Feds Automate Sharing Of Sensitive Health Data - InformationWeek
Healthcare // Analytics
04:10 PM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Feds Automate Sharing Of Sensitive Health Data

Department of Health and Human Services and the Department of Veterans Affairs use new metadata technique to exchange substance abuse records without compromising patient privacy.

Uncle Sam Shares 12 Top Health Apps
Uncle Sam Shares 12 Top Health Apps
(click image for larger view and for slideshow)
Two federal departments have successfully demonstrated secure sharing of personal health information by meta-tagging it in electronic health records for special handling. The exercise was developed as part of the Data Segmentation for Privacy (DS4P) Initiative, which applies specific standards to cordon off sensitive elements of an EHR. Privacy concerns from patients and from mental health professionals, who are not eligible for Meaningful Use incentives, have long posed a stumbling block to implementing and sharing complete EHRs.

The U.S. Department of Health and Human Services (HHS) and the U.S. Department of Veterans Affairs (VA) exchanged the data following standards identified by the DS4P, which formed in response to a 2010 report from the President's Council of Advisors on Science and Technology (PCAST) that called for a "universal exchange language."

Although the VA has had other health information exchanges with other government agencies--specifically the VA and the Substance Abuse and Mental Health Services Administration (SAMHSA), a unit of HHS--this was the first time it was able to use such segmentation technology, in this case to share the substance abuse treatment record of a mock patient.

SAMHSA tagged the record with privacy metadata that electronically explained to the VA's EHR that information pertaining to treatment for substance abuse could only be used for authorized purposes and required patient consent for further disclosure, according to HHS. This privacy safeguard is expected to remove a major stumbling block to wider EHR adoption in mental health and in treatment of substance abuse and sexually transmitted diseases.

[ Looking for a PACS platform to replace an outdated system? See 9 Must-See Picture Archiving/Communication Systems. ]

"Privacy, and the protection of sensitive health information, are paramount for many patients with behavioral health conditions," SAMHSA administrator Pamela Hyde said in a press release. "The tools developed in this pilot will be critical for building trust and capacity in EHRs and health information exchanges, especially for patients with behavioral health problems."

The agencies followed standards called for in a lengthy guidance document produced by the Office of the National Coordinator for Health Information Technology (ONC), in conjunction with Health Level Seven International (HL7) and the Integrating the Healthcare Enterprise (IHE) project.

According to ONC spokesman Peter Ashkenaz, the pilot concentrated on two particular standards: HL7 Vocabularies for Privacy Metadata, and the HL7 CDA r2 base standard. The latter refers to HL7's Clinical Document Architecture.

"Data segmentation based on industry standards such as Health Level Seven make it possible for the first time to consistently apply and enforce individual privacy choices whether in the primary care physician’s office, shared with other providers, returned in reports from outside laboratories, or wherever privacy protected health information is used," said VA project lead John "Mike" Davis, security architect at the Veterans Health Administration. The DS4P project has not been without controversy, however. In early 2011, some members of PCAST called portions of the report dealing with data segmentation "fundamentally flawed" and untested in the real world.

Notably, Gartner analyst Wes Rishel and Dixie Baker, senior VP, CTO, and technical fellow at Science Applications International Corp., questioned whether PCAST endorsed a scenario in which physicians could "unlock" a specific piece of clinical data they were authorized to see, yet be prevented from incorporating it into their EHRs. This might leave them defenseless in court if a clinical decision based on the segmented data resulted in a lawsuit and a patient withdrew consent, they suggested.

InformationWeek Healthcare attempted to contact two members of PCAST for this story, but neither responded.

InformationWeek Healthcare brought together eight top IT execs to discuss BYOD, Meaningful Use, accountable care, and other contentious issues. Also in the new, all-digital CIO Roundtable issue: Why use IT systems to help cut medical costs if physicians ignore the cost of the care they provide? (Free with registration.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/26/2012 | 6:59:35 PM
re: Feds Automate Sharing Of Sensitive Health Data
I know that somewhere there are probably a great many people who view this sort of thing as a crowning achievement but, I see this as the first step in a perilous journey that will ultimately result in many people being wronged.

Government has never been a model of efficiency or security. If anything, Government - pretty much on every level of government - has proven a complete inability to secure anything. This whole EMR thing that's being forced on us is not going to end well.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll