Legislative and Regulatory Background. There are several pieces of legislation that regulate how NCHS must maintain the confidentiality of the data it collects. According to Section 308(d) of the Public Health Service Act, NCHS may use its information only as specified by the supplier and may never release identifiable information without the approval of the supplier or the person or establishment described in the information. The Privacy Act of 1974 provides additional standards on the treatment of records, although NCHS has a “K-4 exemption” for its statistical systems, meaning that the agency does not have to allow subjects of its data files to have access to the records about themselves in those files. CIPSEA requires that all data collected for statistical purposes be used only for statistical purposes, and it provides strong criminal penalties for unauthorized disclosure of data. The Freedom of Information Act (FOIA) requires that Federal agencies make their records available to persons who request them, although several kinds of records may be exempted. Finally, the Federal Law Governing Federal Employees’ Behavior provides additional information about the consequences and penalties of unauthorized data use.
Definitions. There are some important terms that require clear understanding with regard to confidentiality. Identifiable information refers to information that can be used to establish individual or establishment identity, whether directly or indirectly (that is, by linking data with external information). Confidential information is identifiable information or information associated with identifiable information that was collected under an assurance that restricts the degree to which the information can be shared with others. Disclosure of identifiable information occurs when the information is made known to a third party. Disclosure may be classified as authorized, unauthorized, or inadvertent. An agent is a person designated by an agency to perform activities authorized by law and specified in a written document. A collaborator is one with whom NCHS has a formal working relationship at the inception of a survey or project. Consent is written, oral, or inferred approval by an NCHS respondent to provide the requested information.
Employee Responsibilities. The Confidentiality Officer will assist the Center Director and staff in a variety of ways, while supervisors are responsible for informing all employees about NCHS policies and procedures relating to confidentiality. Individual employees, as well as contractors, agents, and collaborators, are expected to follow the rules and regulations at all times. Each new employee or contractor is required to view a confidentiality video, sign a confidentiality pledge, and receive documents and materials describing their responsibilities with respect to confidential information while working at NCHS. The Administrative Officer is responsible for making sure new staff comply with all requirements.
Policies on Consent and Assurances of Confidentiality. Consent from an individual may be obtained by signature or by construction, which means that permission has been indicated in writing or verbally. To obtain consent from an establishment, if the request for information is made in person by an NCHS staff member or agent, he/she must inquire as to who is authorized to provide the requested data on behalf of the establishment. When the authorized person is informed of the uses of the data and he/she supplies the data, NCHS construes that the establishment has given consent. When data are sought from an establishment by mail, the request may be addressed to the establishment itself, to the manager of the establishment, or another authorized person. When NCHS receives the data, it is construed that the establishment has consented.
Whenever NCHS requests data concerning an individual or an establishment, it is obligated to provide certain information and assurances to the supplier of information, such as the authority (i.e. a statute or by executive order of the President) that approves the solicitation of the information, the principal purpose for the information, intended disclosure of identifiable information, and the effects of not providing all or part of the requested information. If the release of any identifiable information is to be made, then the law requires that consent be obtained in advance. The set of information given to an individual or establishment must contain a statement of reassurances. When data is collected directly from individuals or establishments, a “Confidential Information” notice (found in Section 5.4, page 7 of the manual) must be included on the data collection instrument, and some additional information about the data usage must be provided either on the instrument itself or in a separate letter/document. When data is collected by telephone, the respondents must be given information about the survey, and the telephone interviewer must sign a statement saying that the information was given orally to each respondent. In computer-assisted telephone interviewing, the respondent must acknowledge having read all of the statements by checking a box or symbol.
Treatment of Requests for Information under FOIA. Whenever a request is received for a specified record concerning a named individual, that request is subject to the requirements of FOIA. However, two important exceptions can apply to NCHS: (1) “personal and medical files and similar files, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy” and (2) matters specifically exempted from disclosure by statute.
The Protection of Records and Data Systems. Employees of NCHS are responsible for protecting all confidential records from prying eyes, unauthorized access, theft, and from accidental loss or misplacement due to carelessness. Confidential records must be kept locked up at all times when they are not being used, and copies of confidential records are not to be made except as needed for operational purposes. Records containing PII should be held to the minimum number deemed essential to perform the necessary functions, kept in a highly secure manner, and kept only so long as needed to carry out those functions. No record containing personal identifiers may be sent to or accessed from an alternate work site or removed from NCHS offices except as required in the process of data collection activities. When records are transferred to the National Archives and Records Administration or record centers for storage, their containers must be sealed, and when records are transmitted between NCHS offices or between NCHS and its contractors, they must be packaged securely and sent by the most secure and trackable means available. Finally, the DHHS released a directive, called the DHHS Automated Information Systems Security Program Manual, which provides practices and procedures intended to carry out OMB Circular A-130, “Management of Federal Information Resources.” All automatic data processing system users must familiarize themselves with the contents of this manual.
Authorized Disclosures. No information about a person or establishment may be disclosed to anyone without the informed consent of the person or establishment providing it, with one exception—to the Parent Locator Service. If such a request is ever received, it is to be referred immediately to the Confidentiality Officer. Under Section 308(d), NCHS is permitted to publicly release data for identifiable individual persons or establishments if 1) such release is included in the purpose for which the data were supplied, and 2) the particular person or establishment supplying the information or described in it has consented to such release. Division-level approval is required for the use of confidential data by other NCHS programs. Although the Privacy Act of 1974 considers DHHS in its entirety as one agency, NCHS is not required to disclose confidential records to other parties. Similarly, although information may be supplied to other departments of the federal government, transfers are rarely made, and they must conform to all the rules and regulations, as well as relevant federal laws. In the case that NCHS is one of two or more organizations involved in a cooperative agreement, certification must be included indicating that the party or parties receiving NCHS data understand their obligation to abide by all NCHS rules and regulations.
Avoiding Inadvertent Disclosures through Release of Microdata. It is Center policy to make its files on individual elementary data units widely available to the scientific community. These microdata files consist of individual records each containing values of variables for a single person or establishment. However, even when all personal identifiers are removed, a large amount of information remains, and this information may identify NCHS respondents to a person who has access to that information from another source. Therefore, there are some rules that apply to all files released by NCHS. Before files are published, they must be approved by the Confidentiality Officer, and the file must not contain any detailed information about the subject that could facilitate identification and that is not essential for research purposes. Geographic places that have fewer than 100,000 people are not to be identified on the file, as well as characteristics of an area if they would uniquely identify an area of less than 100,000 people. Finally, information on the drawing of the sample that might assist in identifying a respondent must not be released outside the Center.
Avoiding Inadvertent Disclosures in Published Tabular Data. Any tabulations or calculations based upon approved public use microdata can be released to the public without additional disclosure protection measures. Tabulations based upon data that are not approved for public release must conform to the following special guidelines:
- In no table should all cases of any line or column be found in a single cell.
- In no case should the total figure for a line or column of a cross-tabulation be less than five unweighted cases.
- In no case should a quantity figure be based upon fewer than five unweighted cases.
- In no case should a quantity figure be published if one case contributes a disproportionate amount to the total.
- In no case should data on an identifiable case be derivable through subtraction or other calculations.
- Data published by NCHS should never permit disclosure when used in combination with other known data.
There are two methods that are customarily used in the Center to prevent disclosure through tabulations: (1) the table is reduced in size when rows or columns are combined into larger categories and (2) unacceptable data in cells are suppressed.