Skip to content Skip to navigation

HHS, VA Demonstrate Secure Sharing of Sensitive PHI

September 17, 2012
by Jennifer Prestigiacomo
| Reprints

The Department of Health and Human Services (HHS) and the Department of Veterans Affairs (VA) today announced a demonstration of the standards to allow sensitive health information to be shared responsibly and to comply with confidentiality laws and regulations among providers using electronic health records (EHRs).  The demonstration also showed how sensitive information can be tagged so that when it is sent to another provider with the patient’s permission, the receiving provider will know that they need to obtain the patient’s authorization to further disclose the information with others.

“This project helps demonstrate that with proper standards in place existing privacy laws and policies can be implemented appropriately in an electronic environment,” said Office of the National Coordinator for Health Information Technology (ONC) Chief Privacy Officer Joy Pritts, in a statement.

The demonstration was developed as part of the Data Segmentation for Privacy (DS4P) Initiative created in response to the work of the President’s Council of Advisors on Science and Technology and supported by HHS’ ONC. Using standards identified in the DS4P Initiative, HHS’ Substance Abuse and Mental Health Services Administration (SAMHSA) and the VA safely and securely transmitted a mock patient’s substance abuse treatment records tagged with privacy metadata from one EHR to a different EHR system after electronically verifying that the mock patient had consented to the transmission.

Privacy metadata from the SAMHSA EHR electronically explained to the VA EHR system that substance abuse treatment information within the clinical document is protected by federal confidentiality laws and can only be used for certain authorized purposes, and cannot be further disclosed without the patient’s consent. By varying the disclosure of electronic health information, providers and patients can better balance treatment and privacy.

“Data Segmentation for Privacy provides citizens choice about sharing their most sensitive health information, enhances patient trust and improves VA’s ability to support our Veteran community in compliance with federal law,” said John “Mike” Davis, VA project lead and Veterans Health Administration Security Architect, in a statement.  “Data Segmentation based on industry standards such as Health Level Seven, make it possible for the first time, to consistently apply and enforce individual privacy choices whether in the primary care physician’s office, shared with other provider’s, returned in reports  from outside laboratories or wherever privacy protected health information is used.”

“Privacy, and the protection of sensitive health information are paramount for many patients with behavioral health conditions,” said SAMHSA Administrator Pamela Hyde, in a statement. “The tools developed in this pilot will be critical for building trust and capacity in EHRs and health information exchanges, especially for patients with behavioral health problems.”




Mayo Clinic, ASU Partner for Medical Education, Healthcare Innovation

The Mayo Clinic and Arizona State University have announced a partnership centered on transforming medical education and healthcare in the U.S. through a variety of innovation efforts.

CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.