Surveillance & PH Research

Question 1

Define Privacy.

Answer 1

“an individuals’ claim to limit access by
others to some aspect of her personal life.”

Question 2

Define Health Information Privacy.

Answer 2

“an individual’s claim to control the
circumstances in which personal health
information is collected, used, stored, and
transmitted.”

Question 3

Define Confidentiality.

Answer 3

“a form of health informal privacy that focuses on
the maintaining trust between two individuals
engaged in physician-patient relationship

Question 4

Define Security.

Answer 4

“the technological, organizational, and
administrative safety practices designed to protect
a data system against unwarranted disclosure,
modification, or destruction and to safeguard the
system itself.”

Question 5

What are the different levels of Identifiable Information?

Answer 5

– Personally identifiable
– Coded (linkable and un-linkable)
– Anonymous
• Decreasing risks to privacy interests
• Issue of Re-identifying data using multiple
databases

Question 6

What are some of the Ethical Foundations of Health
Information Privacy?

Answer 6

• Inherent dignity of individuals
• Intimate and potentially sensitive
information
• Maintain trust between health care/
public health workers and patient
• Prevent potential harms from disclosure

Question 7

What Supreme Court cases dealt with Consitutional Rights to Information Privacy?

Answer 7

Whalen v Roe, 1977 – Held, a narrow (non-fundamental)
constitutional right to privacy of health information exists.

US v. Westinghouse Electric Corp., 1980 - Held, 5 part flexible
balancing test to evaluate invasions of privacy against the
government’s interest.

Question 8

What is the 5 part Balancing Test established in Westinghouse evaluate invasions of privacy against the government’s interest?

Answer 8

1) the type of record and information;
2) the potential for harm in unauthorized disclosures;

3) the injury
from disclosure to the relationship in which the record was
generated,

4) the adequacy of safeguards to prevent non
consensual disclosure;

5) the degree of need for access.

Question 9

What is the Public Health Information Infrastructure?

Answer 9

“… the acquisition, use, retention, and transmission
of data about the population’s health that supports
the essential functions of the public health system.”

Question 10

What are some of the risks and benefits inherent to the PH Information Infrastructure?

Answer 10

Risks to privacy
– Disclosure of sensitive information can lead to
embarrassment, stigmatization, discrimination, loss of job or
benefits

Benefits
– Early detection of disease; tracking of injuries; allocate
resources; target interventions; evaluate effectiveness and
efficiency; educate policymakers; alter norms

Question 11

What are the major federal legislation regarding Informational Privacy?

Answer 11

Freedom of Information Act, FOIA (1966)

a federal statute that allows individuals to request access to federal agency records, except to the extent records are claimed as exempt from disclosure under one or more of the nine exemptions established by the Act.

Privacy Act of 1974

establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies

Health Insurance Portability and Accountability Act, HIPAA (1996)

provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.

Question 12

What is Public Health Surveillance?

Answer 12

the continual
watchfulness over the distribution and trends
of risk factors, injury, and disease in the
population through the systematic collection,
analysis, and interpretation of selected heath
data for use in the planning, implementation,
and evaluation of public health practice

Question 13

What is Reporting with regard to PH Surveillance?

Answer 13

Legislation authorizing or mandating (so, voluntary or mandatory)
physicians, laboratories, and other health
care institutions to report to local, state, or
national health authorities the occurrence of
specified illnesses, diagnoses, injuries, or
events

Question 14

What types of data are used in Reporting?

Answer 14

– Vital statistics
– Morbidity and mortality
– Nations healthinter4view survey
– National Health and Nutrition Examination Survey
(NHANES)
– National Electronic Injury Examination Survey
(NEISS)
– Disease or purpose specific
– Genetic databases

Question 15

What are some aspects of Connecticut-specific Reporting?

Answer 15

• Reportable diseases - 79 (+ or-)

– Category 1: report immediately by phone that day
– Category 2: report by mail within 12 hours

• Reportable laboratory findings, associated with ~59

diseases
– Some include specifics on drug resistance, type of testing,
numeric values of tests

• _ Possible indicators of bioterrorism (13 conditions)_

• Persons required to report
– physicians and person in charge of health care facility;
administrator of school or camp; mater of vessel or aircraft,
owners of businesses (handling food in any way);
morticians/funeral directors

Question 16

What are the 3 types of Partner Notification?

Answer 16

• Contact tracing – “… powers of public health
agencies to identify and locate sexual partners or
other contacts at risk of infection and to notify them of
their exposure”
• Duty to warn – “… power or duty of private health
care professionals to inform their patient’s sexual or
other partners of foreseeable risks”
• Right to know – “common law duty of infected
persons to disclose their serological status to a
sexual or other partner ..”

Question 17

3 approaches to Partner Notification

Answer 17

• Duty to Warn – liability for failing to warn (report
to health department) (few states)
• Power to Warn – discretion to warn, not liable for
breach of confidentiality, not liable for failing to
warn (most states)
• Prohibition against Warning – liable for any
disclosure without the patient’s permission (few
states)

Question 18

What **is ** public health research?!?

Answer 18

Research on the determinants and distribution of
diseases and conditions relevant to population health

“Systematic collection and analysis of identifiable
health data by a public health authority for the
purpose of generating knowledge that will primarily
benefit those beyond the participating community
who bear the risks of participation”

There is no “right” to conduct research!

Question 19

What is Public Health research not!?!

Answer 19

Activities that facilitate situation specific public
health activities (surveillance, outbreak investigations, contact
tracing, monitoring of health and safety issues)

What are these then?!?

Question 20

What is Public Health Practice?

Answer 20

– Broad powers to protect the public’s health
originate in the police power and are limited by
constitutional and statutory provisions

Question 21

How is PH research regulated?

Answer 21

Regulation at several levels:

– Ethical principles (Belmont Report)
– Federal regulations (IRBs, CFR, FDA)
– Court-ordered disclosures and certificates of
confidentiality

Question 22

Confidentiality: Explain the Duty to Protect

Answer 22

All states laws impose a common law duty on those who receive confidential information, not to disclose it without permission or other legal justification

Requires special relationship – like physician or health care worker and patient
And expectation of confidentiality

State statutes protect PH info and some HC info

Question 23

Confidentiality: Explain Right to Know

Answer 23

• “Persons who know they have an infectious
condition have a duty to protect their close
contacts or partners.”
• To disclose infection and get consent before
exposure, OR
• To refrain from (sex or needle sharing) that
could expose others
• Persons who fail to do so may be liable (tort)
or sometimes be susceptible to criminal
prosecution

Question 24

Confidentiality: Explain the Duty to Warn

Answer 24

• When a physician or health official knows that a patient poses a significant risk to a third party
• Conflict between confidentiality and duty to prevent harm others
• Tarasoff v Regents of Univ. of Calif., (1976)

– Held, a therapist could be liable for failing to warn
a woman of the patient’s intent to kill her
– Requires: 1) foresseability; 2) serious risk; and 3)
identifiable person at risk
– Has been applied to threats of violence, possible
infection, impact of medication

Question 25

What are the main privacy rules under HIPAA?

Answer 25

• Protects “protected health information” (PHI) in
whatever form
– “Individually identifiable health information in any form that
relates to the health or conditions of an individual or the
payment for health care”
• Held by “covered entities”
– Health care providers, health care clearinghouses, and
health plans
• Enumerates individual’s rights to protect, access,
and amend information

Question 26

What are the 3 levels of HIPAA protection?

Answer 26

• *Notice and consent** – use of information for treatment, payment, and healthcare operation
• *Authorization** – for less directly beneficial health uses, like research, marketing, etc. à requires more information to be given to patient
• *Exceptions (use/disclosure without consent)** – PH reporting, abuse injuries, judicial proceedings, law enforcement, etc. that allow public functions to continue unhindered

Question 27

5 Requirements under HIPAA?

Answer 27

• Transfer of minimum necessary info
• Training for anyone who comes into contact with PHI
• Notice to patients of privacy policies and how to access info
• Monitoring and reporting systems/officers within systems
• Civil and criminal penalties for violations

Question 28

What is the purpose of the Model State PH Information law?

Answer 28

To provide a model for states
seeking to balance protection of privacy
with collection and use of data for valid
public health purposes

Question 29

What are the requirements for state agencies under the Model State Public Health Information Law?

Answer 29

– Collect personally identifiable data only
when needed for valid public health
purpose;
– Primary use of data within the public health
system;
– Disclose outside the system only with
specific justification and provides penalties
for unauthorized disclosures
– Follow “fair information practices”