A Model for Expanded Public Health Reporting in the Context of HIPAA
- aDepartment of Biomedical Informatics, Columbia University, New York, NY
- bInstitute for Urban Family Health, New York, NY
- Correspondence: George Hripcsak, MD, MS, 622 W 168 Street, VC5, New York, NY 10032; e-mail: <hripcsak{at}columbia.edu>
- Received 14 July 2006
- Accepted 6 June 2008
Abstract
The advent of electronic medical records and health information exchange raise the possibility of expanding public health reporting to detect a broad range of clinical conditions and of monitoring the health of the public on a broad scale. Expanding public health reporting may require patient anonymity, matching records, re-identifying cases, and recording patient characteristics for localization. The privacy regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) provide several mechanisms for public health surveillance, including using laws and regulations, public health activities, de-identification, research waivers, and limited data sets, and in addition, surveillance may be distributed with aggregate reporting. The appropriateness of these approaches varies with the definition of what data may be included, the requirements of the minimum necessary standard, the accounting of disclosures, and the feasibility of the approach.
Footnotes
-
This work was supported by Centers for Disease Control and Prevention grant P01 HK000029 and National Library of Medicine grant R01 LM06910.
