Shaping a Vision for 21st Century Health Statistics. Privacy, confidentiality, security, fair information practices


Protecting the privacy and confidentiality of personal health data is of highest importance. This precondition applies to all other principles discussed below.

The National Committee on Vital and Health Statistics issued recommendations to the Secretary on the privacy of medical records in mid-1997.(21) The NCVHS recommendations were echoed in those the Secretary made to Congress later that year, and in other Congressional testimony. Then in 1999, the Department fulfilled a HIPAA requirement and issued proposed regulations for protecting the privacy of individually identifiable health information that is electronically transmitted in connection with administrative and financial transactions. NCVHS has offered formal comments on the proposed regulations.(22)

The Committee’s 1997 privacy recommendations to the Secretary and the Department’s proposed 1999 regulations constitute an important step forward in protecting health information privacy. But additional national and state steps are necessary beyond this initial focus on electronically transmitted administrative and financial data, especially directed toward protecting the privacy, confidentiality, and security of all data used for health statistics.

Necessary protections for the privacy and confidentiality of health statistics data would involve a number of essential factors: adherence to strict new national and state legislation; the use of fair information practices that explicate and control data access, sharing and handling; technical security measures within every organization handling data; sanctions and punishment for misuse and abuse; sophisticated approaches to releasing data to avoid inadvertent disclosure of individually identifiable information; and new approaches to using technology to enable data sharing while protecting privacy. Linkages of anonymized or fully de-identified individual record data, or of aggregated data for small areas, must be done in ways that protect privacy and confidentiality. Linkages of individual record data must occur within a newly established legal framework, with appropriate human subject review board approval or permission from data subjects.

In general, research is needed to find technological approaches that enable data sharing while protecting confidentiality. At the same time, Americans and their leaders must tackle the difficult questions about the conditions under which the potential benefits to society justify assuming the small risk associated with using information for purposes such as research and public health monitoring.