The present invention relates to an export file format and a method and system for creating and accessing the same.
Many fields of medical treatment and healthcare require monitoring of certain body functions. Thus, e.g., for patients suffering from diabetes, a regular check of the blood glucose level forms an essential part of the daily routine. The blood glucose level has to be determined quickly and reliably several times per day. Health monitoring devices are used to facilitate the collection of medical information without unduly disturbing the lifestyle of the patient. A large number of health monitoring devices for monitoring various body functions are commercially available.
Nevertheless, the use of health monitoring devices involves some risks which are mainly due to the complexity of using health monitoring devices. The risks are sometimes more pronounced for elderly patients or infants. Misuse of the health monitoring devices may lead to handling failures and to insufficient or even inaccurate information. Further, since many of the patients handling the health monitoring devices have not undergone medical training, the interpretation of the medical data collected by the health monitoring devices may be challenging to them. Often, patients are required to see their doctors in short time-intervals on a regular basis.
To reduce the frequency of necessary visits to doctors, the idea of home care gained popularity over the recent years. The availability of communication networks, such as the internet and wireless communication networks, led to the development of health management systems that enable transmission of patient medical data from the patient's home to a healthcare center by using health monitoring devices and data transfer systems. U.S. Pat. No. 7,103,578 and U.S. Published Application No. 2004/0172284 disclose two such methods and systems, the disclosures of which are incorporated by reference.
Known health management systems have several disadvantages. Some systems provide limited interaction capabilities to patients and care givers. Often, systems have limited analytical capabilities. Further, many health management systems do not permit collection of additional data or modification of data collected by the health management system. A need remains for systems that facilitate the use and interpretation of patient medical data.
The present invention relates to an export file format and a method and system for creating and accessing an export file. In one embodiment, the system includes a facility to import and export databases, in whole or in part. In one exemplary embodiment, the export files are used for transferring information between databases. In another exemplary embodiment, the export files are used to archive portions of databases.
The export file of the present invention includes a manifest section that provides information about the data being transferred, both index data (typically a personal identifier key) and meta data (data about data, such as data formats, encryption information or hash values). In one exemplary embodiment, the manifest section includes an index of the patient information sections, encryption information about the patient information sections, and hash values for each of the patient information sections so that the integrity of such patient information may be tested. Additionally, the export file may also include a header section that contains typical header information.
In one exemplary embodiment, the export file further includes patient data sections that contain medical information for individual patients. The patient data sections may be provided in extensible format, such as XML formatting. In one exemplary embodiment, the patient information sections are encrypted. Additionally, the patient information sections may be compressed to reduce the overall file size.
The above-mentioned and other features of this invention, and the manner of attaining them, will become more apparent and the invention itself will be better understood by reference to the following description of an embodiment of the invention taken in conjunction with the accompanying drawings, wherein:
Corresponding reference characters indicate corresponding parts throughout the several views. Although the drawings represent embodiments of various features and components according to the present invention, the drawings are not necessarily to scale and certain features may be exaggerated in order to better illustrate and explain the present invention. The exemplification set out herein illustrates embodiments of the invention, and such exemplifications are not to be construed as limiting the scope of the invention in any manner.
For the purposes of promoting an understanding of the principles of the invention, reference will now be made to the embodiments illustrated in the drawings, which are described below. The embodiments disclosed below are not intended to be exhaustive or limit the invention to the precise form disclosed in the following detailed description. Rather, the embodiments are chosen and described so that others skilled in the art may utilize their teachings. It will be understood that no limitation of the scope of the invention is thereby intended. The invention includes any alterations and further modifications in the illustrated devices and described methods and further applications of the principles of the invention which would normally occur to one skilled in the art to which the invention relates.
The detailed descriptions which follow are presented in part in terms of algorithms and symbolic representations of operations on data bits within a computer memory representing alphanumeric characters or other information. These descriptions and representations are the means used by those skilled in the art of data processing arts to most effectively convey the substance of their work to others skilled in the art.
An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. These steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It proves convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, symbols, characters, display data, terms, numbers, or the like. It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely used here as convenient labels applied to these quantities.
Some algorithms may use data structures for both inputting information and producing the desired result. Data structures greatly facilitate data management by data processing systems, and are not accessible except through sophisticated software systems. Data structures are not the information content of a memory, rather they represent specific electronic structural elements which impart a physical organization on the information stored in memory. More than mere abstraction, the data structures are specific electrical or magnetic structural elements in memory which simultaneously represent complex data accurately and provide increased efficiency in computer operation.
Further, the manipulations performed are often referred to in terms, such as comparing or adding, commonly associated with mental operations performed by a human operator. No such capability of a human operator is necessary, or desirable in most cases, in any of the operations described herein which form part of the present invention; the operations are machine operations. Useful machines for performing the operations of the present invention include general purpose digital computers or other similar devices. In all cases the distinction between the method operations in operating a computer and the method of computation itself should be recognized. The present invention relates to a method and apparatus for operating a computer in processing electrical or other (e.g., mechanical, chemical) physical signals to generate other desired physical signals.
The present invention also relates to an apparatus for performing these operations. This apparatus may be specifically constructed for the required purposes or it may comprise a general purpose computer as selectively activated or reconfigured by a computer program stored in the computer. The algorithms presented herein are not inherently related to any particular computer or other apparatus. In particular, various general purpose machines may be used with programs written in accordance with the teachings herein, or it may prove more convenient to construct more specialized apparatus to perform the required method steps. The required structure for a variety of these machines will appear from the description below.
The present invention deals with “object-oriented” software, and particularly with an “object-oriented” operating system. The “object-oriented” software is organized into “objects,” each comprising a block of computer instructions describing various procedures (“methods”) to be performed in response to “messages” sent to the object or “events” which occur with the object. Such operations include, for example, the manipulation of variables, the activation of an object by an external event, and the transmission of one or more messages to other objects.
Messages are sent and received between objects having certain functions and knowledge to carry out processes. Messages are generated in response to user instructions, for example, by a user activating an icon with a cursor generating an event. Also, messages may be generated by an object in response to the receipt of a message. When one of the objects receives a message, the object carries out an operation (a message procedure) corresponding to the message and, if necessary, returns a result of the operation. Each object has a region where internal states (instance variables) of the object itself are stored and where the other objects are not allowed to access. One feature of the object-oriented system is inheritance. For example, an object for drawing a “circle” on a display may inherit functions and knowledge from another object for drawing a “shape” on a display.
A programmer “programs” in an object-oriented programming language by writing individual blocks of code each of which creates an object by defining its methods. A collection of such objects adapted to communicate with one another by means of messages comprises an object-oriented program. Object-oriented computer programming facilitates the modeling of interactive systems in that each component of the system can be modeled with an object, the behavior of each component being simulated by the methods of its corresponding object, and the interactions between components being simulated by messages transmitted between objects. Objects may also be invoked recursively, allowing for multiple applications of an objects methods until a condition is satisfied. Such recursive techniques may be the most efficient way to programmatically achieve a desired result.
Both programs and databases may be objects. In the case of databases, the data portion of the object may be significantly larger than the methods portion, The actual physical implementation of a database on a general purpose computer may take several forms, from complete individual records storing the substantive information with several key indexes for locating a particular record, to a plurality of tables interrelated by relational operations, to a matrix of cross-linked data records, to various combinations and hybrids of these general types. In particular physical devices, a database may be structured and arranged to accommodate the restrictions of the physical device—but when transferred to a general purpose computer be able to be stored in a variety of formats. Thus, while certain types of information may be described as being stored in a “database” from a conceptual standpoint, generally such information may be electronically stored in a variety of structures with a variety of encoding techniques.
Databases may contain many types of information, and may store the information in a variety of encoding techniques. When a database stores information that relates to a particular person, product, location, or other thing, the database typically uses a unique identifier that binds the “concept” of the person, product, location, or other thing with a storable piece of data. When the unique identifier is used to reference the data record, the unique identifier is termed a “key” and data records associated with the “concept” are said to be “keyed” by the unique identifier. The association between a key and its data may be implemented in a variety of ways, for example by having the key be a field in a corresponding data record, by having a key value in a search tree with an associated pointer to one or more data records corresponding to the key, or by encoding the corresponding information with a value that upon decoding produces the unique identifier and the corresponding data, etc. By these various methods, instances of data may be associated with, or “bound” with or to, the “concept” by using the key. A “key” of a data record is distinct from the “encryption key” which refers to a value used to encrypt data using an encryption algorithm.
The terms “network,” “local area network,” “LAN,” “wide area network,” or “WAN” mean two or more computers which are connected in such a manner that messages may be transmitted between the computers. In such computer networks, typically one or more computers operate as a “server,” a computer with large storage devices such as hard disk drives and communication hardware to operate peripheral devices such as printers or modems. Other computers, termed “workstations,” provide a user interface so that users of computer networks can access the network resources, such as shared data files, common peripheral devices, and inter-workstation communication. The computers have at least one processor for executing machine instructions, and memory for storing instructions and other information. Many combinations of processing circuitry and information storing equipment are known by those of ordinary skill in these arts. A processor may be a microprocessor, a digital signal processor (“DSP”), a central processing unit (“CPU”), or other circuit or equivalent capable of interpreting instructions or performing logical actions on information. Memory includes both volatile and non-volatile memory, including temporary and cache, in electronic, magnetic, optical, printed, or other format used to store information. Users activate computer programs or network resources to create “processes” which include both the general operation of the computer program along with specific operating characteristics determined by input variables and its environment.
Concepts described below may be further explained in one of more of the co-filed patent applications entitled HELP UTILITY FUNCTIONALITY AND ARCHITECTURE (Atty Docket: ROCHE-P0033), METHOD AND SYSTEM FOR GRAPHICALLY INDICATING MULTIPLE DATA VALUES (Atty Docket: ROCHE-P0039), SYSTEM AND METHOD FOR DATABASE INTEGRITY CHECKING (Atty Docket: ROCHE-P0056), METHOD AND SYSTEM FOR DATA SOURCE AND MODIFICATION TRACKING (Atty Docket: ROCHE-P0037), PATIENT-CENTRIC HEALTHCARE INFORMATION MAINTENANCE (Atty Docket: ROCHE-P0043), GRAPHIC ZOOM FUNCTIONALITY FOR A CUSTOM REPORT (Atty Docket: ROCHE-P0048), METHOD AND SYSTEM FOR SELECTIVE MERGING OF PATIENT DATA (Atty Docket: ROCHE-P0065), METHOD AND SYSTEM FOR PERSONAL MEDICAL DATA DATABASE MERGING (Atty Docket: ROCHE-P0066), METHOD AND SYSTEM FOR WIRELESS DEVICE COMMUNICATION (Atty Docket: ROCHE-P0034), METHOD AND SYSTEM FOR SETTING TIME BLOCKS (Atty Docket: ROCHE-P0054), METHOD AND SYSTEM FOR ENHANCED DATA TRANSFER (Atty Docket: ROCHE-P0042), COMMON EXTENSIBLE DATA EXCHANGE FORMAT (Atty Docket: ROCHE-P0036), METHOD OF CLONING SERVER INSTALLATION TO A NETWORK CLIENT (Atty Docket: ROCHE-P0035), METHOD AND SYSTEM FOR QUERYING A DATABASE (Atty Docket: ROCHE-P0049), METHOD AND SYSTEM FOR EVENT BASED DATA COMPARISON (Atty Docket: ROCHE-P0050), DYNAMIC COMMUNICATION STACK (Atty Docket: ROCHE-P0051), SYSTEM AND METHOD FOR REPORTING MEDICAL INFORMATION (Atty Docket: ROCHE-P0045), METHOD AND SYSTEM FOR MERGING EXTENSIBLE DATA INTO A DATABASE USING GLOBALLY UNIQUE IDENTIFIERS (Atty Docket: ROCHE-P0052), METHOD AND SYSTEM FOR ACTIVATING FEATURES AND FUNCTIONS OF A CONSOLIDATED SOFTWARE APPLICATION (Atty Docket: ROCHE-P0057), METHOD AND SYSTEM FOR CONFIGURING A CONSOLIDATED SOFTWARE APPLICATION (Atty Docket: ROCHE-P0058), METHOD AND SYSTEM FOR DATA SELECTION AND DISPLAY (Atty Docket: ROCHE-P0011), METHOD AND SYSTEM FOR ASSOCIATING DATABASE CONTENT FOR SECURITY ENHANCEMENT (Atty Docket: ROCHE-P0041), METHOD AND SYSTEM FOR CREATING REPORTS (Atty Docket: ROCHE-P0046), METHOD AND SYSTEM FOR CREATING USER-DEFINED OUTPUTS (Atty Docket: ROCHE-P0047), DATA DRIVEN COMMUNICATION PROTOCOL GRAMMAR (Atty Docket: ROCHE-P0055), HEALTHCARE MANAGEMENT SYSTEM HAVING IMPROVED PRINTING OF DISPLAY SCREEN INFORMATION (Atty Docket: ROCHE-P0031), and METHOD AND SYSTEM FOR MULTI-DEVICE COMMUNICATION (Atty Docket: ROCHE-P0064), the entire disclosures of which are hereby expressly incorporated herein by reference. It should be understood that the concepts described below may relate to diabetes management software systems for tracking and analyzing health data, such as, for example, the A
The present invention relates to an export file format and a method and system for creating and accessing an export file. For example, the present invention may be utilized to create and access an export file containing medical information that is used in conjunction with medical management software. In one exemplary embodiment, the medical information includes diabetes testing and/or treatment information for an individual patient. Referring to system 10, shown in
In another exemplary embodiment, portable medical device 14 may include a port for direct connection to communication cable 20. Computer 12 may be running medical management software, such as diabetes management software, and encrypt and save the medical information transferred from portable medical device 14 in one of a source format database or a destination format database. The information received from portable medical device 14 will be encrypted according to an encryption feature that is specific to portable medical device 14. Thus, if another portable medical device is used to upload information to computer 12, it will be encrypted according to the specific encryption feature of that device. Portable medical device 14 may also assign to the patient an external system identification that may be used to correlate the patient to a particular portable medical device. As the medical information is being uploaded to computer 12 or other storage media connected thereto, the present invention may be used to identify medical information stored in on portable medical device 14 that is unique thereto, a duplicate of, and/or a potential duplicate of medical information stored on computer 12 or other storage media connected thereto using the same or a substantially similar process as described in detail below with specific reference to a data migration utility.
A data comparison program may used in conjunction with the medical management software. The data comparison program may be in the form of a machine-readable program that is adapted to be utilized independent of or as an integral component of the medical management software. For example, the data comparison program may be formed as an object within the medical management software or, alternatively, may be stand alone software capable of independent operation and installation. In one exemplary embodiment, the data comparison program may be activated from the medical management software after the medical management software has been launched to compare a source database with a destination database. In another exemplary embodiment, the data comparison program may be utilized in conjunction with and/or formed as a component of a data migration utility. The data migration utility may also be in the form of a machine-readable program that is adapted to be utilized independent of or as an integral component of medical management software, such as diabetes management software. The operation of the data migration utility forms the basis of a corresponding U.S. Patent Application, entitled METHOD AND SYSTEM FOR PERSONAL MEDICAL DATA DATABASE MERGING, filed on even date herewith, the entire disclosure of which is expressly incorporated by reference herein. The operation of the data migration utility is set forth below and includes a detail description of the operation of the data comparison program in the context of the data migration utility. While described in detail herein with specific reference to the data migration utility, the data comparison program may be used as a stand alone component and/or at different points during a data transfer process and nothing contained herein should be viewed as limiting the scope of the invention to this exemplary embodiment.
The data migration utility is utilized to migrate medical information in a source database to a destination database that may also contain medical information. Referring to
In one exemplary embodiment, the medical management software is diabetes management software. Referring to
As shown in
Once a source database type is selected and the user has also selected the next or finish button, the data migration utility displays a source database selection page at Step 106 in
The source database selection page may also include a browse button, shown in
Irrespective of the method utilized to select the source database, once the source database is selected the data migration utility may then display a destination database selection page at Step 114. The destination database selection page may provide a listing of the potential destination databases stored in a destination format. In one exemplary embodiment, the potential destination databases are databases that are currently used by the medical management software. In one exemplary embodiment, the destination selection page may include a listing of the type of database, a description of each database, the file path for each database, and any comment related to each database. Additionally, the destination database may contain medical information, such as patient medical and/or healthcare provider information, and may include fields identical to or substantially identical to those set forth above with respect to the source database.
Referring to
Irrespective of the method utilized to select the destination database or whether a new destination database is created, a check database warning page is displayed at Step 120. An exemplary check database warning page is depicted in
Once the next or finish button is selected, the data migration utility may open, at Step 124 in
After displaying the options guide page, a patient options page will be opened at Step 126 in
Once the user has selected the desired patient options at the patient options page, a next button may be provided that the user may select, which results in the opening of a physician options page at Step 128. Referring to
Once the user has selected the desired physician options at the physician options page, a next button may be provided that the user may select, which results in the opening of a systems options page at Step 130 in
Once the options selection process has been completed, the data migration process page, shown in
Once migration has been initiated at Step 132, the data migration utility will begin importing records from the source database and creating corresponding records in the destination database in accordance with the options selected by the user during the options selection process, as set forth in detail above. Specifically, as set forth above, each record may be encrypted according to an encryption method specific to the individual portable medical device from which the information was originally uploaded. Thus, the data migration utility may decrypt the medical information associated with a first portable medical device that corresponds to an individual patient in the source database and then substantially simultaneously migrate and encrypt the same information into the destination database using the destination database encryption method. This process may then be repeated for subsequent portable medical devices corresponding to the same patient or different patients.
Alternatively, the data migration utility may be configured to decrypt medical information contained in the destination database, if any exists, and add it to a temporary database created by the data migration utility. The data migration utility may also decrypt the medical information contained in the source database and merge it into the medical information migrated into the temporary database from the destination database. Once all the medical information from the source database and the destination database has been merged into the temporary database, the information is re-encrypted using the destination database encryption method and saved in the destination database.
Additionally, during data migration, the data migration utility identifies specific medical information, such as medical information corresponding to an individual patient or healthcare provider, and search the destination database to determine if duplicative or potentially duplicative, i.e., identical or substantially identical, medical information exists in the destination database. In order to determine if duplicative or substantially duplicative medical information exists in the destination database, the data migration utility may utilize the data comparison program. Specifically, as set forth above, the data comparison program may identify at least three categories of patient medical information: unique, duplicate, and potentially duplicate. Alternatively, the data comparison program may provide a numerical rating of the degree of similarity (e.g., 1.0 is a carbon copy, 0.9 is potentially duplicate, 0.8 is highly correlative, etc.). In order to determine the proper classification for each piece of medical information, such as an individual medical record associated with a specific patient, the data comparison program compares the fields associated with the medical information in the source database to the corresponding fields associated with similar medical information in the destination database.
In order to determine if patient medical information in the source database is unique, a duplicate of, or potentially duplicate of patient medical information in the destination database, the data comparison program compares fields for first name, middle name, last name, suffix, date of birth, and unique medical management system identification. Specifically, the data comparison program compares the patient medical information from the source database for an individual patient against the patient medical information from the destination database for a first individual patient. The data comparison program then repeats the comparison of the source database information against a second individual patient in the destination database. This process is repeated until the source database information is compared to the medical information for every individual patient in the destination database. Alternatively, the data comparison program may first start by comparing a key field of the record from the source database with an index of the destination database and only engage in further comparisons if a sufficiently close match is found in the key index of the second database.
In order for the data comparison program to determine that the medical information for an individual patient in the source database is unique as compared to medical information in the destination database, the medical information for the individual patient in the source database must meet any of the following three requirements. First, information in the last name field for the individual patient in the source database must be different from the information in the last name field for every individual patient in the destination database. Second, the information in the date of birth field for the individual patient in the source database must be different from the information in the date of birth field for every individual patient in the destination database. Third, the information in the medical management system identification field for the individual patient in the source database must be both non-null and different from the information in the last name field of every individual patient in the destination database. If any of these three requirements are met, the medical information for the individual patient in the source database is considered unique as compared to the medical information in the destination database and the medical information for the individual patient in the source database is migrated into the destination database and added as a new patient.
Alternatively, if the medical information for the individual patient in the source database is not determined to be unique, the medical information for the individual patient in the source database may be determined to be a duplicate of medical information for the same individual patient that is already in the destination database. In order for the data comparison program to determine that the medical information for an individual patient in the source database is a duplicate of medical information in the destination database, the medical information for the individual patient in the source database must meet one of two conditions. Under the first condition, the medical information is a duplicate if the information in the fields for first name, middle name, last name, suffix, date of birth, and medical management system identification for the individual patient in the source database matches the information in the corresponding fields of the destination database. Alternatively, the information is a duplicate under the second condition if the information in the fields for first name, last name, date of birth, and external identification matches the information in the corresponding fields in the destination database. If either of these conditions are met, the medical information is determined to be duplicative and the patient identified as a duplicate in the data migration utility, as set forth in detail below. However, if the data comparison utility fails to determine that the individual patient's medical information is either unique or duplicative, the medical information is treated as a potential duplicate by the data migration utility.
Similarly, in order to determine if healthcare provider information in the source database is unique, a duplicate of, or a potential duplicate of healthcare provider information in the destination database, the data comparison program compares fields for title, first name, middle name, last name, and suffix. Specifically, the data comparison program compares the healthcare provider information from the source database for an individual healthcare provider against the healthcare provider information from the destination database for a first healthcare provider. The data comparison program then repeats the comparison of the source database information against a second healthcare provider in the destination database. This process is repeated until the source database information is compared to the healthcare provider information for every individual healthcare provider in the destination database.
In order for the data comparison program to determine that the healthcare provider information for an individual healthcare provider in the source database is unique as compared to healthcare provider information in the destination database, the healthcare provider information for the individual healthcare provider in the source database must have information in the last name field that is different from the information in the last name field for every individual healthcare provider in the destination database. If this requirement is met, the healthcare provider information for the individual healthcare provider in the source database is migrated into the destination database and added as a new healthcare provider.
Alternatively, if the healthcare provider information for an individual healthcare provider in the source database is not determined to be unique, the healthcare provider information for the individual healthcare provider in the source database may be determined to be a duplicate of healthcare provider information that is already in the destination database. In order for the data comparison program to determine that the healthcare provider information for an individual healthcare provider in the source database is a duplicate of healthcare provider information in the destination database, the healthcare provider information in the source database must have information in the fields for title, first name, middle name, last name, and suffix that matches the information in the corresponding fields of the destination database. If these conditions are met, the healthcare provider information is determined to be duplicative and the healthcare provider is identified as a duplicate in the data migration utility, as set forth in detail below. However, if the data comparison utility fails to determine that the healthcare provider information is either unique or duplicative, the medical information is treated as a potential duplicate by the data migration utility.
Referring to Step 138 of
If the information corresponds to a patient, a duplicate patient dialog is opened at Step 144. Referring to
Once the user has made the desired selection, the user may select an authorization button, such as the OK button in
In one exemplary embodiment, the duplicate patient identification dialog may also include a button that allows the user to avoid the duplicate patient identification dialog for each duplicate patient identified. By selecting this option, each duplicate patient identified by the data migration utility is added as a new patient in the destination database. However, in the event that a pending patient in the source database that is to be added as a new patient in the destination database is determined, at Step 134 in
Alternatively, if, at Step 142, the medical information is determined by the data migration utility to correspond to a healthcare provider, then a duplicate healthcare provider dialog is opened at Step 150 and data migration paused. Referring to
Once the user has made the desired selection, the user may authorize the action, such as by selecting the OK button in
Additionally, in one exemplary embodiment, the duplicate healthcare provider dialog may also include a button that allows the user to avoid the duplicate healthcare provider dialog for each duplicate healthcare provider identified. By selecting this option, each duplicate healthcare provider identified is added as a new healthcare provider in the destination database.
Further, if at any time during the migration of medical information, the data migration utility identifies a duplicate system definition, such as at Step 156, a duplicate system definition dialog is opened at Step 158 and data migration paused. The duplicate system definition dialog requires that the system definition in the source database is renamed before it can be migrated into the destination database. Once a new name is provided, the user may select an OK button in the duplicate system definition dialog to reinitiate data migration.
Once the migration from the source database to the destination database of all data selected for migration is completed, the data migration utility opens the migration complete page at Step 160. As shown in
In order to migrate another database, the user may select the migrate another database option provided by the data migration complete dialog. If the migrate another database option is selected, the migration process is restarted, beginning at Step 104 in
The system includes a facility to import and export databases, in whole or in part. As in conventional databases, the ability to quickly transfer data is desired. Such export files are typically for transferring information between databases. Optionally, export files may be used to archive portions of databases, portions that are not frequently requested. The quickness of the data transfer is dependant on factors including the speed of the hardware, the organization of the data, and the compatibility of the input and export data. Because the system databases contain many items of personal medical data, the security and integrity of that data also needs to be addressed.
Conventional export files have a header section that includes book-keeping information about the file, and a data section containing the exported information. The export file according to an exemplary embodiment of the present invention is shown in
In the exemplary embodiment of the export file format, header section 204 of the export file contains typical header information. Subsequent patient data sections 206, 208, 210 of the export file format have patient information. Appended at the end, and referenced in the header, is manifest section 202 that includes an index of the patient information sections, encryption information about the patient information sections, and hash values for each of the patient information sections so that the integrity of such patient information may be tested.
Patient data sections 206, 208, 210 are provided in an extensible format, in the manner of XML formatting. Each patient information section 206, 208, 210 is encrypted along with the extensible information, using either the same encryption key or separate encryption keys. Optionally, the encrypted sections may be compressed using a compression algorithm. Several types and variations of encryption and compression may be used within the scope of the present invention.
Typically, key management is provided at the export file level, but that the actual keys are at the “home” of the data (the originating computer). Thus, if patient data from a first computer is exported, the resulting export file has a pointer to the first computer's encryption key. When the receiving program at a second computer attempts to import the contents of the export file, it presents its credentials to the first computer A and asks for the key. Assuming the receiving program has appropriate credentials, the first computer then provides a key to decrypt the data, which is then encrypted with the second computer's encryption key and stored in the second computer's database. Alternatively, key management for export files may be maintained in the decoding library of the medical management software on computer 12, or may be a part or object within the medical management software itself. It is also possible to use other encryption schemes, such as encrypting the patient data with the sending computer's private key and the receiving computer's public key, so that the receiving computer may use the public key of the sending computer with its own private key to decrypt the patient information. Thus, other encryption scheme implementations are also possible.
The creation of an export file is depicted in the flow chart of
Referring to Step 252, a unique entry name is generated for the patient data and the information about the patient is added to the manifest. Then, at Step 254, the unique entry name generated at Step 252 is converted to bytes, the length of the name buffer is written, and the name buffer itself is written. Continuing to Step 256, the patient XML data is then converted into bytes and the size of the data buffer is written. The data buffer is then compressed at Step 258 and encrypted at Step 260. Once the data buffer is compressed and encrypted, Step 260 is performed and the size of the compressed and encrypted data buffer is written. Hash values for the data buffer are then generated and the hash values are written at Step 264. At Step 266, the compressed and encrypted data buffer is written. This process, i.e., the addition of patient XML data, is then repeated for each patient.
Once Steps 252-266 have been performed for each patient, the file is closed. Specifically, at Step 268, the manifest is written. The number of patient entries is then updated in the header at Step 270.
In one embodiment of the invention, the export file is an object that has at least three methods or operations that may be performed. Referring to
Referring to
A third operation involves reading the contents of the export file, which is accomplished by accessing header 204 to locate manifest 202, and accessing the index of manifest 202 to locate the appropriate patient section 206, 208, 210, and using manifest 202 information to decode and verify the contents of the desired patient information 206, 208, 210 so that the patient information is the result of the operation.
While this invention has been described as having a preferred design, the present invention can be further modified within the spirit and scope of this disclosure. This application is therefore intended to cover any variations, uses, or adaptations of the invention using its general principles. Further, this application is intended to cover such departures from the present disclosure as come within known or customary practice in the art to which this invention pertains and which fall within the limits of the appended claims.