What's the Role of Data Segmentation?Regulators Weigh How to Protect Sensitive Patient Data
Protecting patient privacy when electronically exchanging sensitive patient information pertaining to behavioral health, substance abuse, HIV and other medical issues is especially challenging.
But a recently concluded government-sponsored data segmentation initiative, which yielded some new standards, could play an important role. And federal regulators are considering whether to require that electronic health records software that's certified for the HITECH Act incentive program use the standards.
Data segmentation involves tagging specific data elements within clinical care documents to limit access to sensitive information at the patient's request. This helps prevent unauthorized users from accessing the sensitive information and also helps prevent the data from being re-disclosed without further authorization from the patient
The recently concluded two-year Data Segmentation for Privacy, or DS4P, initiative, coordinated by the Office of the National Coordinator for Health IT, launched six pilot programs that demonstrated how sensitive patient data, such as mental health and substance abuse information, can be securely shared among clinicians with the electronic consent of patients.
For example, the Department of Veterans Affairs and the Substance Abuse and Mental Health Services Administration used data segmentation for the electronic exchange of information on the care of substance abuse patients.
Another pilot, involving Jericho Systems and the University of Texas at Austin, tested granular patient consent, allowing patients to authorize specific parts of their health records, such as mental health related information, to be shared or withheld from data exchange (see Tracking Who Assess Data Via HIEs).
In the DS4P projects, specifications were developed to enable highly sensitive health information to flow more freely to authorized users while improving the ability of health IT systems to implement existing privacy protection requirements for certain types of healthcare data, according to ONC, a unit of the Department of Health and Human Services.
"This is important because a large segment of the patient population has medical information that is sensitive, and state and federal laws often give extra protection to the handling of that information," says Joy Pritts, ONC's chief privacy officer.
The DS4P initiative has helped spark development of standards that can be used in the exchange of sensitive health data, she says. Electronic health record standards organizations, including HL7, have approved and published these standards, she notes
Some of the DS4P pilot projects are leading to new initiatives. For example, EHR vendor Cerner Corp. is incorporating DS4P meta data privacy tagging capabilities for sensitive information contained in certain patient records that are exchanged using the Direct protocol.
But one big gap in DS4P developments is that, for the most part, both the sender and recipient of sensitive patient data must use systems containing DS4P technology; otherwise, the authorized recipient clinician cannot view the sensitive patient information.
So, if a substance abuse treatment clinician, with a patient's electronic consent, were to protect sensitive data in a patient's record via tagging or encrypting, if the data is sent to another clinician authorized to view the data, who's not using DS4P technology, it could not be viewed.
In June, the Privacy and Security Tiger Team plans to make recommendations to the HIT Policy Committee related to whether DS4P technical capabilities should be part of ONC's next round of certification requirements for electronic health records software under the HITECH Act.
When making recommendations, regulators must consider the pros and cons involved with data segmentation. For instance, applying data segmentation to EHRs enables patients to provide granular consent to what specific portions of their records can and cannot be shared. As a result, some healthcare providers fear they'll end up working with incomplete "Swiss cheese" records, Tiger Team Chair Deven McGraw told HIT Policy Committee members at a May 6 meeting.
Also, certain federal regulations that are even stricter than HIPAA prohibit the re-disclosure of the sensitive information, she explained. That means, for instance, that substance abuse information that's securely sent to a clinician cannot be incorporated into an EHR without risk that the sensitive data might be later viewed by an unauthorized user. So those restrictions can also end up producing incomplete patient records that exclude the sensitive, but perhaps pertinent, segmented information.
McGraw said the Tiger Team's tentative conclusions, so far, are:
- DS4P is not a perfect solution - but could be the first step toward enabling behavioral health providers to securely share information with other providers caring for behavioral health patients;
- Using DS4P standards to offer "view only" access to records is less than ideal, but many providers may feel that having access to some data about their patients is better than having none; and
- Education of providers and patients about the limitations of the technology and confidentiality obligations related to the sensitive information is essential.
Micky Tripathi, co-chair of the Tiger Team, also noted that in addition to DS4P technology, the HIT Standards Committee should acknowledge other approaches to data segmentation when it comes time to decide about possible HITECH requirements for certified EHRs.
While DS4P doesn't perfectly address all the concerns regarding the exchange of sensitive patient information, the DS4P pilots "demonstrate the technical concepts of how to use privacy metadata to tag healthcare information in a consistent way - to support interoperability between systems," ONC says. "There are now normative, accredited technical standards which can be used to support the privacy protection of extra sensitive healthcare information."
And ONC says the project "increased visibility and wider recognition by the healthcare industry of the importance of protecting sensitive healthcare data, and the challenges associated with allowing extra sensitive data to flow more freely to those individuals who are authorized to receive it."