Patent Issued for Automated consent management systems and methods for using same (USPTO 11587098): Rhinogram Inc.
2023 MAR 15 (NewsRx) -- By a
The patent’s inventors are Dressler, Keith (
This patent was filed on
From the background information supplied by the inventors, news correspondents obtained the following quote: “In 1991,
“According to the TCPA, and related
“In 1996,
“In view of the foregoing, when a health care provider wants to exchange text messages with a patient, the health care provider first must obtain the patient’s consent to send text messages as required by the TCPA. The health care provider also must give the patient an option to subsequently opt-out of text-message communications and, if they choose to opt out, the provider cannot send them any more text messages. Appointment reminders are exempt from opt-in consent, but not opt-out.
“In addition to receiving the patient’s TCPA consent to receive text messages, the health care provider also needs to obtain a separate prior written consent from the patient, as required by HIPAA, to begin exchanging ePHI with the patient using text messages. Further still, the health care provider may need separate additional consents from the patient for communicating payment, billing, survey, advertising, marketing, etc. information via text messages. In some cases, user consents also may be required to comply with the European Union’s General Data Protection Regulation (GDPR) data protection requirements.
“In this example, the health care provider desiring to communicate with its patients using text messages may need to acquire and manage a large number of user consents, e.g., separate types of consents (e.g., TCPA, HIPAA, etc.) per patient for many different patients. If the health care provider further wishes to create multiple “campaigns” in which it sends text messages and/or other types of messages (such as email) in each campaign for a common purpose, such as a first campaign to distribute patient invoices and a second campaign to confirm patient appointment times, the health care provider may need to manage an even greater number of user consents.
“Consent management therefore can be a very complicated and burdensome process, typically managed manually through data entry. For example, each user consent is conventionally entered manually as a binary value (e.g., “yes” or “no” consent). Frequent changes and updates to the various user consents, however, can quickly become an unwieldy process that is prone to error. The opportunities for data-entry error further increase with the number of concurrent campaigns and participating users. In this context, a “user” is any person or group of people that must provide its consent to another entity before that other entity may create, send, receive, and/or store information of the user in compliance with one or more statutes, rules, policies, and/or regulations (regardless how defined or by whom). The user consent may be required based on governmental laws, rules, or regulations, but need not be. For example, one or more user consents may be required to comply with a company’s policies or with certain contractual terms or conditions. As used herein, a “user consent” is an indication of a user’s permission or authorization to allow another entity to perform an associated action.
“Failures to obtain the required user consents under the TCPA and HIPAA can result in severe financial penalties. For example, TCPA violations are enforced by the FCC, which may levy up to more than
“There is a current need for a more efficient way for an organization, such as a health care provider, business, governmental agency, or other entity, to manage large numbers of user consents, subject to compliance with various statutes, rules, and regulations, for use in one or more campaigns.”
Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “The present invention overcomes the disadvantages of the prior art by providing improved systems and methods for managing user consents. Unlike conventional systems, the disclosed embodiments can be used to automate the acquisition and management of user consents for one or more campaigns, thus reducing the possibility of unintended violations of consent requirements in statutes, rules, and regulations as compared with existing systems.
“In accordance with the disclosed embodiments, a user consent may be associated with one of at least three possible values comprising: a first value indicating that the user has not yet responded with a grant or denial of consent; a second value indicating that the user has granted consent; and a third value indicating that the user has denied consent. In some embodiments, the third value also may indicate that the user has revoked a previously-granted consent. The automated consent management system may be configured to filter those user consents that are assigned to the first value and send requests for user consents to the users associated with the filtered user consents. In some embodiments, the user consent values may be filtered and their appropriate users contacted periodically, at predetermined times, or asynchronously, such as at the start of a new campaign or upon occurrence of one or more predetermined events.
“For example, a health care provider may need to obtain a patient’s consent pursuant to the TCPA before it can communicate with the patient using text messages. The health care provider may associate a TCPA consent value with the patient, where the patient’s TCPA consent value is initially assigned a first (default) value indicating that the patient has not granted or denied consent for communicating via text messages. If the patient is associated with this first TCPA consent value, then the health care provider may send the patient a request for consent to exchange text messages. If the patient responds affirmatively, then the health care provider may change the patient’s associated TCPA consent value to a second value indicating that consent has been granted; if the patient denies the requested consent, then the patient’s TCPA consent value may be assigned a third value indicating that the patient may not be contacted using text messages. If, however, the patient in this example fails to respond, then the health care provider may keep the patient’s TCPA consent value equal to the first value.
“While the example above refers to a health care provider seeking a patient’s TCPA consent, the present invention is not limited to any particular types of organizations, consents, or users. That is, the consent management systems and methods of the present invention advantageously may be used by any entities, whether health care providers, businesses, enterprises, governmental agencies, non-profits, or any other entities that manage consents for one or more users.
“In some embodiments of the invention, the consent management systems and methods may manage multiple different types of consents for one or more users. Referring again to the example above, a patient may be associated with separate TCPA and HIPAA consent values and/or possibly other consent values, for example, for communicating billing, payment, ePHI, marketing, etc. information to the patient. In the disclosed embodiments where a single user is associated with multiple different types of consents, each consent value may be assigned a respective one of the above-described first, second, or third consent values.”
The claims supplied by the inventors are:
“1. A method for providing automated management of user consents when one or more user consents are required to communicate with users during first and second campaigns in which messages are sent to a plurality of users for different purposes associated with each campaign, wherein the method is performed by a consent management server in communication with the plurality of users over a network, the server comprising one or more physical processors whereby a campaign manager executing on the one or more physical processors initiates and manages each of the first and second campaigns and a consent manager executing on the one or more physical processors interacts with the campaign manager to provide the automated management of user consents during each campaign, the method comprising: (a) receiving, by the consent manager, an indication from the campaign manager that the first campaign has been initiated by the campaign manager; (b) accessing, by the consent manager, a first user record from a set of user records stored in a physical memory of the consent management server, each user record in the set of user records comprising a plurality of user consent values for a user associated with the user record, wherein the consent manager is configured to access the same set of user records in the physical memory of the consent management server to identify one or more user consent values for each of the first and second campaigns, wherein each user consent value is assigned one of a first value indicating that the user has not granted or denied consent, a second value indicating that the user has granted consent, or a third value indicating that the user has denied consent, and wherein the first user record comprises an identification of a connected party to the user associated with the first user record and further comprises a first connected-party consent value for the connected party; © determining, by the consent manager, if the first value has been assigned to a first type of user consent in the accessed user record; (d) sending, in response to determining that the first value has been assigned to the first type of user consent, a first message from the consent management server over the network to the user to request the user’s consent for the first type of user consent; (e) receiving at the consent management server a response from the user over the network, the response indicating that the user either grants or denies consent for the first type of user consent; (f) changing, by the consent manager, the first value assigned to the first type of user consent in the accessed user record to either (i) the second value if the received response indicates that the user has granted consent or (ii) the third value if the received response indicates that the user has denied consent; (g) sending, from the consent management server to the user over the network during the first campaign, a second message containing information corresponding to the first type of user consent if the user consent value for the first type of user consent in the accessed user record is assigned to the second value; (h) accessing, by the consent manager, a second user record corresponding to the connected party identification in the first user record from the set of user records, the second user record comprising a second connected-party consent value for the connected party; (i) sending, from the consent management server to the connected party over the network, the second message if the first connected-party consent value is assigned to the second value and the second connected-party consent value is assigned to the second value; (j) receiving, by the consent manager, an indication from the campaign manager that the second campaign has been initiated by the campaign manager; (k) accessing, by the consent manager, the same user record associated with the user that the consent manager previously accessed for the user in connection with the first campaign; and (l) sending, from the consent management server to the user over the network during the second campaign, a third message containing information corresponding to a second type of user consent if the user consent value for the second type of user consent in the accessed user record is assigned to the second value.
“2. The method of claim 1, further comprising graphically representing each of the first value, the second value, and the third value using different colored icons on a display of the consent management server.
“3. The method of claim 1, wherein the first type of user consent corresponds to a user consent required to comply with at least one of the Telephone Consumer Protection Act (TCPA), Health Insurance Portability and Accountability Act (HIPAA), or General Data Protection Regulation (GDPR).
“4. The method of claim 1, wherein the user consent value for the first type of user consent stored in each user record is initially assigned to the first value.
“5. The method of claim 1, further comprising: repeating steps (b) through (g) for each user record in the set of user records.
“6. The method of claim 1, wherein the second message is a text message.
“7. The method of claim 1, wherein the first connected-party consent value indicates that the user has provided consent to communicate the information in the second message to the connected party.
“8. The method of claim 1, wherein at least one of the first or second campaigns is used to communicate billing information to the plurality of users.
“9. The method of claim 1, wherein the method is performed at a start of the first campaign.”
There are additional claims. Please visit full patent to read further.
For the URL and additional information on this patent, see: Dressler, Keith. Automated consent management systems and methods for using same.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for Assisting researchers to identify opportunities for new sub-studies in digital health research and decentralized clinical trials (USPTO 11586524): VigNet Incorporated
āCohort Based Resiliency Modelingā in Patent Application Approval Process (USPTO 20230056422): Patent Application
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News