CSTE Annual Conference 2007 Legal Forces in Public Health Surveillance James G. Hodge, Jr., J.D., LL.M. Associate Professor, Johns Hopkins Bloomberg School.

Slides:



Advertisements
Similar presentations
University Research Ethics Committee Workshop on procedure and data protection issues 30th May 2008.
Advertisements

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
The Institutional Review Board. What is an IRB? An IRB is committee set up by an institution to review, approve, and regulate research conducted under.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Service Provider Title VI Training Civil Rights Act of 1964 Presented By: Tennessee Department of Intellectual and Developmental Disabilities.
Christa-Marie Singleton, MD, MPH Associate Director for Science
Beth DeLair, JD, RN DeLair Consulting, LLC. Discussion Topics Background Existing WI Requirements State Efforts to Change Law Senate Bill 487 Changes.
Successful Solutions Professional Development LLC A Basic Approach to Child Safety Chapter 4 Mandated Reporting Law.
Conversation on the Chemical Facility Anti-Terrorism Standards (CFATS) and Critical Infrastructure Protection Chemical-Terrorism Vulnerability Information.
Session 6 Integrated Emergency Management. Objectives of the Session Students will be able to 6.1 Define the principle of integration. 6.2Discuss the.
FERPA and IRB: Implications for Testing Centers Judith W. Grant, Ph.D.,CIP NCTA Conference San Antonio, Texas August 6, 2009.
2/16/2010 The Family Educational Records and Privacy Act.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
Principles of Public Health- The Mission, Core Functions and Ten Essential Services Virginia M. Dato MD MPH.
Internal Auditing and Outsourcing
FERPA The Family Educational Rights and Privacy Act (FERPA) also known as the Buckley Amendment, passed by Congress in 1974, grants four specific rights.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
HIPAA PRIVACY AND SECURITY AWARENESS.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
Occupational Safety & Health Act of 1970
Colorado Children and Youth Information Sharing (CCYIS) Educational Stability Summit April 10, 2015.
1 Creation of State Legislation to Protect and Facilitate Use and Exchange of Electronic Health Information Shelley Carter, RN, MCRP, MPH 1, Maggie Gunter,
Update on Federal HIT Legislation Kirsten Beronio Mental Health America.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Patient Protection and Affordable Care Act March 23, 2010.
Michael R. Costa, Esq., M.P.H. Greenberg Traurig, LLP One International Place, 3 rd Floor Boston, MA (fax)
Ohio Digital Government Summit Disease Surveillance (Homeland Security session) October 5, 2004 Rana Sen Deloitte Consulting LLP.
Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.
Information Sharing Challenges, Trends and Opportunities
The PRISM Privacy Tool: A User’s Guide PHDSC Home Page  PRISM Web Page 
“What’s Ethics Got To Do With It” Presentation to the Canberra Evaluation Forum Gary Kent Head Governance Australian Institute of Health and Welfare.
Crosswalk of Public Health Accreditation and the Public Health Code of Ethics Highlighted items relate to the Water Supply case studied discussed in the.
1 FERPA Family Education Rights and Privacy Act of 1974 Joanne M. Adamchak Assistant General Counsel.
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
NEW FERPA REGULATIONS: ARE YOU IN COMPLIANCE? Presented by Cristi Millard.
Chapter 22: Organization and Coordination of Counterterrorism Investigations.
Family Educational Rights and Privacy Act (FERPA) UNION COLLEGE.
Environmental Management System Definitions
1 HRSA ESAR-VHP Legal and Regulatory Issues Project 10 Steps to Legal Technical Assistance James G. Hodge, Jr., J.D., LL.M. Associate Professor, Johns.
Session Title: FERPA: What You Need To Know Presented By: Jeffery Loggins Institution: Mississippi Valley State University September 15, 2015.
BIOTERRORISM AND LEGAL ISSUES: THE TEXAS EXPERIENCE NGA REGIONAL BIOTERRORISM WORKSHOP March 15, 2004 Susan K. Steeg General Counsel Texas Department of.
Kevin W. Ryan JD, MA Associate Director – ACHI Assistant Professor – UAMS COPH Rural TeleCon ’06 10th Annual Conference of the Rural Telecommunications.
Health Insurance portability and Accountability Act (HIPAA)‏
U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.
Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,
Federal Preemption, and State Healthcare Privacy and Data Security Law and Regulation Fifth National HIPAA Summit October 30 – November 1, 2002 Mark Barnes.
Second Annual Medical Research Summit March 25, 2002 Washington, D.C.
Sharing Information (FERPA) FY07 REMS Initial Grantee Meeting December 5, 2007, San Diego, CA U.S. Department of Education, Office of Safe and Drug-Free.
HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.
FERPA for the Financial Aid Office NCASFAA Fall Conference November 2012.
1 The Pandemic and All- Hazards Preparedness Act: Addressing Public Health Emergency Responses James G. Hodge, Jr., J.D., LL.M. Associate Professor, Johns.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
PP 620: Public Policy and Health Administration Unit One Seminar Kris R. Foote, J.D., M.P.A., M.S.W. Kaplan University.
1 Public Health Practice vs. Research A Report for Public Health Practitioners Including Case Studies and Guidance for Making Distinctions James G. Hodge,
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
FUNDAMENTALS OF PUBLIC HEALTH Joseph S Duren Lopez Community & Public Health - HCA415 Instructor: Adriane Niare November 10, 2015.
FERPA Family Educational Rights and Privacy Act
Denise Chrysler, JD Director, Mid-States Region
Chapter 3 Administrative Law Chapter 3: Administrative Law.
Public Health Practice vs Research: Implications for Preparedness and Disaster Research Review by State Health Department IRBs David Perlman, Ph.D. Former.
The HIPAA Privacy Rule: Implications for Medical Research
Protecting Student Data/ Financial Aid Data Sharing
American Health Information Management Association
American Public Health Association
2003 Immunization Registry Conference
Presentation transcript:

CSTE Annual Conference 2007 Legal Forces in Public Health Surveillance James G. Hodge, Jr., J.D., LL.M. Associate Professor, Johns Hopkins Bloomberg School of Public Health Executive Director, Center for Law & Public Health Core Faculty, Berman Institute of Bioethics

Key Themes Assess select key legal underpinnings of public health surveillance Understand the legal authority and limitations of government and its private sector partners to collect identifiable health data for public health surveillance Explore legal arguments concerning current developments affecting the practice of public health surveillance

Key Topics Public Health Surveillance and National Security National Reportable Conditions Act Pandemic and All-Hazards Preparedness Act Distinguishing Public Health Practice and Research CSTE National Guidance, 2004 Forthcoming Interpretations by OHRP in 2007 Accessing Identifiable Health Data in Education Records for Public Health Purposes Family Educational Rights and Privacy Act “7 FERPA Fixes” to facilitate access to school-based health information for public health purposes

Public Health Surveillance and National Security Traditional Legal Authority to Conduct Public Health Surveillance in the United States State Sovereign Power Reserved via the Tenth Amendment over “all the objects, which, in the ordinary course of affairs, concern the lives, liberties and properties of the people; and the internal order, improvement, and prosperity of the State.” James Madison, The Federalist Papers, No. 45 Police Powers – provide states broad jurisdiction to regulate matters affecting the health, safety, and general welfare of the public. Jacobson v. Massachusetts, 1905 Public Health Surveillance in the United States is Predominately Based on these Broad Powers of State (and Local) Governments

Public Health Surveillance and National Security Federal Powers to Collect Identifiable Health Data for Public Health Purposes National Security Powers Interstate Commerce Powers Tax and Spend Powers Federal Public Health Surveillance Efforts Cancer registries HIV/AIDS surveillance Alzheimer’s disease incidence databases CDC “BioSense” Program What if federal authorities sought to conduct broad public health surveillance directly?

National Reportable Conditions Act (NRCA) Introduced on September 14, 2006 via S. B and H.R Purpose - “[t]o amend the Homeland Security Act to provide for the health of Americans by creating a national electronic public health reporting system.” Authorize DHS in consultation with DHHS, EPA, and DOA, and an expert Commission, to certify a list of reportable conditions Require various persons/entities to electronically report conditions directly to DHS Ultimately, these bills died at the end of the 2006 session.

Pandemic and All-Hazards Preparedness Act (PAHPA) Enacted on December 19, 2006 to improve the organization, direction, and utility of preparedness efforts To enhance surveillance and rapid response, PAHPA requires DHHS to establish a national electronic network to collect and analyze public health data from governmental and private sector entities By generating standardized data formats for existing state and local surveillance systems, DHHS seeks to maximize the compatibility and usefulness of real-time information to assess situational awareness capabilities.

Pandemic and All-Hazards Preparedness Act (PAHPA) Government needs to acquire, use, and disclose accurate, meaningful health data to detect or respond to public health emergencies. PAHPA affords federal officials significant discretion to accumulate and share personal health information without adequate privacy safeguards. PAHPA does not substantively address privacy concerns. The HIPAA Privacy Rule excludes public health data collections from its protections. Other privacy laws provide a patchwork of protections for national public health data.

Public Health Surveillance and National Security State and Local Federal

Distinguishing Public Health Practice and Research Public Health Practice vs. Research: A Report for Public Health Practitioners Including Case Studies and Guidance for Making Distinctions Completed May 2004 Sponsored by CSTE

Principal Objectives To assess legal and ethical environments underlying public health practice and human subject research To clarify existing definitions of public health practice and research To provide meaningful cases on practice and research To make distinctions between public health practice and research through foundational and enhanced guidance

Principle Justifications Key differences in the legal support for public health practice and research Misclassification of activities leads to multiple complications Varying standards for the disclosure of identifiable health data pursuant to the HIPAA Privacy Rule Widespread variation in existing models and methods for making distinctions

Similarities Public health practice and research may entail the collection and use of identifiable health information They are conducted so as to protect individuals, but may also involve actual or potential risks to participants They may be justified as laudable, communal activities that further the public good

In Reality.... Public health practice is not human subjects research They differ in: methodology objectives legal support ethical framework design

Public Health Practice The collection and analysis of identifiable health data by a public health authority for the purpose of protecting the health of a particular community, where the benefits and risks are primarily designed to accrue to the participating community.

Public Health Research The systematic collection and analysis of identifiable health data by a public health authority for the purpose of generating knowledge that will primarily benefit those beyond the participating community who bear the risks of participation

Legal Frameworks Public Health Practice – grounded in constitutionally-approved authority of government to protect the public’s health, safety, and general welfare Public Health Research – grounded in the principles of the federal Common Rule that focus on protecting individuals while pursuing knowledge through research

Guiding Principles Essential Features - (e.g. foundations) of Public Health Practice and Research Rejected Criteria – Performance, Publication, Urgency, Funding, Data Collection Methods Enhanced Guidelines - Legal Authority, Specific Intent, Responsibility, Participant Benefits, Experimentation, Subject Selection Checklist

New Developments In June 2006, the federal Office for Human Research Protections (OHRP) distributed a draft document, “Guidance on Research” to DHHS agencies for internal comment Focuses on recommendations for making distinctions between research and non-research activities OHRP seeks to finalize its draft Guidance this summer, submit it to DHHS’ Assistant Secretary for Health, and seek public comment

Forthcoming OHRP Guidance - What To Expect Part of the Guidance is likely to focus on the distinction between public health surveillance and research Initial reactions from CDC are that OHRP’s initial interpretations are narrower than many public health agencies. In essence, OHRP may be inclined to view some public health surveillance activities as research, and not public health practice Additional areas of concern may include: “Dual designations” Secondary uses of surveillance data Outbreak investigations

Plan for Action CSTE has communicated initial concerns (and its Report) to OHRP officials and Dr. John Agwunobi, DHHS’ Assistant Secretary for Health Continuing to monitor the status of the draft Guidance on Research Upon its release, CSTE is planning to review, assess, and respond via the public commentary process and other routes These issues will also be addressed before the IOM Committee on Health Research and Privacy of Health Information in early October

FERPA and Access to School-based Health Information Educational records include student health and medical information that public health authorities seek to access for a variety of public health purposes FERPA allows disclosure of identifiable information in educational records to authorized representatives without written consent concerning: The medical treatment of students; or Emergency circumstances to protect health/safety of student/others Otherwise, FERPA prevents disclosure of identifiable data to unauthorized representatives (including public health authorities) without written consent from the student (or parental consent)

Only authorized representatives (e.g., federal, state, and local departments of education or others under “direct control” of these entities) may access identifiable data in educational records Congressional statements and supporting ED interpretations suggest that public health authorities are not under the direct control of education authorities, and thus not part of the class that may be entitled to review records For years, ED and CDC executed memoranda of understanding (MOUs) to support limited access to identifiable data (e.g., immunization records) for public health purposes When these voluntary MOUs came to an end, so did considerable public health access to education records Access to Educational Records via FERPA

Seven FERPA Fixes 1. Congress Amends FERPA 2. DHHS Amends the HIPAA Privacy Rule 3. States Expand Class of Authorized Representatives 4. ED Interprets Treatment and Emergency Exceptions Broadly 5. States Separate Health Information From Educational Records 6. ED Reinstates Memoranda of Understanding 7. Public Health Authorities Seek Judicial Intervention

Four “Faux” Fixes 1. Exchange Non-identifiable Data 2. Obtain Student or Parental Consent for Disclosures 3. Seek Advance Student or Parental Consent for Disclosures 4. Avoid FERPA by Rejecting Federal Education Funds

FERPA Fix #1: Congress Amends FERPA Through the introduction of a federal bill, Congress could amend FERPA to: Recognize governmental public health authorities (as broadly defined in the HIPAA Privacy Rule) as “authorized representatives;” or Create a new exception that allows public health authorities to access identifiable health data for public health purposes (as presently allowed via the HIPAA Privacy Rule)

FERPA Fix #1: Congress Amends FERPA Consistent with federal legislation to prevent injuries or deaths and secure the public’s health Mental Health Security for America’s Families in Education Act, H.R. 220 (2007) Allows disclosure to parents or guardians where student poses significant risk of harm to self or others Allows disclosure to others upon consultation and written certification by a mental health professional

FERPA Fix #2: DHHS Amends the HIPAA Privacy Rule Presuming it has underlying authority via HIPAA, DHHS may amend the HIPAA Privacy Rule to delete the FERPA exception The effect of this amendment would be to preempt the existing FERPA prohibition against disclosure to public health authorities The HIPAA Privacy Rule would require adherence of education authorities providing covered functions (like health services to students) The HIPAA Privacy Rule allows disclosures without written authorization to public health authorities

FERPA Fix #3: States Expand Class of Authorized Representatives FERPA and corresponding regulations do not: Expressly exclude state or local public health authorities from being considered “authorized representatives;” or Predicate designation as an authorized representative on having unlimited access to PHI Designation of state or local public health authorities as authorized representatives is possible provided they: uphold the security of identifiable data; for purposes solely related to an educational program 35 C.F.R. § 99.35

FERPA Fix #3: States Expand Class of Authorized Representatives Hawaii S.B (2004) Designated the legislative auditor as an authorized representative of the Departments of Education and Health Bill was ultimately vetoed by the Governor for non-compliance with FERPA, citing information provided by ED stating that: the auditor had to be an executive branch auditor or an outside auditor controlled by the educational agency Linda Lingle Governor, Hawaii Statement of Objections (July 14, 2004)

FERPA Fix #4: ED Interprets Treatment and Emergency Exceptions Broadly Narrow reading of “treatment” exception negates the value of public health surveillance and interventions Public health surveillance is vital to individual and communal health status Tracking immunizations is an important component to protecting health on population and individual bases In 1993, clusters of deaths among otherwise healthy residents in the Southwest led to the identification of a new strain of Hanta virus During pandemic flu, timely sharing of data is essential for implementation of non-pharmaceutical interventions (e.g. school closure) prior to a state of emergency declaration

FERPA Fix #4: Interpret Treatment and Emergency Exceptions Broadly ED interprets the “emergency” exception as requiring a “specific situation [that] presents imminent danger or threat…or requires an immediate need for information.…” Emergencies, however, may stem from cumulative impact of regional or local clusters In 2002, ED supports school’s disclosure of information relating to 6 deaths due to unknown causes over a 5-month period to the health department. ED letter to University of New Mexico, November 29, 2004

FERPA Fix #5: States Separate Health Information From Educational Records New Jersey Immunization Information System Statewide registry serves as the single repository of immunization records (N.J.S.A. 26:4-134) Access limited to schools, health care providers, colleges, public agencies, among other determined by the Commissioner of Health and Senior Services Immunization records maintained by schools shall be separated from other medical records for purposes of an immunization record audit (N.J. Admin. Code tit. 8 § (a))

FERPA Fix #6: ED Reinstates Memoranda of Understanding Examples of MOUs Between ED and CDC allowed CDC and its partners to access educational records in 5 GA counties for the Metropolitan Atlanta Developmental Disabilities Surveillance Project (expired December 2005) Between the University of Pennsylvania and CDC allowed CDC to obtain records of students identified as developmentally disabled for an autism prevalence study (ED determines MOU was in violation of FERPA in letter dated February 25, 2004) Reinstating these MOUs is a matter of interpretation, not statutory law

FERPA Fix #7: Public Health Authorities Seek Judicial Intervention Public health authorities could bring a judicial cause of action challenging interpretation and implementation of FERPA as an affront to constitutional principles of federalism Legal Issue: Whether the application, interpretation, or enforcement of FERPA to exclude state educational authorities, including their employed medical personnel, from complying with state public health reporting requirements unconstitutionally infringes with state police powers in violation of principles of federalism Though a viable claim, chances for success are uncertain, specifically because Congress relies on its Spending power to seek compliance with FERPA

Bonus FERPA Fix #8: If You Can’t Beat Them, Join Them Designate specific public health surveillance requirements that state and local education authorities must provide Clarify that education authorities are also public health authorities for limited purposes This could resolve both FERPA and HIPAA issues

Conclusions For each of the key themes discussed: Public Health Surveillance and National Security Distinguishing Public Health Practice and Research Accessing Identifiable Health Data in School-based Records for Public Health Purposes there are legal challenges and potential barriers that can impact the ability of public health officials to conduct surveillance to protect communal health Assessing these legal challenges helps to understand the changing environment through which public health activities are conducted Innovative legal solutions to these potential impediments are essential to ensure the continuation of traditional and new surveillance practices Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.