Abstract
Health information is created in many different healthcare contexts and is used, released, and exchanged for many different purposes. Each use, release, and exchange of health information is governed by laws, including both statutes and regulations at the federal, state, tribal, local, and territorial levels. Health and public health data have a life cycle that extends from creation to destruction, and the privacy and confidentiality laws that govern the data change as they move through their life cycles. The federal government has promulgated a variety of statutes and regulations that protect health information created and held in a clinical healthcare setting, dictate what a particular actor may do with health information, and create privacy and confidentiality requirements for health information about a particular disease or condition. Many states, territories, and localities have laws requiring healthcare providers and facilities to maintain confidentiality of health information collected from individuals seeking care for physical, mental, or behavioral health. Additional protections are afforded to “sensitive” health information, such as behavioral health information or sexually transmitted disease diagnoses. Many federal and state privacy and confidentiality laws provide exceptions for public health activities and other actions taken under the umbrella of health department authority; however, jurisdictions may also require that a public health agency maintain privacy and confidentiality of any health information collected for such activities. In addition to legal privacy and confidentiality requirements, ensuring the ethical use of data is also an issue of paramount importance in public health.
This chapter was co-authored by researchers in the Public Health Law Program (PHLP) in the Center for State, Tribal, Local, and Territorial Support at the US Centers for Disease Control and Prevention (CDC). The findings and conclusions in this chapter are those of the authors and do not necessarily represent the official views of CDC. For further information, please contact PHLP at phlawprogram@cdc.gov.
The authors thank Brianne Yassine, MPH, CHES, Cherokee Nation Assurance contractor for the CDC Public Health Law Program for her assistance with adult education principles and graphic design for the Health Data Life Cycle.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Michener JL. The practical playbook II: building multisector partnerships that work. Oxford: Oxford University Press; 2019.
Elliott S. Privacy and pandemic flu guide. Arlington: ASTHO; 2007.
Schmit C, Kelly K, Bernstein J. Cross sector data sharing: necessity, challenge, and hope. J Law Med Ethics. 2019;47:83–6. https://doi.org/10.1177/1073110519857325.
42 U.S.C. § 1320d et al.
45 C.F.R. Parts 160 and 164
45 C.F.R. § 164.512
42 U.S. Code § 1320d–7
5 U.S.C. § 552a
45 C.F.R. Part 5b
5 U.S. Code § 552a(b)
Department of Health and Human Services. HHS System of Records Notices (SORNs). HHS.gov. 2017. https://www.hhs.gov/foia/privacy/sorns/index.html. Accessed 6 Sep 2019.
42 U.S.C. § 290dd- 2
Brooks MK. Protecting clients’ privacy. In: Substance abuse treatment for persons with child abuse and neglect issues. Rockville: Substance Abuse and Mental Health Services Administration; 2000.
42 C.F.R. Part 2
The President’s commission on combating drug addiction and The Opioid Crisis 2017 Meeting Minutes. 2017.
Department of Health and Human Services. Confidentiality of substance use disorder patient records. 2017.
Pub.L. 111–5
21st Century Cures Act, 42 USC § 300jj(9)
21st Century Cures Act, 42 USC § 300jj
Black JR, Hulkower RL, Ramanathan T. Health information blocking: responses under the 21st Century Cures Act. Public Health Rep. 2018;133:610–3. https://doi.org/10.1177/0033354918791544.
84 FR 7424, 7602-03
Office of the National Coordinator for Health Information Technology 21st Century Cures Act: interoperability, information blocking, and the ONC health IT certification program proposed rule seven exceptions to the information blocking provision.
Federal laws that protect VHA data and Limit disclosure The HIPAA Privacy Rule The Privacy Act.
5 U.S.C. § 552
38 U.S.C. § 5701
38 C.F.R. §§ 1.500-1.527
38 U.S.C. § 5705
38 C.F.R. §§ 17.500-17.511
38 U.S.C. § 7332
38 C.F.R. §§ 1.460-1.499
20 U.S.C. § 1232g
34 C.F.R. Part 99
20 U.S.C. § 1400
34 C.F.R. Parts 300 and 303
20 U.S.C. § 1092b
34 C.F.R. Part 5b
20 U.S.C. § 1232h
34 C.F.R. Part 98
44 U.S.C. § 3501 Note Sec. 501, et al.
7 U.S.C. Ch. 51
7 C.F.R. § 272.1
7 U.S.C. § 2018
7 C.F.R. § 246.26
42 U.S.C. § 1758(b)(6)
7 C.F.R. §§ 226.2, 226.23
7 C.F.R. §§ 245.2, 245.6
7 C.F.R. §§ 215.2, 215.13a, 245.6
42 U.S.C. Ch. 6A, Subch. VIII
42 C.F.R Part 59, Subpart A
42 U.S.C. § 11360a
24 C.F.R. §§ 578.7, 578.57, 578.103
Department of Housing and Urban Development. Department of Housing and Urban Development Homeless Management Information Systems (HMIS); Data and Technical Standards Final Notice. 2004.
Schmit C, Sunshine G, Pepin D, et al. Transitioning from paper to digital: state statutory and regulatory frameworks for health information technology. Public Health Rep. 2017;132:585–92. https://doi.org/10.1177/0033354917722994.
410 ILCS 535/2-3
HAW. REV. STAT § 92F-14
MT ST 50-16-529, 530
RI ST § 5-37.7-4
RI ST § 5-37.7-7
W. Va. Code St. R. § 65-28-5
42 C.F.R. § 431.301
42 C.F.R. § 431.305
42 C.F.R. § 431.306
NY PUB HEALTH § 2782
NY PUB HEALTH § 2782(d), (g)
Ala. Code § 22-11A-22
AS §18.13.010 et seq.
AS §18.13.010
AS §18.13.020
AS §18.13.030
AK ST § 18.13.010
UT ST § 26-6-6
UT ST § 26-6-27
AL ST § 22-13-33
Mont. Code Ann. § 50-16-603
105 Mass. Code Regs. 300.120
GDPR Articles 5 (1)(b), 89(1)
GDPR Article 6 (2),(3)
Solove D, Hartzog W. The FTC and the new common law of privacy. Colum L Rev. 2014;891:893–6.
World Health Organization. International health regulations (2005). 2nd ed. Geneva: WHO; 2005.
IHR, Art. 45(1)
Federal Policy for the Protection of Human Subjects. Fed Regist 82. 2017.
National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research. The Belmont report. 1979.
World Health Organization. WHO guidelines on ethical issues in public health surveillance. Geneva: WHO; 2017.
Frakt AB, Bagley N. Protection or harm? Suppressing substance-use data. N Engl J Med. 2015;372:1879–81. https://doi.org/10.1056/NEJMp1501362.
Home Office, National Health Service, Department of Health. Memorandum of understanding between the home office, NHS digital and the Department of Health. 2017.
Lefkowitz PM. Why America needs a thoughtful federal privacy law. New York Times. 2019. Available from https://www.nytimes.com/2019/06/25/opinion/congress-privacy-law.html.
Center for Democracy & Technology. Federal Privacy Legislation. 2019. Available from https://cdt.org/campaign/federal-privacy-legislation/.
Peterson T. Circling closer to a federal privacy law, Congress has introduced 7 privacy bills this year. Digiday. 2019. Available from https://digiday.com/marketing/cheatsheet-know-7-privacy-bills-congress-introduced-year/.
Savage CW. Federal Privacy Legislation – dead, or just resting? Davis Wright Tremaine LLP. 2019. Available from https://www.dwt.com/blogs/privacy%2D%2Dsecurity-law-blog/2019/09/federal-privacy-law-updates.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 This is a U.S. government work and not under copyright protection in the U.S.; foreign copyright protection may apply
About this chapter
Cite this chapter
Hulkower, R., Penn, M., Schmit, C. (2020). Privacy and Confidentiality of Public Health Information. In: Magnuson, J., Dixon, B. (eds) Public Health Informatics and Information Systems . Health Informatics. Springer, Cham. https://doi.org/10.1007/978-3-030-41215-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-41215-9_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41214-2
Online ISBN: 978-3-030-41215-9
eBook Packages: MedicineMedicine (R0)