Sep 25, 2012 (08:09 AM EDT)
Feds Automate Sharing Of Sensitive Health Data
Read the Original Article at InformationWeek
The U.S. Department of Health and Human Services (HHS) and the U.S. Department of Veterans Affairs (VA) exchanged the data following standards identified by the DS4P, which formed in response to a 2010 report from the President's Council of Advisors on Science and Technology (PCAST) that called for a "universal exchange language."
Although the VA has had other health information exchanges with other government agencies--specifically the VA and the Substance Abuse and Mental Health Services Administration (SAMHSA), a unit of HHS--this was the first time it was able to use such segmentation technology, in this case to share the substance abuse treatment record of a mock patient.
SAMHSA tagged the record with privacy metadata that electronically explained to the VA's EHR that information pertaining to treatment for substance abuse could only be used for authorized purposes and required patient consent for further disclosure, according to HHS. This privacy safeguard is expected to remove a major stumbling block to wider EHR adoption in mental health and in treatment of substance abuse and sexually transmitted diseases.
[ Looking for a PACS platform to replace an outdated system? See 9 Must-See Picture Archiving/Communication Systems. ]
"Privacy, and the protection of sensitive health information, are paramount for many patients with behavioral health conditions," SAMHSA administrator Pamela Hyde said in a press release. "The tools developed in this pilot will be critical for building trust and capacity in EHRs and health information exchanges, especially for patients with behavioral health problems."
The agencies followed standards called for in a lengthy guidance document produced by the Office of the National Coordinator for Health Information Technology (ONC), in conjunction with Health Level Seven International (HL7) and the Integrating the Healthcare Enterprise (IHE) project.
According to ONC spokesman Peter Ashkenaz, the pilot concentrated on two particular standards: HL7 Vocabularies for Privacy Metadata, and the HL7 CDA r2 base standard. The latter refers to HL7's Clinical Document Architecture.
"Data segmentation based on industry standards such as Health Level Seven make it possible for the first time to consistently apply and enforce individual privacy choices whether in the primary care physician’s office, shared with other providers, returned in reports from outside laboratories, or wherever privacy protected health information is used," said VA project lead John "Mike" Davis, security architect at the Veterans Health Administration. The DS4P project has not been without controversy, however. In early 2011, some members of PCAST called portions of the report dealing with data segmentation "fundamentally flawed" and untested in the real world.
Notably, Gartner analyst Wes Rishel and Dixie Baker, senior VP, CTO, and technical fellow at Science Applications International Corp., questioned whether PCAST endorsed a scenario in which physicians could "unlock" a specific piece of clinical data they were authorized to see, yet be prevented from incorporating it into their EHRs. This might leave them defenseless in court if a clinical decision based on the segmented data resulted in a lawsuit and a patient withdrew consent, they suggested.
InformationWeek Healthcare attempted to contact two members of PCAST for this story, but neither responded.
InformationWeek Healthcare brought together eight top IT execs to discuss BYOD, Meaningful Use, accountable care, and other contentious issues. Also in the new, all-digital CIO Roundtable issue: Why use IT systems to help cut medical costs if physicians ignore the cost of the care they provide? (Free with registration.)