Community Data, Data Stewardship & Public Health

By Max Gakh, JD, MPH,  Partnership for Public Health Law, maxim.gakh@apha.org

Communities are seeking data as part of their public health work

community _ health dataChild Watch, in Pittsburgh, Pennsylvania, is launching a website with extensive data about the children of Allegheny County.  Website data will provide users with information about health, education, and demographics of the county’s youth.  The website is intended to function as a data clearinghouse, providing policymakers and partners with access to streamlined data.

Community partners like Child Watch are using local health information to address public health needs.  Protecting de-identified information is a core element of a new, national stewardship framework for the use of community health data.

Data stewardship principles to guide community work

Data access and use comes with responsibility.  Communities are rapidly learning how to be responsible stewards of data.  Data stewardship requires balancing the same considerations generally at issue in public health: the rights of individuals on one hand and the needs of the community on the other.

Data stewardship ensures responsible use, collection, analysis, and storage of data and information.  It also focuses on data accuracy and integrity.

On December 5, 2012, the National Committee on Vital and Health Statistics (NCVHS), which advises the U.S. Department of Health and Human Services (HHS) on health data and information policy, recommended to HHS a framework for data stewardship by communities using data to advance health.  As health data are disseminated for public use, the framework emphasizes cultivating trust and accountability.

Using public health department data for community health

Communities typically use local health data that do not identify individuals.  NCVHS’s data stewardship framework stresses the importance of protecting this type of “de-identified” data.  De-identified data is exempt from the HIPAA Privacy Rule and other privacy protections.

NCVHS expresses several concerns about communities that use de-identified data. One concern is that de-identified data may be used to re-identify specific persons by merging it with other sources of information.  Re-identification may be difficult or expensive and it may be hard to achieve in some parts of the country.  But if re-identified information is misused, it could threaten privacy and lead to economic or social difficulties for the identified individuals.

State laws governing disclosure of information by public health agencies

When providing data to communities, public health departments should recognize that determining whether data identify individuals may be difficult.  Yet this determination may control whether certain state legal provisions apply.

Research indicates that 25 states and Washington, D.C. explicitly prohibit disclosure of any personally identifiable information held by public health agencies except when clearly permitted by law.  Many of the other 25 states protect the disclosure of personally identifiable information related to specific diseases and through practice rather than legal provisions.

Public health departments that provide data to community partners should understand laws governing disclosure of personally identifiable information.  Ohio, for instance, prohibits state and local health departments and boards of health that receive “protected health information” from disclosing it.  “Protected health information” either directly reveals the identity of an individual or could be used to determine that identity.  It may be disclosed only for treatment, to ensure the information is accurate, under a search warrant or a subpoena related to a criminal investigation, or to address a threat to an individual or the public’s health.  Public health agencies in Ohio may also disclose de-identified information in aggregate or statistical forms.

Public health departments that encourage robust data stewardship systems and practices among community partners can ensure community trust by reducing the likelihood that properly disclosed aggregate information will be used to identify individuals.

Max Gakh is a Visiting Attorney with the Partnership for Public Health Law.  The Partnership is a collaboration of NACCHO, the American Public Health Association (APHA), the Association of State and Territorial Health Officials (ASTHO), and the National Association of Local Boards of Health (NALBOH).

Advertisements

One thought on “Community Data, Data Stewardship & Public Health

  1. joeepi

    The community data stewardship guidelines from NCVHS appear to be based on “Fair Information Practices” (FIP), with more developed guidance around community participation. FIPs evolved in th e 1970s, and are used in various forms around the world. FIPs themselves are valuable guidelines for data stewardship. They are described on pages 5 & 6 of http://www.isdsjournal.org/articles/6217.pdf . Another useful model is the Privacy Act of 1974, http://www.justice.gov/opcl/privstat.htm .

    Reply

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s