Sunday, July 11, 2010

Software to Improve Privacy

A computer security invention patented a decade ago at the National Institute of Standards and Technology (NIST) is ready to help safeguard patient privacy in hospitals. The patented invention, an algorithm can be built into a larger piece of software designed to control access to information systems. John Barkley, the algorithm’s creator, says the idea could solve one of the most difficult issues in the country’s healthcare system.

In the past, access to information was available to anyone whose name was on a specific list of authorized users, but a large organization might have thousands of restricted files, each with its own access list, therefore making security management difficult. The creation of Role-Based Access Control (RBAC) helped and meant that e a person’s job function and not their name was the key to accessing a particular file. However, even RBAC would allow large numbers of people to have unlimited access to information.

In the healthcare field, it is crucial but difficult to guarantee patient privacy. For example, at a hospital, the patient admission procedure involves a number of steps, and in each step someone needs access to the patient’s medical records for a specific purpose like registering the patient or verifying their insurance information.

“However, once a patient has been admitted to the hospital, the admissions staff doesn’t necessarily need access to those specific records anymore. But in many hospitals, the admissions staff members nonetheless continue to have access to every record on file,” Barkley explains. “By using the algorithm we have patented, those staffers would only be able to access a patient’s record during the admission process. After the patient is admitted, the admissions staff would find the information unavailable, but the doctor treating the patient would still have access to the information.

In 2008, NIST released a SBIR solicitation to help find a company to develop the product from the patent. At that time, Virtual Global Inc. was searching for a way to protect electronic records for their clients. The company purchased the rights to the patent and then integrated the invention into its “HealthCapsule” cloud platform. Virtual Global is now using “HealthCapsule” to create a pilot security system for LIFE Pittsburgh, a long term-care facility.