摘要:Public health agencies increasingly use electronic means to acquire, use, maintain, and store personal health information. Electronic data formats can improve performance of core public health functions, but potentially threaten privacy because they can be easily duplicated and transmitted to unauthorized people. Although such security breaches do occur, electronic data can be better secured than paper records, because authentication, authorization, auditing, and accountability can be facilitated. Public health professionals should collaborate with law and information technology colleagues to assess possible threats, implement updated policies, train staff, and develop preventive engineering measures to protect information. Tightened physical and electronic controls can prevent misuse of data, minimize the risk of security breaches, and help maintain the reputation and integrity of public health agencies. BALANCING PERSONAL AND societal interests has always been a challenge. As a society, we place great value on individual rights and uphold the importance of protecting personal information from external, and especially governmental, intrusion. 1 However, the acquisition, storage, and use of personal health information are required for many core public health activities. 2 Concerns about confidentiality have fueled debates about the proper balance of individual and societal interests. Disease surveillance and reporting have often been controversial, particularly for sexually transmitted disease and tuberculosis in the first half of the 20th century 3 and more recently regarding HIV 4 and diabetes. 5 New York City’s public health champion of the early 20th century, Hermann M. Biggs, MD, recognized that the only way to make public health reporting more acceptable was to ensure confidentiality. As Biggs explained in 1897 when emphasizing the confidentiality of tuberculosis reporting, “Notification to [public health] authorities does not involve notification to the community at large.” 6 (p155) Confidentiality concerns are even more sensitive in the digital age. High-profile breaches of individuals’ health information have heightened anxiety about privacy, 7 as have plans to create interconnected electronic health information networks. 8 In the public health arena, several well-publicized breaches have occurred within the past few years, including the accidental attachment of an electronic file containing the names and addresses of 6500 HIV/AIDS patients to an e-mail in a county health department, 9 the theft from an employee’s car of a state health department laptop computer containing information on approximately 1600 families, 10 and a state health department employee’s misuse of a computerized list of AIDS patients to look up acquaintances, 11 among other breaches. 12 – 15 Although only a few of these incidents have received significant media attention, breaches might not be particularly rare. Despite a possible reporting bias caused at least in part by increased scrutiny given matters of information technology over the past 8 to 10 years, security breaches appear to have increased in general and in the medical field in particular; 15 , 16 there is no reason to think that public health departments are immune from the phenomenon. In fact, when probed, one quarter of state public health agencies reported at least 1 security breach in the previous 2 years, 17 and a similar proportion of health care information executives and security officers reported attempted or successful intrusions into their companies’ electronic information systems within the previous year. 18 These incidents are probably underestimated, given the increasing extent to which public health agencies have been operating and transmitting information electronically in recent years, although the data to confirm an increasing trend (such as comparative studies of breaches in the pre–electronic and electronic eras) are lacking. Although breaches occurred in the pre–electronic era, and continue to occur involving data in paper formats, certain features of electronic data have dramatically increased the potential magnitude and severity of these incidents. Here, we identify and provide means to address threats to the delicate balance between the need for public health agencies to acquire data and the demand for security of sensitive information. This review is particularly relevant to those who are implementing programs but are not yet fully conversant with information technology security principles and practices; a basic understanding of these topics is important for effective collaboration and cooperation with colleagues in multiple fields, including those in information technology. This review applies not only to public health agencies, but also in clinical, research, and academic settings. Preventive measures including policies, education, and engineering controls can be implemented to protect data; some emerging technologies may further strengthen data security. Failure to take preventive action can put both privacy and public health at risk.
