“Personal Health Record System and Method using Patient Right of Access” in Patent Application Approval Process (USPTO 20220245270): Patent Application

2022 AUG 18 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors De Araujo, Pablo Maceiras (Montevideo, UY); Ierardi, Peter (Amherst, NH, US); Tannenbaum, Richard S. (New York, NY, US), filed on February 1, 2022, was made available online on August 4, 2022, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application has not been assigned to a company or institution.

The following quote was obtained by the news editors from the background information supplied by the inventors: “Under the provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), and the Federal Trade Commission (FTC), health information, with few exceptions, can only be shared with express permission, advance consent, and authorization of the patient. Thus, patients, providers, payers, and researchers (PPPRs) have struggled to access clinical data for purposes of maintaining a personal health record (PHR), administering treatment, analyzing insurance claims, and aggregating patient data for clinical study respectively.

“Current electronic medical records (EMR) systems, PHRs, and health information exchanges (HIEs) suffer from legal restrictions in storing and transmitting health information, and from liabilities associated with improper disclosures of protected healthcare information. PPPRs therefore face restrictions that limit cloud-based electronic data exchange and storage of HIPAA and HITECH regulated health information, contributing to increases in preventable patient injuries and deaths, increases in the cost of medical insurance, and reductions in speed of innovation in various medical areas.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “Current methods for extraction, transformation, and loading (ETL) of patient information rely heavily on manual processes of clinical staff and patients, who must interact with a system of record in order to manage and update medical information. Other electronic query systems require a provider’s authorization and are only able to send structured and unstructured data between facilities that have sophisticated and/or identical versions of EMR software. This data query method does not produce the proper consent from the patient for the medical record, other than for treatment purposes, therefore limiting usefulness of the medical data for other purposes.

“The present disclosure relates to a cloud-based PHR and patient relationship manager (PRM) system. The claimed methods and systems simplify processes of digitally identifying, granting, querying, extracting, and transforming a PHR, which would otherwise cost a patient a significant amount of time or money to hire a third-party PHR service.

“In an example embodiment, a method of managing access to patient healthcare data includes configuring a processor to register a patient for access to an HIE system. The processor is further configured to provide login credentials to the patient. The processor is further configured to grant the patient access to the HIE system on an identity server by validating login credentials submitted by the patient against the provided login credentials. The processor is further configured to end the method or to allow the patient another login attempt if the login attempt fails. The processor is further configured to obtain, from the patient, information pertaining to the patient including an identity of the patient.

“To continue with respect to the aforementioned example embodiment, the processor is further configured to validate the received identity of the patient. In some embodiments, the identity of the patient is obtained via one or more identity documents. In these embodiments, the processor is configured to validate the obtained identity documents by interfacing with an external API. Such an external API may be hosted in an official capacity by an office with a recognized authority to maintain records identifying the patient, such as by a government office. In these embodiments, the processor is configured to interface with the API via a secure connection to affirm information presented within the obtained identity documents. Such affirming may include determining if the information is true and up to date. Such interfacing may include transferring of information, wherein the information is encoded for increased security, in order to protect the patient’s privacy. In the example embodiment, the processor is further configured to end the method if the patient identity is found to be invalid.

“To continue, in the example embodiment, the processor is further configured to generate a right of access form and provide the right of access form to the patient. The processor is further configured to obtain an acceptance of the right of access form from the patient. Such acceptance may be represented by a signed or otherwise executed instance of the right of access form, or may be represented via an electronic signature or other electronic indication of agreement. The processor is further configured to store the right of access form in a memory device of at least one of the identity server and a user health database server. A right of access form may be understood as a document allowing an individual, who is a subject of protected health information (PHI), to invoke rights granted in 45 C.F.R. 164.524, Access of individuals to protected health information. The right of access form may be a digital document. The processor is further configured to receive a query for healthcare data pertaining to the patient from a querying entity. A query for healthcare data may herein be referred to interchangeably as a request for healthcare data. The processor is further configured to relay the query for healthcare data toward a possessing entity. The processor is further configured to obtain the healthcare data, or an indication of an error, from the possessing entity through the HIE system. The processor is further configured to relay the obtained healthcare data, or the indication of an error, to the querying entity. The processor is further configured to create or augment a PHR by storing the obtained healthcare data in a memory device of at least one of the identity server and the user health database server.

“In some embodiments, a processor may be configured to establish, on the identity server, an account profile for the patient. The processor may be further configured to populate the account profile with initial profile information of the patient obtained by at least one of (i) receiving the initial profile information through a web-based server website or (ii) by executing calls for the initial profile information to an application programming interface (API). The processor may be further configured to provide a verification code to the patient to verify a piece of contact information of the initial profile information, receive a return verification code from the patient, and complete registering the patient for access if a match between the provided and received verification codes is detected upon comparison of the provided and received verification codes. If a match between the provided and received verification codes is not detected, the processor may be configured to end the method.

“In some embodiments, login credentials include a validation code, a username, a password, and/or a two-factor authentication credential. Information pertaining to the patient may include identity documents or information therefrom, an insurance card or information therefrom, and a name of a medical provider. The medical provider may be a primary-care physician or a specialist. Validating the identity of the patient may further include accepting at least one of a government issued photographic identification, a photograph of the patient’s face, and an insurance card. The processor may be further configured to capture an image of a patient’s face with an imaging device, and to reconcile the captured image with a previously accepted photograph of the patient’s face.

“In some embodiments, obtaining the healthcare data includes accessing a record locator service (RLS) database; searching the RLS database, based on proximity to an address represented by address information pertaining to the patient, for providers associated with the patient; and identifying at least one provider, based on the searching, from which to obtain healthcare data pertaining to the patient.

“In some embodiments, the healthcare data pertaining to the patient includes past insurance claim data or a name of a medical provider obtained therefrom, and past data from an EOB form or a name of a medical provider obtained therefrom. The obtained healthcare data, as insurance data, may be stored on at least one of the identity server, the user health database server, and combinations thereof. The querying entity may be a patient, a medical provider, or a medical researcher.

“In some embodiments, the querying entity may be a patient, a medical provider, or a medical researcher. The processor may be further configured to establish a telemedicine session between the patient and the querying entity by confirming possession of the right of access form accepted by the patient and stored in a memory device of at least one of the identity server and the user health database server, and by obtaining informed consent from the patient prior to establishing the telemedicine session.

“In some embodiments, the querying entity may be a medical researcher. The processor may be further configured to confirm possession of the right of access form accepted by the patient and stored in the memory device, and to obtain informed consent from the patient. The processor may be further configured to anonymize the obtained healthcare data of the patient and to include the anonymized healthcare data of the patient in a pool of healthcare data of multiple patients.

“In some embodiments the processor may be configured to automatically cause the HIE to receive a query from itself for healthcare data pertaining to a patient, instead of receiving such a query from an external querying entity. The HIE may be thought of as the querying entity in these embodiments. The processor may be further configured to automatically relay the query for healthcare data from the HIE toward a possessing entity. The HIE may act as a querying entity, for example, during initial setup and onboarding of a patient profile, when it may be desirable to automatically acquire any available healthcare data for the patient from any connected possessing entity. The processor may be further configured to automatically update the PHR by periodically querying possessing entities via the HIE on behalf of the patient.”

There is additional summary information. Please visit full patent to read further.”

The claims supplied by the inventors are:

“1. A processor-implemented method of managing access to patient healthcare data comprising: registering a patient for access to a health information exchange (HIE) system; providing login credentials to the patient; granting the patient access to the HIE system on an identity server by validating login credentials submitted by the patient against the provided login credentials; obtaining, from the patient, information pertaining to the patient including an identity of the patient; validating the received identity of the patient; generating a right of access form and providing the right of access form to the patient; obtaining an acceptance of a right of access form from the patient; storing the right of access form in a memory device of at least one of the identity server and a user health database server; receiving a query for healthcare data pertaining to the patient from a querying entity; relaying a query for healthcare data toward a possessing entity; obtaining the healthcare data, or an indication of an error, from the possessing entity through the HIE system; relaying the obtained healthcare data, or the indication of an error, to the querying entity; and creating or augmenting a personal health record (PHR) by storing the obtained healthcare data in a memory device of at least one of the identity server and the user health database server.

“2. The method of claim 1 wherein registering a patient includes: establishing, on the identity server, an account profile for the patient; populating the account profile with initial profile information of the patient obtained by at least one of (i) receiving the initial profile information through a web-based server website or (ii) by executing calls for the initial profile information to an application programming interface (API); providing a verification code to the patient to verify a piece of contact information of the initial profile information, receiving a return verification code from the patient, and completing registering the patient for access if a match between the provided and received verification codes is detected upon comparison of the provided and received verification codes.

“3. The method of claim 1 wherein the login credentials include at least one of a validation code, a username, a password, and a successful completion of a second-factor authentication process.

“4. The method of claim 1 wherein the information pertaining to the patient includes at least one of identity documents or information therefrom, an insurance card or information therefrom, and a name of a medical provider.

“5. The method of claim 4 wherein the medical provider is a primary care physician (PCP) or a specialist.

“6. The method of claim 1 wherein validating the received identity of the patient includes accepting at least one of a government issued photographic identification, a photograph of the patient’s face, and an insurance card.

“7. The method of claim 6 further comprising capturing an image of the patient’s face and reconciling the captured image of the patient’s face with the accepted government issued photographic identification or the accepted photograph of the patient’s face.

“8. The method of claim 1 wherein obtaining the healthcare data includes: accessing a record locator service (RLS) database; searching the RLS database, based on proximity to an address represented by address information pertaining to the patient, for providers associated with the patient; and identifying at least one provider, based on the searching, from which to obtain healthcare data pertaining to the patient.

“9. The method of claim 1 wherein the healthcare data pertaining to the patient includes at least one of past insurance claim data or a name of a medical provider obtained therefrom, and past data from an explanation of benefits (EOB) form or a name of a medical provider obtained therefrom, and the obtained healthcare data is stored on at least one of the identity server, the user health database server, and combinations thereof.

“10. The method of claim 1 wherein the healthcare data pertaining to the patient includes medical data of a health record of the patient.

“11. The method of claim 1 wherein the querying entity is at least one of the patient, a medical provider, and a medical researcher.

“12. The method of claim 1 wherein a telemedicine session is established between the patient and the querying entity, further comprising confirming possession of the right of access form executed by the patient and stored in a memory device of at least one of the identity server and the user health database server, and further comprising obtaining informed consent from the patient prior to establishing the telemedicine session.

“13. The method of claim 1 wherein the querying entity is a medical researcher, further comprising: confirming possession of the right of access form executed by the patient and stored in the memory device; obtaining informed consent from the patient; anonymizing the obtained healthcare data of the patient and including the anonymized healthcare data of the patient in a pool of healthcare data of multiple patients.

“14. The method of claim 1 wherein the querying entity is the HIE system, and the HIE system is configured to automatically self-receive the query and to automatically relay the query toward the possessing entity.

“15. The method of claim 14 wherein the HIE system is configured to automatically update the PHR by periodically querying possessing entities on behalf of the patient.

“16. The method of claim 1 wherein the possessing entity is an insurance provider or a medical provider.

“17. The method of claim 1 wherein the possessing entity is a server of the HIE, further comprising relaying the query from the querying entity to the possessing entity, or to at least one of the HIE, the API, and a gateway of the HIE, the server being at least one of the identity server and the user health database server.

“18. The method of claim 1 wherein the query for healthcare data is relayed from the querying entity toward the possessing entity via a gateway of the HIE, or via e-mail or fax.

“19. The method of claim 1 wherein the healthcare data, or the indication of an error, is obtained by providing the possessing entity with a secure unique hyperlink or uniform resource locator (URL) leading to a provider and payer portal of the HIE system.

“20. The method of claim 1 wherein the obtained healthcare data is received in a format of any of PDF, HTML, JSON, FHIR, HL7, DICOM, JPEG, MP4, MOV, GIF, PNG, SNOMED CT, LOINC, RxNorm, XML, CDATA, TXT, TEXT, JPG, MP3, AVI, SVG, DOC, DOCX, XLS, XLSX, and raw binary.

“21. The method of claim 1 further including segmenting, using machine learning, the obtained healthcare data into time series categorized at least as insurance claims, diagnosis, medication, procedure, provider, facility, laboratory values, allergies, immunizations, clinical images, and family history.

“22. The method of claim 21 wherein segmenting the obtained healthcare data includes: classifying the obtained healthcare data as structured data or unstructured data; classifying unstructured data as being of a known format or of an unknown format; classifying unstructured data of an unknown format as being of a document or study of a known type; prior to storing the obtained healthcare data, wrapping in a shell document the obtained healthcare data classified as unstructured data of unknown format of unknown document or study type, the document having a CDATA format; converting unstructured data of unknown format of known document or study type to structured data by performing optical character recognition (OCR) based on pattern recognition for known terms of study; converting unstructured data of known format to structured data by performing OCR based on pattern recognition for terms presently stored on user health database server; and prior to storing the obtained healthcare data, converting, to a standard format, the obtained healthcare data classified as or converted to structured data.

“23. The method of claim 22 wherein the standard format is defined by a Fast Healthcare Interoperability Resources (FHIR) specification.

“24. The method of claim 21 further including: determining, based on at least one of the categorized time series, a health score for the patient; classifying a health condition of the patient based on the health score, the health condition including an assessment of a likelihood of a patient to be dangerous to public health; and issuing a certificate that attests to information of a patient including at least one of a PHR history, a health score, and a health condition, the certificate being a printable document including a URL, or a representation thereof, leading to a webpage enabling retrieval from the HIE of a copy of the certificate, or a representation thereof, to demonstrate authenticity of the certificate.

“25. The method of claim 1 further including, subsequent to relaying the query for healthcare data to a possessing entity, determining that a specified period of time has passed prior to obtaining the healthcare data from the possessing entity, and prompting an administrator or a legal entity to send a legal demand letter regarding the healthcare data to the possessing entity on behalf of the patient.”

There are additional claims. Please visit full patent to read further.

URL and more information on this patent application, see: De Araujo, Pablo Maceiras; Ierardi, Peter; Tannenbaum, Richard S. Personal Health Record System and Method using Patient Right of Access. Filed February 1, 2022 and posted August 4, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220245270%22.PGNR.&OS=DN/20220245270&RS=DN/20220245270

(Our reports deliver fact-based news of research and discoveries from around the world.)