The Department of Health and Human Services (HHS) and the Department of Veterans Affairs (VA) today announced a demonstration of the standards to allow sensitive health information to be shared responsibly and to comply with confidentiality laws and regulations among providers using electronic health records (EHRs). The demonstration also showed how sensitive information can be tagged so that when it is sent to another provider with the patient’s permission, the receiving provider will know that they need to obtain the patient’s authorization to further disclose the information with others.
“This project helps demonstrate that with proper standards in place existing privacy laws and policies can be implemented appropriately in an electronic environment,” said Office of the National Coordinator for Health Information Technology (ONC) Chief Privacy Officer Joy Pritts, in a statement.
The demonstration was developed as part of the Data Segmentation for Privacy (DS4P) Initiative created in response to the work of the President’s Council of Advisors on Science and Technology and supported by HHS’ ONC. Using standards identified in the DS4P Initiative, HHS’ Substance Abuse and Mental Health Services Administration (SAMHSA) and the VA safely and securely transmitted a mock patient’s substance abuse treatment records tagged with privacy metadata from one EHR to a different EHR system after electronically verifying that the mock patient had consented to the transmission.
Privacy metadata from the SAMHSA EHR electronically explained to the VA EHR system that substance abuse treatment information within the clinical document is protected by federal confidentiality laws and can only be used for certain authorized purposes, and cannot be further disclosed without the patient’s consent. By varying the disclosure of electronic health information, providers and patients can better balance treatment and privacy.
“Data Segmentation for Privacy provides citizens choice about sharing their most sensitive health information, enhances patient trust and improves VA’s ability to support our Veteran community in compliance with federal law,” said John “Mike” Davis, VA project lead and Veterans Health Administration Security Architect, in a statement. “Data Segmentation based on industry standards such as Health Level Seven, make it possible for the first time, to consistently apply and enforce individual privacy choices whether in the primary care physician’s office, shared with other provider’s, returned in reports from outside laboratories or wherever privacy protected health information is used.”
“Privacy, and the protection of sensitive health information are paramount for many patients with behavioral health conditions,” said SAMHSA Administrator Pamela Hyde, in a statement. “The tools developed in this pilot will be critical for building trust and capacity in EHRs and health information exchanges, especially for patients with behavioral health problems.”