Author Affiliations: Centers for Disease Control and Prevention, Atlanta, Georgia (Dr Lee); and O’Neill Institute for National and Global Health Law, Georgetown University, Washington, DC (Mr Gostin).
Public health agencies at all levels—local, state, and federal—collect, store, and use personal health and behavior data to meet their legal obligation to identify and control health threats or evaluate and improve public health programs or services. The foundation for this collection of health data is public trust, which requires maintaining the privacy and security of sensitive information. Despite its critical importance, there is no national standard for safeguarding data held by public health agencies. Instead, privacy safeguards are fragmented across 50 states, creating uncertain and inconsistent privacy protection.1 During the 1990s, model laws were created to ensure uniform and strong privacy safeguards,2 but countrywide adoption has proved difficult. The US Congress is currently debating privacy standards for electronic medical records,3 but these reforms do not include public health records because they are effectively exempt from the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.4 It is now time to consider a national strategy for protecting public health data.
Lee LM, Gostin LO. Ethical Collection, Storage, and Use of Public Health DataA Proposal for a National Privacy Protection. JAMA. 2009;302(1):82–84. doi:10.1001/jama.2009.958