Journal of the American Medical Association | July 1, 2009Read the Publication
Public health agencies at all levels—local, state, and federal—collect, store, and use personal health and behavior data to meet their legal obligation to identify and control health threats or evaluate and improve public health programs or services. The foundation for this collection of health data is public trust, which requires maintaining the privacy and security of sensitive information. Despite its critical importance, there is no national standard for safeguarding data held by public health agencies. Instead, privacy safeguards are fragmented across 50 states, creating uncertain and inconsistent privacy protection.1 During the 1990s, model laws were created to ensure uniform and strong privacy safeguards,2 but countrywide adoption has proved difficult. The US Congress is currently debating privacy standards for electronic medical records,3 but these reforms do not include public health records because they are effectively exempt from the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.4 It is now time to consider a national strategy for protecting public health data.