Patent Issued for Secure content sharing (USPTO 11822677): Imprivata Inc.
2023 DEC 08 (NewsRx) -- By a
The patent’s assignee for patent number 11822677 is
News editors obtained the following quote from the background information supplied by the inventors: “As computer systems become ubiquitous in both the home and industry, the ability for any one individual to access applications and data has increased dramatically. While such ease of access has streamlined many tasks such as paying bills, ordering supplies, and searching for information, it entails a the risk of providing the wrong data or functionality to the wrong person, which can be fatal to an organization. Instances of data breaches at many consumer-product companies and the need to comply with certain statutory measures (e.g., Health Insurance Portability and Accountability Act (HIPAA), Child Online Protection Act (COPA), Sarbanes-Oxley (SOX), etc.) have forced many companies and institutions to implement much stricter system access policies. Healthcare regulations, for example, mandate that “protected health information” (PHI) be accessible only by an authorized caregiver. Proper user authentication is required to access and alter PHI; this not only ensures patient privacy and safety, but also permits changes made to patient records to be audited later. Access restrictions are generally implemented, following user log-in to the system, by controlling access to applications with access to PHI.
“A persistent problem with data management in a healthcare environment is the disparate nature of patient information, which can originate with any of various applications. Clinical decision making may require access to patient data from different sources patient records from the hospital’s main server, radiological information or lab results from other servers or an outside providers, prescription information from a pharmacopoeia, drug interactions from a specialized external resource-each of which may require a separate log-in. This inconvenience can be managed in the first instance using a “single sign-on” system, but sharing diversely sourced information remains cumbersome. A clinician who has retrieved various types of clinical data and wishes to consult remotely with a colleague or specialist has no easy way to provide this information directly. Even if the other clinician has already authenticated herself to the same applications as the referring clinician, she must typically retrieve each type of information separately, There is, at present, no easy way for an authorized user to efficiently generate and send disparately sourced information to another authorized user.”
As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “Embodiments of the present invention facilitate convenient and secure sharing of information among authorized network users in scenarios where data access is restricted. In some embodiments, an authorized user accessing multiple software applications at one workstation may send that information, or a user-selected portion thereof, in aggregate form to another authorized user at a another workstation or mobile phone, using, e.g., a secure messaging service (e.g., a texting service enhanced with image, audio, and video support). For example, at the sender’s workstation, a screen-sharing service may generate a replica of the display contents, optionally including the sender’s annotations, which may then be transmitted to the selected recipient’s device in the form of an image file or video stream (e.g., as an attachment to a text message) and/or blended into the aggregate form as an editable overlay. Similarly, a virtual-printing service may transmit a replica of documents opened in applications on the sender’s workstation to the recipient, either separately for each application or, preferably, within a single message. Data from one or more applications may, alternatively, be exported using an application programming interface (API) or an open network protocol, facilitating a broader range of content formats for the data to be shared. In some embodiments, e.g., in a healthcare context, a “case builder” application allows the workstation user to integrate, organize, and annotate content from disparate sources into one multi-media file.
“To implement any applicable data-access restrictions, the contents transmitted between users may include metadata (e.g., in the form of headers within image files, or as separate files) that identify the sending user, the application from which the information originates, and/or other relevant information (e.g., in a medical context, the patient to which the information pertains). The message containing the screen/document replica or exported-data file may be transmitted via a secure messaging server that, prior to forwarding the message, checks the recipient’s authorization to access all of its contents; the messaging server may, for instance, consult a database storing, for each authorized system user, the applications and type of information (e.g., organized by patients) which that user is permitted to access. The messaging server may also excise any portions that the recipient is not permitted to see. In some embodiments, the replica or exported file is stored in a central repository, and the recipient of the information is provided with a link thereto; again, the recipient’s authorization may be checked prior to facilitating access to the stored data. The metadata associated with the transmitted contents may also be used by the recipient to verify the authenticity and integrity of the received information as well as the audit history of modifications or annotations made to the content. As used herein, the term “metadata” broadly connotes any identifying information associated with the image, text, audio, or other content files shared, regardless of the manner in which this identifying information is formatted, stored, and linked to the content files.
“In various embodiments, the functionality described above is implemented in a server-centric network architecture that includes authentication, desktop/application-hosting, and secure messaging servers in communication with workstations, mobile devices, or other client devices. Via terminal-emulation services executing on the client devices, users may access and interact with applications remotely running on the hosting server. Communications between users may be facilitated by the messaging server. Authentication prior to allowing access to the hosted applications and/or sharing of accessed content with other network users may be handled by the authentication server. As used herein, the term. “server” generally refers to hardware and/or software providing a particular server functionality, irrespective of how this functionality is distributed. Thus, a “server” for a particular functionality may, in fact, include multiple intercommunicating computers and, conversely, a single computer may provide different server functionalities. For example, different applications may be provided on different hosting servers, or the applications running on the hosting server may pull in data from a separate central data repository. Application data may also be pulled from cloud-based content servers and mobile devices directly into a client device. Further, authentication and message-management functionality may be integrated on one server, or distributed between two or more servers in various ways.
“In one aspect, embodiments of the invention provide a method for sharing accessed content between authorized users within a network-managed user group. The method involves, at a first user device, authenticating a first user via communication with an authentication server and providing access to multiple software applications. The first user, using the first user device, then selects a second user within the user group as well as contents from the multiple accessed software applications for transmission to the second user. The selected contents are exported (e.g., by converting at least a portion of the screen display into an image file, virtually printing the contents of selected ones of the applications, or using an application programming interface associated with one of the software applications) and transmitted to a server. The exported contents may be displayable or, in some embodiments, at least a part thereof may be in a format unsuitable for display. They may be static or dynamic, and may, in various embodiments, include a selectable web link, an image sequence displayable as video, and/or audio content. In some embodiments, the exported contents are integrated into a multi-media case file and/or annotated prior to transmission to the server.
“At the server, it is determined whether the second user (i) has access privileges permitting access to at least a portion of the selected contents and (ii) has been authenticated by the authentication server via a second user device, and if so, transmission of only the portion to which the second user has access privileges to the second user device occurs. If the second user has not been authenticated by the authentication server via the second user device, the method may include facilitating authentication of the second user to the authentication server, and upon successful authentication, causing transmission to the second user device of the portion to which the second user has access privileges. In some embodiments, the method further involves redacting the exported contents by excising therefrom, by the server, portions to which the second user does not have access privileges, and thereafter causing transmission of the redacted exported contents.”
The claims supplied by the inventors are:
“1. A method for integrating data from a mobile device connected to a workstation with data from at least one application accessible at the workstation, the method comprising: in response to a logon of a user onto the workstation, obtaining an identity of a mobile device associated with the user and automatically connecting the workstation to the identified mobile device; transmitting an identifier associated with a case file to the mobile device, the case file containing contents from at least one application accessible at the workstation; transmitting data from the mobile device to the workstation, the data being tagged with the identifier; and integrating the data transmitted from the mobile device into the case file.
“2. The method of claim 1, wherein the case file is maintained on the workstation.
“3. The method of claim 1, wherein the case file is associated with a patient of a healthcare facility.
“4. The method of claim 1, wherein the case file is hosted on a server in communication with the workstation over a network.
“5. The method of claim 1, further comprising sending the case file, over a network, to one or more recipients.
“6. The method of claim 5, further comprising storing in a case log information associated with access of the case log by at least one said recipient.
“7. The method of claim 5, further comprising incorporating into the case file content associated with one or more user-input events performed by at least one said recipient.
“8. The method of claim 1, further comprising sending the case file to a messaging server for distribution to one or more recipients.
“9. The method of claim 1, further comprising automatically deleting the data from the mobile device after the data is transmitted to the workstation.
“10. The method of claim 1, wherein at least some of the contents from the at least one application contained in the case file are based on a location of the workstation.
“11. The method of claim 10, further comprising automatically communicating to the mobile device a second identifier associated with the at least some of the contents.
“12. The method of claim 1, wherein at least some of the contents from the at least one application contained in the case file relate to a patient located proximate the workstation.
“13. The method of claim 12, further comprising automatically communicating an identity of the patient to the mobile device.
“14. The method of claim 1, further comprising: receiving, from the user, identities of second and third recipient users; combining portions of the case file to which the access privileges of the second recipient user permit access into a first compilation; combining portions of the case file to which the access privileges of the third recipient user permit access into a second compilation; causing transmission of the first compilation to the second user; and causing transmission of the second compilation to the third user.
“15. The method of claim 14, wherein the second and third recipient users have different access privileges permitting access to contents from the case file.
“16. The method of claim 14, wherein the first and second compilations include different portions of the case file.
“17. The method of claim 1, wherein the data transmitted from the mobile device is integrated into the case file by a case builder application locally hosted on the workstation.
“18. The method of claim 1, wherein the data transmitted from the mobile device is integrated into the case file by a case builder application remotely hosted on a server communicating with the workstation over a network.
“19. The method of claim 1, wherein the transmitted data is automatically tagged with the identifier and transmitted automatically from the mobile device to the workstation, without additional action from the user.
“20. The method of claim 1, wherein all data transmitted from the mobile device to the workstation is automatically tagged with the identifier.”
For additional information on this patent, see: Gage, John. Secure content sharing.
(Our reports deliver fact-based news of research and discoveries from around the world.)
New Risk Management Data Has Been Reported by a Researcher at National Cheng Kung University (The trigger of Ethiopian famine and its impacts from 1950 to 1991): Risk Management
Patent Issued for Resource allocation (USPTO 11823276): Aetna Inc.
Advisor News
- Partner split: Grant Cardone and Gary Brecka swap charges in dueling lawsuits
- 4 things every federal worker should do to safeguard their benefits
- Six steps to turn HNW friends into clients
- The two-bucket investment approach to making money last
- Republicans confront difficult Medicaid choices in search of savings to help pay for tax cuts
More Advisor NewsAnnuity News
Health/Employee Benefits News
- LTCi market maturing as more prospects need it
- Prudential launches OneLeave
- Navigator program winds down – and that’s a good thing
- Senate passes bill capping medical insurance coverage
- Targeted by Trump, Medicaid funding stirs debate as CT changes rules for hospitals
More Health/Employee Benefits NewsLife Insurance News
- Prudential launches OneLeave
- Annual financial and audit reports – JPMORGAN CHASE & CO.
- Conning research: Insurers must be flexible in the 2025
- AM Best Places Credit Ratings of Banner Life Insurance Company and William Penn Life Insurance Company of New York Under Review With Developing Implications
- Best's Review Examines Value in Innovation Culture
More Life Insurance News