Search

US-12626014-B2 - Dynamic access control to electronic patient records

US12626014B2US 12626014 B2US12626014 B2US 12626014B2US-12626014-B2

Abstract

Systems and methods herein provide for access control to information in electronic patient records. One method includes receiving a request from an entity for access to one or more of a plurality of electronic patient records, the records having been machine learned to identify patient information in the electronic patient records including personally identifiable information and protected health information. The method also includes determining a level of access of the entity, retrieving, from a database, the one or more electronic patient records requested by the entity, applying a rule to the retrieved one or more electronic patient records based on the determined level of access of the entity to mask, encrypt, show, etc. one or more elements in the one or more electronic patient records. In response to applying the rule to the retrieved one or more electronic patient records, the electronic patient records are transferred to the entity.

Inventors

  • Sharad Santhanam
  • Anna Swigart
  • Geraint Levan

Assignees

  • HELIX, INC.

Dates

Publication Date
20260512
Application Date
20240702

Claims (18)

  1. 1 . A computer implemented method, comprising: receiving a request from an entity for access to one or more of a plurality of electronic patient records, the plurality of electronic patient records having been machine learned to identify patient information in the electronic patient records including personally identifiable information (PII) and protected health information (PHI); determining a level of access of the entity; retrieving, from a database, the one or more electronic patient records requested by the entity; applying a rule to the retrieved one or more electronic patient records based on the determined level of access of the entity to at least one of mask, encrypt, or show one or more elements in the one or more electronic patient records; in response to applying the rule to the retrieved one or more electronic patient records, transferring the one or more electronic patient records to the entity; receiving a new electronic patient record; and machine learning the new electronic patient record with a machine learning model that has been trained on the plurality of electronic patient records.
  2. 2 . The computer implemented method of claim 1 , wherein: encrypting the one or more elements in the one or more electronic patient records comprises applying a hash encryption to the one or more elements in the one or more electronic patient records.
  3. 3 . The computer implemented method of claim 1 , further comprising: restricting access to all elements of the new electronic patient record until all elements of the new electronic patient record have been identified.
  4. 4 . The computer implemented method of claim 1 , further comprising: receiving a new element to at least one of the plurality of electronic patient records; and restricting access to the new element of the at least one electronic patient record until the new element of the at least one electronic patient record has been identified.
  5. 5 . The computer implemented method of claim 1 , wherein: determining a level of access of the entity further comprises retrieving metadata from a repository, the metadata indicating the entity's role to access classifications of data in the elements of the one or more electronic patient records such that the rule may be selected and applied to the retrieved one or more electronic patient records.
  6. 6 . The computer implemented method of claim 1 , wherein: the level of access of the entity includes one of access to public data, access to confidential data, access to data having indirect identifiers for PII and/or PHI, access to data having direct identifiers for PII and/or PHI, access to genetic data, and access to restricted data.
  7. 7 . A non-transitory computer readable medium embodying programmed instructions which, when executed by a processor, are operable for performing a method for securing data in a plurality of electronic patient records, the method comprising: receiving a request from an entity for access to one or more of the plurality of electronic patient records, the plurality of electronic patient records having been machine learned to identify patient information in the electronic patient records including personally identifiable information (PII) and protected health information (PHI); determining a level of access of the entity; retrieving, from a database, the one or more electronic patient records requested by the entity; applying a rule to the retrieved one or more electronic patient records based on the determined level of access of the entity to at least one of mask, encrypt, or show one or more elements in the one or more electronic patient records; in response to applying the rule to the retrieved one or more electronic patient records, transferring the one or more electronic patient records to the entity; receiving a new electronic patient record; and machine learning the new electronic patient record with a machine learning model that has been trained on the plurality of electronic patient records.
  8. 8 . The non-transitory computer readable medium of claim 7 , wherein: encrypting the one or more elements in the one or more electronic patient records comprises applying a hash encryption to the one or more elements in the one or more electronic patient records.
  9. 9 . The non-transitory computer readable medium of claim 7 , further comprising instructions which, when executed by the processor, are operable for: restricting access to all elements of the new electronic patient record until all elements of the new electronic patient record have been identified.
  10. 10 . The non-transitory computer readable medium of claim 7 , further comprising instructions which, when executed by the processor, are operable for: receiving a new element to at least one of the plurality of electronic patient records; and restricting access to the new element of the at least one electronic patient record until the new element of the at least one electronic patient record has been identified.
  11. 11 . The non-transitory computer readable medium of claim 7 , wherein: determining a level of access of the entity further comprises retrieving metadata from a repository, the metadata indicating the entity's role to access classifications of data in the elements of the one or more electronic patient records such that the rule may be selected and applied to the retrieved one or more electronic patient records.
  12. 12 . The non-transitory computer readable medium of claim 7 , wherein: the level of access of the entity includes one of access to public data, access to confidential data, access to data having indirect identifiers for PII and/or PHI, access to data having direct identifiers for PII and/or PHI, access to genetic data, and access to restricted data.
  13. 13 . A system, comprising: a database operable to store a plurality of electronic patient records that have been machine learned to identify patient information in the electronic patient records including personally identifiable information (PII) and protected health information (PHI), and to store rules to at least one of mask, encrypt, or show one or more elements in the plurality of electronic patient records based on a determined level of access; an interface operable to receive a request from an entity for access to one or more of the plurality of electronic patient records; a processor; and a memory comprising instructions that direct the processor wherein the database is further operable to determine a level of access of the entity, to retrieve, from the database, the one or more electronic patient records requested by the entity, to apply at least one of the rules to the retrieved one or more electronic patient records based on the determined level of access of the entity, wherein, in response to applying the at least one rule to the retrieved one or more electronic patient records, the interface is further operable to transfer the one or more electronic patient records to the entity, wherein the database is further operable to receive a new electronic patient record, and wherein the system further comprises a machine learning model that has been trained on the plurality of electronic patient records, the machine learning model being operable to machine learn the new electronic patient record.
  14. 14 . The system of claim 13 , wherein: the database is further operable to encrypt the one or more elements in the one or more electronic patient records by applying a hash encryption to the one or more elements in the one or more electronic patient records.
  15. 15 . The system of claim 13 , wherein: the database further operable to restrict access to all elements of the new electronic patient record until all elements of the new electronic patient record have been identified.
  16. 16 . The system of claim 13 , wherein: the database is further operable to receive a new element to at least one of the plurality of electronic patient records, and to restrict access to the new element of the at least one electronic patient record until the new element of the at least one electronic patient record has been identified.
  17. 17 . The system of claim 13 , wherein: the database is further operable to retrieve metadata from a repository, the metadata indicating the entity's role to access classifications of data in the elements of the one or more electronic patient records such that the rule may be selected and applied to the retrieved one or more electronic patient records.
  18. 18 . The system of claim 13 , wherein: the level of access of the entity includes one of access to public data, access to confidential data, access to data having indirect identifiers for PII and/or PHI, access to data having direct identifiers for PII and/or PHI, access to genetic data, and access to restricted data.

Description

FIELD The disclosure relates to the field of access control on information in electronic patient records. BACKGROUND Healthcare providers and researchers maintain many data tables and data stores (e.g., thousands or more) on a daily basis. Many of these data tables include personally identifiable information (PII) and protected health information (PHI). Existing techniques for deciding whether data from these sources can be shared and/or the extent to which that data can be shared generally involves manual review by a specialist. For example, if data within a portion of a table has PII or PHI, the specialist marks the data as such, and generates a new version of the table that omits the PII or PHI. In many cases, the specialist may create two versions of the data table—one in which the PII and/or PHI has been omitted, and another in which it has not. A data table that has not been culled for PII or PHI may then be distributed to a small cadre of persons having sufficient access rights to review it, while the revised data table may be distributed to a separate group of persons with limited or no access rights. These existing procedures encounter numerous problems. For example, the sheer amount of data that is reviewed by the specialist is daunting, and many tables are never even reviewed for the possibility of sharing with others. Instead, they are simply restricted from view by others, as the specialist has no time to review them. Additionally, the data tables are often updated regularly with new columns of data, triggering the need for supplemental review by a specialist whenever this occurs. This process is subject to human error on multiple fronts. For example, a specialist may mis-mark a type of data, resulting in under sharing or over sharing of information. The specialist may also provide unredacted tables to the wrong persons. This may result in potential leakage of PII or PHI. The specialist may also fail to identify or review a change to a data table before that data table is shared with others, again resulting in potential leakage of PII or PHI. Thus, there exists a need to automate data access processes to ensure that information and electronic patient records is protected. SUMMARY Embodiments described herein advantageously combine automated data classification with dynamic database policies that are attached to individual data tables and maintained as stored procedures within a database. As new queries to the database are supplied, the queries are reviewed, and content is selectively supplied to an entity making the query based on the role of the entity, the classifications of data within the table, and the stored procedures within the table for the entities. In some embodiments, the database supplies masked (e.g., hashed) versions of data when an entity does not have permission to access the underlying data. This may permit certain operations (e.g., mathematical operations, counts, etc.) that rely on the underlying data to be performed without revealing the underlying data itself. In one embodiment, a computer implemented method includes receiving a request from an entity for access to one or more of a plurality of electronic patient records. The plurality of electronic patient records has been machine learned to identify patient information in the electronic patient records including personally identifiable information (PII) and protected health information (PHI). The computer implemented method also includes determining a level of access of the entity, retrieving, from a database, the one or more electronic patient records requested by the entity, applying a rule to the retrieved one or more electronic patient records based on the determined level of access of the entity to at least one of mask, encrypt, or show one or more elements in the one or more electronic patient records, and, in response to applying the rule to the retrieved one or more electronic patient records, transferring the one or more electronic patient records to the entity. In some embodiments, encrypting the one or more elements in the one or more electronic patient records includes applying a hash encryption to the one or more elements in the one or more electronic patient records. In some embodiments, the computer implemented method also includes receiving a new electronic patient record, and machine learning the new electronic patient record with a machine learning model that has been trained on the plurality of electronic patient records. In this regard, the computer implemented method may also include restricting access to all elements of the new electronic patient record until all elements of the new electronic patient record have been identified. In some embodiments, the computer implemented method includes receiving a new element to at least one of the plurality of electronic patient records, and restricting access to the new element of the at least one electronic patient record until the new element of the at leas