Invented by Guido van ‘t Noordende, Northend Systems
In today’s digital age, organizations generate and store vast amounts of electronic records containing sensitive information. These records may include financial data, personal information, medical records, and intellectual property, among others. Protecting and controlling access to this data is of paramount importance to prevent unauthorized access, data breaches, and potential legal liabilities.
Traditional centralized authorization systems have been the norm for many years. However, they come with inherent limitations and vulnerabilities. Centralized systems rely on a single authority or server to manage access control, making them susceptible to hacking, data breaches, and single points of failure. Additionally, these systems often lack transparency, making it difficult to track and audit access to electronic records.
The System and Method for Controlled Decentralized Authorization and Access to Electronic Records offers a groundbreaking solution to these challenges. This technology leverages blockchain, a distributed ledger technology known for its security and transparency, to create a decentralized network for managing access control.
By utilizing blockchain, this system ensures that access control decisions are made collectively by multiple nodes in the network, rather than relying on a single centralized authority. This decentralized approach eliminates the vulnerabilities associated with centralized systems, making it extremely difficult for hackers to compromise the system or gain unauthorized access to electronic records.
Moreover, this technology provides enhanced privacy by allowing individuals to maintain control over their own personal data. Users can grant or revoke access to their electronic records, ensuring that only authorized individuals or entities can view or modify the data. This level of control empowers individuals to protect their privacy and comply with data protection regulations, such as the General Data Protection Regulation (GDPR).
The market for System and Method for Controlled Decentralized Authorization and Access to Electronic Records is witnessing rapid growth due to the numerous benefits it offers. Organizations across various sectors, including healthcare, finance, government, and legal, are recognizing the need for enhanced security and privacy in managing electronic records.
Healthcare providers, for instance, deal with sensitive patient data that must be protected from unauthorized access. By implementing this technology, healthcare organizations can ensure that only authorized healthcare professionals can access patient records, reducing the risk of data breaches and improving patient privacy.
Financial institutions can also benefit from this technology by enhancing the security of customer financial data. By leveraging a decentralized authorization system, banks and other financial organizations can significantly reduce the risk of fraudulent activities and unauthorized access to customer accounts.
Government agencies and legal firms can leverage this technology to ensure secure and transparent access to electronic records. By utilizing blockchain’s immutable nature, these organizations can create an auditable trail of access to sensitive information, enhancing accountability and compliance with regulatory requirements.
In conclusion, the market for System and Method for Controlled Decentralized Authorization and Access to Electronic Records is experiencing substantial growth as organizations recognize the need for enhanced security, privacy, and efficiency in managing electronic records. This technology offers a decentralized approach to access control, leveraging blockchain to ensure transparency, security, and individual control over sensitive data. As more organizations adopt this innovative solution, the market is expected to witness further expansion, transforming the way electronic records are managed and protected.
The Northend Systems invention works as follows
A system and computer implemented method for providing decentralized accessibility to records.” The method can be performed on an at least one computer system with at least one processor. The method consists of: creating atleast one reference for the record that is stored on the source computer system. This reference includes authorization information as well as a pointer.
Background for System and Method for Controlled Decentralized Authorization and Access to Electronic Records
Field of Invention
The present invention is a general method of managing data access and, in particular, managing data stored decentrally through references.
Description of Related Art.
The healthcare system is becoming more complex due to the increasing elderly population and increasingly complex diseases. There are also an increase in specialized clinics, as well as physicians. Patients are increasingly mobile and the need to efficiently exchange medical information among physicians from different organizations is increasing.
Over the past decade, there have been several attempts, mainly in Europe, at building national infrastructures to exchange electronic medical records among physicians. All of these systems face challenges in terms of security and privacy. The large-scale and centralized architecture (pull-based systems) is the main cause of most of the existing system’s risks.
As used in this document, “Pull-based system” means that a doctor can?pull’ information about a patient from another physician’s system (or any other system). Information about a patient can be retrieved from the system of another physician (or another system in general). Pull-based systems are characterized by the fact that they usually do not know who is pulling information. The person who?pulls? The system provides information automatically, and the doctor who is responsible for the record does not know about the retrieval. The pull-based approach to exchanging medical information is useful, as the latest information can be obtained at the moment of access. If a patient has been referred to a doctor, a GP can send a message to the specialist containing the most important information about that patient. It is possible that additional relevant information, which was not available at the time the referral was made (e.g. a lab test result due to be returned), will be added into the referring GP?s system once the referral message is constructed. The specialist only sees the message. The specialist will see the referral message but not the relevant updates. If a pointer to a record (containing the referral message, possibly as typed in by the GP and/or in part automatically?extracted? Pull-based access is preferred to ‘push’ access. Information exchange is based on a?push? Typically, push information exchange is implemented by sending a message with a fixed content to another doctor. This proposal is a compromise between the push-based exchange of information, which is controlled and passes information to a particular healthcare professional or organisation, and the pull-based access that ensures access to the latest information in the sender?s system.
A centralized architecture is understandable in terms of efficiency, control and the ability to manage the access in a simple manner. It may also be understood from a clinical perspective, as it makes sense from a point of view. A centralized infrastructure is not without its inherent privacy and security risks.
Efforts (partially to) centralize medical records have continued to be disadvantageous. In the Dutch Electronic Patient Dossier system (EPD), for example, records are still under the control of doctors in their systems. A central switching point that contains a reference index for each patient and a list of decentrally stored records allows read-only access. The system uses Role-Based Access Control. The smartcard is backed by the government Public Key Infrastructure. Certificates issued by a government-backed Certificate Authority (CA) indicate the profession/specialization and the name of the invoking healthcare professional, and this information is used by the switching point to make central access control decisions.
A security breach at the central switching point could lead to the retrieval of any record of a patient in the system. Signatures on requests are not sent to the endpoints from which the records are requested. Even if they were forwarded, a malicious attacker who has a (stolen with PIN code), physician smartcard could obtain many records simply by sending requests to endpoints that store patient records. A central switching point that is compromised or fails in some other way can make records completely unreachable. The “trust model” The reliability and security of the central switch point is therefore crucial to the success of the system. The central infrastructure also contains information on all patient treatment relationships in its logs and indexes. Even when the data itself is not retrievable, it’s possible to learn a lot about a patient. Information about patients can be leaked by the mere fact that an oncological clinic has a file for a particular patient or that a doctor in a rehabilitation center looked at that record. This information shouldn’t be available for any longer than is necessary and doesn’t have to be registered centrally or even accessible.
Additionally the requesting physician is not known to the switching point or the endpoint (where the record resides), as having a ‘treatment relationship? The patient must authorize the physician to request information. Technically, this means that any physician who has a valid certificate with acceptable attributes (from the perspective of RBAC), can request information on any patient. The Dutch EPD system is based on the self-authorization by physicians. The switching point is not able to verify that the physician has been authorized by the patient. The system is vulnerable to attacks involving stolen smartcards with PIN codes.
There is also a delegation system within the Dutch EPD, whereby an employee may claim to be a doctor, or alter a table to appear to be a doctor, and ask for information on behalf a medical professional in the same organisation. It becomes apparent that when large organizations are connected to the switching point the EPD system is even more vulnerable. This could be due to theft or misuse of smartcards with PIN codes or intrusions into the attached systems. This makes the system (including the source systems which provide access to patient data via the system), dependent on the security and trustworthiness (operational) of thousands of connected systems, including users and administrators. A possible intrusion could have a large impact due to the size of the system. It contains information on almost every person in a given country, and allows information to be retrieved from any system within the country connected to the central switching point. The role-based access control system (RBAC), as it is used in the EPD, and other pull-based systems today, won’t help to limit an intrusion as basic information can be accessed by any RBAC defined role. Most or all doctors will likely be able to see information about medication (prescriptions and pharmacist records). There are some legal safeguards proposed, but they will not stop all misuse of the EPD. The “attack surface” “The?attack surface?
Not all systems have central switching points like the Dutch system. Some systems have centralized indices. Some have centralized?indices? Various architectural approaches exists. Most, if not all, depend on a central (external), external database that contains a list containing references to records. Access control and (usually) these references are linked to the central system. Indexes can be managed on different scales. From within a hospital to couple systems within different departments or wards, within a region of healthcare organizations or possibly different locations operated by one organization up to National scale. All these approaches are susceptible to an attack or failure on the central?index? Both from a perspective of availability and security (confidentiality, Integrity) Access control is also not usually fine-grained, and the patients are left with few choices other than to say “yes” Patients are left with little choice but to say?yes? or?no’ when it comes to sharing information through such a system.” “It is possible to share information using such a system.
The current approaches, such as those proposed by IHE for cross-enterprise documents sharing or by the Dutch Government, create a virtual data base with a central index, and/or an access point centralized, where role-based control (RBAC), is used to determine if a physician is allowed access to a record. These approaches do not allow patients to confirm or assess whether the doctor is involved in treating the patient. These approaches are vulnerable, especially if they are used on a large-scale with multiple client systems, and many doctors or employees that can access the system. This is not a sufficient protection. Medical records? Adequate security measures are required in Europe and by the European Court of Human Rights. In a case decided by European Court of Human Rights, it was stated that hospitals should take measures to prevent unauthorised personnel who are not directly involved in treatment from accessing medical records. It seems that current cross-enterprise/cross-organizational data sharing systems like those of the Dutch government (which have an even larger number of users) or IHE cannot meet this requirement.
Whether or no a central database or centralized’reference index’ is used? The combination of a centralized point for access (and control) (a central reference monitor) does not alter or affect the risks that are caused by having too many people with roles (functions) that give, in theory, access to medical data as in a RBAC system. To reduce the risk, it is necessary to implement proper authorization structures into the system. This will ensure that physicians can only access medical information if they are explicitly authorized. One possible middle ground would be to authorize a whole ward, hospital, or organization (in general), and then have this organization responsible for internal authorisation. This limits the “attack surface” Records can only be accessed by the explicitly authorized organization. Alternatively, a physician (or group or physicians) can be authorized, who can sign delegation certificates for employees to explicitly delegate authorization?assuming a public key cryptography based infrastructure. It is possible to require prior explicit authorization for records, but there may be situations in which information (typically only of a certain type) should also be accessible without prior authorization. Accordingly, depending on the circumstances and policy for a particular record type, special approaches using weaker authorization structures are possible.
Another risk factor is not the number or systems that can be used to retrieve patient data, but rather the existence of central access points. It may be possible, if an intrusion occurs (possibly inside the facility), to access any records from the system. A central core component may become a single-point of failure, both in terms of availability and security.
When using decentralized access controls (i.e. where the source system/server is implementing authentication of clients), in conjunction with a central index that is widely accessible or may be compromised, as is the case in some IHE-based systems, there are also risks, since the simple fact that someone has visited a particular doctor, such as a psychiatrist, oncologist, doctor at a rehabilitation clinic, pharmacist next to a rehab center, can reveal a great deal of information and make them vulnerable to blackmail. It is best to avoid central indexes, even when the information is retrieved through a secure end-toend mechanism.
There is a need to decentralize access to data such as medical records where patients or their doctors can control the release of medical data.
The following is an example of a non-limiting and preferred embodiment of this invention: “Accordingly, there is provided a computer-implemented way of providing decentralized records access, performed on atleast one computer system with atleast one processor. This method includes the following steps: generating a reference for the least record on the source computer system. The reference contains authorization information as well as a pointer for the record. Receiving, from a client computer, a request for retrieving the least record on
The source system records an association between atleast one reference and an identifier or key that uniquely identifies either the system of a client or its user. This association can be recorded at any time, before, after or even at the moment of receiving the request.
The system is configured to receive a request from a client to retrieve at the least record. This request was initiated by using the reference, and included at the least a part of it. It then authenticates or authorizes the client and the user.
The system can be configured to provide decentralized access by using a number of different methods.
Click here to view the patent on Google Patents.