Patent Application Titled “Protected Health Information In Distributed Computing Systems” Published Online (USPTO 20200026875)

2020 FEB 07 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Washington, D.C., by NewsRx journalists, a patent application by the inventors LEIBOVICI, Andre (Mountain View, CA); COWAN, Daniel P. (Kansas City, MO), filed on February 13, 2017, was made available online on January 23, 2020.

The assignee for this patent application is Nutanix Inc. (San Jose, California, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “Electronic medical record (EMR) or electronic health record (EHR) systems and applications host and/or access sensitive patient data classified as protected health information (PHI). PHI is any information about health status, provision of health care, or payment for health care that is created or collected by a ‘covered entity’ (e.g., health care provider, health plan, public health authority, employer, life insurer, school or university, etc.) that can be linked to a specific individual. Such covered entities are required to maintain compliance with various privacy laws and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) established in 1996, when managing (e.g., storing, accessing, distributing, etc.) PHI. Procedures and practices for handling of existing and newly created PHI is audited regularly to maintain such compliance. For example, storage of and access to existing PHI pertaining to a given EMR application or applications is audited for compliance. PHI accessed and/or created for ephemeral tasks is also to be compliant. For example, PHI associated with EMR application testing, development and/or training must be compliant with any applicable regulations.

“Many modern EMR applications are implemented in hyperconverged distributed computing systems to take advantage of the efficient and cost-effective scaling of distributed computing resources, distributed data storage resources, distributed networking resources, and/or other resources facilitated by such hyperconverged systems. Hyperconverged distributed computing systems have evolved in such a way that incremental linear scaling can be accomplished in many dimensions.

“The resources in a given distributed system are often grouped into resource subsystems such as clusters, datacenters, or sites. The resource subsystems can be defined by logical and/or physical boundaries. For example, a cluster might comprise a logically bounded set of nodes associated with a department of an enterprise, while a datacenter might be associated with a particular physical geographical location. Modern clusters in hyperconverged distributed computing systems might support over one hundred nodes (or more) that in turn support as many as several thousands (or more) autonomous virtualized entities (VEs). The VEs in hyperconverged distributed computing systems might be virtual machines (VMs) and/or executable containers, in hypervisor-assisted virtualization environments and/or in operating system virtualization environments, respectively. The clusters further comprise multiple tiers of storage in a storage pool for storing various data and metadata, such as data and metadata pertaining to PHI.

“Unfortunately, legacy approaches might create a duplicate copy and/or propagate access through logical unit numbers (LUNs) of a certain set of PHI associated with a particular EMR application to facilitate development or testing of a new version of the application. In this case, the copy and/or the data accessed through the propagated LUN also contains PHI and is subject to compliance with any applicable law or regulation, which might include restrictions as to the physical and/or logical storage location of the copy. For example, such PHI might be restricted to storage facilities or portions of storage facilities (e.g., datastores) deemed HIPAA compliant. Removal of the PHI copy when testing is completed can further be subject to certain mandatory procedures to maintain compliance. Practices of these legacy approaches introduce compliance violation risks that might negatively impact the reputation and/or continued operations of the healthcare providers and/or the IT systems providers. Protection of PHI in compliance with rules and regulations demands technological solutions for managing PHI under a wide range of settings, including in various development and/or testing settings.

“What is needed is a technique or techniques to improve over legacy techniques and/or over other considered approaches. Some of the approaches described in this background section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.”

In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventors’ summary information for this patent application: “The present disclosure provides a detailed description of techniques used in systems, methods, and in computer program products for protected health information in distributed computing systems, which techniques advance the relevant technologies to address technological issues with legacy approaches. More specifically, the present disclosure provides a detailed description of techniques used in systems, methods, and in computer program products for protected health information in distributed computing systems. Certain embodiments are directed to technological solutions for generating an ephemeral datastore and a clone of the metadata associated with a protected health information (PHI) source datastore to facilitate performance of tasks pertaining to the PHI.

“The disclosed embodiments modify and improve over legacy approaches. In particular, the herein-disclosed techniques provide technical solutions that address the technical problems attendant to maintaining regulatory compliance of protected health information accessed for specialized tasks (e.g., training tasks, development tasks, etc.) in a hyperconverged distributed computing system. Various applications of the herein-disclosed improvements in computer functionality serve to reduce the demand for computer memory, reduce the demand for computer processing power, reduce network bandwidth use, and reduce the demand for inter-component communication, all while still protecting patient health information.

“Further details of aspects, objectives, and advantages of the technological embodiments are described herein and in the drawings and claims.”

The claims supplied by the inventors are:

“1. A method, comprising: receiving a task for managing access to protected health information (PHI) that only allows read-only access, wherein the PHI is stored in a source datastore and is logically represented by metadata stored in and accessible by a hyperconverged system, and the task includes a read-only operation and a write operation that modifies the PHI; and executing the task to manage the access to the PHI at least by: cloning the metadata into cloned metadata accessible by the hyperconverged system; executing the write operation that modifies the PHI into modified PHI, with no modification to the PHI in the source datastore, at least by referencing the cloned metadata and by storing the modified PHI in an ephemeral datastore in the hyperconverged system; and executing the read-only operation to read the PHI from the source data store at least by referencing the metadata.

“2. The method of claim 1, wherein at least one of the cloned metadata or the ephemeral datastore is constructed based at least in part on a protection domain rule.

“3. The method of claim 2, wherein the protection domain rule corresponds to a protection domain comprising the protected health information, and resources not included in the protection domain are not permitted to perform operations related to the PHI.

“4. The method of claim 3, wherein the protection domain further comprises a node, a virtualized entity, a datastore, or a software application.

“5. The method of claim 1, further comprising scheduling a task of generating the cloned metadata or a task of generating the ephemeral datastore that is not saved to a persistent storage location.

“6. The method of claim 1, further comprising modifying, responsive to the write operation, the cloned metadata to point to a location in the ephemeral datastore storing the modified PHI in the hyperconverged system.

“7. The method of claim 1, further comprising deleting the cloned metadata from the hyperconverged system.

“8. The method of claim 1, further comprising deleting the ephemeral datastore from the hyperconverged system.

“9. The method of claim 1, wherein the task comprises an application development task, an application testing task, or an application training task.

“10. The method of claim 1, wherein the metadata or the cloned metadata comprise a logical file comprising a virtual disk, or a block map that maps a data block of the logical file to a physical data block in the source datastore.

“11. A non-transitory computer readable medium having stored thereon a sequence of instructions which, when stored in memory and executed by a processor, causes the processor to perform a set of acts, the set of acts comprising: receiving a task for managing access to protected health information (PHI) that only allows read-only access, wherein the PHI is stored in a source datastore and is logically represented by metadata stored in and accessible by a hyperconverged system, and the task includes a read-only operation and a write operation that modifies the PHI; and executing the task to manage the access to the PHI at least by: cloning the metadata into cloned metadata accessible by the hyperconverged system; executing the write operation that modifies the PHI into modified PHI, with no modification to the PHI in the source datastore, at least by referencing the cloned metadata and by storing the modified PHI in an ephemeral datastore in the hyperconverged system; and executing the read-only operation to read the PHI from the source data store at least by referencing the metadata.

“12. The non-transitory computer readable medium of claim 11, wherein the cloned metadata or the ephemeral datastore is constructed based at least in part a protection domain rule.

“13. The non-transitory computer readable medium of claim 12, wherein the protection domain rule corresponds to a protection domain comprising the protected health information.

“14. The non-transitory computer readable medium of claim 13, wherein the protection domain further comprises a node, a virtualized entity, a datastore, or a software application.

“15. The non-transitory computer readable medium of claim 11, the set of acts further comprising scheduling a task of generating the cloned metadata or a task of generating the ephemeral datastore that is not saved to a persistent storage location.

“16. The non-transitory computer readable medium of claim 11, further comprising instructions which, when stored in the memory and executed by the processor, causes the processor to perform acts of modifying, responsive to the write operation, the cloned metadata to point to a location in the ephemeral datastore storing the modified PHI in the hyperconverged system.

“17. The non-transitory computer readable medium of claim 11, further comprising instructions which, when stored in the memory and executed by the processor, causes the processor to delete the cloned metadata from the hyperconverged system.

“18. The non-transitory computer readable medium of claim 11, further comprising instructions which, when stored in the memory and executed by the processor, causes the processor to delete the ephemeral datastore from the hyperconverged system.

“19. A system for performing one or more tasks associated with a set of protected healthcare information in a distributed computing system, the system comprising: a storage medium having stored thereon a sequence of instructions; and one or more processors that execute the instructions to cause the one or more processors to perform a set of acts, the set of acts comprising, receiving a task for managing access to protected health information (PHI) that only allows read-only access, wherein the PHI is stored in a source datastore and is logically represented by metadata stored in and accessible by a hyperconverged system, and the task includes a read-only operation and a write operation that modifies the PHI; and executing the task to manage the access to the PHI at least by: cloning the metadata into cloned metadata accessible by the hyperconverged system; executing the write operation that modifies the PHI into modified PHI, with no modification to the PHI in the source datastore, at least by referencing the cloned metadata and by storing the modified PHI in an ephemeral datastore in the hyperconverged system; executing the read-only operation to read the PHI from the source data store at least by referencing the metadata.

“20. The system of claim 19, wherein at least one of the cloned metadata or the ephemeral datastore is constructed based at least in part on a protection domain rule.”

For more information, see this patent application: LEIBOVICI, Andre; COWAN, Daniel P. Protected Health Information In Distributed Computing Systems. Filed February 13, 2017 and posted January 23, 2020. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220200026875%22.PGNR.&OS=DN/20200026875&RS=DN/20200026875

(Our reports deliver fact-based news of research and discoveries from around the world.)