Using off-the-shelf content standards and messaging protocols, the Veterans Affairs Department and the Substance Abuse and Mental Health Services Administration of HHS have successfully demonstrated how to electronically tag mental health and other highly sensitive clinical records to help providers comply with stringent state and federal privacy laws limiting the sharing of those records without patient consent.
Development of the electronic patient-consent management system came in response to the VA's and SAMHSA's own needs to protect the privacy of patients under two federal medical record privacy laws that are more robust than the privacy rule under the Health Insurance Portability and Accountability Act.
The demo was part of a Data Segmentation for Privacy Initiative by the Office of the National Coordinator for Health Information Technology at HHS. It also answers a 2010 call by the President's Council of Advisors on Science and Technology to use metadata tagging to enhance privacy while making medical data more readily available for research. A metadata tag provides information about the underlying data.
Tagging a patient's record at the “granular” or data-element level enables patients to give consent to the exchange of some parts of their medical record—such as a diagnosis code for diabetes and a drug prescription for its treatment—but not other parts, such as the diagnosis of a sexually transmitted disease or a mental health counseling session.
“The bottom line is we're trying to provide patients some ability to control what information is shared and make it easy on them,” said Mike Davis, VA project lead and Veterans Health Administration security architect.