The present inventive concepts relate generally to health care systems and services and, more particularly, to controlling access to patient health care information/data.
The Centers for Medicare & Medicaid Services (CMS) recently mandated new rules regarding health information technology interoperability and a patient's right of access to his or her health information/data. The mandate affects the entire healthcare industry, but it may particularly affect the payor market. Payors may be expected to make a patient's health care information/data available to them electronically through a variety of electronic channels, including mobile applications, by allowing for secure access to data through interoperable application protocol interfaces (APIs). While these rules are expected to provide significant benefits to patients by increasing their ability to review and access their health care information/data, payors have the burden to develop systems including APIs to facilitate patient access while still complying with privacy laws and other laws, rules, and/or regulations that govern the handling of patients' health care information/data. Payors must also stay current with these laws, rules, and/or regulations for many different jurisdictions including, for example, federal, state and local governmental jurisdictions.
According to some embodiments of the inventive concept, a method comprises defining a patient information access filter, the patient information access filter comprising a discretionary patient information access filter including first health care information access rules defined by a patient and a non-discretionary patient information access filter including second health care information access rules associated with a governmental administrative authority; receiving information associated with health care services provided to the patient; receiving a request to access a portion of the information from a requesting source; and determining whether to grant the request based on the portion of the information, the requesting source, and the first and second health care information access rules.
In other embodiments, the information associated with the health care services provided to the patient comprises claim information, encounter information, clinical information, pharmacy information, formulary information, and wearable information.
In still other embodiments, the claim information comprises claim information associated with a current payor for the patient and a former payor for the patient.
In still other embodiments, determining whether to grant the request further comprises: determining whether to grant the request based on the portion of the information, an access restriction based on the source of the portion of the information, the requesting source, and the first and second health care information access rules.
In still other embodiments, the method further comprising converting the information associated with the health care services provided to the patient into a format compatible with Fast Healthcare Interoperability Resource (FHIR) protocol.
In still other embodiments, the method further comprises generating the first health care information access rules responsive to input from the patient or an agent of the patient.
In still other embodiments, generating the first health care information access rules comprises: receiving identification of delegate entities from the patient or the agent of the patient; and receiving, for each of the delegate entities, from the patient or the agent of the patient an identification of which elements of the information associated with the health care services provided to the patient the respective one of the delegate entities is permitted to access.
In still other embodiments, generating the first health care information access rules further comprises: receiving from the patient or the agent of the patient input that identifies one of the first health care information access rules as a policy as applying to all sources of the information associated with the health care services provided to the patient of a same information type.
In still other embodiments, the delegate entities comprise a person, a business entity, or an application program executable by a computer processor.
In still other embodiments, the second health care information access rules have priority over the first health care information access rules.
In still other embodiments, the governmental administrative authority comprises a federal government administrative authority and/or a state government administrative authority.
In some embodiments of the inventive concept, a system comprises a processor; and a memory coupled to the processor and comprising computer readable program code embodied in the memory that is executable by the processor to perform operations comprising: defining a patient information access filter, the patient information access filter comprising a discretionary patient information access filter including first health care information access rules defined by a patient and a non-discretionary patient information access filter including second health care information access rules associated with a governmental administrative authority; receiving information associated with health care services provided to the patient; receiving a request to access a portion of the information from a requesting source; and determining whether to grant the request based on the portion of the information, the requesting source, and the first and second health care information access rules.
In further embodiments, the operations further comprise: generating the first health care information access rules responsive to input from the patient or an agent of the patient.
In still further embodiments, generating the first health care information access rules comprises: receiving identification of delegate entities from the patient or the agent of the patient; and receiving, for each of the delegate entities, from the patient or the agent of the patient an identification of which elements of the information associated with the health care services provided to the patient the respective one of the delegate entities is permitted to access.
In still further embodiments, generating the first health care information access rules further comprises: receiving from the patient or the agent of the patient input that identifies one of the first health care information access rules as a policy as applying to all sources of the information associated with the health care services provided to the patient of a same information type. The delegate entities comprise a person, a business entity, or an application program executable by a computer processor.
In still further embodiments, the second health care information access rules have priority over the first health care information access rules. The governmental administrative authority comprises a federal government administrative authority and/or a state government administrative authority.
In some embodiments of the inventive concept, a computer program product comprises a non-transitory computer readable storage medium comprising computer readable program code embodied in the medium that is executable by a processor to perform operations comprising: defining a patient information access filter, the patient information access filter comprising a discretionary patient information access filter including first health care information access rules defined by a patient and a non-discretionary patient information access filter including second health care information access rules associated with a governmental administrative authority; receiving information associated with health care services provided to the patient; receiving a request to access a portion of the information from a requesting source; and determining whether to grant the request based on the portion of the information, the requesting source, and the first and second health care information access rules.
In other embodiments, the operations further comprise: generating the first health care information access rules responsive to input from the patient or an agent of the patient.
In still other embodiments, generating the first health care information access rules comprises: receiving identification of delegate entities from the patient or the agent of the patient; and receiving, for each of the delegate entities, from the patient or the agent of the patient an identification of which elements of the information associated with the health care services provided to the patient the respective one of the delegate entities is permitted to access.
In still other embodiments, generating the first health care information access rules further comprises: receiving from the patient or the agent of the patient input that identifies one of the first health care information access rules as a policy as applying to all sources of the information associated with the health care services provided to the patient of a same information type. The delegate entities comprise a person, a business entity, or an application program executable by a computer processor.
It is noted that aspects described with respect to one embodiment may be incorporated in different embodiments although not specifically described relative thereto. That is, all embodiments and/or features of any embodiments can be combined in any way and/or combination. Moreover, other methods, systems, articles of manufacture, and/or computer program products according to embodiments of the inventive concept will be or become apparent to one with skill in the art upon review of the following drawings and detailed description. It is intended that all such additional systems, methods, articles of manufacture, and/or computer program products be included within this description, be within the scope of the present inventive subject matter, and be protected by the accompanying claims. It is further intended that all embodiments disclosed herein can be implemented separately or combined in any way and/or combination.
Other features of embodiments will be more readily understood from the following detailed description of specific embodiments thereof when read in conjunction with the accompanying drawings, in which:
In the following detailed description, numerous specific details are set forth to provide a thorough understanding of embodiments of the present inventive concept. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details. In some instances, well-known methods, procedures, components, and circuits have not been described in detail so as not to obscure the present inventive concept. It is intended that all embodiments disclosed herein can be implemented separately or combined in any way and/or combination. Aspects described with respect to one embodiment may be incorporated in different embodiments although not specifically described relative thereto. That is, all embodiments and/or features of any embodiments can be combined in any way and/or combination.
As used herein, the term “provider” may mean any person or entity involved in providing health care services to a patient.
Some embodiments of the inventive concept stem from a realization that interoperability mandates in which payors and/or other entities are required to provide patients electronic access to their health care information/data carry with them the additional burden of ensuring that the health care information is handled properly and not disclosed to individuals that are not permitted to access the health care information. Embodiments of the inventive concept may provide a system for providing access to patient health care information that includes both a non-discretionary patient information access filter, which can be used to ensure compliance with mandatory health information access laws, regulations, and/or rules issued by, for example, governmental authorities, and a discretionary patient information access filter, which can be used by a patient to tailor what entities, e.g., family members, health care providers, businesses (e.g., pharmacies), websites, and/or applications (e.g., health/fitness applications) can access specific categories or types of the patient's health care information. Thus, when an entity requests access to a patient's health care information, the system may ensure that the information is not released in violation of any non-discretionary rules based on laws, regulations, and/or rules associated with one or more governmental authorities as well as ensuring that the information is not released to various entities in violation of the patient's preferences.
According to some embodiments, the patient's health care information may come from a variety of sources and may include, but is not limited to, payor claim information, encounter information, clinical information, pharmacy information, formulary information, and/or wearable information. This information may be evaluated to ensure compliance with any data rights management agreements that are in place with the sources of the information. Moreover, to facilitate compliance with interoperability mandates, the health care information may be converted into a format compatible with the Fast Healthcare Interoperability Resource (FHIR) protocol. By using a common format for encoding the health care information, third party developers can develop software to receive and process the health care information on behalf of the user or other entities to whom the user has granted access.
The received health care information may be further processed at block 110 by way of conversion into a format compatible with the FHIR protocol. The FHIR protocol is a standard that describes the data formats, elements/resources, and an application programming interface (API) for exchanging electronic health records and information. Use of a standardized protocol may assist third parties in developing software to process the health care information in response to access requests.
Embodiments of the inventive concept may provide a system for providing access to patient health care information that includes both a non-discretionary patient information access filtering at block 115 and discretionary patient information access or consent filtering at block 120. The non-discretionary patient information access filtering may be used to ensure compliance with mandatory health information access laws, regulations, and/or rules issued by, for example, governmental authorities. The non-discretionary patient information access filtering may provide a hierarchical filtering structure in which the health information access rules may be associated with different administrative authorities having different precedence or priority levels with respect to each other. For example, the different administrative authorities may be different governmental authorities, such as the federal government, state governments, local/municipality governments, etc. The discretionary patient information access or consent filtering may be used by a patient to configure a select group of entities (e.g., family members, third party applications, payor applications, user portal application, etc.) that are allowed access to the patient's health care information including the specific information categories or types of health care information that the entities are allowed to access. The discretionary access rules configured by the patient are subservient to the non-discretionary rules mandated by some administrative authority, such as one or more government entities. Thus, the effect of the non-discretionary filtering of block 115 and the discretionary filtering of block 120 is to create a hierarchy of rules that can ensure compliance with interoperability mandates to allow patients to electronically access their health care information, while ensuring that the access does not violate any laws governing the handling and/or communication of health care information, but providing the patient with flexibility to customize what information is accessible by particular delegated entities. It will be understood that in accordance with various embodiments of the inventive concept, a patient's delegated entities may be the result of a selection by the patient or the operation of law. For example, by operation of law a child's health care information may be accessible by a parent or guardian irrespective of whether the child grants the parent or guardian permission to access the health care information.
Referring to
The interoperability server 205 is configured to receive information associated with health care services provided to a patient. As described above, the information may include, but is not limited to, payor claim information, encounter information, clinical information, pharmacy information, formulary information, and/or wearable information. This information may be stored in a database 230 located, for example, in the cloud to be accessed by the interoperability server 205 over the network 260. The network 260 couples the health care patient information sources and the database 230 containing the patient health care information/data to the interoperability server 205. The network 260 may be a global network, such as the Internet or other publicly accessible network. Various elements of the network 260 may be interconnected by a wide area network, a local area network, an Intranet, and/or other private network, which may not be accessible by the general public. Thus, the communication network 260 may represent a combination of public and private networks or a virtual private network (VPN). The network 260 may be a wireless network, a wireline network, or may be a combination of both wireless and wireline networks.
The network 215 communicatively couples the devices 210a, 210b, 210c, and 210d to the interoperability server 205. The network 215 may comprise one or more local or wireless networks and/or one or more wide area or global networks, such as the Internet to facilitate communication between the interoperability server 205 and the devices 210a, 210b, 210c, and 210d. The devices 210a, 210b, 210c, and 210d may be used by a patient, a patient's agent, and/or delegates of the patient to submit requests to the interoperability server 205 to access the patient's health care information and to receive the patient's health care information in response to these requests.
Although
As illustrated by the tabs, the rule configuration platform may support a hierarchy of non-discretionary rules. The rules emanating from the entity in the hierarchy with the highest priority or greatest authority may serve as a baseline 402. In the example shown, the baseline rules may correspond to laws, regulations and/or rules issued by the federal government. Other entities lower in the hierarchy may also provide rules that may coexist, but may not conflict with the rules associated with the entities higher up in the hierarchy, i.e., having greater priority. In the example shown, additional rules may be supported that are associated with various individual states as represented by tabs 404a, 404b, and 404c. As shown in
As described above, the inbound health care information/data may be processed to ensure compliance with any data rights management agreements that may be governing the use of and/or access to the received health care information. Referring now to
Referring now to
As described above, the discretionary filtering capability may allow a patient the flexibility to customize what entities are able to access the patient's health care information while the non-discretionary filtering capability ensures compliance with all mandatory laws, regulations, and/or rules.
Referring now to
Although
Computer program code for carrying out operations of data processing systems discussed above with respect to
Moreover, the functionality of the interoperability server 205 of
The data processing apparatus described herein with respect to
Some embodiments of the inventive concept may provide a system that supporter interoperability to provide patients and their delegates access to their health care information while ensuring through use of non-discretionary filtering that the health care information is handled in a secure manner that does not violate and laws, regulations, and/or rules governing the handling and/or the communication of the health care information. The non-discretionary rules may be managed through a rule configuration platform that provides for increased accuracy in implementing the rules through automated code generation via the administrative user interface. Moreover, embodiments of the inventive concept may provide discretionary rules that may be configured by a patient to define various delegates and to specify what types of health care information from which information sources that delegates can access. In this way, a patient can control access to what information sources the patient wishes to see including clinical and claims information from current and former providers and payors, for example. The patient may also manage the health care information for the patient's entire family through use of delegates that allow family members to view each other's health care information even through the family members may use different payors and/or see different providers.
In the above-description of various embodiments of the present inventive concept, it is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this inventive concept belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of this specification and the relevant art and will not be interpreted in an idealized or overly formal sense expressly so defined herein.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various aspects of the present inventive concept. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The terminology used herein is for the purpose of describing particular aspects only and is not intended to be limiting of the inventive concept. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items. Like reference numbers signify like elements throughout the description of the figures.
In the above-description of various embodiments of the present inventive concept, aspects of the present inventive concept may be illustrated and described herein in any of a number of patentable classes or contexts including any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof. Accordingly, aspects of the present inventive concept may be implemented entirely hardware, entirely software (including firmware, resident software, micro-code, etc.) or combining software and hardware implementation that may all generally be referred to herein as a “circuit,” “module,” “component,” or “system.” Furthermore, aspects of the present inventive concept may take the form of a computer program product comprising one or more computer readable media having computer readable program code embodied thereon.
Any combination of one or more computer readable media may be used. The computer readable media may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an appropriate optical fiber with a repeater, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The description of the present inventive concept has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the inventive concept in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the inventive concept. The aspects of the inventive concept herein were chosen and described to best explain the principles of the inventive concept and the practical application, and to enable others of ordinary skill in the art to understand the inventive concept with various modifications as are suited to the particular use contemplated.