FEATURE
Each of the public health labs have to also worry about whatever their state data privacy laws require . HIPAA sets the floor , and states can certainly build on top of that , and a number of states have done just that . How those data need to be handled once they ’ re at the public health lab will depend on a variety of things , not the least of which is what the law requires .”
Troy Willitt , JD , MPA
safeguard patient data ,” she explains , “ and then you need the processes in the laboratory , you need the policies at the state , but you also have to make sure you ’ re complying with regulations , whether they be state or federal .”
Federalization of Public Health Data
APHL responded quickly to the requirement , modifying its existing
APHL Informatics Messaging Services ( AIMS ) platform — which allows public health agencies to securely share data electronically — so agencies could send required COVID-19 test results to CDC .
However , CDC wants not only data on positive COVID-19 tests but also negative and indeterminant test results . “ There is a lot of information being collected , and all data has to be reported ,” Meigs says . “ So in the end , it is just sheer volume and it ’ s crazy .”
Public health laboratories must first report each COVID-19 test result , along with certain patient information , to their state public health department . Then the laboratories must de-identify the data before sending it to CDC .
To add to the workload , public health laboratories may receive too little or too much patient information from health care providers . Too little information requires public health laboratory professionals to track down the information required to be reported . Too much information — which may also be sent via unsecure email or fax — brings up data privacy issues . These challenges became more pronounced as COVID-19 testing ramped up and the pandemic worsened last fall and winter .
Expansion of Concerns
In 2021 , data privacy and security concerns will likely reach beyond public health laboratory testing , as states develop vaccination rollout plans and as at-home testing expands . Already , the public has been worried about sharing personal data through COVID-19 contact tracing apps . Addressing one such concern , the American Civil Liberties Union has called upon states to ensure police and immigration enforcement do not have access to contact tracing or any personal health information .
A
June 2020 Amnesty International report cited Norway , Bahrain and Kuwait as having some of the most invasive contact tracing apps . Norway halted its app ’ s use after Amnesty pointed out the app violated privacy by using GPS to share real-time user location information with a government database .
During the pandemic , Google and Apple teamed up to create the
Exposure Notifications System for mobile devices , which uses less-invasive proximity tracking via Bluetooth . This allows people to opt in to receive notifications when they have been near another mobile user who has since tested positive for COVID- 19 . While each state has a unique app , notifications can occur across states due to the use of a national server hosted by
6 LAB MATTERS Winter 2021