The challenges related to the electronic exchange of behavioral health data is a “vexing” problem, given the legal and technical complexities associated with the privacy and security of that data, says Micky Tripathi, president and CEO of the Massachusetts eHealth Collaborative.

Behavioral health data requires additional protections beyond HIPAA, including adherence to 42 CFR Part 2, a portion of federal law that limits the disclosure of identifiable information by a federally-assisted substance abuse treatment program to any entity, even for treatment, without signed consent from the patient to authorize the disclosure, with limited exceptions. It also restricts the re-disclosure of that data by the receiving entity for any purpose without consent.

“Anything that comes out of a federally-subsidized substance abuse program--including general clinical information such as a person’s blood pressure--is considered protected information,” Tripathi tells Health Data Management. Consequently, this requirement can lead to incomplete patient records and interfere with continuity of care. “Often behavioral health gets caught up in the substance abuse law because the Title 42 substance abuse programs are often from behavioral health providers.”

As a result, strict statutes have led to “an electronic stalemate” in which most current health information exchange focuses on general physical health data while behavioral health data are excluded from HIE. However, Tripathi believes that the barriers to the private and secure electronic exchange of behavioral health data can be overcome with additional consent management policies and procedures.

“I kind of lump together from a functional perspective, not in the details, behavioral health and substance abuse and even some aspects of minors data. All of them are related to the issues of data segmentation and the ability to identify what types of data need to be protected for certain reasons and then be able to have the EHR identify and ‘appropriately cordon off’ the data so that it’s only used in the ways that law, regulations and policies allow,” says Tripathi.

The Health IT Policy Committee’s Privacy and Security Tiger Team has worked with the Substance Abuse and Mental Health Services Administration on data segmentation policies relating to substance abuse and has developed a framework with different levels of technology and policy for sharing information.

“We looked at the pilots that were being done for Data Segmentation for Privacy (DS4P),” explains Tripathi, who is a former co-chair of the Privacy and Security Tiger Team. “The idea of that is to set up technological and policy standards that can be employed in behavioral health, substance abuse and other settings that would allow you to configure it to protect that kind of information.”

DS4P applies a set of metadata and encryption onto a clinical document, enabling a provider to send it to a receiving system with compatible technology to recognize that the data is from a behavioral health or substance abuse program and to segregate it. “They will be able to decrypt it and be able to apply metadata to it so within the EHR it says ‘This document is not shareable and you’re not allowed to parse any of the data, but you as a clinician can look at it,’ so it’s kind of a read-only,” said Tripathi. “The technology would prevent you from parsing and breaking out the data, but it would at least allow for the treatment and continuity of care capability while having the clinicians on the receiving end understand that it’s protected with the warning flags.”

According to Tripathi, the Health IT Policy Committee has forwarded its approved recommendations around DS4P to the Standards Committee. “It’s up to them to identify appropriate standards. We looked at DS4P as a feasible technology, but we’re the Policy Committee so it’s not our job to identify the specific standard.”    

Tripathi is no longer the co-chair of the HITPC’s Privacy and Security Tiger Team with Deven McGraw. As part of an ONC restructuring of the HITPC’s workgroups, National Coordinator for Health IT Karen DeSalvo, M.D., asked Tripathi to chair the Interoperability and Health Information Exchange Workgroup and for McGraw to chair the Privacy and Security Workgroup. However, Tripathi is still a member of the Privacy and Security Tiger Team.


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access