“Systems And Methods For The Safe Transfer And Verification Of Sensitive Data” in Patent Application Approval Process (USPTO 20220350921): Patent Application

2022 NOV 23 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors Hladio, Andre Novomir (Waterloo, Ca); Michael, Justin Aaron (Vancouver, Ca); Schipper, Joseph Arthur (Kitchener, Ca), filed on June 18, 2020, was made available online on November 3, 2022, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application has not been assigned to a company or institution.

The following quote was obtained by the news editors from the background information supplied by the inventors: “Various systems and methods are known to generate sensitive health information, known as protected health information (PHI). PHI consists of two aspects: personally identifiable information (PII), and health information (HI). PII is any information that individually, or in combination with other readily accessible information, is statistically likely to be able to be linked to an individual person. HI is any information related to the past, current, or future physical or mental health of a person.

“It may be desired to transmit PHI from one location to another. In one example, a surgeon may have some information stored on a server in one physical location, such as a hospital network, but may need access to the information at a home office to perform diagnosis or analysis. In another example, a surgeon may desire to share patient images with a third part for processing, and have the results returned.

“This transmission may be digital, or physical. Strict regulations exist around the transmission of PHI to protect the individual it refers to. These regulations are complex and expensive to implement, and may include requirements around the security of data at rest, and in transit (encryption), the physical ability to access the data, and the administrative rules regulating access to the data. In addition to this, there may be regulations surrounding what actions a company or individual must take should and PHI be disclosed to an unauthorized party.

“When PHI is transmitted from one location to another, it must be able to be linked to the correct patient. For example, if a pre-operative plan is created for a specific patient for hip surgery, then it must be confirmed during surgery that the plan corresponds to the patient undergoing that hip surgery. Failing to use the correct patient specific plan may result in severe consequences for all parties involved, such as the patient, the surgeon, and the hospital.

“The regulations for the safe transfer of data are region specific. In the United States, the regulations are outlined in the Health Insurance Portability and Accountability Act (HIPAA). More specifically, the transfer of digital information is governed by the Privacy Rule (why protecting health information is required), and the Security Rule (how to protect health information). The security rule outlines how PHI must be secured, and includes three classes of protection: technical, physical, and administrative.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “There are provided systems and methods for the safe transfer and verification of sensitive digital information comprising uniquely identifying information and health information. A first computing device may be configured to encode uniquely identifying information from the sensitive digital information for an individual using a colliding hashing algorithm to produce verifiable identifying information. The verifiable identifying information is encapsulated with the health information to produce verifiable digital information, and provided for use with a second computing device.

“A second computing device may be configured with to receive verifiable digital information from a first computing device and test identifying information of a second person, and process the test identifying information using a colliding hashing algorithm to produce test verifiable identifying information.

“The uniquely identifying information may comprise one or more of the following: patient name, medical record number, social security number/social insurance number, date of birth, date of surgery, or other uniquely identifying codes. The health information may comprise information related to a surgical procedure. In one example the information may be co-registration information and implant target information for hip surgery. The co-registration information may comprise a set of pre-define points in an anatomic coordinate system. The implant target information may comprise one or more of acetabular implant inclination, acetabular implant anteversion, acetabular implant location, acetabular implant make and model, femoral implant version, femoral implant offset, femoral implant make and model, or bone cut locations.

“The colliding hashing algorithm may comprise steps which when executed by a first or second computing device computes verifiable digital information from uniquely identifying information which is statistically likely to be share among multiple individuals in a population (e.g. with different uniquely identifying information), but is statistically unlikely to be identical between two random individuals in a population. The colliding hashing algorithm may comprise a first mapping function which has a statistically insignificant change of output collision (e.g. such as MD5, SHA-1, SHA-2, SHA-256, SHA-3) and a second mapping function to increase the chance of output collision (e.g. such as a binning function or integer modulus function).

“The first computing device may be configured to export the verifiable digital information as a QR code image. The first computing device may be further configured to perform preoperative planning and provide the results of planning as health information for use by a second computing device.

“The second computing device may be located in an operating room, and may be further configured to receive a preoperative plan form a first computing device and to deliver the preoperative plan using computer aided navigation.

“The test identifying information may be derived from another source at the time of the surgical procedure which the other source may be a patient chart, a networked medical database, or a physical or digital image in the operating room.

“The second computing device may be configured to provide for display to a user the verifiable identifying information from the verifiable digital information and the test verifiable identifying information to a user for visual comparison, or may be configured to perform the comparison and provide for display to a user the results of the comparison. The second computing device may be further configured to automatically begin a further process based on the results of the comparison such beginning an anatomic registration step.

“The present concept of the invention is best described through certain embodiments thereof, which are described herein with reference to the accompanying drawings, wherein like reference numerals refer to like features throughout. It is to be understood that the term invention, when used herein, is intended to connote the concept underlying the embodiments described below and not merely the embodiments themselves. It is to be understood further that the general concept is not limited to the illustrative embodiments described below and the following descriptions should be read in such light. More than one concept may be shown and described and each may standalone or be combined with one or more others unless stated otherwise.”

The claims supplied by the inventors are:

“1. A method for the secure transfer and verification of sensitive digital information, the method for performing by a first computing device and comprising: transforming sensitive digital information (SDI) into verifiable digital information (VDI) for the purpose of exporting the VDI to a second computing device, wherein: the SDI comprises uniquely identifying information (UII) of a first person, and health information of the first person; the VDI comprises verifiable identifying information (VII) derived from the UII, and the health information from the first person; and the VII is derived from the Ull using a colliding hashing algorithm (CHA); and exporting the VDI for receiving by the second computing device, which second device is configured to verify the health information relates to the first person.

“2. (canceled)

“3. The method of claim 1, wherein the UlI comprises one or more of: patient name; medical record number; social security number/social insurance number; date of birth; date of surgery; or other uniquely identifying codes.

“4. The method of claim 1, wherein the health information comprises a patient specific plan for a surgical procedure comprising of co-registration information and implant target information for a hip surgery.

“5. The method of claim 4, wherein the co-registration information is a set of pre-defined points in an anatomic coordinate system.

“6. The method of claim 4, wherein the implant target information comprises one or more of: acetabular implant inclination; acetabular implant anteversion; acetabular implant location; acetabular implant make and model; femoral implant version; femoral implant offset; femoral implant make and model; and bone cut locations.

“7. The method claim 1, wherein the CHA computes a VII that is shared among multiple individuals in a population, but is statistically unlikely to be identical between two random individuals.

“8. The method claim 1, wherein the CHA comprises a first mapping function that has a statistically insignificant chance of output collision, and a second mapping function to perform a reduction and that increases the chance of collision.

“9. The method of claim 8, wherein the first mapping function comprises any one of the hashing functions: MD5; SHA-1; SHA-2; SHA-256; and SHA-3.

“10. The method of claim 8, wherein the second mapping function operates to map output from the first mapping function into one of a small integer number of bins.

“11. The method of claim 1, wherein the VDI is exported as a Quick Response (QR)code image.

“12. The method of claim 1, wherein the first computing device is further configured to perform pre-operative planning.

“13. The method claim 1, wherein the second computing device is located in an operating room, and the second computing device is further configured to deliver a pre-operative plan using computer aided navigation.

“14. A method for the secure transfer and verification of sensitive digital information, the method for performing by a second computing device and comprising: receiving verifiable digital information (VDI), exported from a first computing device, and test identifying information (TII) of a second person; and defining test verifiable identifying information (TVII) for the purpose of verifying that the identity of the second person matches the identity of the first person, wherein: the VDI comprises verifiable identifying information (VII) derived from uniquely identifying information (UII) of a first person using a colliding hashing algorithm (CHA), and further comprises health information from the first person; the TII comprises uniquely identifying information for the second person and has a same format as the UII; and the TVII is derived from the TII using the CHA; and providing the TVII for comparison with the VDI to verify the identity related to the health information

“15. The method of claim 14, wherein the second computing device is configured to display the VII and the TVII to a user for visual comparison.

“16. The method of claim 14, further configured to compare the VII and TVII and display to a user the results of the comparison.

“17. The method of claim 16, wherein the second computing device is further configured to automatically begin a further process based on the result of the comparison.

“18. (canceled)

“19. (canceled)

“20. The method of claim 14, wherein the TII of the second person is derived from another source at the time of an operation on an anatomy of the second person, which other source comprises one of: a patient chart; a networked medical database; and a physical or digital image in the operating room.

“21. The method of claim 14, wherein: the CHA computes TVII that is shared among multiple individuals in a population, but is statistically unlikely to be identical between two random individuals; the CHA comprises a first mapping function that has a statistically insignificant chance of output collision, and a second mapping function to perform a reduction and that increases the chance of collision.

“22. The method of claim 21, wherein: the first mapping function comprises any one of the hashing functions: MD5; SHA-1; SHA-2; SHA-256; and SHA-3; and the second mapping function operates to map output from the first mapping function into one of a small integer number of bins.”

URL and more information on this patent application, see: Hladio, Andre Novomir; Michael, Justin Aaron; Schipper, Joseph Arthur. Systems And Methods For The Safe Transfer And Verification Of Sensitive Data. Filed June 18, 2020 and posted November 3, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220350921%22.PGNR.&OS=DN/20220350921&RS=DN/20220350921

(Our reports deliver fact-based news of research and discoveries from around the world.)