Skip to main content

Advertisement

ADVERTISEMENT

Confidentiality alternatives for exchanging electronic medical records take shape

The Office of the National Coordinator has focused the nation’s Health Information Technology around the goal that “information follows the patient.” That’s “secure” information, available whenever and wherever a patient seeks care, explained Michael Lardiere, the National Council’s VP for Health Information Technology and Strategic Development.

Models of Health Information Exchange
Having a patient’s electronic health information available whenever and wherever it’s needed is still a vision rather than a reality, Lardiere continued, outlining three models of health information exchange to a gathering at the California Institute for Mental Health’s recent Behavioral Health Information Technology Conference:  the Direct or “push” model, the Query or “pull” model, and a Consumer-mediated exchange model.  In coming years, all will have a role to play.

Of the three models, the Direct model (based on the National Health Information Network or “NHIN Direct” protocol) is the only one that is readily available for use today. Providers who have a Direct account can use it to communicate, point-to-point with other providers that have a Direct account for a cost of about $15 per month. Lardiere added that providers pursuing Stage 2 Meaningful Use incentives will likely need Direct to meet the requirement to make 65% of care referrals electronically, with a minimum of 10% of care referrals made outside their “home” network.   

The second exchange model is the Query or “pull” model, which is built around the concept of health information organizations (HIOs). This exchange model is being piloted on a large scale by five major national health networks—Geisinger, Intermountain, Kaiser Permanente, Cleveland Clinic, and the Mayo Clinic. “The goal is, no matter where you go, your provider can search for your record, pull it down, and provide treatment for you,” Lardiere explained.  

The third model of exchange — Consumer-mediated —envisions a consumer who actively participates in using and sharing personal health information. Lardiere said that these patients can expect to interact with their health information in two ways — via a secure portal made available by the EHR vendor and the provider (another Stage 2 Meaningful Use requirement), or via a secure consumer e-mail account, similar to NHIN Direct.

The continuity of care document (CCD)
The vehicle used to carry personal health information is called a Continuity of Care Document (CCD). And, compared to earlier versions, the CCD specified for Stage 2 Meaningful Use is to receive a substantial upgrade in its capabilities, detailed in the “Consolidated” Clinical Document Architecture (C-CDA). C-CDA supersedes the Stage 1 CCD specifications and offers both developers and users a much more versatile platform for collecting, storing, and exchanging patient information.  

The new CCD can be likened to a digital spreadsheet that contains a series of digital sections or “tabs,” corresponding to the types of care being received and data being stored. In its present form, the CCD is a single document with many sections inside a common wrapper. So far, working groups have standardized the structure for eight sections of the C-CDA CCD, Lardiere said.

However, there is much more to do, said Lardiere. So far, more than 70 new sections are planned, dealing with everything from advance directives and allergies to social history and vital signs. These sections will contain dozens of structured patient data entries and accommodate the use of common medical, demographic, and other codes. Each section will also allow for the inclusion of free text notes or explanations. Elements of a behavioral health CCD section are now being defined with the help of workgroups in multiple states.

Update on confidentiality solutions
Through an initiative called “Data Segmentation for Privacy” (DS4P) an ONC workgroup and several software development firms are working to develop and pilot alternatives for secure transmittal of electronic patient records whose content requires confidentiality protections beyond those offered by the Health Information Protection and Portability Act (HIPAA). Such protections have been established by a series of federal and state laws to encourage individuals to seek treatment for certain health conditions that, without the protections, might lead to personal stigma or harm. Perhaps the best known of these laws is CFR 42, Part 2, the law that grants special protections to those who seek substance use treatment in federally-supported (Part 2) treatment programs.  

“42 CFR Part 2 and similarly designed privacy laws not only require covered providers to obtain patient consent for disclosure, but also to inform the individuals and organizations they are allowed to disclose to that the information is protected by law and cannot be re-disclosed without obtaining the patient’s permission to do so,” explains Scott Weinstein, an attorney working in the ONC Office of the Chief Privacy Officer on the DS4P project. “If a transaction with this specially protected information is to take place electronically, the sending entity must communicate this information to the receiving entity in a way that it can understand the restriction and adhere to it.”

To date, two approaches have been proposed for sending specially protected information in accordance with CFR 42 Part 2.
The first, a concept developed by SATVA, a trade association of EHR vendors serving the field of behavioral health, uses the NHIN Direct protocol to transmit a CCD. The CCD is enclosed within an encrypted “envelope” that, when opened, displays the recipient’s obligations for handling the specially protected information.  Though SATVA developed the concept independent of the DS4P workgroup, the workgroup has since invited SATVA to pilot its concept as part of the DS4P effort.

“By standardizing the metadata that will be placed on the ‘envelope’ that SATVA is piloting, DS4P will make it easier for EHRs from different vendors to understand the distribution limits and legal requirements that are attached to the enclosed patient record,” Weinstein explained.   As a result, the receiving EHR can either keep the document separate or “segmented” from the rest of the patient’s medical record, or incorporate the problems, medications, etc. with the protective metadata so that the EHR can subsequently share the patient’s medical information appropriately.

A newer and more technically complex approach, first piloted in an EHR operated by the Veterans Administration, is proposed for “pull” transactions, such as when providers query HIOs for patient records. This approach starts with the same C-CDA CCD, inclusive of multiple segments, but proposes to add “metadata” (literally, data that describes other data) to each segment. These metadata include confidentiality codes that indicate the section’s confidentiality level and obligation codes (from the HL7 Obligation codes set) indicating the special privacy protections the data requires.  

Segments that require normal (HIPAA) protection would be coded with an N, while more sensitive sections of data would be coded with an R (for “restricted”). The highest confidentiality code would be a V, signifying “very restricted” information.  CCDs containing only N level health data would receive an N value in the document header, but the presence of any R or V level health data anywhere in the CCD would trigger an R or V code in the CCD header, indicating that the payload contained at least one data segment that required additional confidentiality controls.

According to Weinstein, “Organizations would have to determine what parts of the CDA should be tagged with the available codes based on jurisdictional, organizational, and patient sharing policies.”  For example, the VA/SAMHSA DS4P pilot created a rules engine that “tagged” certain data entries in the CDA as “PSY” (mental health) or “ETH” (substance abuse) based on clinical content and then assigned confidentiality codes of “N,” “R,” or “V” to the respective data segments based on local laws or policies applicable to that content. The SATVA pilot tagged the entire CDA coming from the Part 2 facility with an “R” because all information coming from dedicated Part 2 facility was to be treated as Part 2 information by the receiving entity.

Under the DS4P concept, only properly authorized entities or providers (those specified on a CFR 42 Part 2 patient consent form, for example) would obtain the sections of CCD data coded with an R or a V. Those without the proper authorization would receive only the CCD sections coded with an N.  

Control over sensitive information would reside with the consumer, Weinstein explains. “Consent management is an important aspect of providing patients with choices concerning their sensitive health information. Our five pilots each are creating their own interfaces for collecting and managing these consents, as DS4P did not try to standardize this aspect of data segmentation.” But he expressed confidence that what “we’ve learned will help implementers develop similar innovative tools and interfaces for collecting granular consent.”

Looking to the future
Near term, those who need a confidentiality solution soon should look to solutions built around NHIN Direct, like SATVA’s encrypted envelope.  The National Council’s Lardiere noted that a CFR 42 Part 2 electronic consent form is also in development, but is not yet ready for use.

The future of the larger DS4P solution for HIOs faces tougher hurdles and seems, by any measure, years from possible implementation.  Weinstein said that, at present, “many EHRs or HIOs simply do not handle specially protected information.”

This, according to industry sources, has forced consumers whose records contain specially protected information to make a simple choice regarding participation in an HIO — to “opt in” with all of their information or to “opt out” as the only means of keeping specially protected information confidential.  “With solutions like DS4P, we believe this care coordination can occur within the existing legal frameworks that provide patients with choices about sharing medical information,” Weinstein said.

Despite challenges, Weinstein expresses optimism about DS4P’s future. “Our five pilots, which include public and private sector participants, have shown not only a demand for exploring DS4P as a solution, but that it can be implemented without broad redesign or rebuilding of [EHR] products.” 

As to how or when implementation of DS4P might be rolled out, Weinstein was uncertain. “It is too early to speculate about DS4P’s inclusion in a later stage of Meaningful Use, but we would note that the Health IT Policy Committee did express interest in DS4P in the Request for Comment that was released on November 16th in preparation for Stage 3 Meaningful Use discussions.”

Advertisement

Advertisement

Advertisement