Hostname: page-component-745bb68f8f-hvd4g Total loading time: 0 Render date: 2025-01-11T12:49:57.001Z Has data issue: false hasContentIssue false
  • English
  • Français

Is Sharing De-Identified Data Legal? The State of Public Health Confidentiality Laws and Their Interplay with Statistical Disclosure Limitation Techniques

Published online by Cambridge University Press:  01 January 2021

Victor Richardson ,
Sallie Milam  and
Denise Chrysler
Get access Rights & Permissions [Opens in a new window]

Extract

The diversity of state confidentiality laws governing public health data presents a significant challenge for public health initiatives. This challenge is further complicated by the array of confidentially laws that are relevant within a state as disclosure and usage standards vary depending upon data holder, type, and source. These laws often have not been updated to address modern confidentiality risks such as unlawful data linkage or breach, leaving many public health organizations without clear guidance in the contentious area of individual privacy. To address these challenges, public health organizations have increasingly turned to the science of de-identification, but whether de-identification adequately meets the many and varied state confidentiality legal requirements remains an unanswered question.

Type
JLME Supplement
Information
Journal of Law, Medicine & Ethics , Volume 43 , Issue S1 , Spring 2015 , pp. 83 - 86
Copyright
Copyright © American Society of Law, Medicine and Ethics 2015

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Ware, J. M., “Public Health Departments and State Patient Confidentiality Laws Map, Law Atlas: The Policy Surveillance Portal,” available at <http://lawatlas.org/query?dataset=public-health-departments-and-state-patient-confidentiality-laws#.VEqz-vnF98F> (last visited February 5, 2015).+(last+visited+February+5,+2015).>Google Scholar
See, e.g., Ohm, P., “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization,” University California Los Angeles Law Review 57, no. 6 (2010): 17011777.Google Scholar
See, e.g., American Statistical Association: Committee on Privacy and Confidentiality, Key Terms/Definitions (2011), available at <http://community.amstat.org/CPC/AboutUs/KeyTermsDefinitions> (last visited February 5, 2015).+(last+visited+February+5,+2015).>Google Scholar
Ciriani, V. et al., “Microdata Protection,” in Yu, Ting Jajodia, Sushil, eds., Secure Data Management in Decentralized Systems (Springer, 2007): At 291321, available at <http://spdp.di.unimi.it/papers/microdata.pdf> (last visited February 5, 2015).CrossRefGoogle Scholar
Guidance Regarding Methods for De-identificaiton of Protected Health Information in Accordance with the Health Insurance Portability and Accountability (HIPAA) Privacy Rule, Department of Health and Human Services: Understanding HIPAA, available at <http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/guidance.html> (last visited February 5, 2015) [hereinafter cited as De-identification in Accordance with HIPAA].+(last+visited+February+5,+2015)+[hereinafter+cited+as+De-identification+in+Accordance+with+HIPAA].>Google Scholar
Center for Disease Control and Prevention, “HIPAA Privacy Rule and Public Health: Guidance from CDC and the U.S. Department of Health and Human Services,” April 11, 2003, at <http://www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm> (last visited February 5, 2015).+(last+visited+February+5,+2015).>Google Scholar
Cavoukian, A. Emam, K. E., Dispelling the Myths Surrounding De-identification: Anonymization Remains a Strong Tool for Protecting Privacy (June 16, 2011), Discussion Papers, Information and Privacy Commissioner of Ontario, available at <http://www.ipc.on.ca/images/Resources/anonymization.pdf> (last visited February 5, 2015).+(last+visited+February+5,+2015).>Google Scholar
De-identification in Accordance with HIPAA, supra note 5; Ciriani, et al., supra note 4.Google Scholar
Id. (De-identification in Accordance with HIPAA).Google Scholar
See Ohm, , supra note 2.Google Scholar
Sweeney, L., Simple Demographics Often Identify People Uniquely, Data Privacy, Carnegie Mellon University, Working Paper 3, Pittsburgh (2000), available at <http://dataprivacylab.org/projects/identifiability/paper1.pdf> (last visited February 5, 2015).Google Scholar
Golle, P., Revisiting the Uniqueness of Simple Demographics in the US Population, paper presentation at the 5th ACM Workshop on Privacy in Electronic Society, ACM, New York, New York, United States, 2006, available at <http://crypto.stanford.edu/~pgolle/papers/census.pdf> (last visited February 5, 2015).CrossRefGoogle Scholar
See Cavoukian, , supra note 7.Google Scholar
See Sweeney, , supra note 11.Google Scholar
National Committee on Vital and Health Statistics, Enhanced Protections for Uses of Health Data: A Stewardship Framework for ‘Secondary Uses’ of Electronically Collected and Transmitted Health Data, Report to the Secretary of the U.S. Department of Health and Human Services (December, 19, 2007), available at <http://www.ncvhs.hhs.gov/071221lt.pdf> (last visited February 5, 2015).+(last+visited+February+5,+2015).>Google Scholar
See Cavoukian, Emam, , supra note 7.Google Scholar
Southern Illinoisan v. Illinois Dep't of Public Health, 844 N.E.2d 1 (Ill. 2006).Google Scholar
Marine Shale Processors, Inc. v. State of Louisiana Dep't of Health, 572 So. 2d 280 (La. App. 1 Cir. 1990).Google Scholar
Williams Law Firm v. Board of Supervisors, 878 So. 2d 557 (La. App. 1 Cir. 2004).Google Scholar