Lab Matters Winter 2021 | Page 8

FEATURE
Each of the public health labs have to also worry about whatever their state data privacy laws require . HIPAA sets the floor , and states can certainly build on top of that , and a number of states have done just that . How those data need to be handled once they ’ re at the public health lab will depend on a variety of things , not the least of which is what the law requires .”
Troy Willitt , JD , MPA
safeguard patient data ,” she explains , “ and then you need the processes in the laboratory , you need the policies at the state , but you also have to make sure you ’ re complying with regulations , whether they be state or federal .”
Federalization of Public Health Data
All of this became even more complicated when COVID-19 hit US shores . The Coronavirus Aid , Relief , and Economic Security ( CARES ) Act in March 2020 required , for the first time , federalization of public health data . The law requires “ every laboratory that performs or analyzes a test that is intended to detect SARS-CoV-2 or to diagnose a possible case of COVID-19 ” to report those results to the US Department of Health and Human Services ( HHS ), specifically the US Centers for Disease Control and Prevention ( CDC ).
APHL responded quickly to the requirement , modifying its existing APHL Informatics Messaging Services ( AIMS ) platform — which allows public health agencies to securely share data electronically — so agencies could send required COVID-19 test results to CDC .
However , CDC wants not only data on positive COVID-19 tests but also negative and indeterminant test results . “ There is a lot of information being collected , and all data has to be reported ,” Meigs says . “ So in the end , it is just sheer volume and it ’ s crazy .”
Public health laboratories must first report each COVID-19 test result , along with certain patient information , to their state public health department . Then the laboratories must de-identify the data before sending it to CDC .
To add to the workload , public health laboratories may receive too little or too much patient information from health care providers . Too little information requires public health laboratory professionals to track down the information required to be reported . Too much information — which may also be sent via unsecure email or fax — brings up data privacy issues . These challenges became more pronounced as COVID-19 testing ramped up and the pandemic worsened last fall and winter .
Expansion of Concerns
In 2021 , data privacy and security concerns will likely reach beyond public health laboratory testing , as states develop vaccination rollout plans and as at-home testing expands . Already , the public has been worried about sharing personal data through COVID-19 contact tracing apps . Addressing one such concern , the American Civil Liberties Union has called upon states to ensure police and immigration enforcement do not have access to contact tracing or any personal health information .
A June 2020 Amnesty International report cited Norway , Bahrain and Kuwait as having some of the most invasive contact tracing apps . Norway halted its app ’ s use after Amnesty pointed out the app violated privacy by using GPS to share real-time user location information with a government database .
During the pandemic , Google and Apple teamed up to create the Exposure Notifications System for mobile devices , which uses less-invasive proximity tracking via Bluetooth . This allows people to opt in to receive notifications when they have been near another mobile user who has since tested positive for COVID- 19 . While each state has a unique app , notifications can occur across states due to the use of a national server hosted by
6 LAB MATTERS Winter 2021
PublicHealthLabs @ APHL APHL . org