Become a Member

Assessment of Current and Emerging Privacy Issues in Public Health Agencies


Significant amount of work has been done over the past five years to understand and document the impact of privacy laws on health care organizations, and in particular the impact that the HIPAA Privacy Rule has had on covered entities.

Less information is available about the effect that these and other regulations have had on public health and public health agencies, the data they collect, use and disclose, the services supported by these data, and the current and emerging privacy-related issues that state and local public health agencies face, as more information about the health of individuals and the community is captured, maintained and exchanged electronically through electronic health record systems (EHRS), personal health record systems (PHRS) and health information exchanges (HIEs).

Participation of public health agencies in the emerging Nationwide Health Information Network (NHIN) and in regional and local Health Information Exchanges (HIEs) is opening a new frontier of opportunities for more efficient and cost-effective ways to communicate electronically.  Yet, these same opportunities are bringing new privacy issues that affect how public health agencies participate in, and ultimately use HIEs and the NHIN to conduct the business of information exchange.

During 2008, the Consortium conducted an assessment of privacy practices and current and emerging issues as reported by a sample of privacy officers of state public health agencies across the country.  The purpose of the project was five-fold:

  1. identify and document health information privacy issues that state public health agencies faced in the past five-six years, since the implementation of HIPAA Privacy, and how they addressed them;
  2. identify and discuss ongoing health information privacy issues that agencies are currently facing, and how they are being addressed;
  3. document and discuss new health information privacy issues that agencies see coming, as more health information is expected to be collected, accessed, used and disclosed electronically, and how they see these issues might be addressed;
  4. identify and document health information privacy issues that agencies will face and that are associated with their participation in a regional exchange (RHIO) network or other health information exchange (HIE) network, and how they see these issues might be addressed; and
  5. identify and discuss multi-state and national issues related to health information privacy and public health and that agencies considered critical to be addressed, and how they see these issues might be addressed.

The project’s report is available here.