Patent Application Titled “Method for Securely Storing and Retrieving Medical Data” Published Online (USPTO 20220075903): Patent Application
2022 MAR 30 (NewsRx) -- By a
No assignee for this patent application has been made.
Reporters obtained the following quote from the background information supplied by the inventors: “Increasing amounts of digital data in the healthcare sector open new possibilities but also pose new challenges, in particular with respect to data privacy and data security. Currently, major legal provisions in this respect are, for example, the US-American Health Insurance Portability and Accountability Act (HIPAA) or the European General Data Protection Regulation (GDPR).
“On the other side, it is desired that tenants in the medical domain, such as hospitals or research institutions, are able to provide data push/pull systems or services, in particular with respect to cloud applications. The above mentioned considerations usually have the effect that medical data is either pseudonymized or encrypted even if data is accessed inside a hospital network. This hinders the management of workflows as patient data cannot be re-identified and hence data sets cannot be (re-)associated with a specific patient.
“Another challenge is that the medical data must be stored safely so that regular backups must be made. In principle, cloud storage solutions are well suited for backup applications, as they are usually hosted remotely from tenant premises and are thus not susceptible to the same incidents that may cause data deletion or corruption at the tenant’s premises itself. At the same time, data privacy must be maintained also for the backups. Local backups, i.e. in the (presumably secure) environment of the tenant are possible, although they are not only susceptible to whatever may befall the original data (e.g., natural disasters like flood or fire) but also represent a significant cost factor in hardware and maintenance.”
In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventors’ summary information for this patent application: “According to the foregoing, it is an object of the present invention to provide a method for securely storing medical data, as well as a corresponding system, computer program, data storage medium and data stream.
“This object is solved at least by the features according to the independent claims of the present invention. Additional advantageous features and embodiments are described in the dependent claims and the specification.
“According to a first aspect of the present invention, a computer-implemented method for securely storing medical data, MD, is provided, the method comprising at least steps of:
“
“obtaining, in a secure environment, medical data which include patient property data, PPD, as well as patient identifier data, PID, wherein the patient identifier data, PID, indicate at least one patient to which the patient property data, PPD, correspond;
“generating, in the secure environment, de-identified medical data, DIMD, by replacing the patient identifier data, PID, in the medical data, MD, with non-patient-identifying coded identifiers, NPICI;
“generating, in the secure environment, a re-identifying database, RIDB, indicating correspondences (preferably one-on-one correspondences) between the non-patient-identifying coded identifiers, NPICI, and the patient identifier data, PID;
“generating an encrypted re-identifying database, eRIDB, by applying, in the secure environment, at least one symmetric and/or asymmetric encryption method to the re-identifying database, RIDB;
“storing the encrypted re-identifying database, eRIDB, and the de-identified medical data, DMID, on a cloud storage, CS, outside of the secure environment, SE.
“
“The secure environment, SE, may in particular be an intranet associated with a particular tenant, such as a hospital’s internal network. The secure environment, SE, may also be defined such that for data queries within the secure environment, SE, it is allowed (or even the default) that patent property data, PPD, are displayed together with the patent identifier data, PID. The secure environment, SE, may also be designated as a trusted environment, TE, since it is, in the present context, by definition that this environment is secure. The present disclosure does not pertain to methods for rendering the trusted environment secure. It is instead assumed that all necessary precautions have been taken.
“In the present context, patient identifier data, PID, are data which allow identifying a particular patient, such as data comprising a clear name of the patient, a birthday or age of the patient, the sex of the patient, a social security number of the patient, a healthcare provider ID of the patient, a passport number of the patient and/or the like.
“By contrast, patient property data, PPD, shall be understood in the present context to be data pertaining to particular properties, in particular medical details, of a patient, however, without indicating (or allowing deduction of) the identity of the patient itself. Thus, patient property data, PPD, may comprise such items as blood test results, previous diagnoses, the medical history, currently known medical symptoms and/or conditions, health insurance data, medical images related to the patient (e.g. X-ray images, computed tomography images or magnetic resonance images) and/or the like of the patient or patients. The patient property data, PPD, may also be designated as patient medical records, PMR.
“The medical data preferably comprise patient property data, PPD, for a plurality of patients, wherein the patients to which the respective patient property data, PPD, belong, are identified by the patient identifier data, PID, of the medical data.
“Thus, replacing the patient information data, PID, with the non-patient-identifying coded identifier, NPICI, means that, advantageously, the de-identified medical data, DIMD, can be used for studies, for diagnostic purposes, for the training of artificial intelligence entities, for statistics and so on without any information about to whom the individual patient property data, PPD, belong to. In other words, the identities of the patients are protected while their data may be securely used for research and the like, or for processing outside of the secure environment, SE.
“On the other hand, the existence of the re-identifying database, RIDB, and the one-to-one correspondences between the respective patient identifier data, PID, and the non-patient-identifying coded identifiers, NPICI, guarantees that a person with suitable clearance (e.g. a physician, a hospital administrator etc.) can easily re-identify the de-identified medical data, DIMD, i.e. can re-associate the patient property data, PPD, with each corresponding patient identifier data, PID, or in other words: with each patient.
“In this way, advantageously a full backup of the medical data, MD, is provided by the presence in the cloud storage, CS, of the de-identified medical data, DIMD, and of the encrypted re-identifying database, eRIDB, since with these two pieces together (given the clearance to decrypt the encrypted re-identifying database, eRIDB) the entire medical data, MD, can be restored.
“The de-identified medical data, DIMD, may be stored on the cloud storage, CS, as it is, or it may be stored in an encrypted state, as encrypted de-identified medical data, eDIMD. In the latter case, the same encryption type and/or encryption key or keys as for the encrypted re-identifying database, eRIDB, may be used, or a different encryption type and/or encryption key or keys may be used.
“On the other hand, because of the de-identification, the de-identified medical data DIMD may be stored in the cloud storage, CS, in an unencrypted state (in plain text, designated as pDIMD) so that it can be provided to third parties for further processing, e.g. for the training of artificial intelligence entities (e.g. machine learning, artificial neural networks etc.), or for statistics about characteristics of a certain patient cohort. Of course, access to the cloud storage itself will usually be restricted by password or the like so that only users authorized users may receive the de-identified medical data, DIMD, for example after a payment, in connection to a smart contract and/or the like.
“The re-identifying database, RIDB, will, however, only be stored in its encrypted state (eRIDB) on the cloud storage, CS. The reason is that no entity outside of the secure environment, SE, is supposed to be in possession of both the de-identified medical data, DIMD, and the re-identifying database, RIDB, since this would amount to possession of or access to the complete medical data, MD.
“Advantageously, the present method allows, since the re-identifying database, RIDB, is available within the secure environment, SE, that authorized personnel, authorized applications/software etc. to access the medical data, MD, including the patient identifier data, PID. This greatly facilitates diagnosis, treatment, monitoring and so on of patients on hospital premises (corresponding to the secure environment, SE).
“In some advantageous embodiments, refinements, or variants of embodiments, at least an asymmetric encryption method is applied when generating the encrypted re-identifying database, eRIDB, the asymmetric encryption method being based on a private key, PRK, and a public key, PUK, wherein a public key, PUK, of the asymmetric encryption method is used for the asymmetric encryption and wherein a private key, PRK, for a corresponding decryption remains in the secure environment, SE. The application of different types of encryption increases the difficulty for attempted decryption by unauthorized entities. Preferably, both at least one symmetric and at least one asymmetric encryption method are applied when generating the encrypted re-identifying database, eRIDB.
“In some advantageous embodiments, refinements, or variants of embodiments, the public key, PUK, and/or the private key, PRK, are stored in a domain of the secure environment SE in a respective encrypted state, ePUK/ePRK. Storage in the domain of the secure environment SE may be understood to mean storage within the secure environment, SE, itself, for example on the premises of a hospital which implements the secure environment, SE.
“Storage in the domain of the secure environment SE may also be understood to mean that a person with clearance within the secure environment, SE, such as a hospital administrator or a physician has custody of the encrypted public and/or encrypted private key, ePUK/ePRK (e.g., by having custody of a storage medium storing the encrypted public and/or encrypted private key, ePUK/ePRK). The corresponding encrypted states, ePUK/ePRK may advantageously result from encrypting the public key, PUK, or the private key, PRK, respectively, using an secure-environment-specific token, SEST. In this way, the keys are also protected against unauthorized use within the secure environment, SE, and therefore also against attempts to gain access to the keys by gaining physical access to premises corresponding to, or implementing, the secure environment, SE.
“In some advantageous embodiments, refinements, or variants of embodiments, the secure-environment-specific token, SEST, is based on at least one of:
“
“an identifier token (e.g. a serial number) of the secure environment, SE;
“an identifier token of at least one device in the secure environment, SE (for example a gateway, a medical data source such as a medical imaging scanner);
“an identifier token of at least one software application used within the secure environment, SE (such as an analysis program);
“an RFID code of a dongle owned by an administrator;
“and/or
“a version number of data to be encrypted using the public key, PUK.
“’
There is additional summary information. Please visit full patent to read further.”
The claims supplied by the inventors are:
“1. A computer-implemented method for securely storing medical data comprising at least steps of: obtaining, in a secure environment, medical data which include patient property data as well as patient identifier data wherein the patient identifier data indicate at least one patient to which the patient property data correspond; generating, in the secure environment de-identified medical data by replacing the patient identifier data in the medical data, with non-patient-identifying coded identifiers; generating, in the secure environment, a re-identifying database indicating correspondences between the non-patient-identifying coded identifiers and the patient identifier data; generating an encrypted re-identifying database by applying, in the secure environment, at least one symmetric and/or asymmetric encryption method to the re-identifying database; storing the encrypted re-identifying database and the de-identified medical data on a cloud storage outside of the secure environment.
“2. The method of claim 1, wherein at least an asymmetric encryption method is applied when generating the encrypted re-identifying database, the asymmetric encryption method being based on a private key and a public key wherein a public key of the asymmetric encryption method is used for the asymmetric encryption and wherein a private key for a corresponding decryption remains in the secure environment.
“3. The method of claim 2, wherein the public key and/or the private key are stored in a domain of the secure environment in a respective encrypted state wherein the corresponding encrypted state results from encrypting the public key or the private key respectively, using a secure-environment-specific token.
“4. The method of claim 3, wherein the secure-environment-specific token is based on at least one of: an identifier token of the secure environment; an identifier token of at least one device in the secure environment; an identifier token of at least one software application used within the secure environment and/or a version number of data to be encrypted using the public key.
“5. The method of claim 1, wherein the encrypted re-identifying database is additionally stored in a device in the secure environment.
“6. The method of claim 1, wherein the encrypted re-identifying database is generated as consisting of, or processed to consist of, a plurality of chunks which are stored on the cloud storage.
“7. The method of claim 6, wherein chunks belonging to at least two different versions of the re-identifying database are stored in an encrypted state on the cloud storage; and wherein the method also comprises a step of generating a version correspondence list indicating which chunks belong to which version, whereas the chunks do preferably not contain any plain text information about a version to which they belong.
“8. The method of claim 7, comprising further steps of encrypting the version correspondence list to obtain an encrypted version correspondence list; and of storing the encrypted version correspondence list on the cloud storage.
“9. The method of claim 1, comprising a step of generating encrypted de-identified medical data, wherein storing the de-identified medical data on the cloud storage comprises, or consists of, storing the encrypted de-identified medical data on the cloud storage.
“10. The method of claim 1, comprising a step of retrieving the medical data from the cloud storage comprising: retrieving the de-identified medical data from the cloud storage; retrieving the encrypted re-identifying database from the cloud storage; decrypting, in the secure environment the encrypted re-identifying database in order to obtain the re-identifying database; re-generating the medical data from the de-identified medical data by replacing, or associating, the non-patient-identifying coded identifiers in the de-identified medical data with the corresponding patient identifier data based on the re-identifying database.
“11. The method of claim 1, comprising a step of providing the de-identified medical data from the cloud storage to a processing entity outside of the secure environment.
“12. The method of claim 11, comprising training, by the processing entity, an artificial intelligence entity based on the de-identified medical data.
“13. A gateway for use in a secure environment, comprising: an input module configured to obtain medical data which include patient property data as well as patient identifier data wherein the patient identifier data indicate at least one patient to which the patient property data correspond; a de-identifying module configured to generate de identified medical data by replacing the patient identifier data in the medical data with non-patient-identifying coded identifiers; a database generating module configured to generate a re-identifying database indicating correspondences between the non-patient-identifying coded identifiers and the patent identifier data; an encryption module configured to generate an encrypted re-identifying database by applying at least one symmetric and/or asymmetric encryption method to the re-identifying database; a communication module configured to transmit the encrypted re-identifying database and the de-identified medical data to be stored on a cloud storage outside of the secure environment.
“14. A computer program product comprising executable program instructions configured to, when executed, perform the method according to claim 1.
“15. A non-transitory, computer-readable data storage medium comprising executable program instructions configured to, when executed, perform the method according to claim 1.”
For more information, see this patent application: Amit, Matityahu; Jay, Anthony; Kelm, Michael; Nottebrock, Daniel; Prasad, Srikrishna; Rajamani, Srividya Tirunellai; Rosenbaum, Ute; Sujith, Manuel; Tov, Amatzia. Method for Securely Storing and Retrieving Medical Data. Filed
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Application Titled “Measurement Apparatus” Published Online (USPTO 20220071522): Patent Application
Patent Issued for Systems and methods for blockchain-based payments (USPTO 11270276): State Farm Mutual Automobile Insurance Company
Advisor News
- Supreme Court to look at ERISA rules in upcoming Cornell case
- FPA announces passing of CEO, succession plan
- Study: Do most affluent investors prefer a single financial services provider?
- Why haven’t some friends asked to become clients?
- Is a Roth IRA conversion key to strategic tax planning?
More Advisor NewsAnnuity News
Health/Employee Benefits News
- Bills aim to address prescription drug costs, pharmacy closures by regulating PBMs
- CVS Health to cut another 22 jobs connected to its offices in Hartford
- Illinois has new healthcare laws for 2025
- Findings from Southwestern University of Finance and Economics Update Knowledge of Insurance (Research On Quantitative Evaluation of Medical Insurance Fraud Supervision Policy Based On ‘antecedents-process-outcomes’ Framework): Insurance
- Where DOGE And The Tax Bill Should Intersect – OpEd
More Health/Employee Benefits NewsLife Insurance News
- 2024 Annual Information Form
- 4th Quarter 2024 Results 2024 Management's Discussion and Analysis
- U-Haul Holding Company Reports Third Quarter Fiscal 2025 Financial Results
- U-Haul Holding Company Reports Third Quarter Fiscal 2025 Financial Results
- Globe Life: 2024 data breach far more extensive than initially reported
More Life Insurance News