Legal Considerations for a Data to Care Program
Public health law is central to discussions on the use of local HIV surveillance data for linkage and re-engagement in care activities. Laws that require reporting of HIV-related laboratory test results are the foundation for efforts to use HIV surveillance data to identify and provide supportive services to persons who have not been linked to care, who are not currently in care, or who might have sustained high viral load and/or persistently low CD4 counts. Before initiating use of HIV surveillance data to follow up with individuals, health departments should review their HIV disease reporting laws to determine whether healthcare providers and laboratories in their jurisdictions report CD4 t-lymphocyte test results (both counts and percentages) and viral load test results (both detectable and not detectable). Laboratory reports should include test results from patients whose specimens are obtained in the jurisdiction (i.e., the provider who took the specimen is located in the jurisdiction), regardless of where the patient resides, and for patients who are residents of the jurisdiction. This will ensure accurate monitoring of HIV Care Continuum activities in the jurisdiction and correct identification of “not in care” persons who are in need of follow-up.
Public health agencies traditionally have worked with clinicians reporting infectious disease diagnoses to surveillance to implement prevention and control interventions; public health generally has legal authority to follow up with individuals to notify infectious people of their diagnosis, treat them, or take other measures to interrupt transmission. However, prior to the implementation of new linkage and re-engagement in care activities with HIV-positive persons, health departments should review their laws, rules, and regulations to ensure the proposed activity is consistent with their existing public health authority under applicable state and local laws.
Laws applicable to the security of health data, information privacy, and sharing of health information also might affect the implementation of HIV linkage to and re-engagement in care activities that are driven by HIV surveillance data. At the federal level, the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule protects most health records from disclosure but permits healthcare providers to make disclosures to public health officials. The rule does not address protection of information held by public health programs from disclosure, except in limited circumstances, and does not preempt state laws that might require or allow disclosure of data by public health authorities (1).
Some states have laws that address disclosure or that restrict the use of STD and/or HIV data specifically (2). Because laws vary from state to state, health departments should review applicable state laws and regulations to ensure the new linkage to and re-engagement in care activities both fall within the scope of public health authority and are conducted in a manner consistent with any laws or regulations governing data security, data sharing, confidentiality, and information privacy. This might include consulting with the legal counsel within their health department as well as their HIPAA privacy officer.
- U.S. Department of Health and Human Services. Health Insurance Portability and Accountability Act of 1996 privacy rules. Available from: http://www.hhs.gov/ocr/privacy/, accessed on November 6, 2013. Back to Text.
- O’Connor J, Matthews G. Informational privacy, public health, and state laws. Am J Public Health 2011; 101(10):1845–50. Available from: http://ajph.aphapublications.org/doi/abs/10.2105/AJPH.2011.300206, accessed November 7, 2013. Back to Text.