A federally backed consortium of behavioral health
providers, administrators and health information exchange experts has joined the chorus of voices addressing the vexing issue of how to pass along medical records for behavioral health patients without violating their privacy
The Behavioral Health Data Exchange Consortium, in a 105-page final report and addendum, demonstrated a limited capability for the successful exchange of such medical records, recommending that “electronic health-record
technical solutions must be put forward that allow for the transfer, acceptance and storage of this data” in compliance with applicable federal and state privacy rules. It also recommended that initiatives be undertaken to encourage the adoption and use of these technical support systems.
It limited its review to four information exchange scenarios, all using a push transaction model and the ONC-developed Direct communication protocol for transmitting electronic documents over the Internet.
“The goal was to create policies and procedures that could be replicated in other states and regions,” according to the report, with an objective to exchange behavioral health data in a pilot project across state lines, which was accomplished between Florida and Alabama.
The idea was to address “legal and technical barriers” to exchanging healthcare information. But the group stopped short of providing a technical solution to the problem that recipient healthcare providers incur when they receive these legally encumbered records.
Issues with behavioral health data include obtaining patient consent for its sharing and the need for each provider in a chain of information to maintain and ensure the subsequent privacy of the data.
The consortium recommended that work on legal documents for health information exchange at a nationwide level, such as the federally developed Data Use and Reciprocal Support Agreement, “include consideration of the additional requirements placed on the exchange of data covered by 42 CFR Part 2 (which sets a higher bar for behavioral health patients privacy than HIPAA
does for other medical records).”
There also is an urgent need, the report authors said, to train “general” healthcare providers on the implications of more stringent privacy laws for behavioral health and other sensitive patient information, including the use of “appropriate access controls for data flagged” as behavioral health information.
To simplify its work, the consortium excluded from the scope of the project many other types of sensitive information and the laws governing them, including psychiatric notes, data specific to minors, sexually transmitted diseases, HIV, family planning, data from educational institutions, and emergency department “break the glass” situations in which exigent conditions trump privacy laws.
The consortium's report was touted Friday by the Office of the National Coordinator for Health Information on the agency's HealthITBuzz.gov blog
. The consortium, which included representatives from Florida, Michigan, Kentucky, Alabama and New Mexico, later joined by counterparts from Nebraska and Iowa, was created in August 2011.
The Health Information Technology Policy Committee
earlier in June approved several recommendations to a proposed voluntary testing and certification program for developers of electronic health-record systems used for behavioral healthcare providers.Follow Joseph Conn on Twitter: @MHJConn