Behavioral Health Consent Management

The timely exchange of health information between behavioral health providers and physical health providers to support care coordination is a critical element of the National Quality Strategy and health reform efforts. However, privacy and confidentiality concerns are currently limiting the inclusion of behavioral health data in electronic health information exchange efforts.

The Office of the National Coordinator for Health Information Technology (ONC) encourages providers and organizations involved in electronic health information exchange to develop policies and technical approaches [PDF - 258 KB] that offer patients more consent choices than simply having all or none of their information shared.

Data Segmentation for Privacy

The ONC Data Segmentation for Privacy Initiative (DS4P) was launched in October 2011 to demonstrate, through pilot initiatives, the vision outlined by the December 2010 PCAST report on Health IT [PDF - 1.63 MB]. Recommendations out of that report called for the development of metadata tags which could be used to maintain privacy and security of patient health information throughout data exchange across organizational structures. It also advised that patients and providers be able to share portions, or segments, of records in order to maintain patient privacy.

Pilot projects conducted under DS4P have demonstrated some ways to enable the sharing of information that is protected by federal and state laws including the substance abuse treatment confidentiality regulations, 42 CFR Part 2. 

Consent2Share (C2S)

Following up on the standards and guidelines developed from the DS4P initiative, SAMHSA developed Consent2Share -- an open source tool for consent management and data segmentation designed to integrate with existing Electronic Health Record (EHR) and Health Information Exchange (HIE) systems. The C2S tool will enable patients to have more meaningful choice when sharing their health information and supports the exchange of sensitive behavioral health information in compliance with diverse federal and state privacy regulations.

The Consent2Share architecture is comprised of two major components:

  1. Patient Consent Management (PCM) - a front-end, patient-facing user interface which allows patients to define their privacy policy and provide informed consent.
  2. Access Control Services (ACS) - a backend control system designed to integrate with EHRs and HIESs and provide privacy policy configuration, management, decision making and policy enforcement.

Consent2Share source code and technical documentation is available at GitHub.

Aspiring to Awesome

The A2A pilot focuses on offering patients specific access control choices. A2A involves normalizing EHR patient information, conducting a needs analysis to understand patient preferences on health information exchange, creating an ethics framework and designing a browser-based interface to allow patients to specify their privacy preferences.