Personally Identifiable Information in State Laws: Use, Release, and Collaboration at Health Departments
Despite benefits to sharing data among public health programs, confidentiality laws are often presumed to obstruct collaboration or data sharing. We present an overview of the use and release of confidential, personally identifiable information as consistent with public health interests and identify opportunities to align data-sharing procedures with use and release provisions in state laws to improve program outcomes.
In August 2013, Centers for Disease Control and Prevention staff and legal researchers from the National Nurse-Led Care Consortium conducted a review of state laws regulating state and local health departments in 50 states and the District of Columbia. Nearly all states and the District of Columbia employ provisions for the general use and release of personally identifiable information without patient consent; disease-specific use or release provisions vary by state. Absence of law regarding use and release provisions was noted.
Health departments should assess existing state laws to determine whether the use or release of personally identifiable information is permitted. Absence of direction should not prevent data sharing but prompt an analysis of existing provisions in confidentiality laws.