Department of Health and Human Services and the Department of Veterans Affairs use new metadata technique to exchange substance abuse records without compromising patient privacy.
Uncle Sam Shares 12 Top Health Apps
(click image for larger view and for slideshow)
Two federal departments have successfully demonstrated secure sharing of personal health information by meta-tagging it in electronic health records for special handling. The exercise was developed as part of the Data Segmentation for Privacy (DS4P) Initiative, which applies specific standards to cordon off sensitive elements of an EHR. Privacy concerns from patients and from mental health professionals, who are not eligible for Meaningful Use incentives, have long posed a stumbling block to implementing and sharing complete EHRs.
Although the VA has had other health information exchanges with other government agencies--specifically the VA and the Substance Abuse and Mental Health Services Administration (SAMHSA), a unit of HHS--this was the first time it was able to use such segmentation technology, in this case to share the substance abuse treatment record of a mock patient.
SAMHSA tagged the record with privacy metadata that electronically explained to the VA's EHR that information pertaining to treatment for substance abuse could only be used for authorized purposes and required patient consent for further disclosure, according to HHS. This privacy safeguard is expected to remove a major stumbling block to wider EHR adoption in mental health and in treatment of substance abuse and sexually transmitted diseases.
"Privacy, and the protection of sensitive health information, are paramount for many patients with behavioral health conditions," SAMHSA administrator Pamela Hyde said in a press release. "The tools developed in this pilot will be critical for building trust and capacity in EHRs and health information exchanges, especially for patients with behavioral health problems."
The agencies followed standards called for in a lengthy guidance document produced by the Office of the National Coordinator for Health Information Technology (ONC), in conjunction with Health Level Seven International (HL7) and the Integrating the Healthcare Enterprise (IHE) project.
According to ONC spokesman Peter Ashkenaz, the pilot concentrated on two particular standards: HL7 Vocabularies for Privacy Metadata, and the HL7 CDA r2 base standard. The latter refers to HL7's Clinical Document Architecture.
"Data segmentation based on industry standards such as Health Level Seven make it possible for the first time to consistently apply and enforce individual privacy choices whether in the primary care physician’s office, shared with other providers, returned in reports from outside laboratories, or wherever privacy protected health information is used," said VA project lead John "Mike" Davis, security architect at the Veterans Health Administration.
The DS4P project has not been without controversy, however. In early 2011, some members of PCAST called portions of the report dealing with data segmentation "fundamentally flawed" and untested in the real world.
Notably, Gartner analyst Wes Rishel and Dixie Baker, senior VP, CTO, and technical fellow at Science Applications International Corp., questioned whether PCAST endorsed a scenario in which physicians could "unlock" a specific piece of clinical data they were authorized to see, yet be prevented from incorporating it into their EHRs. This might leave them defenseless in court if a clinical decision based on the segmented data resulted in a lawsuit and a patient withdrew consent, they suggested.
InformationWeek Healthcare attempted to contact two members of PCAST for this story, but neither responded.
InformationWeek Healthcare brought together eight top IT execs to discuss BYOD, Meaningful Use, accountable care, and other contentious issues. Also in the new, all-digital CIO Roundtable issue: Why use IT systems to help cut medical costs if physicians ignore the cost of the care they provide? (Free with registration.)
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.