• Like
  • Save
Conceptual model final
Upcoming SlideShare
Loading in...5
×
 

Conceptual model final

on

  • 193 views

 

Statistics

Views

Total Views
193
Views on SlideShare
193
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Conceptual model final Conceptual model final Document Transcript

    • An Conceptual Model of Anonymous Patient- Researcher Matching April 15 2013 Innovator: Redwoodland LLC 817 416 5478AbstractAssuming the most important factors to attract top quality researchers and physicians for aPatient-Researcher match are the quantity and quality of patient data stored in a Patient-Researcher Matching System, this article proposes an innovated two-step model to generate abetter match by promoting the quantity and quality of the patient data residing in a PatientResearcher matching system: building a Patient-Researcher Matching System that allows apatient to stay anonymous and still has account management privilege; building a patient-researcher matching method that is compatible with an anonymous patient-researcher matchingsystem.IntroductionA good Patient-Researcher Matching System should meet the following requirement: 1. It shouldbe able to recruit substantially amount of unbiased patient data; 2. It should be attractive to topquality researchers and physicians to come for services and a case study match; 3. It should bereasonably easy to use, having an affordable implementation and maintenance cost.In response to the third requirement, Redwoodland LLC has developed a dependable freesoftware based LAMP portal system to meet those business needs. Every feature presented inthis article has been implemented within said portal system. Because most large healthcareinstitutions already have a solid information infrastructure running online daily, it would not bedifficult for those institutions to add a small to medium size information portal to their existingIT platform as their own Patient-Researcher Matching Systems.
    • Four advantages of an Anonymous Patient-Researcher MatchingModelComparing with existing patient’s medical data management/matching model, an anonymousPatient-Researcher Matching model that supports a user account management privilege shouldhave at least four advantages in getting better patient data as well as enrolling more patients andresearchers. 1. Confidentiality. So far the single most important reason that prevents a patient from joining in a patient related medical system is the privacy concern. Most people simply do not want and do not trust an institution to host their complete medical records. An anonymous model minimizes this privacy concern to a more acceptable level. The hypothesis is that most people would not care as much for their medical data usage if the owner can remain anonymous. This advantage helps a Patient-Researcher Matching Model reach out to a greater population who would otherwise refuse to be enrolled in a Patient-Researcher Matching System. Therefore, a confidential model is able to promote its patient quantity. 2. Confidence and trust. When a user is given an option of staying anonymous, this user has been given extra respect from the hosting institution. A patient tends to be more honest about his/her data recording practice in an anonymous booking environment. As a result, an anonymous Patient-Researcher Matching System is more likely to get more realistic data that may contain information normal medical institutions will never be able to collect. In other words, this advantage helps to improve the quality of patient data. 3. Cost effective implementation. The government has imposed strict laws for any institution that is hosting “identifiable” patient data. For anonymous data, this law is not applicable. An anonymous Patient-Researcher Matching System should be able to run its operation in a relatively relaxed environment. This “relaxation” would allow more institutions be able to build their own Patient-Researcher Match Systems. This advantage could be financially significant to many hosting institutions as well. 4. Marketing campaign advantage. “Staying anonymous” is a concept that can be easily understood by the general public. Since it has not been adopted by any major institution yet, offering such a system will make the hosting institution stand out and become a leader for a new technology.
    • A Three-User-Class account Structure and its CompatiblePatient-Researcher Match MethodThe major difference between an anonymous Patient-Researcher Matching model and a namedPatient-Researcher Matching model is their user identity management. In a named system, theidentity information of a patient is always collected by the hosting institution. However, thisindustry convention might not always be necessary if proper information technology isimplemented.Instead of storing the identity information in a patient’s account, this proposed anonymousPatient-Researcher Matching model uses a one-to-one irreversible one way hash function to hasha portion of a patients identity related information (optionally combines with a salt) and uses thehash result as an identity token to identity a patients account and data. SHA256 and MD5 aretwo example hash functions that can be used for this model.Because this token is irreversible, anyone who has access to an anonymous account will not beable to trace back to the original owner by an identity token and its related medical data. In termof security, this anonymous account structure roots out a hackers possibility of identifying apatient based on his/her data stored in an anonymous Patient-Researcher Match System. For thesame reason, anyone who is able to provide this token and his/her verifiable identity informationto construct this token should be an owner of this account.Ideally, this information hash process should happen at the client side. By providing certain one-way encryption/hashing script to a client when this user accesses/registers an anonymousaccount, an anonymous Patient-Researcher Matching System can ensure a user that his/heridentity information will never leave his/her local computer unencrypted and will never bedecrypted later on.This identity information hashing process and the usage of its irreversible hash result as anidentity token to manage (identify) a patients data and account laid out a foundation for ananonymous Patient-Researcher Matching System. However, matching a patient and a researcheranonymously might not be enough in the real world. A progressive user account identificationprocess is proposed here to meet the main stream expectation for a Patient-Researcher MatchingSystem. 1. Anonymous user class account. Any registered user belongs to this class. It provides an anonymous user account management privileges that will allow a user to manage and change most of his/her data, including login name, password and any medical data. It will also allow a user to set his/her user preference such as whether this patient’s medical data is anonymously searchable by a researcher for a case study,
    • whether this patient can be contacted for further study based on the significance of his/her data. A user from this account can do a doctor or researcher search and match. 2. Confidential user class account. A portion of anonymous user class account users will eventually decide to convert themselves to normal “named users” by storing identity information in the Patient-Researcher Matching System in various forms. Typically the identification information will be encrypted using either a system key or a private key that is only known to the account owner. Please note that this encryption is reversible and is different than the anonymous users identity hashing process, which is not reversible. This key related identity encryption/decryption is very feasible for online users. They will be able to enjoy relatively strong identity information protection even after they provide their identity information to a system. When identity information is needed, he or she can use a key to retrieve needed identity information. A telemedicine service is usually initiated from a user in this category. 3. Physician/Researcher user class account. A portion of confidential user class account users who also choose to use a system encryption key to encrypt their identity information can be further registered as physicians or researchers for a Patient- Researcher Matching System. Since the hosting system needs to verify the identity and the qualification of a physician and researcher before giving them the privilege to search/match/serve a patient, a physician or a researcher user typically cannot choose to use a private key to encrypt his/her identity information. A researcher uses this account to do a patient-researcher match.This proposed three-user-class account system will allow an anonymous Patient-ResearcherMatching System to maximize its patent database, support user data control by giving a useroptions to stay anonymous, use identity reversible encryption and be a verifiable medicalprofessional.One-way Communication and a Four-Step EngagementmethodAn anonymous patient-researcher match can be done by a database case search based on criteriaset by a given researcher. In case this researcher needs to contact a patient, this model proposes avery polite way of contacting an anonymous patient who does not provide any contact informtion:building a four-step engagement system to supplement an anonymous patient-researcher matchsystem. The engagement system will ensure that a patient user logs in to his/her account often sothat a message from a researcher can be displayed right after a user logs in.This communication is completely anonymous and is a one-way communication. It gives ananonymous user the option of replying or ignoring a message.
    • 1. A commercial grade Content Management portal that allows a website hosting institution to dynamically change its portal page and effectively communicate with its patients and potential customers through education articles. It also helps a user get unbiased information as well as a customized home page that displays relevant medical information after this user log in. 2. A confidential user management system allows a registered patient to manage his/her medical data online. This patient has the option to remain completely anonymous; to use a private or a system generated key to encrypt his/her identity information; and to temporarily become a legal “named patient” using a decryption key so that medical services can be done for this patient smoothly. 3. Allowing a user to have full control of his/her medical records, including defining the data accessibility for a physician, importing, exporting, deleting data and generating graphic reports. Giving patients the data control they like will motivate them to manage their own data. This motivation will further inspire a patient for a healthier life style and generate more interest to join a discussion group when they or their relatives/friends have a symptom. It also motivates a patient to collect/input certain data that a hosting Patient- Researcher Matching System is not able to collect. Since current law requires a patient’s permission to exchange his/her medical data between institutions, a patient managed system a better place to initiate such an information transfer and allows a Patient- Researcher Matching System to become a potential system to host the most complete medical data for a patient. Such data completeness definitely benefits researcher matching as well as patient treatment. 4. Allowing a physician to conduct a patient note search online, find a desired patient case and confidentially communicate with this anonymous patient for further services. A telemedicine styled service also has a strong engagement function. Such archived communication is valuable research data as well. A user can also look for a doctor or researcher, rate this professional and pay a service fee if required.An Extra Bonus: Quantitatively Control a Patient-Researchers Matching processAlmost every healthcare insurance company has implemented a physician search (match) servicefor its patients. It is a matured technology and those services are quite similar. Becausephysicians and researchers are most likely the service providers, their information is usuallypublically available for accessing and searching.
    • One problem for this "matured technology" is that it is very hard for a patient to control howmuch medical data this chosen physician can access. This desirable but unexpected feature canbe easily done by an anonymous Patient-Researcher Matching System that supports a patientaccount system.For example, a patient needs to have a telemedicine service so that he can get a second opinionabout his heart problem. He would like to give his physician permission to access every piece oflab work in the past ten years. However, he does not want to let his physician know that he hasbeen identified as an aids patient fifteen years ago. So far, there has been no well-known systemthat provides this service.To achieve this quantitative control, the proposed anonymous Patient-Research Matching systemcan allow a patient to generate a one-time token that define the accessibility of his/her medicaldata by logging to his/her account. For security purpose, this patient can further define anexpiration date for this one-time token and use a high security one-way hash function to encryptthis token. This patient then gives this token to a chosen physician.This physician submits this token to an anonymous Patient-Research Matching system for dataaccess. Because this given one-time token is unique to the whole system and irreversible, thesystem has strong reason to believe it reflects the permission from the patient data owner.Therefore, the system can provide said physician the data defined by this token. Please note thatfrom the time said token is given to the anonymous Patient-Research Matching System to thetime said physician get the data, everything is processed anonymously and automatically. Thisdata quantitative access control token effectively ensures a patient that only authorized medicalhistory can be delivered safely to a physician chosen by this patient.SummaryAn anonymous match is not the final goal. Since it might take another thirty years for the nationto establish a strong EMR/PHRs system that is able to cover every citizen, an anonymousmedical system is a feasible solution for the healthcare industry to bridge this gap.A patient-centered system is not just a slogan. It must be backed up by the features that willmotivate a patient to evolve in his/her treatment and life style change. In the modern healthcareindustry, there is seldom anything can motivate a patient more cost effectively than the assuranceof the confidentiality of a patient and giving a patient control of his/her data. Therefore, thisproposed anonymous Patient-Researcher Match model is truly a patient centered system. Thisproposed model gives a patient better privacy protection, motivates a patient to collect morecompleted data and to enroll a patient-researcher match system. The better quantity and qualitydata will eventually give researchers a better match so that more high quality researchers willjoin the system. This positive feedback mechanism ensures this proposed model is a viablesystem that should be adopted by more and more medical institutions in the near future.