Sponsored by the Office of the Chief Privacy Officer (OCPO), the Data Segmentation for Privacy (DS4P) Initiative models the type of success possible when federal and private industry groups work together. The DS4P Initiative made important progress towards improving the ability of sensitive health information, specifically substance abuse patient records, to flow properly, so that patients get the care they need without fear of stigma.
The DS4P Initiative began in late 2011, with Phase 1 ending in the spring of 2014. The initiative produced six test cases (also called “pilots”), a number of deliverables, and a normative, technical Health Level 7 (HL7) International standard for the segmentation of sensitive health information. In particular, DS4P’s pilots showed how the 42 Code of Federal Regulations (CFR) Part 2 [PDF - 13.2 MB] Prohibition on Redisclosure Notice can be transmitted, along with substance abuse patient records, when a patient has consented to the disclosure. (Note: The Prohibition on Redisclosure Notice informs the lawful recipient of a disclosure that he/she may not redisclose it unless the patient consents in writing or the recipient is otherwise authorized by 42 CFR Part 2.)
Although Phase 1 of the initiative’s work is officially complete, data segmentation efforts continue. The Office of the National Coordinator for Health Information Technology (ONC) encourages the DS4P teams, implementers, and Standards Development Organizations (SDOs) to continue their efforts to improve on the initiative’s work.
The DS4P Initiative met its two goals, which were to:
- Demonstrate how standards can be used to support current privacy policies for sharing sensitive health information across organizational boundaries
- Develop standards which will enable sensitive electronic health information to flow more freely to authorized users while improving the ability of health information technology (health IT) systems to implement current privacy protection requirements for certain types of health care data, such as substance abuse patient records
The DS4P Initiative boasted 344 participants, who are listed on the DS4P Wiki. Of those, 110 were committed members and 103 were committed organizations.
Test Cases (Pilots)
- U.S. Department of Veterans Affairs (VA)/Substance Abuse and Mental Health Service Administration (SAMHSA) Pilot
- Software and Technology Vendors’ Association (SATVA) Pilot
- Netsmart Pilot
- Jericho Systems/University of Texas (UT) at Austin Pilot
- Greater New Orleans Health Information Exchange (GNOHIE) Pilot
- Teradact Pilot
The DS4P Initiative produced a number of important deliverables, listed below.
- DS4P Use Case – defines the interoperability requirements for high priority health care data exchange; aids in the development of standards and functional requirements.
- Implementation Guide – describes in detail how data segmentation can be achieved in the Simple Object Access Protocol (SOAP) and Simple Mail Transfer Protocol (SMTP) transport mechanisms.
- Response to the Health Information Technology Standards Committee (HITSC) President’s Council of Advisors on Science and Technology (PCAST) Recommendations on Patient Privacy, Provenance, and Identity Metadata [PDF - 438 KB] – analyzes HITSC’s recommendations for privacy metadata in line with PCAST’s vision for tagged data elements.
- Executive Summary [PDF - 995 KB] – summarizes DS4P’s technical approach.
- DS4P Implementation Guidance (IG) Test Procedures – was used to test the conformance of the test cases.
HL7 DS4P Products
The DS4P Initiative inspired a new family of standards that extend the reach and footprint of the DS4P IG.
Building on the DS4P Initiative’s IG, HL7 began a DS4P project in 2013. Their project was sponsored by the HL7 Security Work Group and the Community Based Collaborative Care (CBCC) Work Group.
HL7 DS4P produced an implementation guide — “HL7 Implementation Guide: Data Segmentation for Privacy, Release 1” — which finished Normative Ballot in January 2014 and was accredited by the American National Standards Institute (ANSI) in May 2014. The Guide has three volumes:
- Volume 1: Clinical Document Architecture (CDA) Release 2 (R2) and Privacy Metadata Reusable Content Profile [PDF - 1 MB]
- Volume 2: Nationwide Health Information Network (NwHIN) Direct Transport Profile [PDF - 315 KB]
- Volume 3: NwHIN Exchange Transport Profile [PDF - 877 KB]
The HL7 DS4P standard uses tagging to convey confidentiality levels and obligations. The tagging terms convey specific meaning (e.g., “Do not redisclose without consent” and “This document is restricted”).
Additional HL7 DS4P products are:
- HL7 Privacy and Security Classification System and Guide
- HL7 Security Labeling Service
- HL7 Security and Privacy Ontology
- HL7 Fast Healthcare Interoperability Resources (FHIR) Security Services
Click here to watch a demonstration of how the HL7 Healthcare Privacy and Security Classification System (HCS) Security Labels work with FHIR.
Integrating the Healthcare Enterprise (IHE) created a DS4P supplement which documents an ITI US-realm implementation of Cross Enterprise Document Sharing (XDS) to align with the HL7 balloted standard. IHE’s supplement is very much a mirror of the HL7 standard.
IHE has published a change proposal called “Document Sharing Metadata Enhancement for Security/Privacy Tags [PDF - 98 KB]”. This change shows how to include security/privacy tags in document-sharing metadata (i.e., the confidentialityCode).
The change conveys handling caveats such as Refrain Policy, Obligation Policy, and Purpose of Use. It also enables consistency with the HL7 HCS standard and HL7 DS4P standard.
Consent2Share Pilot Project
The U.S. Department of Health and Human Services’ SAMHSA is using DS4P’s standards to develop Consent2Share (C2S). C2S is an open source tool for consent management and data segmentation. The tool is designed to integrate with current Electronic Health Record (EHR) and Health Information Exchange (HIE) systems. Visit the C2S Wiki for more information.
The Enabling Privacy web pages are provided for informational purposes only. They are not intended to be an exhaustive or definitive source on data segmentation, nor should the information contained herein be construed as legal advice.