Legal & data sharing frameworks
Summary:
    Establish legal data sharing frameworks within state jurisdictions, e.g. local/municipality to city (major metro), and direct to state.
    Consider formulating policies and orders at the local jurisdiction level that refer to specific data sharing regulations that permit reporting; i.e. healthcare providers having the ability to share data with specific entities related to contact tracing efforts and what data will be released for broad public consumption vs. restricted public health use.
    Designate certain collaborative entities with limited public health authority related to COVID-19 e.g. Health Information Networks, and Health Information Exchanges typically can’t easily share data bi-directionally with public health; state-based entities (e.g. New Jersey Health Information Network, Indiana HIE, SHINY) will be able to move faster on sharing clinical information with public health to scope contact tracing efforts
    Define data sharing use cases that fall under the following:
      Public Health Practice
      De-identified Data (per HIPAA); aggregate and line-level
      Consumer Data (non-HIPAA; regulated by FTC
      Anonymous Data
      Open Data (public consumption)
    Patient and Consumer Consents
    Data destruction policies

State & Local Jurisdiction Data Sharing

If there is a local NEDSS system in place, provide local jurisdictions with the ability to enter case reports. Establish a process to capture case investigations that relate to emerging contract tracing emergence of symptoms but confirmatory testing may not be in place yet (typically a quarantine section of the system to help prioritize confirmed case reports).

Data Sharing Use Cases

    Symptom checker information into a NEDSS
    Symptom checker information connected with contact traced social network (identifiable, and aggregate level)
    Contact-traced individuals to healthcare records/testing (consent)
    Surveillance of negatives for a certain period of time with symptom checker & monitoring tools
Public Health Practice
Covers the following:
    Healthcare provider to public health
    Clinical data provider (Labs, EHRs, Payors & their vendors) to public health
    Behavioral and mental health data provider to public health
    Public health to public health; state and local jurisdictions
    Local state agencies (e.g. Departments of Human Services, Prison & Correctional Facilities) to public health
    Local public health to federal public health
Permissible data linkages:
    Identifiable data (PHI or PII) to consumer-consented data
    Limited data to identifiable data
    De-identified data to identifiable data (re-identification under public health practice)
    De-identified data to de-identified data
De-identified Data
Covers the following:
    Healthcare providers to public health
Consumer Data
Open Data
Last modified 1yr ago