Perspectives on Interoperability and Using Data Segmentation for Information Privacy
Most behavioral health providers don’t need to be schooled in the complexities around sharing “specially protected” patient health information (PHI). Ensuring adherence to the many rules and regulations at both the state and federal levels is a formidable, but familiar, challenge.
What may require some education is the impact that the newly released HL7 “Data Segmentation for Privacy” (DS4P) standards will have on the challenges presented by sharing specially protected PHI in the electronic environment.
With the advent of health information exchanges (HIEs) and the increasing use of electronic health records (EHRs), sharing specially protected PHI has been a particular focus of many (sometimes heated) debates. For example, how can the system prevent the unauthorized re-release of 42 CFR Part 2 protected PHI after the patient has consented to share this sensitive data via the state health information exchange (HIE)?
DS4P data and technology standards leverage existing information technology to resolve this and many other concerns around sharing a wide range of patient health information with varying and often complex special protections. The standards sort all of the pertinent state and federal regulations, along with organizational policies and procedures, into a hierarchy of categories for “special protection.” Strings of data are then tagged with “metadata,” a set of instructions that operationalize the standards in the electronic environment.
The availability of these standards brings health care in general and behavioral health as a field much closer to attaining that elusive goal of “interoperability.” Different information technology systems and software applications will be able to apply these standards in communicating and exchanging data, and then use the information that has been exchanged.
Automating enforcement of the universe of rules and regulations for specially protected PHI means that exchange is not based on the individual end-user’s inevitably limited knowledge of what policies and procedures to implement, and when. The data is segmented and when necessary it can be excluded from PHI summaries that use the Common Meaningful Use Data Set.
Like all new data and technology standards, it will take some time for the implementation of DS4P to become widespread. In the meantime, vendors can use “Consent2Share” (C2S) to implement 42 CFR Part 2 protections in the exchange of behavioral health patient information, especially in integrated care. C2S is a freely available, downloadable, open source app that implements the concepts of DS4P to allow the sharing of behavioral health patient information in the state and regional health information exchanges. Tested in the field and approved by both SAMHSA and the ONC, you can see demonstrations of this tool here.