Sunday, September 23, 2012

Sharing Health Information

HHS and the VA conducted a standards demonstration among providers using EHRs to enable sensitive health information to be shared that complies with confidentiality laws and regulations. The demonstration showed how sensitive information can be tagged so when it is sent to another provider with the patient’s permission, the receiving provider will know that they need to obtain the patient’s authorization to further disclose the information to others.

“This project helps demonstrate that with proper standards in place, existing privacy laws and policies can be implemented appropriately in an electronic environment,” said Chief Privacy Officer Joy Pritts for ONC.

The demonstration was developed as part of the Data Segmentation for Privacy (DS4P) Initiative created in response to the work of the President’s Council of Advisors on Science and Technology and supported by ONC.

Using standards identified in the DS4P Initiative, SAMSHA within HHS and the VA safely and securely transmitted a mock patient’s substance abuse treatment records tagged with privacy metadata from one EHR to a different EHR system after electronically verifying that the mock patient had consented to the transmission.

Privacy metadata from the SAMSHA EHR electronically explained to the VA EHR system that substance abuse treatment information within the clinical document is protected by federal confidentiality laws and can only be used for certain authorized purposes and can’t be further disclosed without the patient’s consent. By varying the disclosure of electronic health information, providers and patients can better balance treatment and privacy.

According to John “Mike” Davis, VA Project Lead and VHA Security Architect, “Data Segmentation based on industry standards such as Health Level Seven, make it possible for the first time to consistently apply and enforce individual privacy choices whether in the primary care physician’s office, shared with other provider’s, returned in reports from outside labs or wherever privacy protected health information is used.”

“Privacy and the protection of sensitive health information are paramount for many patients with behavioral health conditions,” said SAMHSA Administrator Pamela Hyde. “The tools developed in this pilot will be critical for building trust and capacity in EHRs and HIEs especially for patients with behavioral health problems.”

For more information, go to http://wiki.siframework.org/SAMSHA-VA-Pilot.