Behavioral Health Consent Management

Data Segmentation for Privacy

The ONC Data Segmentation for Privacy Initiative (DS4P) was launched in October 2011 to demonstrate, through pilot initiatives, the vision outlined by the December 2010 PCAST report on Health IT [PDF – 1.7 MB]. Recommendations out of that report called for the development of metadata tags which could be used to maintain privacy and security of patient health information throughout data exchange across organizational structures. It also advised that patients and providers be able to share portions, or segments, of records in order to maintain patient privacy.

Pilot projects conducted under DS4P have demonstrated some ways to enable the sharing of information that is protected by federal and state laws including the substance abuse treatment confidentiality regulations, 42 CFR Part 2. 

Download [PDF – 581KB]

Consent2Share (C2S)

Following up on the standards and guidelines developed from the DS4P initiative, SAMHSA developed Consent2Share — an open source tool for consent management and data segmentation designed to integrate with existing Electronic Health Record (EHR) and Health Information Exchange (HIE) systems. The C2S tool will enable patients to have more meaningful choice when sharing their health information and supports the exchange of sensitive behavioral health information in compliance with diverse federal and state privacy regulations.

Consent2Share

The Consent2Share architecture is comprised of two major components:

1. Patient Consent Management (PCM) – a front-end, patient-facing user interface which allows patients to define their privacy policy and provide informed consent.
2. Access Control Services (ACS) – a backend control system designed to integrate with EHRs and HIESs and provide privacy policy configuration, management, decision making and policy enforcement.

Consent2Share source code and technical documentation is available at GitHub.