Patient-Driven Sharing of Health Information: A National Effort to Advance Equitable Interoperability

Hannah K Galvin; Jeff Coughlin; Marianne Sharko; Maria A Grando; Mohammad Jafari; Serena Mack; Abigail English; Carolyn Petersen

doi:10.1055/a-2591-9129

. Author manuscript; available in PMC: 2026 May 13.

Published in final edited form as: Appl Clin Inform. 2025 Aug 29;16(4):951–960. doi: 10.1055/a-2591-9129

Patient-Driven Sharing of Health Information: A National Effort to Advance Equitable Interoperability

Hannah K Galvin ^1,^2,³, Jeff Coughlin ⁴, Marianne Sharko ^5,⁶, Maria A Grando ⁷, Mohammad Jafari ⁸, Serena Mack ⁹, Abigail English ¹⁰, Carolyn Petersen ¹¹

PMCID: PMC12396901 NIHMSID: NIHMS2168346 PMID: 40882959

Abstract

The goal of national interoperability is to improve care quality and decrease administrative burden and costs. Patients, providers, and other stakeholders are increasingly concerned that indiscriminate sharing of data may have deleterious, permanent consequences, as well as fail to provide granular control over the sharing of individual health data. Data segmentation and consent standards to date have been limited in scope and implementation, which has hindered efforts to scale data sharing preferences. Shift, an independent expert stakeholder task force, has been convened to mature standards, terminologies, and consensus-driven implementation guidance, which are prerequisites for more robust policy drivers needed to support nationwide sensitive data segmentation and consent capabilities. This paper describes Shift’s framework and processes as means to advance equitable interoperability.

Keywords: data segmentation, granular data sharing, privacy, health data exchange, data sharing, interoperability, patient empowerment, health equity

Background and Significance

An interoperable environment in which data are appropriately exchanged is a key component of a high-functioning health care system. Interoperability at scale promises to improve health care quality and decrease administrative burden and costs, though such value is far from fully realized.^1–3 In recent decades, the United States has made significant progress toward the achievement of nationwide health data exchange through both federal regulation^4–6 and cross-industry technical collaboration.^7,8

Simultaneously, there are growing concerns among patients, providers, and other stakeholders that indiscriminate sharing of data may be used against them or have other deleterious consequences that cannot be reversed.^9–13 While improved transparency regarding data exchange and audit trails may be helpful, these interventions do not mitigate apprehension regarding data that have already been shared. Concerns about indiscriminate access to and use of personal health data are higher among marginalized populations, including racial and sexual minorities, as well as individuals with housing insecurity and immigrant populations.^10,12,14,15 It is also higher among patients with reported lower trust in the health system and those who have experienced either lower quality or discriminatory care.^14,16 Patients with such privacy concerns may withhold information from practitioners or fail to seek appropriate treatment,^14,17 which perpetuates disparities in care.

Such concerns are accompanied by a larger cultural shift toward personal empowerment, demonstrated by a widespread belief that privacy is an inalienable right.¹² Patients additionally recognize that implicit bias on the part of care team members may adversely affect their care.^18–20 Such concerns have heightened in the wake of the 21st Century Cures Act Information Blocking Rule,²¹ which has provided patients with transparency into their medical records, as well as the U.S. Supreme Court decision in Dobbs v. Jackson Women’s Health Organization,²² which enabled localized criminalization of abortion and increased the risks associated with sharing reproductive health information. In numerous studies and focus groups, patients have begun to express a desire for granular control over sharing their personal health information.^12,13,23 The health information technology (IT) community has historically pushed back against such requests, countering that granular data redaction could result in unintended downstream safety implications. However, even when posed with such potential clinical safety risks, such as those involved in adverse drug reactions, patients continue to express the desire for more granular control in sharing their personal health data.²⁴

Furthermore, the inability to control sharing of one’s data has been shown to further perpetuate mistrust in the health ecosystem,¹⁴ which is associated with decreased likelihood to follow medical advice, receive recommended preventive care, fill prescriptions and keep follow-up appointments,^25–29 as well as higher Emergency Department use, reduced continuity of care, and more advanced conditions when care is sought, resulting in poorer outcomes and overall higher costs of care.^27,30–34 Finally, medical mistrust results in lower participation and representation of historically marginalized populations in clinical research, which leads to delayed medical progress and exacerbation of existing health inequities.

Barriers to Equitable Interoperability

Current technical limitations force patients to choose between sharing all or none of their data. In some cases, this decision is made for them algorithmically by factors seeking to comply with federal or state law.³⁵ These limitations prevent optimal care for those with sensitive health information (such as reproductive health, behavioral health, or history of a substance use disorder) who fear bias or misuse of their data both within the patient–provider relationship or when accessed outside of the clinical environment. Work to develop granular data segmentation standards has been underway for more than a decade, with limited implementation and success. One of the barriers to success has been the concern that if segmentation cannot be accomplished perfectly, attempting to do so at all may generate a higher-than-acceptable risk. That is, even if some data were segmented from the record, an educated individual could infer the redacted information from other contextual data in the chart. Similarly, there have been concerns that redaction of some data could pose patient safety, ethical, or medicolegal risks, and questions about how such segmented data would potentially be handled downstream, for instance, in decision support algorithms or large datasets.

Tagging of sensitive information requires metadata to enforce a patient’s preferences, known as a “consent policy,” as specified through a consent management (CM) platform. Previous technical work and milestones are documented in Tables 1 and 2. Limited pilots made it clear that adoption was not solely a technical problem. Even when the technology to segment data was made available, the pilot organizations found it difficult to implement, choosing to continue to allow only blunt sharing or document redaction capabilities due to concerns over patient safety considerations.^36,37 Other organizations and vendors found it difficult to prioritize data segmentation related specifically to a 42 CFR Part 2 use case when this was only one of several pressing privacy concerns for their patients. Additionally, while the Substance Abuse and Mental Health Services Administration (SAMHSA) developed a C2S National Library of Medicine Value Set Authority Center (VSAC) sensitive condition value set, it has not been maintained since 2016, and research has shown a need for more rigorous validation.³⁸ Additionally, this value set focuses mostly on substance use disorder and behavioral health and is neither comprehensive for other sensitive conditions nor validated by physicians or patients. The lack of a nationally available semantic conceptual model for common sensitive data elements makes it difficult to implement granular tagging capabilities broadly. Moreover, since some states have put in place jurisdictional laws referencing individual custom code sets,³⁹ building to a common standard (and supporting a common clinical understanding for patients and providers) has become all the more challenging.

Table 1.

Technical milestones in the development of standards-based granular data segmentation capabilities

Year(s)	Advancement	Description
2011	DS4P CDA	HL7 International (HL7) Data Segmentation for Privacy (DS4P) Clinical Document Architecture (CDA) Implementation Guide (IG) was developed; certified as an American National Standards Institute (ANSI)-accredited standard in 2014. It provides the groundwork for leveraging security labeling for segmenting data for enforcing privacy policies by defining mechanisms for tagging of C-CDA documents at the document, section, or entry level to mark restricted data.^42,53
2013–2014	DS4P CDA Pilots	Several pilots of DS4P CDA were conducted, primarily focused on data exchange subject to 42 CFR Part 2⁵⁴ restrictions applicable to federally funded substance use treatment programs. Pilot sites included the Veterans Administration (VA)/Substance Abuse and Mental Health Services Administration (SAMHSA), NETSMART, Jericho Systems/University of Texas, and a collaboration between Cerner Anasazi, Valley Hope Association, Defran Systems, Inc., and HEALTHeLINK.^53–55
2021	DS4P HL7 v.2.9	This work follows the HL7 Healthcare Privacy and Security Classification (HCS) high water mark requirement,⁵⁶ whereby each envelope’s security label confidentiality tag is equal to the most restrictive confidentiality tag of any content contained therein. Epic has implemented one security label in HL7v2 to support notifying third parties that the patient has expressed they do not wish their PCP or family to be notified that they were admitted. This enabled one of their customers to manage their notifications in a separate system to support meeting the regulatory requirements of CMS Interoperability and Patient Access Final Rule.
2020	FHIR DS4P	The HL7 Security Work Group has been balloting an evolving Fast Healthcare Interoperability Resources (FHIR) DS4P IG and testing each iteration in FHIR Connectathons. This work also leverages the HL7 HCS for security labeling and was developed to further define security labels as value sets based on the HL7 standard terminology and enable recording of additional metadata about the labels, such as the basis for labeling and the entity (organization or software service) assigning such labels. The first IG was published for trial use in 2023.⁵⁷

Open in a new tab

This table lists major technical milestones in the development of granular data segmentation standards.

Table 2.

Technical milestones in the development of standards-based consent management tools to support the enforcement of patient-driven data segmentation

Year	Advancement	Description
2013	Consent2Share (C2S)	Substance Abuse and Mental Health Services Administration (SAMHSA) developed C2S^36,37,58 as an open-source consent management (CM) platform utilizing the FHIR Consent Resource.^53,58–60 It was designed to provide consent management for data tagged using DS4P CDA and has had several successful implementations, including with the SAMHSA Opioid Treatment Program pilot, Colorado Regional Health Informational Organization (RHIO), Arizona Health-e Connection, Prince George’s County (MD) Health, University of Florida, BeHealthy Baystate/Pioneer Valley Information Exchange in MA, and the Minnesota Department of Public Health.^36,37
2022	ASTP LEAP Consent Project	Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP) Leading Edge Acceleration Project (LEAP) Consent project with the San Diego Health Information Exchange (HIE).⁶¹ This project developed a reference architecture for consent management, consent decision, and enforcement, and identified “computable consent” as a key to scalable consent enforcement. Consent enforcement components for FHIR, eHealth Exchange, Direct Exchange, and HL7v2 messaging as well as a consent management user interface were developed and demoed in several use cases. The Consent Decision Service, SLS, and FHIR-related enforcement components, including FHIR Hearth, a reverse-proxy for enforcing consent policies over access to a generic FHIR server, have been actively maintained and updated as open-source projects. The artifacts from this project have been used in several demos, including in SHIFT demos and SHIFT sandbox.
2024	SHARES Consent Engine	Substance use HeaAlth REcord Sharing (SHARES) Consent Engine.⁴³ Funded by the National Institute on Drug Abuse, Arizona State University has developed a FHIR-based granular data sharing tool that updates the Consent2Share and the ASTP LEAP Consent Project. It supports granular segmentation in the presence of uncertainty (e.g., a negative opioid screen urine test may be classified as Substance Use Disorder information).⁶⁰
2024	Additional FHIR Consent pilots	The FHIR Consent Resource has additionally been pilot tested with pediatric treatment consent forms to assess its support for consent permissions and obligations.⁶² FHIR has the required expressivity when tested with 21 pediatric consent forms.
2023	PCF	The Integrating the Healthcare Enterprise (IHE) Privacy Consent on FHIR (PCF) ballot was published for comment in 2023. The PCF profiles FHIR Consent and OAuth for Privacy use-cases, driving access control for use-cases using the FHIR Application Programming Interface (API; e.g., clinical data access). The POCF Advance Option leverages data tagging using DS4P FHIR IG and a Security Labeling Service (SLS) for use cases with sensitive health topics.⁴⁰

Open in a new tab

This table lists major technical milestones in the development of open-source consent management tools to support granular data segmentation

As a result of these limitations, patients who have sensitive data (as defined by federal or state law or as defined subjectively by the individual as some information that they are concerned may elicit stigma/bias, or that they wish not to disclose for any other reason) are often required to share all of their health data with an entity, or deny sharing entirely. Patients with sensitive data, therefore, do not receive the same benefits from the interoperable ecosystem as those who do not have similarly sensitive data, thus inadvertently creating disparities in care.

Shift Collaborative for Equitable Interoperability

Shift was founded in 2018 as an independent, nonpartisan collaborative of industry experts across domains who sought to mitigate these disparities through the maturation of data segmentation and consent standards and implementation guidance. Shift’s co-founders recognized that this was a particularly difficult and nuanced challenge for the industry to tackle, but that continuing to delay this work was perpetuating disparities that most affected those populations for whom interoperability could also provide the greatest bene-fit. What makes Shift different from other existing initiatives is that they recognized that no single vertical could address this problem alone; to that end, they sought to bring together a multidisciplinary community through an open, unrestricted process.

To date, Shift has more than 300 volunteer expert stakeholders from health care, industry, academia, and patient advocate groups. Shift is governed by a board that includes representatives from the American Medical Association (AMA), the American Academy of Pediatrics (AAP), Health Information Management Systems Society (HIMSS), Electronic Health Records Association (EHRA), Integrating the Health Enterprise USA (IHE USA), Drummond, and the Assistant Secretary for Technology Policy (ASTP), ex officio. In its initial work, Shift identified four high-priority clinical use cases to be addressed in two phases (Fig. 1). The collaborative is structured as three workstreams and four advisory groups that drive deliverables, mitigate risks, and provide expertise, as shown in Figs. 2 and 3.

A Technical Workstream, which, through co-leadership, is aligned with the work of the Health Level 7 International (HL7) Security Workgroup on the Fast Healthcare Interoperability Resources (FHIR) Data Segmentation for Privacy (DS4P) Implementation Guide (IG); Integrating the Healthcare Enterprise (IHE) International Privacy Consent on FHIR (PCF) profile leveraging FHIR DS4P; and the work of the ASTP/ONC and HL7 Community-Based Care and Privacy Workgroup on FHIR at Scale Taskforce for Consent Management.^40,41 The DS4P Clinical Documentation Architecture (CDA) IG, first published in 2011, was reaffirmed by HL7 in 2024.⁴² Shift’s technical workstream is further developing the DS4P FHIR IG and PCF profiles in accordance with Shift’s use cases through proof of concepts and demonstrations. To this end, Shift has developed a sustainable FHIR sandbox as a playground space for building reference implementations of increasing complexity through partnership with different vendors and collaborators. Shift’s sandbox reference implementations are listed in Table 3 and will provide a foundation for real-world demonstrations and leveraging of multivendor architectures (Fig. 3).
A Terminology Workstream, which makes recommendations regarding a national semantic conceptual model for sensitive data elements. The need for validated, up-to-date, and open-source sensitive data value sets linked to clinical terminologies is a dependency for Shift’s technical work. This group works together with HL7 and other stakeholders such as the National Association of Community Health Centers (NACHC) and the Substance use HeaAlth REcord Sharing (SHARES) Arizona State University research project⁴³ on a Cross-Paradigm Sensitive Data and Sensitivity Flags Library and Guidance Project, which is developing code sets for sensitive data, starting with those used in jurisdictional privacy rules to be published to VSAC with HL7 as the ongoing steward.⁴⁴
An Implementation Guidance Workstream, which is managing an 18-month modified Delphi process to develop consensus-driven expert recommendations addressing key implementation barriers.^45,46 Addressing these complexities requires the input of multiple stakeholders with diverse areas of expertise. The Delphi methodology provides a systematic way to consider and consolidate the expertise of Shift’s diverse members to achieve consensus,⁴⁷ on such nuanced questions as
1. How should competent patients be informed of the potential risks of withholding certain data? How should patients be informed that data may not be withheld in all circumstances or may be inferred due to the complexity of IT systems?
2. What are the safety and ethical implications of allowing an informed, competent patient the ability to withhold or redact specific types of data in different situations?
3. If an informed patient chooses to withhold data, should the receiving system notify users that redacted data exist and, if so, by what means? If the intended recipient is notified, should emergency “break the glass” access be permitted?
4. If data are withheld from the user interface, should it or how should it still be used in different types of decision support interventions? Should it still be incorporated into large-scale data queries, for instance, to train AI models? If not, how should we understand the potential for biased results that may be incurred?

Fig. 1 — Shift’s priority use cases. Phase 1 of Shift Collaborative work addresses Older Adult Behavioral Health and Adolescent Reproductive Health use cases, while Phase 2 focuses on Adult Social Determinants of Health (with the Gravity Project) and Co-mingled Maternal and Infant Health Information use cases.

Fig. 2 — Shift Collaborative workstreams and advisory groups. Shift’s Ethics and Equity, Legal and Policy, Patient Perspective, and Clinical Expertise Advisory Groups support the Terminology, Technical, and Implementation Workstreams.

Fig. 3 — Shift’s proposed reference implementation architecture and data exchange model. Granular data management is afforded via consent management service(s) that communicate user preferences to consent decision services via FHIR Consent Store(s). Authorization policies and a security labeling service support consent enforcement for data sharing among EHRs, recipients, and other actors. API, Application Programming Interface; EHR, electronic health record; FHIR, Fast Health Interoperability Resources; UI, user interface.

Table 3.

Shift sandbox reference implementations

Stage 1: SLS within EHR	Tagging of sensitive data using a security labeling service (SLS), first within the base system, and then demonstrating tag and retention in the recipient system. Mock electronic health record (EHR) to mock health information exchange (HIE)^a Mock EHR to mock EHR Real-world system exchange
Stage 2: Applied Consent Rules	Incorporation of artificially applied patient preferences (consent rules) to determine appropriate security labeling and subsequent access controls. Mock EHR to mock HIE Mock EHR to mock EHR Real-world system exchange
Stage 3: CM Engine	Integration of a consent management (CM) engine to demonstrate collection, enactment, and revocation of patient-driven and administratively defined consents and the effects of their enforcement.^b Mock EHR to mock HIE Mock EHR to mock EHR Real-world system exchange

Open in a new tab

Note: This table lists Shift’s current and planned sandbox reference implementations of increasing complexity.

Shift has already demonstrated the mock electronic health record (EHR) to mock health information exchange (HIE) SLS and Consent rules enforcement successfully with several stakeholder vendors; this has now been repeated in the Collaborative’s own FHIR sandbox to serve as the framework for additional reference implementations.

Shift’s consent management technical workflows and actors follow the HIPAA Privacy Rule, which requires that covered entities (CEs) allow individuals to request a restriction^63–66 on the use or disclosure of their PHI for treatment, payment, or health care operations, but does not require CEs to agree to such requests except in some limited circumstances.

The results of this series of modified Delphi processes will be submitted for peer-reviewed publication and subsequently incorporated in a different format into an open-source compendium guide for implementers. Shift’s major milestones to date across workstreams are further outlined in Figs. 4 and 5.

Fig. 4 — Timeline of Shift’s major milestones to date. Shift was founded in 2018 and formalized in 2020. This timeline highlights some of Shift’s major technical, terminology, and implementation guidance milestones to date.

Fig. 5 — Timeline of Shift’s roadmap milestones. This timeline highlights some of Shift’s major planned technical, terminology, and implementation guidance milestones based on continued community support.

Shift’s structure additionally comprises four expert advisory groups (AGs), which review and advise on all of the above work.

Clinical Expertise AG, which helps to develop clinical use cases that highlight challenges in data segmentation. These use cases inform the development of workflows, lists of relevant data elements, and a determination of what elements are protected. This AG also helps guide communication to health and human services organizations related to the implementation and effect of Shift’s work.
Patient Perspective AG, which collaborates with OpenNotes⁴⁸ to develop a diverse consortium of patient, family, and patient advocate partners to participate in future Shift Delphi process work and provide feedback on Shift reference implementations.
Legal and Policy AG, which consults with Shift workstreams and AGs and develops comments on proposed federal regulations. The group also monitors major developments in federal and state laws related to reproductive care, gender-affirming care, substance use disorder treatment, and other services generating sensitive health data. Key issues for the group include alignment of federal regulations and protection of patient privacy, good faith efforts by health care providers to protect patients’ sensitive data that are at odds with the Information Blocking Rule, and the implications of patients’ requests to redact their data when a covered entity does not support it.
Ethics and Equity AG, which guides Shift leadership and the Shift Governing Board on issues with ethical and health equity dimensions related to the structure, stakeholder membership, and execution of the collaborative’s work. AG members provide high-level ethical analyses that incorporate accepted bioethics principles and help frame Shift’s work in the context of changing regulations, varied stakeholders, and complex interactions. AG consultations consider Shift activity with implications for health equity and inform the collaborative about current issues that are in scope and relevant to Shift’s use cases, development of reference implementations, and other deliverables.

The Way Forward

Shift’s scalable technical and implementation guidance work is a prerequisite to a policy and/or business driver that would ultimately stimulate widespread adoption of these standards. As of early 2025, Shift’s work is referenced in The Sequoia Project’s Interoperability Matters Privacy & Consent Workgroup.⁴⁹ Shift engages with The Sequoia Project, an independent advocate for nationwide health information exchange, and additionally closely collaborates with other public–private partners such as Civitas Networks for Health,⁵⁰ OpenNotes,⁴⁸ and the Gravity Project⁵¹ to determine how best to advance widespread adoption granular segmentation and consent to promote more equitable interoperability. All three organizations align with Shift’s mission and vision, through Civitas’ focus on harnessing data to strengthen communities, OpenNotes’ advocacy for increased transparency in health care, and Gravity’s goal to develop consensus-based data standards to improve how we use and share information on social drivers of health. The work that these organizations are producing allows data segmentation to be more effective by ensuring that sensitive data can be tagged and follows standardized exchange methods. One option may be to incorporate DS4P FHIR as a required standard into a future Trusted Exchange Framework and Common Agreement (TEFCA) Standard Operating Procedure.⁵² Another may be to work with ASTP to develop a mandatory specification in a future certification program update. In either case, standards maturation and consensus-driven implementation guidance against clinically relevant use cases are needed as foundational steps to get there. Shift has brought together the key industry stakeholders to accomplish this.

Conclusion

Given the major gaps in current data segmentation standards and consent tools, work that furthers interoperability for the benefit of all patients and clinicians is critical. The Shift Collaborative is coordinating technological, regulatory, legal, and sociotechnical experts to achieve consensus around the features of contemporary, patient-empowered data sharing and CM, as well as maturing standards to support granular data exchange. By providing a foundation for granular data sharing that promotes trust among patients, providers, and caregivers, Shift will improve the quality of care and decrease health inequities through the advancement of equitable interoperability.

Clinical Relevance Statement.

There has been minimal development and implementation of functionality supporting health data segmentation and granular data management despite patient concerns about broad sharing of sensitive health information and implicit bias among health care professionals. This article describes ongoing efforts by an independent, multistakeholder collaborative to improve health outcomes and reduce health disparities by advancing granular data sharing that promotes trust among patients and providers.

Multiple-Choice Questions.

1
Which implication arises when patients cannot manage access to personal health information contained in the electronic health record?
1. Compliance with screening exams
2. Less use of the Emergency Department
3. Medical mistrust
4. Effective representation of historically marginalized populations in research

Correct Answer: The correct option is option c. Medical mistrust is higher in historically marginalized populations, has increased in recent years, and is associated with decreased likelihood to follow medical advice, receive recommended preventive care, fill prescriptions, and keep follow-up appointments.

2
What expert AGs inform the Shift Collaborative Terminology, Technical, and Implementation Guidance Workstreams?
1. Clinical Expertise, Patient Perspective, Regulatory, and Ethics and Equity AGs
2. Clinical Expertise, Patient Perspective, Legal and Policy, and Ethics and Equity AGs
3. Practice Perspective, Patient Perspective, Regulatory, and Ethics and Equity AGs
4. Practice Perspective, Patient Perspective, Legal and Policy, and Ethics and Equity AGs

Correct Answer: The correct option is option b. The Clinical Expertise, Patient Perspective, Legal and Policy, and Ethics and Equity AGs inform the Shift Collaborative Terminology, Technical, and Implementation Guidance Workstreams.

Funding

This work is funded through a grant from the Adtalem Global Education Foundation, which is administered by Cambridge Health Alliance, and in-kind project management services from Drummond.

Conflict of Interest

H.K.G. is the Chief Medical Information Officer for Cambridge Health Alliance, which administers (directly and through the Cambridge Health Alliance Foundation) Shift grant funding. She currently receives no direct payment for her role as Shift Board Chair or Principal Investigator. M.A.G. was funded by the National Institute on Drug Abuse through the Substance Use HeAlth REcords Sharing (SHARES) grant (9R01DA056984-06A1). S.M. is a paid contractor for Drummond, which provides some of her project management hours as services in kind for Shift. S.M.’s work with Shift ispartially funded through a grant from the Adtalem Global Education Foundation, which is administered through the Cambridge Health Alliance Foundation. Shift is funded by generous financial grants from the American Medical Association, the American Academy of Pediatrics, and the Adtalem Global Education Foundation, with services in kind from Drummond, the Healthcare Information and Management Systems Society Electronic Health Records Association, Integrating the Healthcare Enterprise USA, and Cambridge Health Alliance, and the Cambridge Health Alliance Foundation.

Footnotes

Protection of Human and Animal Subjects

No human and/or animal subjects were included in this work.

References

1.Li E, Clarke J, Ashrafian H, Darzi A, Neves AL. The impact of electronic health record interoperability on safety and quality of care in high-income countries: systematic review. J Med Internet Res 2022;24(09):e38144. [DOI] [PMC free article] [PubMed] [Google Scholar]
2.Kruse CS, Stein A, Thomas H, Kaur H. The use of electronic health records to support population health: a systematic review of the literature. J Med Syst 2018;42(11):214. [DOI] [PMC free article] [PubMed] [Google Scholar]
3.Gaylin DS, Moiduddin A, Mohamoud S, Lundeen K, Kelly JA. Public attitudes about health information technology, and its relationship to health care quality, costs, and privacy. Health Serv Res 2011;46(03):920–938 [DOI] [PMC free article] [PubMed] [Google Scholar]
4.Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. Washington, DC; 2009. Accessed April 25, 2025 at: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/enforcementrule/enfifr.pdf [Google Scholar]
5.Blumenthal D Wiring the health system–origins and provisions of a new federal program. N Engl J Med 2011;365(24):2323–2329 [DOI] [PubMed] [Google Scholar]
6.Department of Health and Human Services. 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program. Washington, DC; 2016. Accessed April 25, 2025 at: https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-07419.pdf [Google Scholar]
7.Commonwell Health Alliance. Connect to External Frameworks. Boston, MA; 2024. Accessed April 25, 2025 at: https://www.commonwellalliance.org/connect-to-the-network/carequality/ [Google Scholar]
8.Carequality. Home page. Vienna, VA; 2024. Accessed April 25, 2025 at: https://carequality.org/ [Google Scholar]
9.Petersen C, Galvin HK, Lehmann CU, Sharko M. Equitable interoperability through precise control of sensitive health information: an emerging pathway to health equity. Ann Intern Med 2024;177(03):387–388 [DOI] [PubMed] [Google Scholar]
10.Pew Charitable Trusts. Patients Seek Better Exchange of Health Data Among Their Care Providers. Issue Brief. 2020. Accessed April 25, 2025 at: https://www.pewtrusts.org/en/research-and-analysis/issue-briefs/2020/03/patients-seek-better-exchange-of-health-data-among-their-care-providers
11.DesRoches CM, Wachenheim D, Garcia A, et al. Clinician and patient perspectives on the exchange of sensitive social determinants of health information. JAMA Netw Open 2024;7(10):e2444376. [DOI] [PMC free article] [PubMed] [Google Scholar]
12.American Medical Association. Patient perspectives around data privacy. 22–728656-A:7/22. Chicago, IL; 2022. Accessed April 25, 2025 at: https://www.ama-assn.org/system/files/ama-patient-data-privacy-survey-results.pdf [Google Scholar]
13.Caine K, Hanania R. Patients want granular privacy control over health information in electronic medical records. J Am Med Inform Assoc 2013;20(01):7–15 [DOI] [PMC free article] [PubMed] [Google Scholar]
14.Shen N, Bernier T, Sequeira L, et al. Understanding the patient privacy perspective on health information exchange: A systematic review. Int J Med Inform 2019;125:1–12 [DOI] [PubMed] [Google Scholar]
15.Sharko M, Niño de Rivera S, Benda N, et al. Portal confidentiality concerns and health information sharing and access. JAMA Pediatr 2024;178(12):1373–1375 [DOI] [PMC free article] [PubMed] [Google Scholar]
16.National Institutes of Health. Health Information National Trends Survey. Rockville, MD; 2024. Accessed April 25, 2025 at: https://hints.cancer.gov/docs/Instruments/HINTS6-AnnotatedEnglishInstrument.pdf [Google Scholar]
17.Malin BA, Emam KE, O’Keefe CM. Biomedical data privacy: problems, perspectives, and recent advances. J Am Med Inform Assoc 2013;20(01):2–6 [DOI] [PMC free article] [PubMed] [Google Scholar]
18.FitzGerald C, Hurst S. Implicit bias in healthcare professionals: a systematic review. BMC Med Ethics 2017;18(01):19. [DOI] [PMC free article] [PubMed] [Google Scholar]
19.Hall WJ, Chapman MV, Lee KM, et al. Implicit racial/ethnic bias among health care professionals and its influence on health care outcomes: a systematic review. Am J Public Health 2015;105(12):e60–e76 [DOI] [PMC free article] [PubMed] [Google Scholar]
20.Nong P, Raj M, Creary M, Kardia SLR, Platt JE. Patient-reported experiences of discrimination in the US health care system. JAMA Netw Open 2020;3(12):e2029650. [DOI] [PMC free article] [PubMed] [Google Scholar]
21.Department of Health and Human Services. 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program. 85 Fed. Reg. 2562. Washington, DC; 2020. Accessed April 25, 2025 at: https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-07419.pdf [Google Scholar]
22.Supreme Court of the United States. 19–1392 Dobbs v. Jackson Women’s Health Organization. 2021. Accessed April 25, 2025 at: https://www.supremecourt.gov/opinions/21pdf/19-1392_6j37.pdf
23.Wetzels M, Broers E, Peters P, Feijs L, Widdershoven J, Habibovic M. Patient perspectives on health data privacy and management: “Where is my data and whose is it?” Int J Telemed Appl 2018;2018:3838747. [DOI] [PMC free article] [PubMed] [Google Scholar]
24.Small SS, Hohl CM, Balka E. Patient perspectives on health data privacy and implications for adverse drug event documentation and communication: qualitative study. J Med Internet Res 2021;23(01):e21452. [DOI] [PMC free article] [PubMed] [Google Scholar]
25.Hostetter M, Klein S. Understanding and Ameliorating Medical Mistrust Among Black Americans. The Commonwealth Fund. New York, NY; January 14, 2021. Accessed April 25, 2025 at: https://www.commonwealthfund.org/publications/newsletter-article/2021/jan/medical-mistrust-among-black-americans [Google Scholar]
26.Halbert CH, Weathers B, Delmoor E, et al. Racial differences in medical mistrust among men diagnosed with prostate cancer. Cancer 2009;115(11):2553–2561 [DOI] [PMC free article] [PubMed] [Google Scholar]
27.Sheppard VB, Mays D, LaVeist T, Tercyak KP. Medical mistrust influences black women’s level of engagement in BRCA 1/2 genetic counseling and testing. J Natl Med Assoc 2013;105(01):17–22 [DOI] [PMC free article] [PubMed] [Google Scholar]
28.Colvin K, Potts W, Heinlein E, Himelhoch S. Prevalence and predictors of medical mistrust among African Americans with serious mental illness receiving care in an urban setting. Community Ment Health J 2024;60(03):438–441 [DOI] [PubMed] [Google Scholar]
29.Perlis RH, Ognyanova K, Uslu A, et al. Trust in physicians and hospitals during the COVID-19 pandemic in a 50-state survey of US adults. JAMA Netw Open 2024;7(07):e2424984. [DOI] [PMC free article] [PubMed] [Google Scholar]
30.Arnett MJ, Thorpe RJ Jr, Gaskin DJ, Bowie JV, LaVeist TA. Race, medical mistrust, and segregation in primary care as usual source of care: findings from the exploring health disparities in integrated communities study. J Urban Health 2016;93(03):456–467 [DOI] [PMC free article] [PubMed] [Google Scholar]
31.Sarkissian A Florida Medicaid spending on undocumented immigrants plummets after new law. Politico. June 23, 2024. Accessed April 25, 2025 at: https://www.politico.com/news/2024/06/23/desantis-florida-medicaid-immigration-00164519
32.Eaton LA, Driffin DD, Kegler C, et al. The role of stigma and medical mistrust in the routine health care engagement of black men who have sex with men. Am J Public Health 2015;105(02):e75–e82 [DOI] [PMC free article] [PubMed] [Google Scholar]
33.Lopez L III, Hart LH III, Katz MH. Racial and ethnic health disparities related to COVID-19. JAMA 2021;325(08):719–720 [DOI] [PubMed] [Google Scholar]
34.Colvin KM, Camara KS, Adams LS, et al. Profiles of COVID-19 vaccine hesitancy by race and ethnicity in eastern Pennsylvania. PLoS ONE 2023;18(02):e0280245. [DOI] [PMC free article] [PubMed] [Google Scholar]
35.Shift Task Force. Read Our White Paper. Cambridge, MA; 2022. Accessed April 25, 2025 at: https://www.shiftinterop.org/about-our-work/white-paper [Google Scholar]
36.Stefano J C2S Real World Implementation. ONC Annual Meeting. Washington, DC; January 2020. Accessed May 29, 2025 at: www.healthit.gov/sites/default/files/2019-12/ONC2020AgendaBasic_0.pdf [Google Scholar]
37.Linden G Minnesota OCP-C2S Project. ONC Annual Meeting. Washington, DC; January 2020. Accessed May 29, 2025 at: www.healthit.gov/sites/default/files/2019-12/ONC2020AgendaBasic_0.pdf [Google Scholar]
38.Grando A, Sottara D, Singh R, et al. Pilot evaluation of sensitive data segmentation technology for privacy. Int J Med Inform 2020;138:104121. [DOI] [PMC free article] [PubMed] [Google Scholar]
39.Md. Code Ann., Health-Gen Accessed May 29, 2025 at: https://law.justia.com/codes/maryland/health-general/title-4/subtitle-3/section-4-302-5/
40.IHE International. Privacy Consent on FHIR (PCF) Home. Accessed April 25, 2025 at: https://profiles.ihe.net/ITI/PCF/index.html
41.Office of the National Coordinator for Health IT. Consent Management. FHIR at Scale Task Force. Washington, DC; 2024. Accessed April 25, 2025 at: https://confluence.hl7.org/display/FAST/Consent+Management [Google Scholar]
42.HL7 International. HL7 Implementation Guide: Data Segmentation for Privacy (DS4P),. Release 1. May 13, 2014. Accessed April 25, 2025 at: https://www.hl7.org/implement/standards/product_brief.cfm?product_id=354
43.HL7 FHIR Foundry. Substance use Health REcord Sharing. SHARES Full Stack. Accessed April 25, 2025 at: https://foundry.hl7.org/products/8e421033-baaf-4b35-b818-efc370fd6fdd
44.HL7 International. Cross-Paradigm Sensitive Data and Sensitivity Flags Library and Guidance. March 2025, in progress. Accessed April 25, 2025 at: https://confluence.hl7.org/spaces/CGP/pages/321160258/Cross-Paradigm+Sensitive+Data+and+Sensitivity+Flags+Library+and+Guidance
45.Shang Z Use of Delphi in health sciences research: A narrative review. Medicine (Baltimore) 2023;102(07):e32829. [DOI] [PMC free article] [PubMed] [Google Scholar]
46.Hasson F, Keeney S, McKenna H. Research guidelines for the Delphi survey technique. J Adv Nurs 2000;32(04):1008–1015 [PubMed] [Google Scholar]
47.Nasa P, Jain R, Juneja D. Delphi methodology in healthcare research: How to decide its appropriateness. World J Methodol 2021;11(04):116–129 [DOI] [PMC free article] [PubMed] [Google Scholar]
48.OpenNotes. Strengthening Patient Safety with OpenNotes. Boston, MA; 2025. Accessed April 25, 2025 at: https://www.opennotes.org/ [Google Scholar]
49.The Sequoia Project. 2023–2024 Interoperability Matters Privacy & Consent Workgroup Charter. 2023. Accessed April 25, 2025 at: https://sequoiaproject.org/wp-content/uploads/2024/01/InteropMatter_PrivacyConsentWG_Charter_FINAL-12212023.pdf
50.Civitas Networks for Health. Harnessing Health Data to Strengthen Communities Nationwide. Portland, ME; 2025. Accessed April 25, 2025 at: https://www.civitasforhealth.org/about/ [Google Scholar]
51.The Gravity Project. Our Mission. Ann Arbor, MI; 2025. Accessed April 25, 2025 at: https://thegravityproject.net/overview/ [Google Scholar]
52.Office of the National Coordinator for Health IT. Trusted Exchange Framework and Common Agreement. Washington, DC; 2018. Accessed April 25, 2025 at: https://www.healthit.gov/topic/interoperability/policy/trusted-exchange-framework-and-common-agreement-tefca [Google Scholar]
53.Coleman J Protecting high-stakes PHI. J AHIMA 2014;85(04):30–34 [PubMed] [Google Scholar]
54.Coleman J Segmenting data privacy. Cross-industry initiative aims to piece out privacy within the health record. J AHIMA 2013;84(02):34–38, quiz 39 [PubMed] [Google Scholar]
55.Office of the National Coordinator for Health IT. Data Segmentation for Privacy Initiative All-Hands Meeting. Washington, DC; May 2, 2014. Accessed April 25, 2025 at: https://slideplayer.com/slide/7283851/ [Google Scholar]
56.HL7 International. HL7 Healthcare Privacy and Security Classification System (HCS),. Release 1. August 8, 2014. Accessed April 25, 2025 at: http://www.hl7.org/implement/standards/product_brief.cfm?product_id=345
57.HL7 International. FHIR Data Segmentation for Privacy. 1.0.0 Trial Use. April 17, 2023. Accessed April 25, 2025 at: https://www.hl7.org/fhir/uv/security-label-ds4p/index.html
58.Open Behavioral Health Information Technology Architecture. How C2S Technology Works. Rockville, MD; August 21, 2014. Accessed April 25, 2025 at: https://www.youtube.com/watch?v=mfWuCaheTA4 [Google Scholar]
59.Substance Abuse and Mental Health Services Administration. Consent2Share. Washington, DC; 2017. Accessed April 25, 2025 at: https://bhits.github.io/consent2share/ [Google Scholar]
60.Lee P, Mendoza D, Kaiser M, et al. FHIR granular sensitive data segmentation. Appl Clin Inform 2025;16(01):156–166In press [DOI] [PMC free article] [PubMed] [Google Scholar]
61.San Diego Health Connect. ONC LEAP Computable Consent Project. San Diego, CA; 2024. Accessed April 25, 2025 at: https://sdhealthconnect.github.io/leap/ [Google Scholar]
62.Voronov A, Jafari M, Zhao L, et al. Pediatric consent on FHIR. Appl Clin Inform 2024;15(02):342–356 [DOI] [PMC free article] [PubMed] [Google Scholar]
63.National Archives. Code of Federal Regulations. 45 C.F.R § 164.522. Health Insurance Portability and Accountability Act Privacy Rule. Rights to request privacy protection for protected health information. Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, § 164.522. 2013. Accessed April 25, 2025 at: https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-E/section-164.522
64.U.S. Department of Health and Human Services. HIPAA for individuals. Washington, DC; 2017. Accessed April 25, 2025 at: https://www.hhs.gov/hipaa/for-individuals/index.html [Google Scholar]
65.U.S. Department of Health and Human Services. Summary of the HIPAA Privacy Rule. Washington, DC; 2022. Accessed April 25, 2025 at: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html [Google Scholar]
66.U.S. Department of Health and Human Services. Under HIPAA, may an individual request that a covered entity restrict how it uses or discloses that individual’s protected health information (PHI)? Washington DC, 2022. Accessed April 25, 2025 at: https://www.hhs.gov/hipaa/for-professionals/faq/3026/under-hipaa-may-an-individual-request-that-a-covered-entity-restrict-how-it-uses-or-discloses-that-individuals-protect-health-information/index.html [Google Scholar]

[R1] 1.Li E, Clarke J, Ashrafian H, Darzi A, Neves AL. The impact of electronic health record interoperability on safety and quality of care in high-income countries: systematic review. J Med Internet Res 2022;24(09):e38144. [DOI] [PMC free article] [PubMed] [Google Scholar]

[R2] 2.Kruse CS, Stein A, Thomas H, Kaur H. The use of electronic health records to support population health: a systematic review of the literature. J Med Syst 2018;42(11):214. [DOI] [PMC free article] [PubMed] [Google Scholar]

[R3] 3.Gaylin DS, Moiduddin A, Mohamoud S, Lundeen K, Kelly JA. Public attitudes about health information technology, and its relationship to health care quality, costs, and privacy. Health Serv Res 2011;46(03):920–938 [DOI] [PMC free article] [PubMed] [Google Scholar]

[R4] 4.Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. Washington, DC; 2009. Accessed April 25, 2025 at: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/enforcementrule/enfifr.pdf [Google Scholar]

[R5] 5.Blumenthal D Wiring the health system–origins and provisions of a new federal program. N Engl J Med 2011;365(24):2323–2329 [DOI] [PubMed] [Google Scholar]

[R6] 6.Department of Health and Human Services. 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program. Washington, DC; 2016. Accessed April 25, 2025 at: https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-07419.pdf [Google Scholar]

[R7] 7.Commonwell Health Alliance. Connect to External Frameworks. Boston, MA; 2024. Accessed April 25, 2025 at: https://www.commonwellalliance.org/connect-to-the-network/carequality/ [Google Scholar]

[R8] 8.Carequality. Home page. Vienna, VA; 2024. Accessed April 25, 2025 at: https://carequality.org/ [Google Scholar]

[R9] 9.Petersen C, Galvin HK, Lehmann CU, Sharko M. Equitable interoperability through precise control of sensitive health information: an emerging pathway to health equity. Ann Intern Med 2024;177(03):387–388 [DOI] [PubMed] [Google Scholar]

[R10] 10.Pew Charitable Trusts. Patients Seek Better Exchange of Health Data Among Their Care Providers. Issue Brief. 2020. Accessed April 25, 2025 at: https://www.pewtrusts.org/en/research-and-analysis/issue-briefs/2020/03/patients-seek-better-exchange-of-health-data-among-their-care-providers

[R11] 11.DesRoches CM, Wachenheim D, Garcia A, et al. Clinician and patient perspectives on the exchange of sensitive social determinants of health information. JAMA Netw Open 2024;7(10):e2444376. [DOI] [PMC free article] [PubMed] [Google Scholar]

[R12] 12.American Medical Association. Patient perspectives around data privacy. 22–728656-A:7/22. Chicago, IL; 2022. Accessed April 25, 2025 at: https://www.ama-assn.org/system/files/ama-patient-data-privacy-survey-results.pdf [Google Scholar]

[R13] 13.Caine K, Hanania R. Patients want granular privacy control over health information in electronic medical records. J Am Med Inform Assoc 2013;20(01):7–15 [DOI] [PMC free article] [PubMed] [Google Scholar]

[R14] 14.Shen N, Bernier T, Sequeira L, et al. Understanding the patient privacy perspective on health information exchange: A systematic review. Int J Med Inform 2019;125:1–12 [DOI] [PubMed] [Google Scholar]

[R15] 15.Sharko M, Niño de Rivera S, Benda N, et al. Portal confidentiality concerns and health information sharing and access. JAMA Pediatr 2024;178(12):1373–1375 [DOI] [PMC free article] [PubMed] [Google Scholar]

[R16] 16.National Institutes of Health. Health Information National Trends Survey. Rockville, MD; 2024. Accessed April 25, 2025 at: https://hints.cancer.gov/docs/Instruments/HINTS6-AnnotatedEnglishInstrument.pdf [Google Scholar]

[R17] 17.Malin BA, Emam KE, O’Keefe CM. Biomedical data privacy: problems, perspectives, and recent advances. J Am Med Inform Assoc 2013;20(01):2–6 [DOI] [PMC free article] [PubMed] [Google Scholar]

[R18] 18.FitzGerald C, Hurst S. Implicit bias in healthcare professionals: a systematic review. BMC Med Ethics 2017;18(01):19. [DOI] [PMC free article] [PubMed] [Google Scholar]

[R19] 19.Hall WJ, Chapman MV, Lee KM, et al. Implicit racial/ethnic bias among health care professionals and its influence on health care outcomes: a systematic review. Am J Public Health 2015;105(12):e60–e76 [DOI] [PMC free article] [PubMed] [Google Scholar]

[R20] 20.Nong P, Raj M, Creary M, Kardia SLR, Platt JE. Patient-reported experiences of discrimination in the US health care system. JAMA Netw Open 2020;3(12):e2029650. [DOI] [PMC free article] [PubMed] [Google Scholar]

[R21] 21.Department of Health and Human Services. 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program. 85 Fed. Reg. 2562. Washington, DC; 2020. Accessed April 25, 2025 at: https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-07419.pdf [Google Scholar]

[R22] 22.Supreme Court of the United States. 19–1392 Dobbs v. Jackson Women’s Health Organization. 2021. Accessed April 25, 2025 at: https://www.supremecourt.gov/opinions/21pdf/19-1392_6j37.pdf

[R23] 23.Wetzels M, Broers E, Peters P, Feijs L, Widdershoven J, Habibovic M. Patient perspectives on health data privacy and management: “Where is my data and whose is it?” Int J Telemed Appl 2018;2018:3838747. [DOI] [PMC free article] [PubMed] [Google Scholar]

[R24] 24.Small SS, Hohl CM, Balka E. Patient perspectives on health data privacy and implications for adverse drug event documentation and communication: qualitative study. J Med Internet Res 2021;23(01):e21452. [DOI] [PMC free article] [PubMed] [Google Scholar]

[R25] 25.Hostetter M, Klein S. Understanding and Ameliorating Medical Mistrust Among Black Americans. The Commonwealth Fund. New York, NY; January 14, 2021. Accessed April 25, 2025 at: https://www.commonwealthfund.org/publications/newsletter-article/2021/jan/medical-mistrust-among-black-americans [Google Scholar]

[R26] 26.Halbert CH, Weathers B, Delmoor E, et al. Racial differences in medical mistrust among men diagnosed with prostate cancer. Cancer 2009;115(11):2553–2561 [DOI] [PMC free article] [PubMed] [Google Scholar]

[R27] 27.Sheppard VB, Mays D, LaVeist T, Tercyak KP. Medical mistrust influences black women’s level of engagement in BRCA 1/2 genetic counseling and testing. J Natl Med Assoc 2013;105(01):17–22 [DOI] [PMC free article] [PubMed] [Google Scholar]

[R28] 28.Colvin K, Potts W, Heinlein E, Himelhoch S. Prevalence and predictors of medical mistrust among African Americans with serious mental illness receiving care in an urban setting. Community Ment Health J 2024;60(03):438–441 [DOI] [PubMed] [Google Scholar]

[R29] 29.Perlis RH, Ognyanova K, Uslu A, et al. Trust in physicians and hospitals during the COVID-19 pandemic in a 50-state survey of US adults. JAMA Netw Open 2024;7(07):e2424984. [DOI] [PMC free article] [PubMed] [Google Scholar]

[R30] 30.Arnett MJ, Thorpe RJ Jr, Gaskin DJ, Bowie JV, LaVeist TA. Race, medical mistrust, and segregation in primary care as usual source of care: findings from the exploring health disparities in integrated communities study. J Urban Health 2016;93(03):456–467 [DOI] [PMC free article] [PubMed] [Google Scholar]

[R31] 31.Sarkissian A Florida Medicaid spending on undocumented immigrants plummets after new law. Politico. June 23, 2024. Accessed April 25, 2025 at: https://www.politico.com/news/2024/06/23/desantis-florida-medicaid-immigration-00164519

[R32] 32.Eaton LA, Driffin DD, Kegler C, et al. The role of stigma and medical mistrust in the routine health care engagement of black men who have sex with men. Am J Public Health 2015;105(02):e75–e82 [DOI] [PMC free article] [PubMed] [Google Scholar]

[R33] 33.Lopez L III, Hart LH III, Katz MH. Racial and ethnic health disparities related to COVID-19. JAMA 2021;325(08):719–720 [DOI] [PubMed] [Google Scholar]

[R34] 34.Colvin KM, Camara KS, Adams LS, et al. Profiles of COVID-19 vaccine hesitancy by race and ethnicity in eastern Pennsylvania. PLoS ONE 2023;18(02):e0280245. [DOI] [PMC free article] [PubMed] [Google Scholar]

[R35] 35.Shift Task Force. Read Our White Paper. Cambridge, MA; 2022. Accessed April 25, 2025 at: https://www.shiftinterop.org/about-our-work/white-paper [Google Scholar]

[R36] 36.Stefano J C2S Real World Implementation. ONC Annual Meeting. Washington, DC; January 2020. Accessed May 29, 2025 at: www.healthit.gov/sites/default/files/2019-12/ONC2020AgendaBasic_0.pdf [Google Scholar]

[R37] 37.Linden G Minnesota OCP-C2S Project. ONC Annual Meeting. Washington, DC; January 2020. Accessed May 29, 2025 at: www.healthit.gov/sites/default/files/2019-12/ONC2020AgendaBasic_0.pdf [Google Scholar]

[R38] 38.Grando A, Sottara D, Singh R, et al. Pilot evaluation of sensitive data segmentation technology for privacy. Int J Med Inform 2020;138:104121. [DOI] [PMC free article] [PubMed] [Google Scholar]

[R39] 39.Md. Code Ann., Health-Gen Accessed May 29, 2025 at: https://law.justia.com/codes/maryland/health-general/title-4/subtitle-3/section-4-302-5/

[R40] 40.IHE International. Privacy Consent on FHIR (PCF) Home. Accessed April 25, 2025 at: https://profiles.ihe.net/ITI/PCF/index.html

[R41] 41.Office of the National Coordinator for Health IT. Consent Management. FHIR at Scale Task Force. Washington, DC; 2024. Accessed April 25, 2025 at: https://confluence.hl7.org/display/FAST/Consent+Management [Google Scholar]

[R42] 42.HL7 International. HL7 Implementation Guide: Data Segmentation for Privacy (DS4P),. Release 1. May 13, 2014. Accessed April 25, 2025 at: https://www.hl7.org/implement/standards/product_brief.cfm?product_id=354

[R43] 43.HL7 FHIR Foundry. Substance use Health REcord Sharing. SHARES Full Stack. Accessed April 25, 2025 at: https://foundry.hl7.org/products/8e421033-baaf-4b35-b818-efc370fd6fdd

[R44] 44.HL7 International. Cross-Paradigm Sensitive Data and Sensitivity Flags Library and Guidance. March 2025, in progress. Accessed April 25, 2025 at: https://confluence.hl7.org/spaces/CGP/pages/321160258/Cross-Paradigm+Sensitive+Data+and+Sensitivity+Flags+Library+and+Guidance

[R45] 45.Shang Z Use of Delphi in health sciences research: A narrative review. Medicine (Baltimore) 2023;102(07):e32829. [DOI] [PMC free article] [PubMed] [Google Scholar]

[R46] 46.Hasson F, Keeney S, McKenna H. Research guidelines for the Delphi survey technique. J Adv Nurs 2000;32(04):1008–1015 [PubMed] [Google Scholar]

[R47] 47.Nasa P, Jain R, Juneja D. Delphi methodology in healthcare research: How to decide its appropriateness. World J Methodol 2021;11(04):116–129 [DOI] [PMC free article] [PubMed] [Google Scholar]

[R48] 48.OpenNotes. Strengthening Patient Safety with OpenNotes. Boston, MA; 2025. Accessed April 25, 2025 at: https://www.opennotes.org/ [Google Scholar]

[R49] 49.The Sequoia Project. 2023–2024 Interoperability Matters Privacy & Consent Workgroup Charter. 2023. Accessed April 25, 2025 at: https://sequoiaproject.org/wp-content/uploads/2024/01/InteropMatter_PrivacyConsentWG_Charter_FINAL-12212023.pdf

[R50] 50.Civitas Networks for Health. Harnessing Health Data to Strengthen Communities Nationwide. Portland, ME; 2025. Accessed April 25, 2025 at: https://www.civitasforhealth.org/about/ [Google Scholar]

[R51] 51.The Gravity Project. Our Mission. Ann Arbor, MI; 2025. Accessed April 25, 2025 at: https://thegravityproject.net/overview/ [Google Scholar]

[R52] 52.Office of the National Coordinator for Health IT. Trusted Exchange Framework and Common Agreement. Washington, DC; 2018. Accessed April 25, 2025 at: https://www.healthit.gov/topic/interoperability/policy/trusted-exchange-framework-and-common-agreement-tefca [Google Scholar]

[R53] 53.Coleman J Protecting high-stakes PHI. J AHIMA 2014;85(04):30–34 [PubMed] [Google Scholar]

[R54] 54.Coleman J Segmenting data privacy. Cross-industry initiative aims to piece out privacy within the health record. J AHIMA 2013;84(02):34–38, quiz 39 [PubMed] [Google Scholar]

[R55] 55.Office of the National Coordinator for Health IT. Data Segmentation for Privacy Initiative All-Hands Meeting. Washington, DC; May 2, 2014. Accessed April 25, 2025 at: https://slideplayer.com/slide/7283851/ [Google Scholar]

[R56] 56.HL7 International. HL7 Healthcare Privacy and Security Classification System (HCS),. Release 1. August 8, 2014. Accessed April 25, 2025 at: http://www.hl7.org/implement/standards/product_brief.cfm?product_id=345

[R57] 57.HL7 International. FHIR Data Segmentation for Privacy. 1.0.0 Trial Use. April 17, 2023. Accessed April 25, 2025 at: https://www.hl7.org/fhir/uv/security-label-ds4p/index.html

[R58] 58.Open Behavioral Health Information Technology Architecture. How C2S Technology Works. Rockville, MD; August 21, 2014. Accessed April 25, 2025 at: https://www.youtube.com/watch?v=mfWuCaheTA4 [Google Scholar]

[R59] 59.Substance Abuse and Mental Health Services Administration. Consent2Share. Washington, DC; 2017. Accessed April 25, 2025 at: https://bhits.github.io/consent2share/ [Google Scholar]

[R60] 60.Lee P, Mendoza D, Kaiser M, et al. FHIR granular sensitive data segmentation. Appl Clin Inform 2025;16(01):156–166In press [DOI] [PMC free article] [PubMed] [Google Scholar]

[R61] 61.San Diego Health Connect. ONC LEAP Computable Consent Project. San Diego, CA; 2024. Accessed April 25, 2025 at: https://sdhealthconnect.github.io/leap/ [Google Scholar]

[R62] 62.Voronov A, Jafari M, Zhao L, et al. Pediatric consent on FHIR. Appl Clin Inform 2024;15(02):342–356 [DOI] [PMC free article] [PubMed] [Google Scholar]

[R63] 63.National Archives. Code of Federal Regulations. 45 C.F.R § 164.522. Health Insurance Portability and Accountability Act Privacy Rule. Rights to request privacy protection for protected health information. Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, § 164.522. 2013. Accessed April 25, 2025 at: https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164/subpart-E/section-164.522

[R64] 64.U.S. Department of Health and Human Services. HIPAA for individuals. Washington, DC; 2017. Accessed April 25, 2025 at: https://www.hhs.gov/hipaa/for-individuals/index.html [Google Scholar]

[R65] 65.U.S. Department of Health and Human Services. Summary of the HIPAA Privacy Rule. Washington, DC; 2022. Accessed April 25, 2025 at: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html [Google Scholar]

[R66] 66.U.S. Department of Health and Human Services. Under HIPAA, may an individual request that a covered entity restrict how it uses or discloses that individual’s protected health information (PHI)? Washington DC, 2022. Accessed April 25, 2025 at: https://www.hhs.gov/hipaa/for-professionals/faq/3026/under-hipaa-may-an-individual-request-that-a-covered-entity-restrict-how-it-uses-or-discloses-that-individuals-protect-health-information/index.html [Google Scholar]

PERMALINK

Patient-Driven Sharing of Health Information: A National Effort to Advance Equitable Interoperability

Hannah K Galvin

Jeff Coughlin

Marianne Sharko

Maria A Grando

Mohammad Jafari

Serena Mack

Abigail English

Carolyn Petersen

Abstract

Background and Significance