Claims:We Claim:

1. A system for controlling access to private information, comprising:
a. a privacy preference repository accessible by one or more subjects of said private information and by a private access bureau.
b. a policy repository accessible by said private access bureau
2. The system of claim 1, wherein said private access bureau is configured to compare said request to said legal criteria
3. The system of claim 2, wherein said private access bureau is configured to send to said privacy-enabled systems
4. The system of claim 3, wherein said policy repository storing institutional policy criteria for accessing said private information.
5. The system of claim 4, wherein said private access bureau further configured to adjudicate conflicts.
, Description:Technical Field of the Invention
The present invention relates to systems and methods for controlling the regulation of data flow including private information over a network, and a privacy decision point, authorizations manager, or bureau in communication with user privacy preference repositories and policy repositories for controlling access to private information over the Internet.
Background of the Invention
The development of automated systems and methods for exchanging private information such as medical records and data between various healthcare stakeholders has been attempted and found to be technically and logistically challenging, particularly at large scale. Such systems and methods involve challenges such as digitizing paper records, connecting disparate systems, securing electronic channels, authenticating identity, developing broadly accepted semantic structures, and navigating legal/regulatory requirements. As an infrastructure for such systems and methods develops, improved methods for regulating the flow of private data are needed in order to fulfill several key operational functions attendant to satisfying legal and regulatory requirements and to engender trust in the system.
Such systems for regulating the flow of data must address potentially conflicting interests from various stakeholders. For example, in the case of healthcare information, the individual about whom such records pertain may prefer that no one see certain parts of their medical information under any circumstance, while a healthcare worker, researcher or public health official may wish to use that information for providing services and securing timely payment, conducting research, or verifying compliance, each with varying needs for data access and the right to share at least some portion of the data (or information derived from it) with others.
Similarly, a company selling health-related products or services may wish to utilize the information to target marketing messages to the data subject, with the hope of increasing sales. To the extent these goods and services are valued by them, this use of the consumer's private information may be highly useful and appreciated. However, the use of non-public information to generate this targeted marketing message particularly if it is not viewed as being of benefit could be considered by the data subject as a violation of the individual's right to privacy, and the use or release of the information that gave rise to this offer as having been a breach of trust by the party to whom the person initially provided the data. Such data holder privacy policies are commonly lengthy, exceedingly complex, and generally filled with legal terminology. Some groups criticize such policies for being excessively restrictive and representing an impediment to meaningful data exchange, and others criticize these policies for being overly permissive and deceptive by virtue of creating the appearance of protections that is far greater, they contend, than is the case. And nearly everyone criticizes the written policies for being incredibly difficult to understand, full of obfuscated language, and of extremely limited practical value. Accordingly, whether it pertains to signing the mandatory Acknowledgement of Privacy Policies notice required by HIPAA on a paper form in the presence of a witness, or clicking on the “agree” box in the case of online click-through policy disclosures, clearly a majority of consumers perceive that beyond wholesale opt-out, they have no other choice and thus consent so they can get on with their transactions. For these reasons, such blanket and arguably uninformed consent practices are also troubling to a few advocacy groups, regulatory officials and lawmakers.
Object of the Invention
The present object of the invention is System and Method for controlling communication of private information over a network
Summary of The Invention
In general, in one aspect, the disclosure features a system and method for regulating the flow of data including private information over a network, and more particularly for establishing and operating a privacy decision point, authorization manager, bureau or the like in communication with user preference repositories and policy repositories for controlling access to private information over one or more networks, including the Internet. While a private access bureau may be established for a single enterprise, geographic area, network, or market segment, in one illustrative embodiment, the private access bureau is established as a consumer-centric, cross-industry facility such that its user preference repositories and policy repositories are utilized by multiple entities, enterprises, websites, online services, networks, and other data holders, data seekers and data subjects. Also, in another illustrative embodiment, the private access bureau (or a few such competing bureaus as is the case for consumer credit ratings bureaus) is independent and privacy policy-agnostic (meaning that it takes no position on whether data that its systems and services help to regulate should be shared widely or maintained as being strictly confidential) so that consumers and data holders have less reason to doubt that the actions of the private access bureau is tainted by an agenda beyond fulfilling its intended purpose of regulating the flow of such data in accordance with then applicable policies and personal privacy preferences. Any systems that confer and to the extent applicable, base their actions to control access to or sharing of data they are holding based on privacy directives received from the private access bureau are collectively referred to herein as being “privacy-enabled,” and the applications and services employed by them as being “privacy-assured”. Each data holder makes inquiries of the private access bureau to acquire proof of the original authorization to access, utilize or share personal data (or personal data elements), or alternatively to verify the right to do so (i.e., absent express consent) on the basis of then current, applicable policies. To the extent there is any question, in one illustrative embodiment of the disclosure, the private access bureau enables the consumer to dynamically update their privacy preference settings (including in response to inquiries initiated, when necessary or preferred, by the private access bureau), from any standards-based Web browser or Web-enabled mobile device.
Brief Description of Drawings
FIG. 1 is a system block diagram of a centralized advisory system according to an illustrative embodiment of the invention for determining the access rights each time private data is shared, or prospectively considered for being shared by a data holder;
Detailed Description of Invention
In an illustrative embodiment of the invention that is described herein with reference to FIG. 1, a private access bureau provides a centralized advisory system for determining the access rights each time confidential documents or private information such as personal healthcare data is shared. A data seeker makes a request of data holder for a piece of healthcare data and/or data holder seeks to share data with data seeker. Before deciding whether to do so and in order to help inform that decision, data holder queries the private access bureau seeking guidance on the proposed data sharing. After analysing access permission and rules governing the subject data, the private access bureau sends a response to data holder, such response taking into account in a preferred embodiment the then current status of available information concerning whether such proposed data sharing with data seeker is permissible under international, national, state, institutional and personal privacy laws, regulations, policies and privacy preferences. Data holder either shares or withholds the subject data in accordance with response from the private access bureau.
Depending on the wishes of data holder, such privacy directives may be treated as informative, binding, or a hybrid of the two. In the case of the former, the final decision respecting the proposed access, use and/or sharing of the record or data remains in the complete discretion of record holder (whose actions eventually taken may or may not comport with the privacy directive). Alternatively, the data holder may elect to treat privacy directive as binding and integrate these directives with one or more aspects of data holder's security systems. In this optional embodiment, for example, transmitting or opening encrypted data packets may require that the applicable privacy directive permit such transmittal or access, respectively. While security and privacy are distinct functions, that are both technically and operationally unique, they are related architecturally and are coupled (conjoined) in a preferred embodiment. In this later case, and in systems that may be configured as hybrids of the two approaches, privacy directives may be employed to afford an enhanced security mechanism by incorporating such directives as bounded architectural attributes that inform security of a privacy-enabled system and/or privacy-assured application both within procedural (e.g., user prompted) and systemic (e.g., automatic) functions