Printer Friendly, PDF & Email Printer Friendly, PDF & Email

§170.315(b)(7) Data segmentation for privacy – send

Version 1.2 Updated on 01-10-2017
Revision History
Version # Description of Change Version Date
1.0

Final Test Procedure

01-20-2016
1.1

Added supplied test data and respective steps. 

Removed step 6 under TLV to remove redundancy. 

The General Header constraint bullet from TLV step 5 was removed.

12-07-2016
1.2

Updated TLV step 3 and 4 from ‘Health IT developer-supplied data’ to ‘ONC-supplied data’.

01-10-2017
Regulation Text

Regulation Text

§170.315(b)(7) Data segmentation for privacy – send

Enable a user to create a summary record formatted in accordance with the standard adopted in §170.205(a)(4) that is document-level tagged as restricted and subject to restrictions on re-disclosure according to the standard adopted in §170.205(o)(1).

Standard(s) Referenced

Please consult the Final Rule entitled: 2015 Edition Health Information Technology (Health IT) Certification Criteria, 2015 Edition Base Electronic Health Record (EHR) Definition, and ONC Health IT Certification Program Modifications for a detailed description of the certification criterion with which these testing steps are associated. We also encourage developers to consult the Certification Companion Guide in tandem with the test procedure as they provide clarifications that may be useful for product development and testing.

Note: The order in which the test steps are listed reflects the sequence of the certification criterion and does not necessarily prescribe the order in which the test should take place.
 

Testing components

No GAP Icon No Documentation Icon Visual Inspection Icon Test Tool Icon ONC Supplied Test Data Icon

 

Paragraph (b)(7)

System Under Test Test Lab Verification
  1. Using the ETT: Message Validators – C-CDA R2.1 Validator, the health IT developer downloads the ONC-supplied data instructions through the sender download selections of the “170.315_b7_DS4P Amb” or “170.315_b7_DS4P_Inp” criteria and one of the DS4P instruction documents and executes the download.
  2. Using the ONC-supplied DS4P instruction document downloaded in step 1, a user enters the information as appropriate into the Health IT Module including the DS4P tags and notices.
  3. The user will generate a summary record document(s) from the Health IT Module and submit the document(s) to the tester for verification. The generated summary record includes the following data elements:
    • Document Level Confidentiality Code constrained in accordance with the standard specified in §170.205(o)(1);
    • Document Level Author Element;
    • Document Level Provenance Element; and
    • Privacy and Security Markings Section with Re-disclosure notice.
  4. A summary record document must be submitted for each health IT setting being certified.
  1. Using the ETT: Message Validators – C-CDA R2.1 Validator, the tester uploads the submitted summary record(s) with restrictions (xml file) from step 4 of the SUT, through the sender upload selection of the “Data Segmentation for Privacy –send – Ambulatory” or ” “Data Segmentation for Privacy –send – Inpatient” criteria and executes the upload of the submitted file(s) to the ETT: Message Validators. 
  2. The tester uses the Validation Report(s) created by the ETT: Message Validators in step 1 to verify the Health IT Module passes without error in order to confirm that the document is conformant to each of the standards adopted in §170.205(a)(4).
  3. If the summary record(s) submitted includes unstructured text data elements, the tester uses the ONC-supplied data instructions and the Message Content Report to verify the additional checks for equivalent text for the content of all section level narrative text.
  4. Using the ETT: Message Validators Message Content Report, the tester verifies that the summary record(s) submitted is accurate and without omission using the ONC-supplied data instructions.
  5. Using the ETT: Message Validators Message Content Report, the tester verifies that the summary record(s) indicates that the document(s) is restricted and subject to restrictions on re-disclosure. The resulting document retains these tags according to the standard adopted at §170.205(o):
    • Privacy Segmented Document Template;
    • CDA Mandatory Document Provenance;
    • CDA Mandatory Document Assigned Author Template;
    • If a document contains information protected by specific privacy policies, CDA Privacy Markings Section with text indicating the nature of the explicit notice to the provider receiving the disclosed information; and
    • A Confidentiality Code with the value “R.”

Version 1.1 Updated on 09-29-2017
Revision History
Version # Description of Change Version Date
1.0

Initial Publication

12-30-2015
1.1

Provides notification of C-CDA2.1 errata adoption and compliance requirements within the entire criterion row.

09-29-2017
Regulation Text

Regulation Text

§170.315(b)(7) Data segmentation for privacy – send

Enable a user to create a summary record formatted in accordance with the standard adopted in §170.205(a)(4) that is document-level tagged as restricted and subject to restrictions on re-disclosure according to the standard adopted in §170.205(o)(1).

Standard(s) Referenced

Certification Companion Guide: Data segmentation for privacy – send

This Certification Companion Guide (CCG) is an informative document designed to assist with health IT product development. The CCG is not a substitute for the 2015 Edition final regulation. It extracts key portions of the rule’s preamble and includes subsequent clarifying interpretations. To access the full context of regulatory intent please consult the 2015 Edition final rule or other included regulatory reference. The CCG is for public use and should not be sold or redistributed.
 

 

Certification Requirements

Privacy and Security: This certification criterion was adopted at § 170.315(b)(7). As a result, an ONC-ACB must ensure that a product presented for certification to a § 170.315(b) “paragraph (b)” criterion includes the privacy and security criteria (adopted in § 170.315(d)) within the overall scope of the certificate issued to the product.

  • The privacy and security criteria (adopted in § 170.315(d)) do not need to be explicitly tested with this specific paragraph (b) criterion unless it is the only criterion for which certification is requested.
  • As a general rule, a product presented for certification only needs to be tested once to each applicable privacy and security criterion (adopted in § 170.315(d)) so long as the health IT developer attests that such privacy and security capabilities apply to the full scope of capabilities included in the requested certification. However, exceptions exist for § 170.315(e)(1) “VDT” and (e)(2) “secure messaging,” which are explicitly stated.

Design and Performance: The following design and performance certification criteria (adopted in § 170.315(g)) must also be certified in order for the product to be certified.

  • When a single quality management system (QMS) is used, the QMS only needs to be identified once. Otherwise, the QMS’ need to be identified for every capability to which it was applied.
  • When a single accessibility-centered design standard is used, the standard only needs to be identified once. Otherwise, the accessibility-centered design standards need to be identified for every capability to which they were applied; or, alternatively the developer must state that no accessibility-centered design was used.
Table for Privacy and Security
Technical Explanations and Clarifications

 

Applies to entire criterion

Technical outcome – The health IT can create a summary record (formatted to Consolidated CDA (C-CDA) Release 2.1) that is tagged at the document-level as restricted and subject to re-disclosure restrictions using the HL7 Implementation Guide: Data Segmentation for Privacy (DS4P), Release 1.

Clarifications:

  • This certification criterion at § 170.315(b)(7) focuses on a Health IT Module’s ability to tag a C-CDA document as restricted and subject to re-disclosure restrictions using the HL7 DS4P standard, not on the content of the C-CDA document. As such, this certification criterion is not subject to the Consolidated CDA creation performance certification criterion (§ 170.315(g)(6)) because testing for § 170.315(g)(6) focuses on the content of the C-CDA document. We established a certification criterion for Consolidated CDA creation performance to promote the interoperability of C-CDA documents during exchange by testing conformance of the C-CDA’s content to the variation permitted by the HL7 standard. [see also 80 FR 16859]
  • In order to mitigate potential interoperability errors and inconsistent implementation of the HL7 Implementation Guide for CDA® Release 2: Consolidated CDA Templates for Clinical Notes, Draft Standard for Trial Use, Release 2.1. (C-CDA R2.1 IG), in March, 2017 and previously, ONC assessed, approved and incorporated the following errata as part of required testing and certification to this criterion: C-CDA 2.1 ERRATA [Effective in testing with the C-CDA 2.1 Validator, March 2017; Surveillance compliance date is September 1, 2018] [see also FAQ #51]

Regulation Text

Regulation Text

§170.315(b)(7) Data segmentation for privacy – send

Enable a user to create a summary record formatted in accordance with the standard adopted in §170.205(a)(4) that is document-level tagged as restricted and subject to restrictions on re-disclosure according to the standard adopted in §170.205(o)(1).

Criterion Subparagraph Test Data
(b)(7)

Inpatient setting: 170.315_b7_ds4p_imp_sample1_*.pdf

Ambulatory setting: 170.315_b7_ds4p_amb_sample1_*.pdf

Content last reviewed on February 21, 2018
Was this page helpful?