing an individual's medical data, said computer-executable instructions, when running on one or more computers, perform a method comprising:
interfacing a secure portable reference associated with an individual to a client device; displaying a first user interface for the client device to prompt a user to input a personal identification number; receiving a personal identification number from the user through the first user interface on the client device interfaced to the secure portable reference; using the personal identification number and a security module stored in the secure portable reference to decrypt secure information stored on the secure portable reference; requesting the individual's medical data from one or more databases associated with the secure information stored on the secure portable reference; receiving the individual's medical data from the one or more databases associated with the secure information stored on the secure portable reference; and displaying a second user interface for the client device, configured to process and display the individual's medical data from the one or more databases associated with the secure information stored on the secure portable reference.
16 . The non-transient computer-readable medium of claim 15 , wherein the non-transient computer-readable medium comprising computer-executable instructions for accessing an individual's medical data, is a single portable storage medium.
17 . The non-transient computer-readable medium of claim 15 , wherein the secure portable reference is associated with an email message.
18 . The non-transient computer-readable medium of claim 15 , wherein the secure portable reference comprises at least the following data:
one or more sets of link data, wherein the sets of link data comprise unique resource location information for the individual's medical data; and a linking module configured to enable access to the individual's medical data using at least the unique resource location information.
19 . The non-transient computer-readable medium of claim 15 , wherein the secure portable reference further comprises one or more of the following:
a unique identification number for the individual; one or more distinct identification numbers corresponding to one or more databases where the individual's medical data are stored; a date recorded timestamp; a last accessed timestamp; an expiration date timestamp; a total access counter to indicate the number of times the individual's medical data has been accessed; and an expiration counter to indicate the maximum number of times the individual's medical data may be accessed.
20 . The non-transient computer-readable medium of claim 19 , wherein the method further comprises determining that access to the individual's medical data has expired.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.