# Legal & data sharing frameworks Summary: * Establish legal data sharing frameworks within state jurisdictions, e.g. local/municipality to city (major metro), and direct to state. * Consider formulating policies and orders at the local jurisdiction level that refer to specific data sharing regulations that permit reporting; i.e. healthcare providers having the ability to share data with **specific entities** related to contact tracing efforts and what data will be released for broad public consumption vs. restricted public health use. * Designate certain collaborative entities with limited public health authority related to COVID-19 e.g. Health Information Networks, and Health Information Exchanges typically can’t easily share data bi-directionally with public health; state-based entities (e.g. New Jersey Health Information Network, Indiana HIE, SHINY) will be able to move faster on sharing clinical information with public health to scope contact tracing efforts * Define data sharing use cases that fall under the following: * Public Health Practice * De-identified Data (per HIPAA); aggregate and line-level * Consumer Data (non-HIPAA; regulated by FTC * Anonymous Data * Open Data (public consumption) * Patient and Consumer Consents * Data destruction policies ### State & Local Jurisdiction Data Sharing If there is a local NEDSS system in place, provide local jurisdictions with the ability to enter case reports. Establish a process to capture case investigations that relate to emerging contract tracing emergence of symptoms but confirmatory testing may not be in place yet (typically a quarantine section of the system to help prioritize confirmed case reports). ### Data Sharing Use Cases * Symptom checker information into a NEDSS * Symptom checker information connected with contact traced social network (identifiable, and aggregate level) * Contact-traced individuals to healthcare records/testing (consent) * Surveillance of negatives for a certain period of time with symptom checker & monitoring tools **Public Health Practice** Covers the following: * Healthcare provider to public health * Clinical data provider (Labs, EHRs, Payors & their vendors) to public health * Behavioral and mental health data provider to public health * Public health to public health; state and local jurisdictions * Local state agencies (e.g. Departments of Human Services, Prison & Correctional Facilities) to public health * Local public health to federal public health Permissible data linkages: * Identifiable data (PHI or PII) to consumer-consented data * Limited data to identifiable data * De-identified data to identifiable data (re-identification under public health practice) * De-identified data to de-identified data **De-identified Data** Covers the following: * Healthcare providers to public health **Consumer Data** **Open Data** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://contacttracingplaybook.org/how-to-do-contact-tracing/data-management-systems/legal-and-data-sharing-frameworks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.