EHR Data Sharing Test Complies with Patient Privacy LawsSeptember 24, 2012
The Department Veterans Affairs and the Substance Abuse and Mental Health Services Administration have demonstrated how to securely share sensitive health information via electronic health records (EHRs).
The test also showed how substance abuse and other sensitive data can be tagged so that when it is sent in a summary of care record to another provider with the patient’s permission, the receiving provider will know they need to obtain the patient’s authorization to further disclose the sensitive information with others, according to a Sept. 17 announcement by the Department of Health and Human Services. SAMHSA is an agency in HHS.
Privacy metadata from the SAMHSA EHR electronically explained to the VA EHR system that substance abuse treatment information within the clinical document is protected by federal confidentiality laws and can only be used for certain authorized purposes. It cannot be further disclosed without the patient’s consent.
Metadata classification tags indicate confidentiality, sensitivity, and handling instructions so that granular pieces of data can be protected from capture and disclosure. By varying the disclosure capabilities of electronic health information, providers and patients can better balance treatment and privacy.
“This project helps demonstrate that with proper standards in place existing privacy laws and policies can be implemented appropriately in an electronic environment,” said Joy Pritts, chief privacy officer in the Office of the National Coordinator for Health IT.
The demonstration was part of the Data Segmentation for Privacy (DS4P) Initiative in ONC’s Standards & Interoperability Framework.
The project is in response to the work of the President’s Council of Advisors on Science and Technology (PCAST), which in a 2010 report called for a universal exchange language like extensible markup language (XML) and the ability to separate health data into the smallest individual pieces that make sense to exchange.
Using standards identified in the Data Segmentation for Privacy project, SAMHSA and the VA exchanged a mock patient’s substance abuse treatment records tagged with privacy metadata from one EHR to a different EHR system after electronically verifying that the mock patient had consented to the transmission.
Many patients with behavioral health conditions are very protective of their health information, said SAMHSA Administrator Pamela Hyde. “The tools developed in this pilot will be critical for building trust and capacity in EHRs and health information exchanges, especially for patients with behavioral health problems,” she said.
Data segmentation for privacy offers choice about sharing the most sensitive health information, enhances patient trust and improves VA’s ability to support veterans while complying with federal confidentiality laws, said John “Mike” Davis, VA project lead and Veterans Health Administration security architect.
“Data segmentation based on industry standards, such as Health Level Seven [HL7], makes it possible for the first time to consistently apply and enforce individual privacy choices, whether in the primary care physician’s office, shared with other provider’s, returned in reports from outside laboratories or wherever privacy protected health information is used,” he said.
Article written by Mary Mosquera, Senior Editor for Government Health IT