Researchers Submit Patent Application, “System And Method For Transferring Data”, for Approval (USPTO 20230090564): Mend VIP Inc.

2023 APR 12 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- From Washington, D.C., NewsRx journalists report that a patent application by the inventors DECURNOU, Alexander (Winter Park, FL, US); HOFFMAN, Jessica (Orlando, FL, US); LASSITER, Brandon (Orlando, FL, US); LATORRE, Gabriel (Orange City, FL, US); MCBRIDE, Matthew D. (Orlando, FL, US); SENZEE, Paul (Apopka, FL, US), filed on October 20, 2022, was made available online on March 23, 2023.

The patent’s assignee is Mend VIP Inc. (Orlando, Florida, United States).

News editors obtained the following quote from the background information supplied by the inventors: “The health care system needs to collect information from patients, providers, and others in order to function. This information is frequently of a sensitive nature, so sufficient security precautions must be taken to safeguard the information and comply with government regulations. For example, such systems must comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as well as the Health Information Technology for

“Economic and Clinical Health Act, enacted under Title XIII of the American Recovery and Reinvestment Act of 2009 (“HITECH”).

“However, security often must be balanced against accessibility. Very secure processes for collecting healthcare information may be inconvenient to patients or caregivers, and sufficiently onerous processes might be an obstacle to actually collecting healthcare information. Alternatively, such processes might be bypassed or worked around if the capability exists to do so, negating much of their security value.”

As a supplement to the background information on this patent application, NewsRx correspondents also obtained the inventors’ summary information for this patent application: “An efficient and secure process by which users may enter sensitive information into an electronic information system may be provided. When information is required from a user, the electronic information system may be configured to generate a unique access link (uniform resource locator, or URL) for that user. The link may be sent to the user via electronic communication, such as a text message or email. When the user follows the link with a web browser, the system prompts the user to enter an additional piece of personal information that is not known to the general public. (Certain examples of this additional piece of information may include, for example, a video connection in which the user’s physical appearance may be verified or an audio connection in which a voice recognition system may verify the user’s voice, or alternatively may include a medical history, a clinical assessment, a survey, a photo, a PDF document or any other electronic document, payment information such as credit card information, or any other information or agreements such as may be desired. According to some exemplary embodiments, a portion of a document or piece of information, such as a portion of a medical history or even a single line item in the medical history, or a combination of documents or pieces of information-or a combination of portions-may be used instead.) Once identity is verified, the user may be required to electronically sign agreements. The user is then prompted to enter the required information.

“Such a system may, by design, permit a user to enter information without requiring the user to enter a username and password. If the user accesses the system in such a manner, without entering a username and password, the user may be given access in a “no-login” state.

“In the “no-login” state, the user may not have access to any protected health information. This means that the user may not be provided with any information by following the unique link. (However, in an exemplary embodiment, the user may thereafter be able to provide a username and password, or other information, to gain access to a “login” state.)

“In the “no-login” state, the user may be able to push data into the system. However, as discussed, the user may be “firewalled” from doing anything else. This may be analogized to a bank deposit, wherein a user may be able to deposit funds in the bank account of another (or a bank account for which they have not provided appropriate credentials) but may be firewalled from withdrawing money from the account or otherwise accessing its funds.

“In an exemplary embodiment, such a process for collecting electronic protected health information without a login may comply with security recommendations regarding two-factor authentication. Although a login and password may not be required to deposit information, a sufficient level of security may be achieved because two factors are required to submit information: something the user has (the unique link) and something the user knows (personally identifying information).

“In an exemplary embodiment, the system may be configured to comply with HIPAA/HITECH regulations because it does not expose protected health information (PHI) of any kind. The user may opt to submit the requested information, and it may be entered without requiring all of the information stored for the user to be exposed.

“According to an exemplary embodiment, a system for providing an efficient and secure interface for transferring protected electronic information may be configured to perform the following steps. First, the system may generate and send, from a server, to a user address, a unique access link, the unique access link comprising a uniform resource locator (URL) directed to a transfer login page, the transfer login page being a web page permitting uploading of protected electronic information and denying access to protected electronic information. (In an exemplary embodiment, the user may have already created a user account prior to this stage.) The system may then receive a request, from a user device, to access the transfer login page, and obtain, from the user device, a personal identifier. This personal identifier may be, for example, a record of the user (such as, for example, a date of birth of the user), some physical attribute of the user (such as a user’s personal photograph), or some other record such as may be desired. The system may then verify the personal identifier, and, when the personal identifier is verified, grant the user device access to the transfer login page.

“The system may also provide a full login page separate from the transfer login page, wherein the full login page is a web page permitting uploading of protected electronic information and permitting access to protected electronic information. At this point, the system may receive a request, from the user device, to access the full login page, and obtain, from the user device, user login credentials distinct from the personal identifier, such as password information. These user login credentials may then be verified, and, when the login credentials are verified, the system may grant the user device access to the full login page.

“In an exemplary embodiment, an access link may be provided to the full login page on the transfer page. This may be, for example, a password entry field where the user can provide their full credentials.

“In an exemplary embodiment, the system may include a secure application (such as a secure application running on a mobile device of the user) which may be used to verify the existence of one or more records or other subjects of photography. For example, according to an exemplary embodiment, a user may need to take a photo of themselves with the secure application, or a photo of some record. Alternatively, the personal identifier can be any other record or identifying information such as may be desired.

“In some exemplary embodiments, it may be verified that the user is one that has consented to use the service, or it may otherwise be requested that the user sign one or more agreements before using the service. In such embodiments, an electronic signature may be collected from the user.

“In some exemplary embodiments, the system may be used to establish at least one of a real-time audio or video connection.

“In some exemplary embodiments, the system may instead be implemented on a kiosk. In such embodiments, it may be desired to have the user input other information (such as a separate password or PIN) in lieu of having the user select a unique link. In an exemplary embodiment, a kiosk may also be used to take audio or video data, such as a photograph if desired. In some embodiments, an administrator may monitor the user’s activity on the kiosk, and may be able to cut off the user’s access; in other embodiments, the user’s access may be terminated after a certain time period or after the user has been inactive for some time.”

The claims supplied by the inventors are:

“1. A method for providing an efficient and secure interface for transferring protected electronic information, comprising: providing a transfer page, the transfer page comprising a web page supporting at least one of uploading of protected electronic information, submission of intake forms, or live video or audio conferencing; generating and providing, from a server to a user device or kiosk, a unique access link to access the transfer page, the unique access link comprising a uniform resource locator (URL) directed to the transfer page, wherein the unique access link is sent by one or more of email, SMS, or push notification; requesting entry of a personal identifier when the unique access link is accessed, the personal identifier comprising at least one of a record of the user or an identification of at least one personal characteristic of the user; receiving the personal identifier from the user device or kiosk; verifying the personal identifier by comparing the personal identifier with a previously stored set of personally identifiable information; when the personal identifier is verified, granting the user device or kiosk access to transfer protected electronic information, submit intake forms, or connect to live video or audio conferencing on the transfer page; and wherein the transfer page is a no-login page using identity verification for transferring electronic information, submitting intake forms, or connecting to live video or audio conferencing.

“2. The method of claim 1, wherein the unique access link expires after a set time interval.

“3. The method of claim 1, wherein the user device or kiosk is connected to a real-time audio, video, or audio/video conference.

“4. The method of claim 1, wherein identity verification requires data captured in real-time by a user device or kiosk.

“5. The method of claim 1, wherein the personal identifier is collected during account creation.

“6. The method of claim 1, wherein the personal identifier is a date of birth.

“7. The method of claim 5, wherein account creation privileges are restricted to providers.

“8. A system for providing an efficient and secure interface for transferring protected electronic information, the system comprising a server device and a network connection, the server device being configured to execute steps comprising: providing a transfer page, the transfer page comprising a web page supporting at least one of uploading of protected electronic information, submission of intake forms, or live video or audio conferencing; generating and providing, from a server to a user device or kiosk, a unique access link to access the transfer page, the unique access link comprising a uniform resource locator (URL) directed to the transfer page, wherein the unique access link is sent by one or more of email, SMS, or push notification; requesting entry of a personal identifier when the unique access link is accessed, the personal identifier comprising at least one of a record of the user or an identification of at least one personal characteristic of the user; receiving the personal identifier from the user device or kiosk; verifying the personal identifier by comparing the personal identifier with a previously stored set of personally identifiable information; when the personal identifier is verified, granting the user device or kiosk access to transfer protected electronic information, submit intake forms, or connect to live video or audio conferencing on the transfer page; and wherein the transfer page is a no-login page using identity verification for transferring electronic information, submitting intake forms, or connecting to live video or audio conferencing.

“9. The system of claim 8, wherein the unique access link expires after a set time interval.

“10. The method of claim 8, wherein the user device or kiosk is connected to a real-time audio, video, or audio/video conference.

“11. The system of claim 8, wherein identity verification requires data captured in real-time by a user device or kiosk.

“12. The system of claim 8, wherein the personal identifier is collected during account creation.

“13. The system of claim 8, wherein the personal identifier is a date of birth.

“14. The system of claim 12, wherein account creation privileges are restricted to providers.

“15. A non-transitory computer readable medium having stored thereon software instructions that, when executed by a processor, cause the processor to: receive, from a server, a unique access link directed to a transfer page, wherein the transfer page supports at least one of transfer of protected electronic information, submission of intake forms, or live video or audio conferencing; request access to the transfer page using a personal identifier comprising at least one of a record of a user or an identification of at least one personal characteristic of the user, wherein the personal identifier is among a previously stored set of personally identifiable information associated with an account; upon verification of the personal identifier, access the transfer page to transfer protected electronic information, submit intake forms, or connect to live video or audio conferencing on the transfer page; wherein the transfer page is a no-login page using identity verification for uploading electronic information, submitting intake forms, or connecting to live video or audio conferencing.

“16. The non-transitory computer readable medium of claim 15, wherein the unique access link expires after a predetermined time interval or after being followed a predetermined number of times.

“17. The non-transitory computer readable medium of claim 15, further comprising capturing real time data using a camera, audio recording device, or graphical user interface for identity verification and sending the real time data to a server for verification.

“18. The non-transitory computer readable medium of claim 15, wherein the personal identifier is collected during account creation.

“19. The non-transitory computer readable medium of claim 15, wherein the personal identifier is a date of birth.

“20. The non-transitory computer readable medium of claim 18, wherein account creation privileges are restricted to providers.”

For additional information on this patent application, see: DECURNOU, Alexander; HOFFMAN, Jessica; LASSITER, Brandon; LATORRE, Gabriel; MCBRIDE, Matthew D.; SENZEE, Paul. System And Method For Transferring Data. U.S. Patent Application Number 20230090564, filed October 20, 2022 and posted March 23, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(20230090564)&db=US-PGPUB&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)