|
LEGEND:
|
|
|
Link to a PDF document |
|
|
|
Link to non-governmental site and does not
necessarily represent the views of the CDC |
|
|
Adobe
Acrobat (TM) Reader needs to be installed on
your computer in order to read documents in PDF format.
Download the Reader.
|
|
|
|
|
|
Introduction |
|
|
This document supersedes the October 1998 version of "Guidelines for HIV/AIDS
Surveillance, Appendix C: Security and Confidentiality." It reflects CDC's
recommendation as best practices for protecting HIV/AIDS surveillance data and
information. It details program requirements and security recommendations.
These requirements, recommendations, and practices are based on discussions with
HIV/AIDS surveillance coordinators, CDC's Divisions of STD Prevention and TB
Elimination, and security and computer staff in other Centers and Offices within
CDC, and on reviews by state and local surveillance programs.
This document requires each cooperative agreement grantee to designate an
Overall Responsible Party (ORP). The ORP will have the responsibility for the
security of the surveillance system (including processes, data, information,
software, and hardware) and may have liability for any breach of
confidentiality. The ORP should be a high-ranking public health official. This
official should have the authority to make decisions about surveillance
operations that may affect programs outside of HIV/AIDS surveillance. The ORP is
responsible for determining how surveillance information will be protected when
it is collected, stored, analyzed, released, and dispositioned.
Although there are many sources of surveillance information (e.g., medical
charts, insurance forms, behavioral surveys, and service organizations), the
authority of this document is limited to data collected for HIV/AIDS
surveillance. Data in the HIV/AIDS surveillance system are to be held under the
highest scrutiny and require the most stringent protections, regardless of the
level of security of the source data or of non-HIV surveillance data. A breach
of confidentiality anywhere in this system could affect surveillance operations
nationwide. All references in these guidelines to surveillance information and
data should be understood to refer only to HIV/AIDS-related surveillance. These
security guidelines may serve as a model for other programs to emulate when
reviewing or upgrading security protocols that are specific to their overall
procedures and mission. For programs that integrate HIV and other disease
surveillance, all data should be protected equally in compliance with these
guidelines.
This document is intended to assist programs in providing aggregate data for
maximum public health utility with minimum risk of disclosure of
individual-level data. Given the advances in information technology, as well as
changes in surveillance practices since the previous update in 1998, the
guidelines are being updated to provide project areas with guidance reflecting
those changes. CDC will continue to assist states as they adapt their policies
and procedures to comply with evolving requirements and standards. |
|
|
|