I. Executive summary -- II. Introduction -- III. About this document -- IV. Using this document -- V. Benefits, risks, and costs of sharing data and maintaining security and confidentiality -- VI. Guiding principles for data collection, storage, sharing, and use to ensure security and confidentiality -- VII. Standards for data collection, storage, sharing, and use to ensure security and confidentiality -- VIII. References -- IX. Acknowledgements -- Appendix A. Glossary -- Appendix B. Checklists for assessment of data security and confidentiality protections -- Appendix C. Data sharing scenario -- Appendix D. Sample Certification statement -- Appendix E. Suggested outline for a policy on data confidentiality, security, sharing and use -- Appendix F. Guidelines for the use of facsimile machines -- Appendix G. Ensuring data security in nontraditional work settings

This report was prepared by Security and Confidentiality Guidelines Subgroup of CDC's NCHHSTP Surveillance Work Group.

"This document recommends standards for all NCHHSTP programs that, when adopted, will facilitate the secure collection, storage, and use of data while maintaining confidentiality. Designed to support the most desirable practices for enabling secure use of surveillance data for public health action and ensuring implementation of comprehensive evidence-based prevention services, the standards are based on 10 guiding principles that provide the foundation for the collection, storage, and use of these public health data. They address five areas: program policies and responsibilities, data collection and use, data sharing and release, physical security, and electronic data security. Intended for use by state and local health department disease programs to inform the development of policies and procedures, the standards are intentionally broad to allow for differences in public health activities and response across disease programs. This document reflects the combined efforts of NCHHSTP's Surveillance Workgroup members, composed of surveillance leaders from NCHHSTP's Division of HIV/AIDS Prevention (DHAP), Division of Viral Hepatitis (DVH), Division of STD Prevention (DSTDP), and Division of TB Elimination (DTBE). The work was informed by consultation with state and local public health leaders and public health organizations representing HIV, viral hepatitis, STD and TB disease disciplines (see Acknowledgements section). The document supersedes previously published security and confidentiality guidelines for HIV surveillance and establishes data security and confidentiality standards for viral hepatitis, STD, and TB. Establishment of these standards that apply to all surveillance activities in all of the Center's divisions will facilitate collaboration and service integration among NCHHSTP-funded programs with minimal risk of inappropriate release of confidential, identifiable surveillance data or misuse of those data in pursuit of legitimate public health purposes. " - p. 1-2

Guidelines and Recommendations

United States