Specially Regulated Data

Suggest Edits

Zus uses the term "specially regulated data" to refer to that subset of PHI that may require specific patient consent in order to be shared among providers (e.g., HIV status, psychotherapy notes, substance use, mental health facility information). Data may be specially regulated at the US state level and/or at the federal level.

When writing data to Zus, builders have the option to add a security label marking it as “R” for “Restricted” or “V” for “Very Restricted.”

Restricted tag example:

"meta": {
    "security": [
        {
            "system": "http://terminology.hl7.org/CodeSystem/v3-Confidentiality",
            "code": "R",	
            "display": "Restricted"
        }
    ]
}

Any resources tagged as restricted in this way are withheld when Zus responds to inbound requests from CommonWell and Carequality on your behalf.

HIV data

Zus proactively labels all resources that may contain data relating to an HIV test, diagnosis, or medication, including data ingested from our data partners. We evaluate and label the following resource types:

  • Condition
  • MedicationRequest
  • MedicationStatement
  • MedicationDispense
  • MedicationAdministration
  • Observation
  • DiagnosticReport
  • Procedure

The Zus platform will apply the following HIV label to all resources that meet our evaluation criteria. In addition, HIV-labeled resources that are written by builders will automatically receive the Restricted label and be withheld from responses to CommonWell and Carequality.

"meta": {
    "security": [
        {
          system: "https://zusapi.com/speciallyregulated",
          code:   "HIV"
        }
    ]
}

Other categories of specially regulated data

There are three other categories of specially regulated data that Zus does not automatically tag, but can support:

  1. Psychotherapy notes: This regulation refers to the personal notes of a therapist or counselor. These are separate from the core clinical record (EHR). Customers creating such notes and writing them to the ZAP should take care to tag them with the "R" tag appropriately.
  2. Mental health facility: Certain state laws prohibit sharing records created by a mental health facility. Zus will evaluate if a customer qualifies as a “mental health facility” as part of sales due diligence, and restrict from sharing accordingly.
  3. Substance use facility: Provider organizations that are part of Part 2 Covered Programs should not have any data shared without special consent. Zus will evaluate if a customer qualifies as a “Part 2 Covered Programs” as part of sales due diligence, and restrict from sharing.

Updated 6 months ago