• Print

Enabling Privacy: Data Segmentation

Data Segmentation Overview

What is Data Segmentation?

Detailed Control of Electronic Health Information

“Data segmentation” is the term often used to describe the electronic labeling or tagging of a patient’s health information in a way that allows patients or providers to electronically share parts, but not all, of a patient record.

Data segmentation helps providers comply with specific state and federal laws, helping to keep the “sensitive” portions of a patient’s electronic record private. For example, mental health counseling, Human Immunodeficiency Virus (HIV) status, substance abuse treatment, and other types of sensitive topics may need to be treated differently than other parts of a patient’s record depending on the applicable laws.

Why Does Data Segmentation Matter?

Simply put, a lack of data segmentation can result in patients not seeking treatment (due to fear of others discovering their sensitive health information without their consent).

Data segmentation technology is able to alert providers if the information they want to share is subject to restrictions like “don’t redisclose without the patient’s consent.” It also has the potential to give patients a more detailed choice in which parts of their health information are shared by their providers. With greater confidence that their health information privacy will be maintained, patients may be more willing to seek treatment.

Seeking treatment for sensitive health issues is critical. For example, patients with serious mental illness have increased rates of co-occurring conditions, which result in reduced life expectancy. And more patients are affected by sensitive health information than you might expect:

Data segmentation plays a crucial role in contributing to the quality of health care for millions of Americans.

What is the History of Data Segmentation Efforts?

More than 30 years ago, the federal government promulgated rules in 42 Code of Federal Regulations (CFR) Part 2 [PDF - 13.2 MB] regarding the confidentiality of alcohol and drug abuse (collectively, “substance abuse”) patient records. This action was spurred, in part, by the fact that some people did not seek treatment because of the stigma associated with substance abuse.

42 CFR Part 2 requires that substance abuse patient records be kept confidential and be disclosed only for the purposes and under the circumstances expressly authorized. The law requires that federally assisted substance abuse programs obtain patient consent before they disclose patient-identifying information (with limited exceptions). A provider (or other person) who lawfully receives the information may not redisclose it unless the patient consents in writing or the provider is otherwise authorized by 42 CFR Part 2.

While 42 CFR Part 2 focuses specifically on substance abuse, a variety of additional federal and state laws have been created to address broader sensitive health information, which includes substance abuse, mental health, and HIV treatment records. For example, some states have laws specific to HIV information. See HealthIT.gov’s Health Information Privacy Law and Policy web page to learn more about additional federal and state laws. (Scroll to the bottom of the page and explore the “Federal, State, and Organization Resources …” section.)

In the electronic age, Congress passed the Health Information Technology for Economic and Clinical Health (HITECH) Act (2009), which discusses the use of data segmentation to protect sensitive health information in certain types of Electronic Health Records (EHRs). HITECH required the Health Information Technology Policy Committee (HITPC) to consider and make data segmentation technology recommendations to the Office of the National Coordinator for Health IT (ONC) (See Section 3002 of HITECH [PDF - 176 KB]).

In 2010, the HITPC held a hearing on policies related to 1) patient consent for taking part in health information exchange (HIE) and 2) the technology needed to implement electronic consent. While recognizing the promise of early developments, the HITPC recommended [PDF - 123 KB] that ONC use test case studies to further research the practicality of data segmentation and similar technologies.

In September 2011, ONC’s Office of the Chief Privacy Officer (OCPO) and Office of Science and Technology (OST) teamed to fund the Data Segmentation for Privacy (DS4P) Initiative through the Standards and Interoperability (S&I) Framework. DS4P gathered a community of experts, including software developers, health care providers, patient advocates, and health informaticists, to assess health information technology (health IT) data standards and their practicality.

By the end of the DS4P Initiative in 2014, some of the test cases (or “pilots”) demonstrated the ability to exchange sensitive electronic health information with the proper, standardized privacy metadata. This exchange allowed the receiving organization to properly handle the information and control its further access and redisclosure. DS4P also developed an implementation guide, which described how a health care entity can exchange sensitive health information using standardized privacy metadata.

Privacy metadata standards were a crucial step in demonstrating data segmentation across different systems. However, more work is needed to allow EHRs and Personal Health Records (PHRs) to segment information and share specific portions of medical records.

How Does Data Segmentation Typically Work?

The graphics below illustrate how the DS4P Initiative’s approach to data segmentation can work in the example of substance abuse patient records.

Graphic depiction of steps 1 and 2
Graphic depiction of steps 3 and 4
  1. The patient receives care at her local hospital (“Provider/Healthcare Organization 1”) for various conditions, including substance abuse as part of the hospital’s Alcohol/Drug Abuse Treatment Program (ADATP).
  2. As required by 42 CFR Part 2, Provider/Healthcare Organization 1 captures and records the patient’s consent to share her substance abuse patient records with another provider involved in her care (“Provider/Healthcare Organization 2”).
  3. A clinical workflow event triggers the disclosure of the patient’s substance abuse patient records to Provider/Healthcare Organization 2. This disclosure has been authorized by the patient, so DS4P technology tags a Consolidated-Clinical Document Architecture (CCDA) (or individually disclosed data element) with an indication that the document is restricted and cannot be redisclosed without obtaining the patient’s consent.
  4. Provider/Healthcare Organization 2 uses DS4P technology, so it is able to electronically receive and incorporate the patient’s substance abuse patient records. Using the data classification labels, it can implement a Prohibition on Redisclosure Notice.

How Will ONC Continue to Encourage Data Segmentation?

As various federal and industry groups continue to pursue data segmentation solutions, ONC is looking at the current landscape of organizational policies and technologies and planning how ONC can optimize the success of data segmentation efforts.

In the future, ONC plans to focus on policies and technologies that:

  • Help ensure that health care providers and organizations will be able to accept segmented data
  • Educate health care providers and organizations on the benefits of taking part in data segmentation
  • Outline how workflow would change for the receiving health care provider or organization
  • Identify the possibilities and challenges the receiving health care providers or organizations could have in performing clinical decision support based on segmented data
  • Enable the recipient of the segmented data to redisclose it upon obtaining the patient’s consent

In July 2014, the HITPC recommended [PDF - 184 KB] that ONC apply DS4P standards for behavioral health information exchange to the voluntary certification criteria for Meaningful Use Stage 3. ONC will work to determine the best course of action on this topic.

Visit the DS4P Initiative page to learn more about data segmentation initiatives.



The Enabling Privacy web pages are provided for informational purposes only. They are not intended to be an exhaustive or definitive source on data segmentation, nor should the information contained herein be construed as legal advice.