With the National Health Information Network Direct (NHIN Direct) working to create a standard for the transfer of Electronic Health Records (EHRs), the need for segmented and secure patient records is becoming apparent to all who are working on this technology. A segmented EHR would allow for providers with different roles to access only the portions of the EHR relevant to their task. Protecting personal health information through the use of data segmentation is partially rooted in state and federal privacy laws addressing abuse of information.
Such laws include: HIPAA – Privacy Rule, HIPAA – Security Rule, the federal Confidentiality of Alcohol, and GW SPHHS Department of Health Policy ES-1 Drug Abuse Patient Records regulations (Part 2). These laws protect the exchange of health information without patient consent.
Lesser-known but equally stringent state laws protect a broad range of information. For example, health data related to minors or incidents of sexual violence1. Other justifications for the use of data segmentation in protecting health data include established principles of patient autonomy and the need to encourage greater patient trust and participation in the health care system.
Data segmentation provides the potential means of protecting specific elements of health information. Both within an EHR and in broader electronic exchange environments, segmentation can prove useful in implementing current legal requirements and honoring patient choice.
Most patients want to control access to their medical records, and restrict which parts of their medical record are accessed. Not all health providers need access to the patient’s full record (for example, billing clerks and X-Ray technicians), but they do require access to portions of the record.
This capability for patients to have complete control over their EHR is slightly ahead of the current US law. However, […]