Software security patent to help improve health IT privacy

Jul 08, 2010

A computer security invention patented* a decade ago at the National Institute of Standards and Technology is now poised to help safeguard patient privacy in hospitals.

The invention -- an algorithm that can be built into a larger piece of software -- is designed to control access to information systems, and it has attracted the attention of a company that is putting it to use in the health care field. John Barkley, the algorithm's creator, says the idea could solve one of the pervasive issues in the country's .

"We think this software will provide dramatically improved security and privacy to patients," says Barkley, now retired from NIST's Software and Systems Division and now consulting with Virtual Global, which is commercializing the product. "It solves the problem of overly broad access to patient information, which is widespread."

Barkley's efforts stretch back to the 1980s, when the computer tools available for protecting were poor. Generally, access to information was available to anyone whose name was on a specific list of authorized users, but a large organization might have thousands of restricted files, each with its own access list—making security management awkward. Help came with the creation of Role-Based Access Control (RBAC), in which a person's job function, not name, was the key to accessing a particular file. However, even RBAC could allow large numbers of people to have unlimited access to information—a particular problem in health care, where it is crucial but difficult to guarantee patient privacy.

"We didn't invent RBAC, but we wanted to systematize it and standardize it," says Richard Kuhn of NIST's Computer Security Division and Barkley's former supervisor. "While we were working on this, John [Barkley] came up with a way to control access by using RBAC within the context of a lengthy, multistep task, and I suggested he patent it."

In essence, the patent covers a method of ensuring that access to information is available to those who need it, but only when necessary. For example, at a hospital, the patient admission procedure involves a number of steps, and in each step someone needs access to the patient's medical records for a specific purpose, like registering the patient or verifying their insurance information.

"Once you've been admitted to the hospital, the admissions staff doesn't necessarily need access to your records anymore. But in many hospitals, those staff members nonetheless continue to have access to every record on file," Barkley explains. "Using the we patented, those staffers would only be able to access your record during admission processing. After that, they would find your information unavailable—though the doctor who was treating you would still have access to it."

NIST released a Small Business Innovation Research solicitation in an effort to find a company to develop a product from the patent in 2008, which happened to be when Virtual Global, Inc., was searching for a way to protect electronic records for its clients. The company purchased the rights to it shortly thereafter and integrated the invention into its "HealthCapsule" cloud platform. Virtual Global is now using HealthCapsule to create a pilot security system for LIFE Pittsburgh, a long-term care facility.

Explore further: Hackathon team's GoogolPlex gives Siri extra powers

More information: * J. Barkley. "Workflow Management Employing Role-Based Access Control," U.S. Patent No. 6,088,679. July 11, 2000. Available at www.itl.nist.gov/div897/staff/barkley/6088679.pdf

add to favorites email to friend print save as pdf

Related Stories

Patient privacy assured by electronic censor

Jul 24, 2008

Newly developed software will help to allay patients' fears about who has access to their confidential data. Research published today in the open access journal BMC Medical Informatics and Decision Making describes a comp ...

File-sharing software potential threat to health privacy

Mar 01, 2010

The personal health and financial information stored in thousands of North American home computers may be vulnerable to theft through file-sharing software, according to a research study published online today in the Journal of ...

Patient privacy focus of Amgen suit

Jan 09, 2008

Two former employees with the California biotech company Amgen Inc. allege the company persuaded sales people to access patient records to boost sales.

Recommended for you

Hackathon team's GoogolPlex gives Siri extra powers

10 hours ago

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 0

More news stories

White House updating online privacy policy

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Scientists tether lionfish to Cayman reefs

Research done by U.S. scientists in the Cayman Islands suggests that native predators can be trained to gobble up invasive lionfish that colonize regional reefs and voraciously prey on juvenile marine creatures.

Six Nepalese dead, six missing in Everest avalanche

At least six Nepalese climbing guides have been killed and six others are missing after an avalanche struck Mount Everest early Friday in one of the deadliest accidents on the world's highest peak, officials ...

Better thermal-imaging lens from waste sulfur

Sulfur left over from refining fossil fuels can be transformed into cheap, lightweight, plastic lenses for infrared devices, including night-vision goggles, a University of Arizona-led international team ...