Patent attributes
A method for controlling access to a medical record of a patient hosted by at least one medical record repository, comprising a plurality of sub-records, each sub-record having an associated different patient-controlled access control criteria, comprising: receiving, by an intermediary, a request for a medical record from a requester, said request comprising a medical record identifier, a requester identifier, requester authentication information, and patient-provided access control authorization; automatically processing, by the intermediary, the request for the medical record to authenticate the requester and determine sufficiency of the patient-provided access control authorization to meet the patient-controlled access control criteria for each respective sub-record encompassed by the request; and selectively communicating, from the intermediary to the at least one medical record repository, an identification of each sub-record for which access control criteria are determined to be sufficient for access by the requestor. An electronic payment authorization associated with the request may be generated, for compensation of at least one of the intermediary and a medical record repository.
