U.S. patent application number 10/557185 was filed with the patent office on 2007-03-08 for diagnostic image security system.
This patent application is currently assigned to Intellirad Solutions Pty Ltd. Invention is credited to David Burton.
Application Number | 20070055538 10/557185 |
Document ID | / |
Family ID | 31501289 |
Filed Date | 2007-03-08 |
United States Patent
Application |
20070055538 |
Kind Code |
A1 |
Burton; David |
March 8, 2007 |
Diagnostic image security system
Abstract
A method for restricting unauthorised access to a patient's
diagnostic images. Patient identification data is stored in a first
database and diagnostic images associated with the patient are
stored in a remote second database. The patient is issued with an
access code which is provided to a user who is authorised by the
patient to access the patient's diagnostic image. Use of the access
code permits an authorised user to match the patient identification
data retrieved from the first database with the associated
diagnostic image stored in the second database.
Inventors: |
Burton; David; (Camberwell,
AU) |
Correspondence
Address: |
BIRCH STEWART KOLASCH & BIRCH
PO BOX 747
FALLS CHURCH
VA
22040-0747
US
|
Assignee: |
Intellirad Solutions Pty
Ltd
Level 1, 123 camberwell Road
East Hawthorn
AU
3123
|
Family ID: |
31501289 |
Appl. No.: |
10/557185 |
Filed: |
May 19, 2004 |
PCT Filed: |
May 19, 2004 |
PCT NO: |
PCT/AU04/00662 |
371 Date: |
March 16, 2006 |
Current U.S.
Class: |
705/2 |
Current CPC
Class: |
G16H 30/20 20180101;
G06F 21/32 20130101; G16H 10/60 20180101; G06F 19/00 20130101 |
Class at
Publication: |
705/002 |
International
Class: |
G06Q 10/00 20060101
G06Q010/00; G06Q 50/00 20060101 G06Q050/00 |
Foreign Application Data
Date |
Code |
Application Number |
May 19, 2003 |
AU |
2003902422 |
Claims
1-20. (canceled)
21. A method for restricting unauthorised access to a patient's
diagnostic images, the method including the following steps: (a)
storing patient identification data in a first database; (b)
storing a diagnostic image associated with the patient in a second
database; (c) issuing the patient with an access code; and (d)
providing the access code to a user authorised by the patient or a
person designated by the patient to authorise access to the
patient's diagnostic image; wherein use of the access code permits
an authorised user to match the patient identification data
retrieved from the first database with the associated diagnostic
image stored in the second database.
22. A method according to claim 21, wherein the first database is
located on a portable storage medium.
23. A method according to claim 22, wherein the portable storage
medium includes a smart card.
24. A method according to claim 22, wherein the access code is
stored on the portable storage medium together with the patient
identification data.
25. A method according to claim 21, wherein the second database is
accessible to the authorised user over a network.
26. A method according to claim 21, wherein the access code
includes a unique pixel sequence sample derived from the patient's
diagnostic image.
27. A method according to claim 26, wherein a region in the
patient's diagnostic image from which the unique pixel sequence
sample is derived is indexed to ensure repeatability.
28. A method according to claim 27, wherein the region in the
patient's diagnostic image from which the unique pixel sequence
sample is derived is indexed in an access code header.
29. A method according to claim 26, wherein extraction of the pixel
sequence sample derived from the region of the patient's diagnostic
image includes a step of scanning the region for a minimum level of
pixel variation to ensure that the pixel sequence sample is unique
to the patient's diagnostic image.
30. A method according to claim 21, wherein the diagnostic image is
divided into more than one image segment, each image segment being
stored separately and being associated with a unique access code,
such that the entire diagnostic image is reconstructed only if a
sequence of access codes is provided in a predetermined order.
31. A system for restricting unauthorised access to a patient's
diagnostic images, the system including: (a) a first database for
storing patient identification data; (b) a second database for
storing a diagnostic image associated with the patient; (c) a
processing component for generating an access code to be issued to
the patient; and (d) a transmission component for providing the
access code to a user authorised by the patient or a person
designated by the patient to authorise access to the patient's
diagnostic image; wherein the access code is required by the
authorised user to match the patient identification data retrieved
from the first database with the associated diagnostic image stored
in the second database.
32. A system according to claim 31, wherein the first database is
located on a portable storage medium.
33. A system according to claim 32, wherein the portable storage
medium includes a smart card.
34. A system according to claim 32, wherein the access code is
stored on the portable storage medium together with the patient
identification data.
35. A system according to claim 31, wherein the second database is
accessible to the authorised user over a network.
36. A system according to claim 31, wherein the access code
includes a unique pixel sequence sample derived from the patient's
diagnostic image.
37. A system according to claim 36, further including a scanning
component for scanning a region in the patient's diagnostic image
from which the unique pixel sequence sample is derived.
38. A system according to claim 37, wherein the scanning component
scans the region for a minimum level of pixel variation to ensure
that the pixel sequence sample is unique to the patient's
diagnostic image.
Description
FIELD OF THE INVENTION
[0001] The present invention broadly relates to methods and systems
for restricting unauthorised access to patient medical records, and
more particularly for restricting unauthorised access to diagnostic
images.
BACKGROUND OF THE INVENTION
[0002] Diagnostic images generated by medical imaging technologies
including radiography, magnetic resonance imaging (MRI) and
computerized axial tomography (CAT), may be managed by computerised
information systems such as Radiology Information Systems or
Picture Archiving and Communications Systems (PACS). Such systems
enable transmission of diagnostic images to remote physicians,
clinics and hospitals.
[0003] For hospitals, enabling electronic distribution of
diagnostic images overcomes the time, cost, and labour of producing
and distributing film images and reports. However, security
measures must be implemented to prevent unauthorised access to a
patient's personal data.
[0004] The risk of patient images being accessed by unauthorised
personnel is particularly relevant to the diagnostic imaging
industry. Existing security measures include encryption devices,
smart cards, electronic tags, mobile telephone interfaces, user
identification and password prompts amongst a range of other
security measures. Access to patient records and images needs to be
restricted to consulting physicians and other authorised users who
are directly involved in treating the patient.
[0005] Another security risk, which is unique to the diagnostic
imaging industry is the problem of mismatching the diagnostic
images of one patient with the patient identification and personal
details of another.
[0006] Although images are scanned and prepared at a clinical or
hospital diagnostic imaging facility, medical professionals at
remote locations regularly require access to diagnostic images in
order to discuss with patients the results or reports associated
with their diagnostic images. Therefore, it is desirable to provide
a secure means of transmitting or making available to consulting
medical practitioners a patient's diagnostic images.
[0007] It is an object of the present invention to overcome or
ameliorate one or more problems of the prior art.
SUMMARY OF THE INVENTION
[0008] According to a first aspect of the invention, there is
provided a method for restricting unauthorised access to a
patient's diagnostic images, the method including the following
steps: [0009] (a) storing patient identification data in a first
database; [0010] (b) storing a diagnostic image associated with the
patient in a second database; [0011] (c) issuing the patient with
an access code; and [0012] (d) providing the access code to a user
authorised by the patient or a person designated by the patient to
authorise access to the patient's diagnostic image;
[0013] wherein use of the access code permits an authorised user to
match the patient identification data retrieved from the first
database with the associated diagnostic image stored in the second
database.
[0014] The first database may be located on a portable storage
medium. Preferably, the portable storage medium includes a smart
card.
[0015] In one embodiment of the invention, the access code is
stored on the portable storage medium together with the patient
identification data.
[0016] Preferably, the second database is accessible to the
authorised user over a network.
[0017] The access code may include a unique pixel sequence sample
derived from the patient's diagnostic image. Preferably, a region
in the patient's diagnostic image from which the unique pixel
sequence sample is derived is indexed to ensure repeatability. The
region in the patient's diagnostic image from which the unique
pixel sequence sample is derived may be indexed in an access code
header.
[0018] In a preferred form of the invention, extraction of the
pixel sequence sample derived from the region of the patients
diagnostic image includes the step of scanning the region for a
minimum level of pixel variation to ensure that the pixel sequence
sample is unique to the patient's diagnostic image.
[0019] In an alternative embodiment of the invention, the
diagnostic image is divided into more than one image segment, each
image segment being stored separately and being associated with a
unique access code, such that the entire diagnostic image is
reconstructed only if a sequence of access codes is provided in a
predetermined order.
[0020] According to a second aspect of the present invention, there
is provided a system for restricting unauthorised access to a
patient's diagnostic images, the system including: [0021] (a) a
first database for storing patient identification data; [0022] (b)
a second database for storing a diagnostic image associated with
the patient; [0023] (c) a processing component for generating an
access code to be issued to the patient; and [0024] (d) a
transmission component for providing the access code to a user
authorised by the patient or a person designated by the patient to
authorise access to the patient's diagnostic image;
[0025] wherein the access code is required by the authorised user
to match the patient identification data retrieved from the first
database with the associated diagnostic image stored in the second
database.
[0026] The first database may be located on a portable storage
medium. Preferably, the portable storage medium includes a smart
card.
[0027] In an embodiment of the invention, the access code is stored
on the portable storage medium together with the patient
identification data.
[0028] Preferably, the second database is accessible to the
authorised user over a network.
[0029] The access code may include a unique pixel sequence sample
derived from the patient's diagnostic image. Preferably, the system
further includes a scanning component for scanning a region in the
patient's diagnostic image from which the unique pixel sequence
sample is derived. More preferably, the scanning component scans
the region for a minimum level of pixel variation to ensure that
the pixel sequence sample is unique to the patient's diagnostic
image.
BRIEF DESCRIPTION OF DRAWINGS
[0030] The invention will now be described in further detail by
reference to the attached drawings illustrating example forms of
the invention. It is to be understood that the particularity of the
drawings does not supersede the generality of the preceding
description of the invention. In the drawings:
[0031] FIG. 1 is a schematic drawing indicating interaction between
various components of the system in accordance with an embodiment
of the present invention.
[0032] FIG. 2 is a flowchart outlining a process for deriving an
image derived key for use according to an embodiment of the present
invention.
DETAILED DESCRIPTION
[0033] Referring firstly to FIG. 1, a radiology or other diagnostic
imaging centre having a computer based imaging system 10, is
located in a hospital or any other suitable healthcare service
clinic 12. Patient data including personal identification and
contact details are stored in a first patient record database 14.
Any diagnostic image associated with the patient 16 including
diagnostic images such as radiographs, magnetic resonance imaging
(MRI), computerized axial tomography (CAT) scans and the like, are
stored in a second database 18 which is independent from the first
database containing patient data 14. The patient's personal data is
stored separately from the patient's diagnostic image data files
and the personal data and image data is not linked or associated in
any way.
[0034] A consulting physician or other authorised user at a remote
location 22, accesses the computer based imaging system 10 over the
Internet, local area network (LAN), wide area network (WAN) or
other suitable network 24.
[0035] The link between the first database storing the patient data
14 and the second database storing the diagnostic image files 18 is
provided in the form of an access code which is generated and
issued to the patient at the time that the diagnostic images are
prepared. The patient 16 provides this access code to a user 22 who
the patient authorises to access the patient's diagnostic images.
Alternatively, the patient may authorise some other person, such as
the patient's consulting specialist, to authorise access to the
patient's diagnostic images. Therefore, the patient may provide his
or her access code to the specialist who then provides the access
code to other users who are authorised to access the patient's
diagnostic images. Only use of the correct access code will permit
the authorised user 22 to match the patient's identification data
retrieved from the first database 14 with the associated diagnostic
image stored in the second database 18. Therefore, unauthorised
access of the patients diagnostic images is prevented.
[0036] One suitable means of providing that the first database
containing the patient's personal details 14 is isolated from the
second database containing the patient's diagnostic image data 18,
is to make one of the databases, for example, the diagnostic image
database 18, accessible over a network such as the Internet 24,
whilst the other, for example the patient database 14, is isolated
from the network connection on a network isolated storage
repository. Furthermore, the patient data could be additionally
located on a portable storage medium 28 which can be carried by the
patient 16. One suitable example of a portable storage medium
includes a smart card 30.
[0037] The access code may be stored on the portable storage medium
together with the patient identification data. This arrangement
allows the patient 16 to simply provide his or her smart card 30 or
other portable storage medium to the consulting physician or other
authorised user 22. The authorised user 22 is thereby able to
access the patient's personal data and to match the patient's
personal data to the patient's diagnostic image using the access
code. This ensures that the patient 16 has ultimate control over
who is authorised to access the patient's personal data and
diagnostic images.
[0038] The access code includes a unique pixel sequence derived
from the patient's diagnostic image and is hereinafter referred to
as an image derived key (IDK). Deriving the access code directly
from the patient's diagnostic image 26 ensures integrity of a match
between the patient personal data and the associated diagnostic
image. Furthermore, the image derived key can be verified against
the diagnostic image at any time in order to verify that the
patient personal data has been matched to the correct diagnostic
image.
[0039] The unique pixel sequence is derived from the patient's
diagnostic image. Every diagnostic image will contain data which is
unique to the patient from whom the diagnostic image was derived.
Since no two patients are ever alike, it follows that no diagnostic
image can be identical to any other diagnostic image. Even those
diagnostic images which may appear the same to the unaided human
eye will exhibit variations in the combination of data pixels
present in a sample.
[0040] A reasonable pixel sample must be selected to give the
desired result. A single pixel sample from a first diagnostic image
could be identical to a single pixel sample from a second
diagnostic image if the pixel samples are not selected in
accordance with the following principles. Generally, in a series of
diagnostic images analysed on a pixel per pixel basis, image
composition will vary due to unique and unpredictable patterns or
sequences of pixels. Selection of a "reasonable" sample requires
that the sample should not be extracted from a region of the
diagnostic image where the pixels are identical or exhibit only
insignificant variation. Instances of insignificant or limited
pixel variation can occur, for example, where the image is totally
black, white or clear in the sample region, as may be observed in
some non-physiological regions of a diagnostic image. Such
non-physiological regions will occur, for example, in the outer
border regions of a diagnostic image or within regions of images
that have not been appropriately adjusted for optimal image quality
(that is, the image exhibits problems with excessive or reduced
contrast and/or brightness settings).
[0041] Referring now to FIG. 2, the present invention provides a
method for extracting an image derived key from a diagnostic image.
Configuration parameters for selection of a suitable region of the
image for extracting the image derived key (IDK) are determined 40.
The diagnostic image is scanned to locate a suitable region for
extracting the image derived key that complies with the
configuration parameters 42. A check is made to establish that the
selected region complies with a minimum level of pixel variation
46. The greater the level of pixel variation, the lower the
probability that the image derived key could be used to decrypt a
diagnostic image other than that from which the image derived key
was extracted. The more complex the image derived key, the less
likelihood exists that an unauthorised user could duplicate the
image derived key. If the minimum threshold of pixel variation is
not met, a new region of the image is selected and proposed for
extraction of the image derived key 48. If the minimum level of
pixel variation is met, then the image derived key is extracted
from the image 50.
[0042] In addition, it is desirable to index the region of the
diagnostic image from which the image derived key was extracted to
ensure repeatability. This ensures that the region from which the
image derived key was extracted, can be reliably located and
rescanned for security validation at a later date. Indexing of the
region of the diagnostic image from which the image derived key was
extracted can be achieved by including an indicator of the region
location within diagnostic image as part of an image derived key
header.
[0043] In accordance with the method of the present invention, only
the patient who has been diagnostically imaged or a user who has
been assigned authorised access is provided with the image derived
key containing the access code which provides the means to link the
patient's diagnostic image with the patient's personal data.
[0044] The method described has particular application, for
example, where a diagnostic image has been prepared on behalf of a
patient, and the patient wishes to have the diagnostic image
discretely provided to the patient's consulting practitioner for
the purposes of discussing the patient's diagnosis. The patient is
issued with an image derived key or access code at the time that
the diagnostic image is prepared. The patient then provides the
image derived key to the consulting practitioner to whom the
patient wishes to grant access to his or her diagnostic image. This
prevents the diagnostic image from having to be physically
transported from one location to another, thereby reducing costs
and negating the risk of the diagnostic image becoming damaged or
lost during transit.
[0045] It is envisaged that an alternative embodiment of the
present invention, could include division of each diagnostic image
into more than one segment, each segment being stored independently
of the other segment or segments, in different sections, servers,
storage devices or the like. As the image is divided into the one
or more segments, an image derived key is extracted from a region
of each particular segment of the image. The entire diagnostic
image is reconstructed only if a sequence of image derived keys is
provided in a predetermined order.
[0046] This could involve a sequence of "rolling" or changing
access codes being stored on a smart card, electronic tag or other
coded access device. The coded access device contains the same
sequence of access codes that were generated at the time that the
original diagnostic image was segmented for storage. The coded
access device therefore provides the patient with the sequence of
code or rolling codes that need to be presented in a predetermined
order for the patient's diagnostic image to be reconstructed.
[0047] It is an advantage of the present invention that no amount
of network access or code breaking will be able to match the
patient's personal data with the associated diagnostic image. Only
use of the correct image derived key and authentication of the
image derived key will allow the patient's identification data to
be matched with the corresponding diagnostic image. Furthermore,
the integrity of the patient data is maintained at all times, that
is, it is not possible to match the patient's personal data to the
incorrect diagnostic image since the image derived key which links
the patient's personal data to the diagnostic image was extracted
from and is verified against the diagnostic image.
[0048] It is to be understood that various additions, alterations
and/or modifications may be made to the parts previously described
without departing from the ambit of the invention.
* * * * *