Patent Application Titled “System And Method For Transferring Data” Published Online (USPTO 20230274236): Mend VIP Inc.
2023 SEP 19 (NewsRx) -- By a
The assignee for this patent application is
Reporters obtained the following quote from the background information supplied by the inventors: “The health care system needs to collect information from patients, providers, and others in order to function. This information is frequently of a sensitive nature, so sufficient security precautions must be taken to safeguard the information and comply with government regulations. For example, such systems must comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as well as the Health Information Technology for Economic and Clinical Health Act, enacted under Title XIII of the American Recovery and Reinvestment Act of 2009 (“HITECH”).
“However, security often must be balanced against accessibility. Very secure processes for collecting healthcare information may be inconvenient to patients or caregivers, and sufficiently onerous processes might be an obstacle to actually collecting healthcare information. Alternatively, such processes might be bypassed or worked around if the capability exists to do so, negating much of their security value.”
In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventors’ summary information for this patent application: “An efficient and secure process by which users may enter sensitive information into an electronic information system may be provided. When information is required from a user, the electronic information system may be configured to generate a unique access link (uniform resource locator, or URL) for that user. The link may be sent to the user via electronic communication, such as a text message or email. When the user follows the link with a web browser, the system prompts the user to enter an additional piece of personal information that is not known to the general public. (Certain examples of this additional piece of information may include, for example, a video connection in which the user’s physical appearance may be verified or an audio connection in which a voice recognition system may verify the user’s voice, or alternatively may include a medical history, a clinical assessment, a survey, a photo, a PDF document or any other electronic document, payment information such as credit card information, or any other information or agreements such as may be desired. According to some exemplary embodiments, a portion of a document or piece of information, such as a portion of a medical history or even a single line item in the medical history, or a combination of documents or pieces of information - or a combination of portions-may be used instead.) Once identity is verified, the user may be required to electronically sign agreements. The user is then prompted to enter the required information.
“Such a system may, by design, permit a user to enter information without requiring the user to enter a username and password. If the user accesses the system in such a manner, without entering a username and password, the user may be given access in a “no-login” state.
“In the “no-login” state, the user may not have access to any protected health information. This means that the user may not be provided with any information by following the unique link. (However, in an exemplary embodiment, the user may thereafter be able to provide a username and password, or other information, to gain access to a “login” state.)
“In the “no-login” state, the user may be able to push data into the system. However, as discussed, the user may be “firewalled” from doing anything else. This may be analogized to a bank deposit, wherein a user may be able to deposit funds in the bank account of another (or a bank account for which they have not provided appropriate credentials) but may be firewalled from withdrawing money from the account or otherwise accessing its funds.
“In an exemplary embodiment, such a process for collecting electronic protected health information without a login may comply with security recommendations regarding two-factor authentication. Although a login and password may not be required to deposit information, a sufficient level of security may be achieved because two factors are required to submit information: something the user has (the unique link) and something the user knows (personally identifying information).
“In an exemplary embodiment, the system may be configured to comply with HIPAA/HITECH regulations because it does not expose protected health information (PHI) of any kind. The user may opt to submit the requested information, and it may be entered without requiring all of the information stored for the user to be exposed.
“According to an exemplary embodiment, a system for providing an efficient and secure interface for transferring protected electronic information may be configured to perform the following steps. First, the system may generate and send, from a server, to a user address, a unique access link, the unique access link comprising a uniform resource locator (URL) directed to a transfer login page, the transfer login page being a web page permitting uploading of protected electronic information and denying access to protected electronic information. (In an exemplary embodiment, the user may have already created a user account prior to this stage.) The system may then receive a request, from a user device, to access the transfer login page, and obtain, from the user device, a personal identifier. This personal identifier may be, for example, a record of the user (such as, for example, a date of birth of the user), some physical attribute of the user (such as a user’s personal photograph), or some other record such as may be desired. The system may then verify the personal identifier, and, when the personal identifier is verified, grant the user device access to the transfer login page.
“The system may also provide a full login page separate from the transfer login page, wherein the full login page is a web page permitting uploading of protected electronic information and permitting access to protected electronic information. At this point, the system may receive a request, from the user device, to access the full login page, and obtain, from the user device, user login credentials distinct from the personal identifier, such as password information. These user login credentials may then be verified, and, when the login credentials are verified, the system may grant the user device access to the full login page.
“In an exemplary embodiment, an access link may be provided to the full login page on the transfer page. This may be, for example, a password entry field where the user can provide their full credentials.
“In an exemplary embodiment, the system may include a secure application (such as a secure application running on a mobile device of the user) which may be used to verify the existence of one or more records or other subjects of photography. For example, according to an exemplary embodiment, a user may need to take a photo of themselves with the secure application, or a photo of some record. Alternatively, the personal identifier can be any other record or identifying information such as may be desired.
“In some exemplary embodiments, it may be verified that the user is one that has consented to use the service, or it may otherwise be requested that the user sign one or more agreements before using the service. In such embodiments, an electronic signature may be collected from the user.
“In some exemplary embodiments, the system may be used to establish at least one of a real-time audio or video connection.
“In some exemplary embodiments, the system may instead be implemented on a kiosk. In such embodiments, it may be desired to have the user input other information (such as a separate password or PIN) in lieu of having the user select a unique link. In an exemplary embodiment, a kiosk may also be used to take audio or video data, such as a photograph if desired. In some embodiments, an administrator may monitor the user’s activity on the kiosk, and may be able to cut off the user’s access; in other embodiments, the user’s access may be terminated after a certain time period or after the user has been inactive for some time.”
The claims supplied by the inventors are:
“1. A method for providing an efficient and secure interface for transferring electronic information, comprising: transmitting a unique access link to a user device or kiosk, the unique access link being directed to the transfer page; requiring entry of a personal identifier when the unique access link is accessed; verifying the personal identifier by comparing the personal identifier with a previously stored set of personally identifiable information; when the personal identifier is verified, granting the user device or kiosk access to transfer electronic information; and wherein the transfer page is a no-login page using identity verification for access.
“2. The method of claim 1, wherein the transfer of electronic information comprises at least one of uploading or downloading files, entering or reading text, submitting intake forms, and connecting to live video or audio conferencing.
“3. The method of claim 1, wherein the unique access link is sent by one or more of email, SMS, or push notification.
“4. The method of claim 1, wherein identity verification requires data captured in real-time by a user device or kiosk.
“5. The method of claim 1, wherein the personal identifier is collected during account creation.
“6. The method of claim 1, wherein the personal identifier is a date of birth.
“7. The method of claim 1, wherein the transfer page supports at least one of uploading of electronic information, submission of intake forms, and live video or audio conferencing.
“8. A system for providing an efficient and secure interface for transferring electronic information, the system comprising a server device and a network connection, the server device being configured to execute steps comprising: transmitting a unique access link to a user device or kiosk, the unique access link being directed to the transfer page; requiring entry of a personal identifier when the unique access link is accessed; verifying the personal identifier by comparing the personal identifier with a previously stored set of personally identifiable information; when the personal identifier is verified, granting the user device or kiosk access to transfer electronic information; and wherein the transfer page is a no-login page using identity verification for access.
“9. The system of claim 8, wherein the transfer of electronic information comprises at least one of uploading files, downloading files, entering or reading text, submitting intake forms, and connecting to live video or audio conferencing.
“10. The method of claim 8, wherein the unique access link is sent by one or more of email, SMS, or push notification.
“11. The system of claim 8, wherein identity verification requires data captured in real-time by a user device or kiosk.
“12. The system of claim 8, wherein the personal identifier is collected during account creation.
“13. The system of claim 8, wherein the personal identifier is a date of birth.
“14. The system of claim 8, wherein the transfer page supports at least one of uploading electronic information, submission of intake forms, and live video or audio conferencing.
“15. A non-transitory computer readable medium having stored thereon software instructions that, when executed by a processor, cause the processor to: open a unique access link directed to a page, wherein the page supports at least one of transfer of electronic information, submission of intake forms, and live video or audio conferencing; request access to the page using a personal identifier; upon verification of the personal identifier, access the page; wherein the page is a no-login page using identity verification for access.
“16. The non-transitory computer readable medium of claim 15, wherein the unique access link expires after a predetermined time interval or after being followed a predetermined number of times.
“17. The non-transitory computer readable medium of claim 15, further comprising capturing real time data using a camera, audio recording device, or graphical user interface for identity verification and sending the real time data to a server for verification.
“18. The non-transitory computer readable medium of claim 15, wherein the personal identifier is collected during account creation.
“19. The non-transitory computer readable medium of claim 15, wherein the personal identifier is a date of birth.
“20. The non-transitory computer readable medium of claim 18, wherein the unique access link is received by one or more of email, SMS, or push notification.”
For more information, see this patent application: DECURNOU, Alexander; HOFFMAN, Jessica; LASSITER,
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Application Titled “Systems And Methods For Light Detection And Ranging (Lidar) Based Generation Of A Homeowners Insurance Quote” Published Online (USPTO 20230274367): Patent Application
Warner, Kaine & Colleagues Urge Biden Administration to Strengthen Protections Against "Junk" Insurance Plans
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News