Data Release Policies: Balancing Data Sharing with Privacy and Confidentiality

BACKGROUND: Public health programs rely on data; with technological advances vast amounts of patient-level data are generated and readily accessible. Public health work requires data sharing for timely policy implementation. The Health Information Portability and Accountability Act (HIPAA) specifies rules for handling patients’ protected health information (PHI). These rules are often unclear for public health agencies which play both roles of covered and non-covered entities. To balance data sharing and the need for privacy, data sharing parameters must be standardized. Yasnoff et al. (2001) recommends developing regulations and policies that protect individual and community-level privacy, developing policies for cross-jurisdictional exchange of data, and requiring all public health data systems to have a stated purpose, privacy board and confidentiality agreements. To address these issues, the Kentucky Department for Public Health is implementing a data release policy to streamline data sharing while ensuring confidentiality, privacy and security.

METHODS: Data release scenarios were categorized into data for public health and non-public health uses, surveillance and survey data, and aggregate and non-aggregate data. Data was also classified based on the presence or absence of personal identifiers, or counts and rates. Criteria for data release were defined as either minimum or strict. Analyses and comparison of data needs across programs and jurisdictions were made. Totals, counts per cell, presence of personal identifiers, requesting agency and population-based parameters were used to set the release criteria. Rules that ensure reliability of reports were also instituted.

RESULTS:   A draft data release policy document in the testing phase was produced with algorithms outlining data release protocols under differing scenarios. Presentation of data release algorithms and decision trees ease utilization of the policy document. Algorithms will be illustrated in the presentation using conceptual models and workflows. Data release is dependent on data type and populations under consideration.

CONCLUSIONS: Implementing policies that are acceptable across programs is challenging as different programs have varying security procedures. Data release policies should not limit access to data but should protect data and ensure access only by authorized persons. Where small numbers prone to re-identification exist, data suppression rules can be applied and may be variable depending on the uses of the data. Data users need straightforward data use policies with algorithms and work flows outlining the conditions for releasing or withholding information. Data release policies must be periodically reviewed to keep up with current policies and data sharing needs.