Not Sure About VW EGR Valve Health Look For These Symptoms
Conceptual model final
1. An Conceptual Model of Anonymous Patient-
Researcher Matching
April 15 2013
Innovator: Redwoodland LLC
817 416 5478
Abstract
Assuming the most important factors to attract top quality researchers and physicians for a
Patient-Researcher match are the quantity and quality of patient data stored in a Patient-
Researcher Matching System, this article proposes an innovated two-step model to generate a
better match by promoting the quantity and quality of the patient data residing in a Patient
Researcher matching system: building a Patient-Researcher Matching System that allows a
patient to stay anonymous and still has account management privilege; building a patient-
researcher matching method that is compatible with an anonymous patient-researcher matching
system.
Introduction
A good Patient-Researcher Matching System should meet the following requirement: 1. It should
be able to recruit substantially amount of unbiased patient data; 2. It should be attractive to top
quality researchers and physicians to come for services and a case study match; 3. It should be
reasonably easy to use, having an affordable implementation and maintenance cost.
In response to the third requirement, Redwoodland LLC has developed a dependable free
software based LAMP portal system to meet those business needs. Every feature presented in
this article has been implemented within said portal system. Because most large healthcare
institutions already have a solid information infrastructure running online daily, it would not be
difficult for those institutions to add a small to medium size information portal to their existing
IT platform as their own Patient-Researcher Matching Systems.
2. Four advantages of an Anonymous Patient-Researcher Matching
Model
Comparing with existing patient’s medical data management/matching model, an anonymous
Patient-Researcher Matching model that supports a user account management privilege should
have at least four advantages in getting better patient data as well as enrolling more patients and
researchers.
1. Confidentiality. So far the single most important reason that prevents a patient from
joining in a patient related medical system is the privacy concern. Most people simply do
not want and do not trust an institution to host their complete medical records. An
anonymous model minimizes this privacy concern to a more acceptable level. The
hypothesis is that most people would not care as much for their medical data usage if the
owner can remain anonymous. This advantage helps a Patient-Researcher Matching
Model reach out to a greater population who would otherwise refuse to be enrolled in a
Patient-Researcher Matching System. Therefore, a confidential model is able to promote
its patient quantity.
2. Confidence and trust. When a user is given an option of staying anonymous, this user has
been given extra respect from the hosting institution. A patient tends to be more honest
about his/her data recording practice in an anonymous booking environment. As a result,
an anonymous Patient-Researcher Matching System is more likely to get more realistic
data that may contain information normal medical institutions will never be able to
collect. In other words, this advantage helps to improve the quality of patient data.
3. Cost effective implementation. The government has imposed strict laws for any
institution that is hosting “identifiable” patient data. For anonymous data, this law is not
applicable. An anonymous Patient-Researcher Matching System should be able to run its
operation in a relatively relaxed environment. This “relaxation” would allow more
institutions be able to build their own Patient-Researcher Match Systems. This advantage
could be financially significant to many hosting institutions as well.
4. Marketing campaign advantage. “Staying anonymous” is a concept that can be easily
understood by the general public. Since it has not been adopted by any major institution
yet, offering such a system will make the hosting institution stand out and become a
leader for a new technology.
3. A Three-User-Class account Structure and its Compatible
Patient-Researcher Match Method
The major difference between an anonymous Patient-Researcher Matching model and a named
Patient-Researcher Matching model is their user identity management. In a named system, the
identity information of a patient is always collected by the hosting institution. However, this
industry convention might not always be necessary if proper information technology is
implemented.
Instead of storing the identity information in a patient’s account, this proposed anonymous
Patient-Researcher Matching model uses a one-to-one irreversible one way hash function to hash
a portion of a patient's identity related information (optionally combines with a salt) and uses the
hash result as an identity token to identity a patient's account and data. SHA256 and MD5 are
two example hash functions that can be used for this model.
Because this token is irreversible, anyone who has access to an anonymous account will not be
able to trace back to the original owner by an identity token and its related medical data. In term
of security, this anonymous account structure roots out a hacker's possibility of identifying a
patient based on his/her data stored in an anonymous Patient-Researcher Match System. For the
same reason, anyone who is able to provide this token and his/her verifiable identity information
to construct this token should be an owner of this account.
Ideally, this information hash process should happen at the client side. By providing certain one-
way encryption/hashing script to a client when this user accesses/registers an anonymous
account, an anonymous Patient-Researcher Matching System can ensure a user that his/her
identity information will never leave his/her local computer unencrypted and will never be
decrypted later on.
This identity information hashing process and the usage of its irreversible hash result as an
identity token to manage (identify) a patient's data and account laid out a foundation for an
anonymous Patient-Researcher Matching System. However, matching a patient and a researcher
anonymously might not be enough in the real world. A progressive user account identification
process is proposed here to meet the main stream expectation for a Patient-Researcher Matching
System.
1. Anonymous user class account. Any registered user belongs to this class. It provides
an anonymous user account management privileges that will allow a user to manage
and change most of his/her data, including login name, password and any medical
data. It will also allow a user to set his/her user preference such as whether this
patient’s medical data is anonymously searchable by a researcher for a case study,
4. whether this patient can be contacted for further study based on the significance of
his/her data. A user from this account can do a doctor or researcher search and match.
2. Confidential user class account. A portion of anonymous user class account users will
eventually decide to convert themselves to normal “named users” by storing identity
information in the Patient-Researcher Matching System in various forms. Typically
the identification information will be encrypted using either a system key or a private
key that is only known to the account owner. Please note that this encryption is
reversible and is different than the anonymous user's identity hashing process, which
is not reversible. This key related identity encryption/decryption is very feasible for
online users. They will be able to enjoy relatively strong identity information
protection even after they provide their identity information to a system. When
identity information is needed, he or she can use a key to retrieve needed identity
information. A telemedicine service is usually initiated from a user in this category.
3. Physician/Researcher user class account. A portion of confidential user class account
users who also choose to use a system encryption key to encrypt their identity
information can be further registered as physicians or researchers for a Patient-
Researcher Matching System. Since the hosting system needs to verify the identity
and the qualification of a physician and researcher before giving them the privilege to
search/match/serve a patient, a physician or a researcher user typically cannot choose
to use a private key to encrypt his/her identity information. A researcher uses this
account to do a patient-researcher match.
This proposed three-user-class account system will allow an anonymous Patient-Researcher
Matching System to maximize its patent database, support user data control by giving a user
options to stay anonymous, use identity reversible encryption and be a verifiable medical
professional.
One-way Communication and a Four-Step Engagement
method
An anonymous patient-researcher match can be done by a database case search based on criteria
set by a given researcher. In case this researcher needs to contact a patient, this model proposes a
very polite way of contacting an anonymous patient who does not provide any contact informtion:
building a four-step engagement system to supplement an anonymous patient-researcher match
system. The engagement system will ensure that a patient user logs in to his/her account often so
that a message from a researcher can be displayed right after a user logs in.
This communication is completely anonymous and is a one-way communication. It gives an
anonymous user the option of replying or ignoring a message.
5. 1. A commercial grade Content Management portal that allows a website hosting institution
to dynamically change its portal page and effectively communicate with its patients and
potential customers through education articles. It also helps a user get unbiased
information as well as a customized home page that displays relevant medical
information after this user log in.
2. A confidential user management system allows a registered patient to manage his/her
medical data online. This patient has the option to remain completely anonymous; to use
a private or a system generated key to encrypt his/her identity information; and to
temporarily become a legal “named patient” using a decryption key so that medical
services can be done for this patient smoothly.
3. Allowing a user to have full control of his/her medical records, including defining the
data accessibility for a physician, importing, exporting, deleting data and generating
graphic reports. Giving patients the data control they like will motivate them to manage
their own data. This motivation will further inspire a patient for a healthier life style and
generate more interest to join a discussion group when they or their relatives/friends have
a symptom. It also motivates a patient to collect/input certain data that a hosting Patient-
Researcher Matching System is not able to collect. Since current law requires a patient’s
permission to exchange his/her medical data between institutions, a patient managed
system a better place to initiate such an information transfer and allows a Patient-
Researcher Matching System to become a potential system to host the most complete
medical data for a patient. Such data completeness definitely benefits researcher
matching as well as patient treatment.
4. Allowing a physician to conduct a patient note search online, find a desired patient case
and confidentially communicate with this anonymous patient for further services. A
telemedicine styled service also has a strong engagement function. Such archived
communication is valuable research data as well. A user can also look for a doctor or
researcher, rate this professional and pay a service fee if required.
An Extra Bonus: Quantitatively Control a Patient-
Researcher's Matching process
Almost every healthcare insurance company has implemented a physician search (match) service
for its patients. It is a matured technology and those services are quite similar. Because
physicians and researchers are most likely the service providers, their information is usually
publically available for accessing and searching.
6. One problem for this "matured technology" is that it is very hard for a patient to control how
much medical data this chosen physician can access. This desirable but unexpected feature can
be easily done by an anonymous Patient-Researcher Matching System that supports a patient
account system.
For example, a patient needs to have a telemedicine service so that he can get a second opinion
about his heart problem. He would like to give his physician permission to access every piece of
lab work in the past ten years. However, he does not want to let his physician know that he has
been identified as an aids patient fifteen years ago. So far, there has been no well-known system
that provides this service.
To achieve this quantitative control, the proposed anonymous Patient-Research Matching system
can allow a patient to generate a one-time token that define the accessibility of his/her medical
data by logging to his/her account. For security purpose, this patient can further define an
expiration date for this one-time token and use a high security one-way hash function to encrypt
this token. This patient then gives this token to a chosen physician.
This physician submits this token to an anonymous Patient-Research Matching system for data
access. Because this given one-time token is unique to the whole system and irreversible, the
system has strong reason to believe it reflects the permission from the patient data owner.
Therefore, the system can provide said physician the data defined by this token. Please note that
from the time said token is given to the anonymous Patient-Research Matching System to the
time said physician get the data, everything is processed anonymously and automatically. This
data quantitative access control token effectively ensures a patient that only authorized medical
history can be delivered safely to a physician chosen by this patient.
Summary
An anonymous match is not the final goal. Since it might take another thirty years for the nation
to establish a strong EMR/PHRs system that is able to cover every citizen, an anonymous
medical system is a feasible solution for the healthcare industry to bridge this gap.
A patient-centered system is not just a slogan. It must be backed up by the features that will
motivate a patient to evolve in his/her treatment and life style change. In the modern healthcare
industry, there is seldom anything can motivate a patient more cost effectively than the assurance
of the confidentiality of a patient and giving a patient control of his/her data. Therefore, this
proposed anonymous Patient-Researcher Match model is truly a patient centered system. This
proposed model gives a patient better privacy protection, motivates a patient to collect more
completed data and to enroll a patient-researcher match system. The better quantity and quality
data will eventually give researchers a better match so that more high quality researchers will
join the system. This positive feedback mechanism ensures this proposed model is a viable
system that should be adopted by more and more medical institutions in the near future.