Sensitive Data Handling
Our platform includes a comprehensive sensitive data tagging engine that will mark sensitive data with both HL7 FHIR sensitive data codes and confidentiality codes. This tagging system is designed to identify and manage sensitive information, such as substance abuse data, mental health records, and other recognized sensitive categories. The tagging can be applied by various conditions, including source system (ex: Planned Parenthood), location (ex: Martin Hospital Labor and Delivery) and specific code sets provided by the HIE or third-party suppliers like Wolters Kluwer/Health Language.
Additionally, the system is designed to facilitate role-based access controls, ensuring that only authorized users can view sensitive information. Access to sensitive data is governed by permissions assigned to user roles, and the system logs all access attempts to maintain an audit trail. This functionality is part of a broader effort to ensure compliance with regulations such as HIPAA, Social Determinants of Health (SDOH), behavioral, state / federal reproductive health regulations, and 42 CFR Part 2 and to enhance patient privacy and data security.
- 42 CFR Part 2 & Substance Use
- Behavioral & Mental Health
- State Regulations
- Federal Regulations
- Reproductive Health Regulations
- Gender Related Care
- And many more…
Sensitive Data Tagging – An Approach for FHIR
Outcome’s data classification rules engine will process inbound messages (HL7, FHIR and CCD) and determine if components of the message should be tagged as sensitive or confidential as defined by the following HL7 standards:
- Sensitive Information: https://terminology.hl7.org/ValueSet-v3-InformationSensitivityPolicy.html
- Confidential Information: https://terminology.hl7.org/CodeSystem-v3-Confidentiality.html
This process will evaluate and tag inbound HL7 v2 and CCD data that has been converted to FHIR format before that data is saved to the Clinical Data Repository (CDR). This ensures that sensitive data handling rules will have the tags necessary for information redaction to function correctly.
The rules engine will evaluate rules defined similar to the example below:
Classification Rule Examples
| Rule ID | Rule Type | FHIR Resource | FHIR Field | Operator | Code System | Match Value | Sensitivity Code | Confidentiality Code |
|---|---|---|---|---|---|---|---|---|
| 1 | Coded | Condition | category | In | ICD-10 CM | O04, O04.89 | SEX | “V” |
| 2 | Coded | Encounter | category | Equal | CPT | 59840 | SEX | “V” |
| 3 | Coded | Medication | code | Equal | NDC | 64875-0001-01 | SEX | “V” |
| 4 | Coded | Encounter | category | Equal | HCPCS | S0190 | SEX | “V” |
| 5 | Coded | Encounter | code | Equal | SNOMEDCT | 714812005 | GENDER | “V” |
| 6 | Value | Encounter | location | In | “Psych-NW”, “Mental-H” | MH | “V” | |
| 7 | Value | * | meta.source | Equal | Planned Parenthood | SEX | “V” |
Application of Confidentiality and Sensitivity Codes
When a rule is matched, the corresponding values will be inserted into the JSON structure of the FHIR Resource as part of the meta tag (see example below that would have triggered with any of the example rules above):
{
"meta": {
"security": [
{
"code": "V",
"display": "very restricted",
"system": "http://terminology.hl7.org/CodeSystem/v3-Confidentiality"
},
{
"code": "SEX",
"display": "sexuality and reproductive health information sensitivity",
"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode"
}
]
}
}