0
July 1, 2009, Vol 302, No. 1 >
Commentary | July 1, 2009

Ethical Collection, Storage, and Use of Public Health Data: Title and subTitle BreakA Proposal for a National Privacy Protection

Lisa M. Lee, PhD; Lawrence O. Gostin, JD
[+] Author Affiliations

Author Affiliations: Centers for Disease Control and Prevention, Atlanta, Georgia (Dr Lee); and O’Neill Institute for National and Global Health Law, Georgetown University, Washington, DC (Mr Gostin).


JAMA. 2009;302(1):82-84. doi:10.1001/jama.2009.958
Text Size: A A A
Published online
Article
References

Public health agencies at all levels—local, state, and federal—collect, store, and use personal health and behavior data to meet their legal obligation to identify and control health threats or evaluate and improve public health programs or services. The foundation for this collection of health data is public trust, which requires maintaining the privacy and security of sensitive information. Despite its critical importance, there is no national standard for safeguarding data held by public health agencies. Instead, privacy safeguards are fragmented across 50 states, creating uncertain and inconsistent privacy protection.1 During the 1990s, model laws were created to ensure uniform and strong privacy safeguards,2 but countrywide adoption has proved difficult. The US Congress is currently debating privacy standards for electronic medical records,3 but these reforms do not include public health records because they are effectively exempt from the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.4 It is now time to consider a national strategy for protecting public health data.

Public health agencies rely heavily on access to identifiable health information to accomplish their core functions of monitoring health threats and responding to injury, disease, and disability among populations (eg, surveillance, program evaluation, preparedness, and outbreak investigations). However, federal privacy law effectively exempts public health data held at local and state agencies.
The HIPAA Privacy Rule

The HIPAA Privacy Rule safeguards personally identifiable health information contained in health care records.5 However, the Privacy Rule permits unauthorized disclosures of protected health information to public health authorities for specified public health activities, including reporting (disease, injury, child abuse or neglect, vital statistics); surveillance, investigations, and interventions; activities under Food and Drug Administration jurisdiction (adverse events, product recalls, postmarketing surveillance); notification of persons at risk of communicable disease; and medical surveillance in the workplace. Consequently, the rule permits public health authorities to engage in the full range of public health activities authorized by state law. Additionally, although the Privacy Rule preempts state and local law in other venues, it expressly does not preempt state and local law for public health reporting, surveillance, investigation, or intervention.6

Federal Policy for the Protection of Human Subjects

Federal policy for the protection of human subjects, referred to as the Common Rule, safeguards privacy by requiring the consent of human research participants and ensuring ethical oversight.7 Intended for biomedical and behavioral research, the Common Rule also has been applied to public health research. Nevertheless, the distinction between “public health research” requiring Common Rule compliance and “public health practice” (which does not require regulatory compliance) has been highly challenging. Routine public health activities such as surveillance, program evaluations, and outbreak investigations often have characteristics similar to research. However, they are an essential part of a state's historic and constitutional police powers.8 Consequently, public health advocates have argued convincingly that public health practice activities be exempt from the Common Rule.9

To maintain the public's trust, fundamental reform is essential to safeguard the privacy of all data held by public health agencies, regardless of whether the activity is classified as research or practice. These data protections should be consistent with effective and flexible public health action. Although public health professionals have a good track record of safeguarding sensitive information, the privacy and security risks will increase with the rapid changes in technology and calls for more accountability and transparency about how data are handled.10 The ease with which data are stored, matched, and shared electronically could mean more opportunities for inadvertent or malevolent releases of personally identifiable data. Vulnerabilities in data security, ranging from physical and electronic breaches to sanitizing and disposing electronic devices no longer in use, raise critical concerns for all public health programs.

Based on a review of existing guidance on data use from internal Centers for Disease Control and Prevention programs, ideas from the model legislation developed in the 1990s,2 and related work,11 we propose the following ethical guidelines for the collection, storage, and use of public health data, with application across the public health enterprise—at the local, state, tribal, and federal levels, across categorical programs, and in accordance with key public health values.12 In particular, the guidelines should include the values of interdependence (data uses and disclosures have unanticipated effects on others), ethical oversight (independent review of privacy and security procedures), and scientific evidence (the best evidence should support all public health data acquisition and use). In addition to existing applicable legal requirements, this ethical guidance should cover data from the moment they enter the public health arena at the smallest local jurisdiction and apply through the life of the data, regardless of level at which the data finally reside.

  1. Legitimate public health purposes. Public health data should be acquired, used, disclosed, and stored only for legitimate public health purposes. A “legitimate public health purpose” can be defined as a population-based activity or individual effort aimed to prevent injury, disease, or premature mortality, or promote health in the community, including assessing health needs and status of a community through public health surveillance and research, developing public health policy, and responding to public health emergencies. Public health purposes can include analysis and evaluation of public health programs.

  2. Minimum information necessary. Public health data collections should include only the minimum personally identifiable information reasonably necessary to conduct public health activities. Before implementing data collections, public health practitioners should specify minimum data elements and consider whether collection of identifiable data is necessary to achieve the intended public health goals.

  3. Privacy and security standards. Public health agencies should have strong policies and practices in place to protect the privacy and security of personally identifiable data. Appointing a privacy officer, for example, to ensure effective implementation of standards would be appropriate. The privacy officer should carefully investigate and take necessary corrective action in the event of any potential or actual breaches in privacy or security.

  4. The rights of individuals and communities. Public health policies for data collection and use should reflect respect for rights of individuals and community groups and minimize undue burden. When the use or release of identifiable data could adversely affect an individual, a community group, or both, they should be given appropriate notice and opportunity to provide input into the decision.

  5. Data quality. Public health agencies should have policies and procedures to ensure data quality. Evaluations of data quality should occur during collection, management and storage, analysis, and use to ensure sufficiently accurate and valid data. Having data quality mechanisms in place is critical for justifying public health policies and actions that are objective and evidence-based.

  6. Data dissemination to relevant stakeholders. Public health agencies have the obligation to act transparently and to inform relevant constituencies about how data are collected and used, and for what purpose. Policies should be developed that provide for dissemination of nonidentifiable summary data to stakeholders and the public. Aggregate, population-level data should be released in a way that minimizes the imposition of new burdens, especially in vulnerable populations.

  7. Data use agreements. Identifiable data should be shared only for legitimate public health purposes. Agencies should institute data use agreements to define the intent, scope, specific data shared, and provisions for securing data when identifiable data are shared.

  8. Security measures. Public health data must be held securely whether in paper or electronic form. Paper records should be maintained in a physically secure environment. Electronic records should be protected through security devices such as sign-on passwords, encryption, and audit trails. Data maintained in both paper and electronic format must be physically secured when transported and stored.

  9. Minimum number of individuals and entities granted access. Personally identifiable health data in any form should be held in as few data repositories as possible, with the fewest possible number of individuals or entities permitted access.

  10. Stewardship and trust. Public health authorities should be active, responsible stewards of public health data. Active data stewardship involves developing proactive policies, practices, and training to ensure appropriate collection, storage, and use of public health data. Persons authorized to access data are ultimately responsible for ensuring security, privacy, and appropriate use of data consistent with these guidelines.

To ensure this formal guidance moves beyond ethical considerations to an action-oriented approach, each guideline will require further specification. This might take the form of minimum expectations for program functioning in a particular area and possible ways to meet these expectations. The ultimate goal is to guide the public health practitioner at each level to determine a course of action in a given situation. Engaging the public health community in the development of these guidelines is critical. As policy makers seek uniform ethical oversight of medical practice and research information,4 data held by public health officials will soon be considered in need of similar protections.

Adopting standard, consistent ethical guidelines for data security and privacy across the public health infrastructure will safeguard not only data, but also the public's trust in the nation's public health enterprise.

Corresponding Author: Lawrence O. Gostin, JD, Georgetown University Law Center, 600 New Jersey Ave NW, Washington, DC 20001 (gostin@law.georgetown.edu).

Financial Disclosures: None reported.

Additional Contributions: Patricia Sweeney, MPH (Centers for Disease Control and Prevention, Atlanta, Georgia), contributed to the preparation and review of this article. No compensation was received other than federal salary.
1 +
Gostin LO, Lazzarini Z, Neslund VS, Osterholm MT. The public health information infrastructure: a national review of the law on health information privacy.  JAMA. 1996;275(24):1921-1927
PubMedCrossRef
2 +
The Turning Point Public Health Statute Modernization National Excellence Collaborative.  The Turning Point Model State Public Health Act: A Tool for Assessing Public Health Laws. http://www.turningpointprogram.org/Pages/pdfs/statute_mod/MSPHAfinal.pdf. Accessed February 2, 2009
3 +
Committee on Health Research and the Privacy of Health Information.  The HIPAA Privacy Rule, Institute of Medicine (U.S.): Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research. Washington, DC: National Academies Press; 2009
4 +
Gostin LO, Nass S. Reforming the HIPAA Privacy Rule: safeguarding privacy and promoting research.  JAMA. 2009;301(13):1373-1375
PubMedCrossRef
5 +
 Standards for Privacy of Individually Identifiable Health Information: Final Rule. 45 CFR §160, 164 (2006) 
6 +
 Standards for Privacy of Individually Identifiable Health Information: Final Rule. General Administrative Requirements, General Rule and Exceptions. 45 CFR §160.203(c) 
7 +
 Federal Policy for the Protection of Human Subjects. 45 CFR §46 (1979, 2005) 
8 +
Gostin LO. Jacobson v Massachusetts at 100 years: police power and civil liberties in tension.  Am J Public Health. 2005;95(4):576-581
PubMedCrossRef
9 +
Hodge JG Jr, Gostin LO. CSTE Advisory Committee. Public health practice vs research: a report for public health practitioners including cases and guidance for making distinctions (May 24, 2004). http://www.publichealthlaw.net. Accessed May 26, 2009
10 +
White House Web site.  Memorandum for the Heads of Executive Departments and Agencies, Subject: Scientific Integrity. http://www.whitehouse.gov/the_press_office/Memorandum-for-the-Heads-of-Executive-Departments-and-Agencies-3-9-09/. Updated March 9, 2009. Accessed May 11, 2009
11 +
Fairchild AL, Gable L, Gostin LO, Bayer R, Sweeney P, Janssen RS. Public goods, private data: HIV and the history, ethics, and uses of identifiable public health information.  Public Health Rep. 2007;122(suppl 1)  7-15
PubMed
12 +
Public Health Leadership Society.  Principles of the Ethical Practice of Public Health, Version 2.2, 2002. http://phls.org/CMSuploads/Principles-of-the-Ethical-Practice-of-PH-Version-2.2-68496.pdf. Accessed March 30, 2009

First Page Preview

First page PDF preview

Figures

Tables

Interactive Graphics

Video

Country-Specific Mortality and Growth Failure in Infancy and Yound Children and Association With Material Stature

Use interactive graphics and maps to view and sort country-specific infant and early dhildhood mortality and growth failure data and their association with maternal

1 +
Gostin LO, Lazzarini Z, Neslund VS, Osterholm MT. The public health information infrastructure: a national review of the law on health information privacy.  JAMA. 1996;275(24):1921-1927
PubMedCrossRef
2 +
The Turning Point Public Health Statute Modernization National Excellence Collaborative.  The Turning Point Model State Public Health Act: A Tool for Assessing Public Health Laws. http://www.turningpointprogram.org/Pages/pdfs/statute_mod/MSPHAfinal.pdf. Accessed February 2, 2009
3 +
Committee on Health Research and the Privacy of Health Information.  The HIPAA Privacy Rule, Institute of Medicine (U.S.): Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research. Washington, DC: National Academies Press; 2009
4 +
Gostin LO, Nass S. Reforming the HIPAA Privacy Rule: safeguarding privacy and promoting research.  JAMA. 2009;301(13):1373-1375
PubMedCrossRef
5 +
 Standards for Privacy of Individually Identifiable Health Information: Final Rule. 45 CFR §160, 164 (2006) 
6 +
 Standards for Privacy of Individually Identifiable Health Information: Final Rule. General Administrative Requirements, General Rule and Exceptions. 45 CFR §160.203(c) 
7 +
 Federal Policy for the Protection of Human Subjects. 45 CFR §46 (1979, 2005) 
8 +
Gostin LO. Jacobson v Massachusetts at 100 years: police power and civil liberties in tension.  Am J Public Health. 2005;95(4):576-581
PubMedCrossRef
9 +
Hodge JG Jr, Gostin LO. CSTE Advisory Committee. Public health practice vs research: a report for public health practitioners including cases and guidance for making distinctions (May 24, 2004). http://www.publichealthlaw.net. Accessed May 26, 2009
10 +
White House Web site.  Memorandum for the Heads of Executive Departments and Agencies, Subject: Scientific Integrity. http://www.whitehouse.gov/the_press_office/Memorandum-for-the-Heads-of-Executive-Departments-and-Agencies-3-9-09/. Updated March 9, 2009. Accessed May 11, 2009
11 +
Fairchild AL, Gable L, Gostin LO, Bayer R, Sweeney P, Janssen RS. Public goods, private data: HIV and the history, ethics, and uses of identifiable public health information.  Public Health Rep. 2007;122(suppl 1)  7-15
PubMed
12 +
Public Health Leadership Society.  Principles of the Ethical Practice of Public Health, Version 2.2, 2002. http://phls.org/CMSuploads/Principles-of-the-Ethical-Practice-of-PH-Version-2.2-68496.pdf. Accessed March 30, 2009

Letters

Submit a Letter
CME Course for:


You need to register in order to view this quiz.


To understand the clinical management of acute heart failure syndromes.
Accreditation Information The American Medical Association is accredited by the Accreditation Council for Continuing Medical Education to provide continuing medical education for physicians.
The AMA designates this journal-based CME activity for a maximum of 1 AMA PRA Category 1 CreditTM per course. Physicians should claim only the credit commensurate with the extent of their participation in the activity.
Physicians who complete the CME course and score at least 80% correct on the quiz are eligible for AMA PRA Category 1 CreditTM.
Note: You must get at least of the answers correct to pass this quiz.
Note: You must get at least of the answers correct to pass this quiz.
You have not filled in all the answers to complete this quiz
The following questions were not answered:
Sorry, you have unsuccessfully completed this CME quiz with a score of
The following questions were not answered correctly:
For CME Course: A Proposed Model for Initial Assessment and Management of Acute Heart Failure Syndromes
Indicate what changes(s) you will implement in your practice, if any, based on this CME course.
To view and print your certificate and access a summary of your CME courses go to My CME.
NOTE:
Citing articles are presented as examples only. In non-demo SCM6 implementation, integration with CrossRef’s “Cited By” API will populate this tab (http://www.crossref.org/citedby.html).
Compression-Only CPR: Pushing the Science Forward
Cone
AAM 2010;304:1493-1495.
All you need to read in the other general journals
BMJ 2010;341:c5893-c1494.
Submit a Response

Some tools below are only available to our subscribers or users with an online account.

Related Content

Customize your page view by dragging & repositioning the boxes below.

See Also...
Commentary
Building Bridges Between Medical Care and Public Health
JAMA. 2009;302(1):84-86.
Commentary
The Case for Public Ownership of Patient Data
JAMA. 2009;302(1):86-88.
Articles Related By Topic
Rigorous Evidence Slim for Determining Health Risks From Natural Gas Fracking
JAMA. 2012;307(20):2135-2136. doi:10.1001/jama.2012.3726.
“Doc Fix” Saves Medicare Payments Again But Takes the Funds From Public Health
JAMA. 2012;307(17):1787-1788. doi:10.1001/jama.2012.3724.
The Debut of Dueling Viewpoints
JAMA. 2012;307(14):1532-1532. doi:10.1001/jama.2012.432.
Medical Reserves Answer Call to Service
JAMA. 2012;307(13):1354-1355. doi:10.1001/jama.2012.369.
Seventh International Congress on Peer Review and Biomedical Publication, September 2013—Call for Research
JAMA. 2012;307(7):726-727. doi:10.1001/jama.2012.150.
Related Topics
PubMed Articles
Addressing the ethical, policy, and social challenges of preclinical Alzheimer disease.
Neurology. 2011 Oct 1177(15):1487-93.doi:10.1212/WNL.0b013e318232ac1a.
Ethical aspects of human biobanks: a systematic review.
Croat Med J. 2011 Jun52(3):262-79.
© 2012 American Medical Association. All Rights Reserved.
Powered bySilverchair Information Systems