PRIVACY COMPLIANT CONSENT AND DATA ACCESS MANAGEMENT SYSTEM AND METHODS

摘要

An information management system for restricting access to personal data in compliance with law or regulation includes a database having restricted records stored therein, at least one of the records including an identification of a client or group of clients about whom said record concerns. A computer system under the control of a trusted information broker is configured to receive via a communication medium a request initiated by a requestor for access to at least one of the restricted records in the database, the request including an identification of the requestor. The computer system is further configured to transmit a request for consent to the client and receive an indication from the client that the client consents or does not consent to access to the restricted record by the requestor. The computer system grants or denies access to the restricted records based upon the indication from the client.

主权项

1. An information management system for restricting access to personal data in compliance with law or regulation, comprising:
a database having stored therein a plurality of restricted records, each restricted record including an identification of a client or group of clients about whom said record concerns, each restricted record further including individual transaction records, each separately and uniquely encrypted before storage in said database, whereby ownership of each individual transaction record is implemented in the data record itself; a computer system under the control of a third party trusted information broker, said computer system being configured to receive via a communication medium a first request initiated by a requestor for access to at least one of said restricted records in said database, said first request including an identification of the requestor;
said computer system being further configured to transmit a request for consent to said client and receive an indication from said client that said client consents or does not consent to access to said restricted record by said requestor;said computer system being further configured to grant or deny access to said at least one restricted record based upon said indication from said client; said computer system being further configured to receive a second request initiated by a second requestor to enter at least one second transaction record to said database, and to receive a third request initiated by a third requestor to enter at least one third transaction record to said database, each requestor being an external entity not affiliated with the third-party trusted information broker.