Regulators at the Depts. of Health & Human Services and Veterans Affairs this week demonstrated new standards for transmitting sensitive health information in a manner that protects private data.
The demonstration builds on a recent notice of proposed rule-making released by HHS’s Office of the National Coordinator for Health IT, which is soliciting public comment on rules for secure data communication for health information exchange networks.
The rules define a set of "metadata" to be included in each data transmission, which would communicate privacy measures to the message recipient. The measures also allow patients to electronically verify and consent to transmission of their records.
The metadata push comes from a Data Segmentation for Privacy Initiative created in response to a call from President Barack Obama’s Council of Advisors on Science & Technology, which was supported by the HHS’s ONC, according to a press release.
Using the newly proposed communication standards, the HHS Substance Abuse & Mental Health Services Admin. and the VA securely transmitted dummy records tagged with privacy metadata from one EHR system to another after electronically verifying that the mock patient had consented to the data transmission.
"Data Segmentation for Privacy provides citizens choice about sharing their most sensitive health information, enhances patient trust and improves VA’s ability to support our Veteran community in compliance with federal law,"VA Health Admin. Security Architect and project lead John "Mike" Davis said in prepared remarks. "Data Segmentation based on industry standards … make it possible for the first time, to consistently apply and enforce individual privacy choices whether in the primary care physician’s office, shared with other provider’s, returned in reports from outside laboratories or wherever privacy protected health information is used."
The VA has been at the forefront of medical data security efforts, adopting wireless data security certification requirements for all devices running on VA hospital networks. The standard includes stringent wireless and physical security requirements and is designed to protect information, such as electronic health records, which is sensitive but not classified.