A patent application covering EHRs

[Tim Churches]

There is some concern here in Australia over a patent application lodged 
by the Pharmacy Guild of Australia over some rather generic features of 
EHRs. These concerns are reported here:

http://australianit.news.com.au/common/print/0,7208,11467621%5E15319%5E%5Enb%20v%5E15306,00.html

or here:

http://snipurl.com/atst

The application has been lodged under the international PCT (patent 
co-operation treaty), and it appears that country level applications 
have been lodged in at least the UK, Canada and the US, as well as 
Australia.

At a glance, there would not appear to be much in the way of novelty in 
the claims, and several groups here in Australia plan to lodge 
objections to the application. Others may wish to object to the 
applications in their own countries. If anyone can suggest clear prior 
art which was published before April 2002, and ideally before April 
2001, then please let me know (or post details to this list so the prior 
art can be shared around).

The details of the patent application, and a related one filed on the 
same date, are as follows:

"METHOD AND SYSTEM FOR SHARING PERSONAL HEALTH DATA" can be found here:

http://v3.espacenet.com/textdoc?CY=ep&LG=en&F=4&IDX=WO02073456&DB=EPODOC&QPN=WO02073456

or here:

http://snipurl.com/atol

Click on the tabs at the top to see the details of the patent claims.

The details of the CR Group application for "METHOD AND SYSTEM FOR 
SECURE INFORMATION" can be found here:

http://v3.espacenet.com/textdoc?DB=EPODOC&IDX=WO02073455&F=0

or here:

http://snipurl.com/ator

The filing dates for both are 14 march 2002, with earliest priority 
dates of 14 March 2001.

Just to whet your appetite, here is Claim 1 of the Pharmacy Guild 
application:

"CLAIMS : 1. A method for a health care provider to obtain personal 
health data relating to a consumer, the method comprising the steps of : 
the consumer causing personal health data to be stored in a secure 
repository, said repository requiring authentication of the consumer's 
identity before the consumer is provided access to the repository; the 
consumer selecting items of personal health data to share and 
identifying a health care provider, or class of health care providers, 
to whom access will be provided for those items of personal health data; 
a health care provider providing authentication of their identity to the 
consumer's secure repository and being provided access to those items of 
personal health data of the consumer for which the health care provider 
has been identified for sharing; the health care provider using the 
personal health data of the consumer to determine health care advice or 
the provision of a health care service for the consumer; and the health 
care provider recording details of the consultation and the advice or 
service provided to the consumer in the secure repository of health data 
of the consumer."

If this patent issues, we (or our govts) may find ourselves having to 
pay royalties to the Pharmacy Guild of Australia to use any EHR 
applications which meet this description, or having to challenge the 
patent in court (expensive). Hence there is value in demolishing it with 
prior art in the application stage - assuming that it survives the 
examination phase (which it shouldn't, but as we know, the US patent 
office seems willing to approve a patent for just about anything, no 
matter how obvious or well-known the idea is, and the Australian patent 
office managed to issue an innovation patent for the wheel a few years 
ago...true!).

Tim C
-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: 

A patent application covering EHRs

[Tim Churches]

Tim Cook wrote:
> On Mon, 2004-11-22 at 18:29, Tim Churches wrote:
> 
> 
>>At a glance, there would not appear to be much in the way of novelty in 
>>the claims, and several groups here in Australia plan to lodge 
>>objections to the application. Others may wish to object to the 
>>applications in their own countries. If anyone can suggest clear prior 
>>art which was published before April 2002, and ideally before April 
>>2001, then please let me know (or post details to this list so the prior 
>>art can be shared around).
> 
> 
> Thanks for the heads up Tim.  
> It likely will come down to who has the time/money to properly fight this.
> What is the name of the organization that caused the review for MS's patent
 > application on the FAT filesystem?

The Public Patent Foundation - see http://www.pubpat.org - they may be 
interested in taking it on, before the patent issues in the US.

Thanks,

Tim C
-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: 

A patent application covering EHRs

[Tim Churches]

Andrew Ho wrote:
> Tim,
> 
> I published this "invention" back in 1998 titled "Patient-Controlled
> Electronic Medical Records". Please see:
> http://www.txoutcome.org/scripts/zope/readings/patient-controlled
> and referenced here: http://www.txoutcome.org/scripts/zope/readings/oio
> 
> This work has been online and retrievable via Google and other search
> engines for many years. Performing a Google search using
> "patient-controlled electronic medical records" as the search term
> retrieves this paper as the first hit.

OK, many thanks. Your paper covers many of their claims, although it 
does not mention controlling selective uploading and access to 
particular data items via a template, which is also part of their claims 
- but I have found another paper which desribes that. But your paper 
covers their other claims nicely - the more the merrier!

> I wonder if the Australian pharmacists read my invention and is now
> trying to steal it? It would be amazing if they neglected to run a
> Google search on related prior art. :-)

Possible but I doubt it. I suspect it is more a case of a set of 
solutions which are fairly obvious to anyone who considers the problem 
in detail. The Pharmacy Guild was part of a multi-sectoral committee 
which considered design issues for a shared medication record for 
Australia (now called MediConnect). They just happened to file this 
patent application just after that design work was winding down - which 
allegedly came as a surprise to the other committee members.

Tim C

-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: 

A patent application covering EHRs

[Tim Churches]

Andrew Ho wrote:
> 
> This means writing documentation to fully disclose innovative
> system features

Agree.

> and filing some patents from time to time may become
> increasingly important for free software projects.

Disagree. I, like many people, believe that Software, algorithmic and 
business method patents should not be permitted, and if one holds that 
position, one cannot then pursue software and algorithmic patents 
oneself (at least not without being a hypocrite). Better to work 
politically for patent reform, and to bust as many software and 
algorithmic patent applications as possible through prior art objections 
before they issue.

Tim C
-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: 

A patent application covering EHRs

[Gerard Freriks]

Hi,

Lets be sensible.
A template is nothing but a screen thta can be filled.

As far as I know that has been described many times before 2001.
Isn't it?

Gerard
--   --
Gerard Freriks, arts
Huigsloterdijk 378
2158 LR Buitenkaag
The Netherlands

+31 252 544896
+31 654 792800
On 23 Nov 2004, at 22:02, Tim Churches wrote:

>
> OK, many thanks. Your paper covers many of their claims, although it 
> does not mention controlling selective uploading and access to 
> particular data items via a template, which is also part of their 
> claims - but I have found another paper which desribes that. But your 
> paper covers their other claims nicely - the more the merrier!
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 744 bytes
Desc: not available
URL: 

A patent application covering EHRs

[Tim Churches]

Gerard Freriks wrote:
> Hi,
> 
> Lets be sensible.
> A template is nothing but a screen thta can be filled.
> 
> As far as I know that has been described many times before 2001.
> Isn't it?

Yes, but pointers to papers published prior to 2001 which specifically 
describe this would be appreciated. Formal and specific evidence of 
prior art is required to successfully oppose a patent application - in 
most countries, the whole legal process is weighted in favour of the 
patent applicant (which is the opposite of the way it ought to be, since 
the state is granting the applicant a monopoly on the idea). For 
instance, in Australia (and probably other countries), the burden of 
proof falls on the opponent to prove lack of novelty, not on the 
applicant to prove novelty. The applicant needs only to claim novelty 
and show evidence of a search for prior art.

Tim C
-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: 

A patent application covering EHRs

[Gerard Freriks]

Hi,

How serious is it really?

Is there anybody with a legal opinion?
I only have a laymans opinion about this ridiculous patent.

Gerard

ps:

A few snippets from en CEN/TC251 standard published in 1999.
CEN/TC251 ENV 13606:
1. Scope This European Prestandard specifies messages that enable  
exchange of electronic healthcare record informationbetween healthcare  
parties responsible for the provision of clinical care to an individual  
patient. These messages allow information from an electronic healthcare  
record held by one health professional to be sent to another  
healthprofessional. The messages specified by this European Prestandard  
can be used to convey:? a complete copy of a patient's record as stored  
in one information system; ? parts of a patient's record that form a  
logically sound extract or summary of that record;? parts of a  
patient's record used for updating a parallel record on another system.  
The primary purpose of these messages is to support the provision of  
care to individual patients. The availability ofconsistent, continuing  
clinical care, when and where it is needed, requires appropriate and  
unambiguous communication between clinical professionals. The messages  
specified by this European Prestandard are designed to meet  
thisrequirement by enabling users of different clinical information  
systems to exchange electronic healthcare record information.  
Implementation of these messages will therefore assist the maintenance  
of timely and appropriate patientrecords.

With a definition of Health care party:
--  3.39. healthcare party. Organisation or person involved in the  
direct or indirect provision of healthcare services to an individual or  
to a population. --
Met andere woorden. Hetgeen functioneel beschrven staat is omvat in de  
CEN voornorm voor het EPD.

The concept "Template" is mentioned.
Any input screen is a template. And before 1999 this concept was  
defined  and in use.

As far as Access Control is concerned
Part 3 of the CEN/TC251 ENV 13606 is about the expression of elements  
needed for access control.

1 Scope This European prestandard specifies data objects for describing  
rules for distribution or sharing of electronic healthcare records in  
whole or in part. This European prestandard establishes general  
principles for the interaction of these data objects with other  
components and mechanisms within an electronic healthcare record  
application, thereby controlling the distribution of electronic  
healthcare records in whole or in part. This European prestandard  
establishes ways of creating information with associated security  
attributes. This European prestandard defines a methodology for  
constructing rules built from defined data objects, capable of being  
implemented using a range of techniques, to effect the control of  
sharing of electronic healthcare record data. This European prestandard  
establishes principles that allow security policies to be implemented  
and incorporated in order to ensure the safe use of the data. This  
European prestandard specifies a method for constructing an Access Log,  
that can be rendered human viewable, that records distribution of the  
data to which a Distribution Rule is attached. This European  
prestandard does not specify the mechanisms and functions that take  
part within the negotiation procedure and therefore fully automate the  
data distribution process. This European prestandard does not specify  
the mechanisms and functions that will allow some systems to  
continuously reauthenticate the data communication session and monitor  
its integrity. This European prestandard allows the sharing of records  
distributed in space, time or responsibility. This European prestandard  
does not specify  the data objects and packages represented in an  
Information System.

At this moment I have no time to browse further.
But on the website of NIST more is to be found about Role based Access  
published before 1999.
And persons like Bernd Blobel and Ross Anderson wrote about security in  
health care


gf

--   --
Gerard Freriks, arts
Huigsloterdijk 378
2158 LR Buitenkaag
The Netherlands

+31 252 544896
+31 654 792800
On 23 Nov 2004, at 03:29, Tim Churches wrote:

> There is some concern here in Australia over a patent application  
> lodged by the Pharmacy Guild of Australia over some rather generic  
> features of EHRs. These concerns are reported here:
>
> http://australianit.news.com.au/common/print/ 
> 0,7208,11467621%5E15319%5E%5Enb%20v%5E15306,00.html
>
> or here:
>
> http://snipurl.com/atst
>
> The application has been lodged under the international PCT (patent  
> co-operation treaty), and it appears that country level applications  
> have been lodged in at least the UK, Canada and the US, as well as  
> Australia.
>
> At a glance, there would not appear to be much in the way of novelty  
> in the claims, and several groups here in Australia plan to lodge  
> objections to 

A patent application covering EHRs

[Tim Churches]

Gerard Freriks wrote:
> Hi,
> 
> How serious is it really?

If the patent is approved, it is potentially serious for anyone wishing 
to use or sell EHR ssytems which use the features in its claims. They 
hve only submitted applications in Australia, UK, US and Canada, so 
other countries would be unaffected.

No matter how ridiculous the patent may seem, if it issues it can cause 
really grief.

> Is there anybody with a legal opinion?
> I only have a laymans opinion about this ridiculous patent.
> 
> Gerard
> 
> ps:
> 
> A few snippets from en CEN/TC251 standard published in 1999.
> CEN/TC251 ENV 13606:
> 1. Scope This European Prestandard specifies messages that enable  
> exchange of electronic healthcare record informationbetween healthcare  
> parties responsible for the provision of clinical care to an individual  
> patient. These messages allow information from an electronic healthcare  
> record held by one health professional to be sent to another  
> healthprofessional. The messages specified by this European Prestandard  
> can be used to convey:? a complete copy of a patient's record as stored  
> in one information system; ? parts of a patient's record that form a  
> logically sound extract or summary of that record;? parts of a  
> patient's record used for updating a parallel record on another system.  
> The primary purpose of these messages is to support the provision of  
> care to individual patients. The availability ofconsistent, continuing  
> clinical care, when and where it is needed, requires appropriate and  
> unambiguous communication between clinical professionals. The messages  
> specified by this European Prestandard are designed to meet  
> thisrequirement by enabling users of different clinical information  
> systems to exchange electronic healthcare record information.  
> Implementation of these messages will therefore assist the maintenance  
> of timely and appropriate patientrecords.
> 
> With a definition of Health care party:
> --  3.39. healthcare party. Organisation or person involved in the  
> direct or indirect provision of healthcare services to an individual or  
> to a population. --
> Met andere woorden. Hetgeen functioneel beschrven staat is omvat in de  
> CEN voornorm voor het EPD.
> 
> The concept "Template" is mentioned.
> Any input screen is a template. And before 1999 this concept was  
> defined  and in use.
> 
> As far as Access Control is concerned
> Part 3 of the CEN/TC251 ENV 13606 is about the expression of elements  
> needed for access control.
> 
> 1 Scope This European prestandard specifies data objects for describing  
> rules for distribution or sharing of electronic healthcare records in  
> whole or in part. This European prestandard establishes general  
> principles for the interaction of these data objects with other  
> components and mechanisms within an electronic healthcare record  
> application, thereby controlling the distribution of electronic  
> healthcare records in whole or in part. This European prestandard  
> establishes ways of creating information with associated security  
> attributes. This European prestandard defines a methodology for  
> constructing rules built from defined data objects, capable of being  
> implemented using a range of techniques, to effect the control of  
> sharing of electronic healthcare record data. This European prestandard  
> establishes principles that allow security policies to be implemented  
> and incorporated in order to ensure the safe use of the data. This  
> European prestandard specifies a method for constructing an Access Log,  
> that can be rendered human viewable, that records distribution of the  
> data to which a Distribution Rule is attached. This European  
> prestandard does not specify the mechanisms and functions that take  
> part within the negotiation procedure and therefore fully automate the  
> data distribution process. This European prestandard does not specify  
> the mechanisms and functions that will allow some systems to  
> continuously reauthenticate the data communication session and monitor  
> its integrity. This European prestandard allows the sharing of records  
> distributed in space, time or responsibility. This European prestandard  
> does not specify  the data objects and packages represented in an  
> Information System.
> 
> At this moment I have no time to browse further.
> But on the website of NIST more is to be found about Role based Access  
> published before 1999.
> And persons like Bernd Blobel and Ross Anderson wrote about security in  
> health care

Yes, Andersons' BMA privacy principles paper from 1996 is full of prior 
art for this patent application.

Thanks,

Tim C


> --   --
> Gerard Freriks, arts
> Huigsloterdijk 378
> 2158 LR Buitenkaag
> The Netherlands
> 
> +31 252 544896
> +31 654 792800
> On 23 Nov 2004, at 03:29, Tim Churches wrote:
> 
>> There is some concern here in Australia over a patent application  
>> l

A patent application covering EHRs

[Puvanendran SenthilRuban]

Hi all of you,
  I was away for short period. Because little more
tight with project schedule. Really interesting
discussion areas going on in these days. I have to
read all the past emails. Any how, Do you aware about
HIPAA compliance?


Rules reguarding HIPAA 
http://www.hhs.gov/ocr/regtext.html . 

Regards
P.Senthilruban
--- Gerard Freriks  wrote:

> Hi,
> 
> How serious is it really?
> 
> Is there anybody with a legal opinion?
> I only have a laymans opinion about this ridiculous
> patent.
> 
> Gerard
> 
> ps:
> 
> A few snippets from en CEN/TC251 standard published
> in 1999.
> CEN/TC251 ENV 13606:
> 1. Scope This European Prestandard specifies
> messages that enable  
> exchange of electronic healthcare record
> informationbetween healthcare  
> parties responsible for the provision of clinical
> care to an individual  
> patient. These messages allow information from an
> electronic healthcare  
> record held by one health professional to be sent to
> another  
> healthprofessional. The messages specified by this
> European Prestandard  
> can be used to convey:? a complete copy of a
> patient's record as stored  
> in one information system; ? parts of a patient's
> record that form a  
> logically sound extract or summary of that record;?
> parts of a  
> patient's record used for updating a parallel record
> on another system.  
> The primary purpose of these messages is to support
> the provision of  
> care to individual patients. The availability
> ofconsistent, continuing  
> clinical care, when and where it is needed, requires
> appropriate and  
> unambiguous communication between clinical
> professionals. The messages  
> specified by this European Prestandard are designed
> to meet  
> thisrequirement by enabling users of different
> clinical information  
> systems to exchange electronic healthcare record
> information.  
> Implementation of these messages will therefore
> assist the maintenance  
> of timely and appropriate patientrecords.
> 
> With a definition of Health care party:
> --  3.39. healthcare party. Organisation or person
> involved in the  
> direct or indirect provision of healthcare services
> to an individual or  
> to a population. --
> Met andere woorden. Hetgeen functioneel beschrven
> staat is omvat in de  
> CEN voornorm voor het EPD.
> 
> The concept "Template" is mentioned.
> Any input screen is a template. And before 1999 this
> concept was  
> defined  and in use.
> 
> As far as Access Control is concerned
> Part 3 of the CEN/TC251 ENV 13606 is about the
> expression of elements  
> needed for access control.
> 
> 1 Scope This European prestandard specifies data
> objects for describing  
> rules for distribution or sharing of electronic
> healthcare records in  
> whole or in part. This European prestandard
> establishes general  
> principles for the interaction of these data objects
> with other  
> components and mechanisms within an electronic
> healthcare record  
> application, thereby controlling the distribution of
> electronic  
> healthcare records in whole or in part. This
> European prestandard  
> establishes ways of creating information with
> associated security  
> attributes. This European prestandard defines a
> methodology for  
> constructing rules built from defined data objects,
> capable of being  
> implemented using a range of techniques, to effect
> the control of  
> sharing of electronic healthcare record data. This
> European prestandard  
> establishes principles that allow security policies
> to be implemented  
> and incorporated in order to ensure the safe use of
> the data. This  
> European prestandard specifies a method for
> constructing an Access Log,  
> that can be rendered human viewable, that records
> distribution of the  
> data to which a Distribution Rule is attached. This
> European  
> prestandard does not specify the mechanisms and
> functions that take  
> part within the negotiation procedure and therefore
> fully automate the  
> data distribution process. This European prestandard
> does not specify  
> the mechanisms and functions that will allow some
> systems to  
> continuously reauthenticate the data communication
> session and monitor  
> its integrity. This European prestandard allows the
> sharing of records  
> distributed in space, time or responsibility. This
> European prestandard  
> does not specify  the data objects and packages
> represented in an  
> Information System.
> 
> At this moment I have no time to browse further.
> But on the website of NIST more is to be found about
> Role based Access  
> published before 1999.
> And persons like Bernd Blobel and Ross Anderson
> wrote about security in  
> health care
> 
> 
> gf
> 
> --   --
> Gerard Freriks, arts
> Huigsloterdijk 378
> 2158 LR Buitenkaag
> The Netherlands
> 
> +31 252 544896
> +31 654 792800
> On 23 Nov 2004, at 03:29, Tim Churches wrote:
> 
> > There is some concern here in Australia over a
> paten

A patent application covering EHRs

[Thomas Beale]

Tim Churches wrote:

> Gerard Freriks wrote:
>
>> Hi,
>>
>> Lets be sensible.
>> A template is nothing but a screen thta can be filled.
>>
>> As far as I know that has been described many times before 2001.
>> Isn't it?
>
>
> Yes, but pointers to papers published prior to 2001 which specifically 
> describe this would be appreciated. Formal and specific evidence of 
> prior art is required to successfully oppose a patent application - in 
> most countries, the whole legal process is weighted in favour of the 
> patent applicant (which is the opposite of the way it ought to be, 
> since the state is granting the applicant a monopoly on the idea). For 
> instance, in Australia (and probably other countries), the burden of 
> proof falls on the opponent to prove lack of novelty, not on the 
> applicant to prove novelty. The applicant needs only to claim novelty 
> and show evidence of a search for prior art.

well, even my original archetypes paper was published on the web in 
2000, based on a small epiphany reached with Sam Heard one day in 
1997 I did various kinds of searches and never found anything like 
the same design, although of course I am aware that many 
people/organisations have considered the same requirements. The only 
published work that had some similarities (and from which I did get 
ideas) was Martin Fowler's "Analysis Patterns", which does describe a 
kind of ad hoc two-level modelling (this was of course cited in my 
work). I am also certain that the problem has actually been solved 
before - just that such solutions are hidden in commercial software, not 
published in their own right. I have done my best to find some such 
solutions, and have indeed found a couple of notable ones (both less 
rigorous and extensive than what we have in openEHR, but nevertheless, 
based on exactly the same intuition, and very nicely engineered).

I am sure that Andrew Ho published some earlier paper on templates, and 
probably so have others in this group.

On the morality of patents, I agree with Dave and Tim - I am personally 
completely against the patent system for ideas or concepts. I don't 
think having a good idea is a basis for extracting money out of other 
people who might have had a similar, earlier or better idea, or no idea 
at all. Where patents can be relevant is for limited time protection of 
"developed/engineered artifacts" - where the costs of development are 
high and need to be recouped by the original developer - in other words 
things which are the results of ideas being engineered into something 
useful. This is where limited time patents on some kinds of drugs might 
be reasonable - the drug substance formula is not the 'idea' in this 
case, the original new understanding of the problem is the idea.

- thomas beale



-
If you have any questions about using this list,
please send a message to d.lloyd at openehr.org