Subscribe to RSS
DOI: 10.1055/a-2466-4371
FHIR Granular Sensitive Data Segmentation
Funding This research was funded by the National Institute on Drug Abuse, through the Substance Use HeAlth REcords Sharing (SHARES) grant (grant no.: 9R01DA056984-06A1).
Abstract
Background Due to fear of stigma, patients want more control over the sharing of sensitive medical records. The Substance Abuse and Mental Health Administration (SAMHSA) and the Office of the National Coordinator (ONC) supported the development of standards-compliant, consent-respecting medical record exchange technology using metadata labeling (e.g., substance use information). Existing technologies must be updated with newer standards and support more than binary-sensitive categorizations to better align with how physicians categorize sensitive medical records.
Objectives Our goal was to deploy, pilot test, and share open-source Fast Healthcare Interoperability Resources (FHIR)-based data segmentation technologies. We pilot-tested the technologies using real-world patient electronic health record data in the context of substance use information. We involved physicians in designing a novel decision engine that supports various confidence levels.
Results We deployed a web-based Patient Portal and Clinical Decision Support (CDS) granular data segmentation Engine to allow patients to make consent-based granular data choices (e.g., not sharing substance use medical records). Compared with previous solutions, the Engine innovates by using the latest Health Level 7 (HL7) standards to support data sensitivity labeling and redaction: FHIR R5 and its Consent resource type and CDS Hooks. It also supports configurable floating point confidence threshold cutoffs as opposed to binary medical record categorizations. Multiple engineering choices were made to simplify software development and maintenance and to improve technology adaptability, reusability, and scalability.
Conclusion The resulting data segmentation technologies update SAMHSA and ONC software with the newest HL7 standards and better mimic how physicians categorize sensitive medical information with various confidence levels. To support reusability, we shared the resulting open-source code through the HL7 FHIR Foundry.
Keywords
standards adoption - testing and evaluation - knowledge management - confidentiality - electronic health records and systems - Fast Healthcare Interoperability ResourcesProtection of Human and Animal Subjects
We obtained approval (approval no.: 00006227) from the Arizona State University Institutional Review Board to consent patients to share their de-identified medical records.
Publication History
Received: 11 August 2024
Accepted: 11 November 2024
Article published online:
19 February 2025
© 2025. Thieme. All rights reserved.
Georg Thieme Verlag KG
Oswald-Hesse-Straße 50, 70469 Stuttgart, Germany
-
References
- 1 Naeem I, Quan H, Singh S. et al. Factors associated with willingness to share health information: rapid review. JMIR Hum Factors 2022; 9 (01) e20702
- 2 Grando MA, Murcko A, Mahankali S. et al. A study to elicit behavioral health patients' and providers' opinions on health records consent. J Law Med Ethics 2017; 45 (02) 238-259
- 3 Sarabu C, Sharko M, Petersen C, Galvin H. Shifting into action: from data segmentation to equitable interoperability for adolescents (and everyone else). Appl Clin Inform 2023; 14 (03) 544-554
- 4 Soni H, Grando A, Murcko A. et al. State of the art and a mixed-method personalized approach to assess patient perceptions on medical record sharing and sensitivity. J Biomed Inform 2020; 101: 103338
- 5 Enabling Granular Choice for Health Care Delivery. pdf. Accessed February 27, 2024 at: https://www.healthit.gov/sites/default/files/page/2020-07/Granular%20Choice%20Use%20Case.pdf
- 6 Saks MJ, Grando A, Murcko A, Millea C. Granular patient control of personal health information: federal and state law considerations. Jurimetrics 2018; 58 (04) 411-435
- 7 42 CFR Part 2–Confidentiality of Substance Use Disorder Patient Records. Accessed February 20, 2024 at: https://www.ecfr.gov/current/title-42/part-2
- 8 Benevento M, Mandarelli G, Carravetta F. et al. Measuring the willingness to share personal health information: a systematic review. Front Public Health 2023; 11: 1213615
- 9 C2S GitHub Welcome. Accessed February 18, 2024 at: https://bhits.github.io/consent2share/
- 10 2015 Edition Final Rule: Data Segmentation for Privacy (DS4P). Accessed February 22, 2024 at: https://www.healthit.gov/sites/default/files/2015editionehrcertificationcriteriads4p_10615.pdf
- 11 Index - FHIR v3.0.2. Accessed February 19, 2024 at: https://hl7.org/fhir/stu3/
- 12 Value Set Authority Center. Accessed February 20, 2024 at: https://vsac.nlm.nih.gov/welcome
- 13 Security-labels - FHIR v6.0.0-cibuild. Accessed February 18, 2024 at: https://build.fhir.org/security-labels.html
- 14 Karway G, Ivanova J, Kaing T. et al. My data choices: pilot evaluation of patient-controlled medical record sharing technology. Health Informatics J 2022 ;28(4):14604582221143893
- 15 Grando A, Sottara D, Singh R. et al. Pilot evaluation of sensitive data segmentation technology for privacy. Int J Med Inform 2020; 138: 104121
- 16 ONC LEAP Computable Consent Project. Accessed February 18, 2024 at: https://sdhealthconnect.github.io/leap/
- 17 CDS Hooks. Accessed February 18, 2024 at: https://cds-hooks.org/
- 18 ASU SHARES – Substance use HeAlth Record Sharing. Accessed February 19, 2024 at: https://www.asushares.com/
- 19 clinFHIR Launcher. Accessed February 19, 2024 at: http://clinfhir.com/
- 20 HAPI FHIR - The Open Source FHIR API for Java. Accessed September 9, 2024 at: https://hapifhir.io/
- 21 Qualtrics XM - Experience Management Software. Qualtrics. Accessed March 11, 2024 at: https://www.qualtrics.com/
- 22 Sources and Definitions - Health. United States. June 26, 2023. Accessed February 18, 2024 at: https://www.cdc.gov/nchs/hus/sources-definitions.htm
- 23 JSON. Accessed February 27, 2024 at: https://www.json.org/json-en.html
- 24 Ford W. Computer Communications Security: Principles, Standard Protocols & Techniques; 1994
- 25 JavaScript With Syntax For Types. Accessed March 11, 2024 at: https://www.typescriptlang.org/
- 26 Eluru M, Mendoza DH, Wong A. et al. Physicians' perspectives on HL7 information policy sensitive value set: a validation study through health concept categorization. Healthcare (Basel) 2023; 11 (21) 2845
- 27 sdhealthconnect/leap-cds. Published online March 3, 2024. Accessed March 11, 2024 at: https://github.com/sdhealthconnect/leap-cds
- 28 asushares/appendix. Published online March 8, 2024. Accessed March 11, 2024 at: https://github.com/asushares/appendix
- 29 Karway G, Ivanova J, Bhowmik A. et al. recommendations to inform substance use disorder data sharing research: scoping review and thematic analysis. J Addict Med 2022; 16 (03) 261-271
- 30 Banerjee I, Syed K, Potturu A. et al. Physicians differ in their perceptions of sensitive medical records: survey and interview study. Health Informatics J 2023 ;29(3):14604582231193519
- 31 Williams R, Kontopantelis E, Buchan I, Peek N. Clinical code set engineering for reusing EHR data for research: a review. J Biomed Inform 2017; 70: 1-13
- 32 National Healthcare Directory - Patient Administration - Confluence. Accessed March 13, 2024 at: https://confluence.hl7.org/display/PA/National+Healthcare+Directory
- 33 HL7 Terminology (THO). HL7 Terminology (THO). Accessed March 12, 2024 at: http://terminology.hl7.org/CodeSystem/v3-ActCode
- 34 Synthea. Accessed October 19, 2024 at: https://synthetichealth.github.io/synthea/
- 35 HL7 Standards Product Brief - HL7 Services Functional Model. Consent Management Service, Release 1 | HL7 International. Accessed March 11, 2024 at: https://www.hl7.org/implement/standards/product_brief.cfm?product_id=571
- 36 Posnack S. The Heat is On: US Caught FHIR in 2019. Health IT Buzz. July 29, 2021. Accessed September 10, 2024 at: https://www.healthit.gov/buzz-blog/health-it/the-heat-is-on-us-caught-fhir-in-2019
- 37 Campbell ANC, McCarty D, Rieckmann T. et al. Interpretation and integration of the federal substance use privacy protection rule in integrated health systems: a qualitative analysis. J Subst Abuse Treat 2019; 97: 41-46