Skip to main content
NCBI home page
Public Health Reports logoLink to Public Health Reports
. 2007;122(Suppl 1):7–15. doi: 10.1177/00333549071220S103

Public Goods, Private Data: HIV and the History, Ethics, and Uses of Identifiable Public Health Information

Amy L Fairchild a, Lance Gable b, Lawrence O Gostin c, Ronald Bayer a, Patricia Sweeney d, Robert S Janssen d
PMCID: PMC1804110  PMID: 17354522

Public health departments collect a vast array of identifiable information in the course of mandatory reporting efforts and other surveillance activities. These undertakings span a range of conditions from infectious threats and chronic diseases including cancer, to immunization status and birth defects. Advocates for expanded surveillance extended the practice to occupational diseases and, most ambitiously, to profiles of childhood health status. Syndromic surveillance is also increasingly undertaken in the new post-September 11 security environment. In the one Supreme Court case addressing public health surveillance, a unanimous tribunal upheld the right of the state to conduct surveillance.1 The Health Information Portability and Accountability Act (HIPAA) regulations, as well, explicitly permit reporting of identifiable data for public health surveillance.2

Privacy advocates and policy makers have focused primarily on the privacy and security of surveillance data. Law and regulation require public health departments to provide strict measures of protection to guarantee the security of identifiable information. There has been little debate about the centrality of law to the preservation of the legitimacy of surveillance activities. But given the absence of federal rules for the privacy and security of public health data, there has been interest in the limits that might be imposed on health departments in the collection, use, and disclosure of identifiable information. This issue emerged in acute form in the 1990s, as the Centers for Disease Control and Prevention (CDC) moved to implement HIV case reporting. Opponents of such efforts feared the consequences of government collection of personal information, including discrimination and loss of privacy.3

Despite the formulation of the Model Public Health Privacy Act,4 key ethical questions regarding the uses of public health data remained unanswered. For example, may identifiable public health data be used for direct patient intervention? May identifiable public health data be used for traditional public health practices such as contact tracing and partner referral, isolation, and quarantine? May they be relied upon as the foundation for public health research? May these data be shared within and among health departments and agencies? Finally, may they be shared with authorities or agencies outside of public health, for example, for the purposes of immigration, welfare benefits, or criminal law enforcement?

There have been a number of recent efforts to develop an ethical framework for public health that helps inform and guide the analysis of the issues presented in this article.57 Typically those efforts recognize the highly divergent ethical traditions of medicine and public health. In clinical practice and research, concern for autonomy has been preeminent.8,9 Animating the practice of public health, however, has been a historical concern for the well-being of populations. The ethical framework for public health that is emerging reflects that orientation, providing a foundation for the affirmative duty to monitor health threats, intervene to promote the public good, engage in research activities, and promptly disseminate findings from such efforts to public health officials and other stakeholders.10,11 At the same time, there is consensus that the pursuit of optimizing the public's health must be subject to some limits involving individual rights.5,7,12

Against the backdrop of the public health ethos that has emerged over the course of more than a century of practice, we analyze how officials confronted with the tensions between public health and personal privacy might evaluate the ethics of public health data uses with an emphasis on HIV.

THE HISTORICAL LEGACY OF PUBLIC HEALTH DATA USES

Just as bioethics required a full appreciation of the practice of medicine and its moral justifications, so too is it necessary to make explicit the values that have motivated public health practice for more than a century and how they were challenged as the protection of individual rights became a central feature of public discourse surrounding medicine.

The tradition of direct intervention

The understanding of disease as contagious and, hence, controllable, that emerged at the end of the 19th century demanded that health officials have access to the names of the infected, through case reporting. Herman Biggs, a titanic figure in the history of public health, explained: “The notification and registration of communicable diseases always has as its object the supervision of the cases….” It was not undertaken “in order to keep clerks or adding machines busy.”13 In the last decade of the 19th century, when Biggs initiated the practice of notification for tuberculosis—then a highly stigmatized, chronic infectious disease—it was clear that reporting was intended as a means of allowing direct health department intervention with cases. Every effort was made to assuage the fears of physicians regarding encroachments upon their professional authority:14 no action would be taken “if the physician requests that no visits be made by Inspectors.”15

The notification and sanitary supervision system that emerged reflected an implicit set of suppositions about which classes posed a threat: middle class and wealthy patients were protected from health department supervision by their physicians. The inspection plan amounted to a system of active surveillance for tuberculosis at the city's various clinics, which served the poor and working classes.16 But surveillance did not result only in restrictive measures. It also could serve as a means of ensuring access to needed services. Such service provision characterized the tradition of data use not only in TB but also in birth defects surveillance and, much later in the century, immunization registries.3

The tradition of disclosure

As this tradition of direct intervention developed, health officials typically stressed the confidentiality of disease registries.16 But there were limits to confidentiality. The clinical context shaped the public health response to privacy. The American Medical Association (AMA) code of ethics had long acknowledged that “peculiar circumstances” always tempered protection of “secrecy and delicacy.”17 In response to surveillance, the AMA ethical code broadened to acknowledge a duty to the community in general.17

Just as doctors might disclose information to protect family and community, so, too, might health departments.13 When deemed appropriate, health officials released the names and addresses of those with contagious diseases in order to fulfill a duty to warn the public.3 In the instances of acute infectious diseases like diphtheria and smallpox, officials placarded the homes of the infected. During polio outbreaks, for example, health officials published daily lists in the local newspapers of the names and addresses of individuals afflicted with acute infections.18

The tradition of research

It was where the origins and means of spread of a disease remained unknown that a tradition of disease notification for research or statistical purposes developed. Perhaps the signature disease whose etiology was poorly understood was cancer.19 Cancer registries, which developed in the 1940s, represent the most sustained relationship between public health surveillance and research.

In the 1950s, Alexander Langmuir—a seminal figure in the conceptualization of the role of surveillance—sought to distinguish between individual-level surveillance and that which sought to use an array of data, sometimes but not always including names, to monitor the incidence and prevalence of diseases.20 The immediate purpose was not always to intervene directly with individuals but was, rather, to understand the underlying dynamics of morbidity and mortality so that ultimately individual or even population-level efforts could improve the public's health.

In some instances, two traditions—surveillance for the sake of intervention and surveillance for the sake of scientific knowledge—have become highly integrated. When in the 1960s Virginia Apgar called for a national registry of birth defects, she envisioned a highly integrated registry with no limitations on access.21 Although Apagar's dream was never quite realized, like many of the states that developed registries in the 1980s and 1990s, the Massachusetts Department of Public Health argued that, “The goal … should be to integrate birth defects surveillance into maternal and child health programs and activities in order to create a seamless system of data collection, analysis, research, and follow-up interventions.”22

The traditions challenged

But public health surveillance, it is important to stress, developed in a medical and public health culture that was both paternalistic and authoritarian. Little explicit consideration was given to the ethical foundations of public health decision-making for much of the 20th century. In the 1960s and 1970s, autonomy-centered values began to dominate biomedical research and the clinical relationship.23 It was in this context that some patients demanded public health surveillance and the protections or services that might follow from it and others opposed surveillance as a threat to individual rights.24 While the AIDS epidemic provided the occasion for the most sustained challenges to the collection and use of identifiable data, concerns regarding surveillance precede the AIDS epidemic and extend beyond it. Controversies have been animated by deep differences between those who believe that the mandate of public health warrants the extensive use of identifiable data and those whose conception of privacy and individual rights requires the imposition of strict limitations.

CONTEMPORARY CONTROVERSIES RELATED TO DATA USE AND DISCLOSURE

Using data for case management

In an effort to minimize opposition to HIV reporting, some public health officials have chosen to limit the use of identifiable data to epidemiological purposes only—determining the magnitude of population health problems, mapping the spread of the diseases, understanding patterns of contagion—rather than using data to support case management or partner counseling and referral.25 Others argue that intervention should be a primary use and it is the failure to act that must be justified (personal communication, National HIV/AIDS Surveillance Workshop, 2004 Jun 21–25; Atlanta, GA). In 2005 and 2006, for example, the New York City Department of Health and Mental Hygiene proposed extending lab-based reporting and clinical intervention to diabetes and HIV. In the case of diabetes, the department proposed to inform both patients and physicians when lab results indicated poor control over diabetes.26,27 In the case of HIV, concern about the clinical management of poor patients without consistent care has motivated an effort to allow health officials to extend the uses of surveillance data, which have been limited to contact tracing and partner notification.28 In both instances, the health department sought to extend public health into the clinical domain.29

Sharing data within and among public health agencies

Privacy advocates have challenged the prerogative of public health officials to share data even within the same agency. Some program officials also object to the sharing of highly sensitive data. Their claim is that sensitive health information demands strict privacy. For example, some HIV/AIDS surveillance programs maintain that data may only be used for epidemiological monitoring purposes. Data may never be shared outside HIV surveillance programs even within the same public health agency and they may never be used for public health interventions such as partner notification or case management. Indeed, some agencies have erected protective walls around HIV/AIDS registries and prohibit the linkage of HIV/AIDS data with tuberculosis data.30

Although health threats are rarely confined within arbitrary geographic borders, far more controversial has been interjurisdictional data sharing—i.e., sharing identifiable information with other state or local health departments. Underscoring the fierce contests over the question of interjurisdictional exchange of health data, AIDS advocacy organizations maintained, “We have always believed that inter-agency transfers of data should be regarded as ′disclosures' of information, with a requirement of informed consent except in narrowly limited circumstances.”31 In contrast, the Council of State and Territorial Epidemiologists (CSTE), an association of public health professionals, supports the routine interjurisdictional sharing of HIV case data to resolve duplicate case counts across states and maintain the quality of local and national HIV surveillance data.32 Although some might argue that AIDS represents an exception rather than the norm, these concerns are not limited to those involved in AIDS-related work. Those engaged in occupational and environmental surveillance, for example, have expressed “serious reservations about a presumption that permits data sharing among agencies, even when justified by a ′legitimate public health purpose.' … Programs should not be forced to share data if they have legitimate concerns about how others would use it/protect it.”33

Even greater concern arises at the prospect that state health departments would forward identifiable information to a centralized national disease registry. Proposals for a national immunization registry for infants and children were derailed amid a firestorm of political protest in the early 1990s. Instead there has emerged a mix of state and local registries reflective of compromises.34 Likewise, in the early 1980s, an effort to require states to send full name-linked AIDS case reports to the CDC provoked intense opposition. In the end, the CDC was compelled to accept a reporting system where names are not forwarded to CDC. In the resulting system, state and local health departments retain the names of individuals reported with HIV and AIDS, which enables collection of epidemiologic information and de-duplication of data at the local level. Names are removed before encrypted data are forwarded to CDC.35

Public disclosures

In the last decades of the 20th century, the tradition of disclosing the names of those with communicable diseases, at least in major newspapers, all but vanished.3 Changing patterns of morbidity as well as the emergence of strict norms of confidentiality were central to this transformation. It is within such context that controversy has arisen over when, if ever, health departments may disclose identifiable information to the public or public agencies.

Contemporary decisions about whether to reveal the identity of those with disease who posed a public health threat have turned on assessments of the risk to the community. In Texas, in response to a 1993 investigation of a case of fatal hantavirus, state health officials refused to disclose the name of an infected individual to the local media.36,37 A 1999 case of meningitis in a Maryland school was not sufficient for the County's Director of Community and Environmental Health to identify the student by name. The official, however, suggested that had more people been at risk for contracting the disease, it may have been deemed appropriate to identify the infected student by name, even over the objections of her parents.38 Such criteria were met in the case of SARS. In the 2003 outbreak in Toronto, the names of the first two cases, a mother and son, were released to the press for the purpose of identifying and advising people who might have had contact with them.39

Disclosure of data on lead poisoning in children collected by state health departments could potentially affect many people in the community. In some cities and states, addresses where lead cases have occurred are considered part of the public record. The Raleigh News & Observer recently requested North Carolina's entire blood lead surveillance database. The health department, in accordance with its policy, agreed to redact the names and share the data. But other locales, concerned that such data could lead to the public identification of affected children, do not disclose this information. Still others strike a kind of balance in the interests of warning the public: for example, although the health department will not release all address data, the Rhode Island legislature now requires the state department of health to keep a public list of high-risk rental properties where multiple children have been reported with elevated blood lead levels.4042

In the history of the AIDS epidemic, there were efforts to use public health records in ways that could not be justified by the nature of HIV transmission. For example, Missouri sought to compare its AIDS registry with a list of public school teachers. The CDC warned that such a use was inconsistent with the cooperative agreement governing surveillance data.43 More complex was the question of whether HIV/AIDS registries could be used to prevent infected health care workers from undertaking invasive procedures where there was a theoretical risk of blood-borne transmission.44 The question of whether such risks provided a justification for limits on practice informed the debate about the registry use.

Although health officials explicitly sought court permission, more controversial, still, was the question of when, if ever, public health records should be disclosed for public purposes unrelated to health, such as homeland security, law enforcement, immigration, or social welfare. Where public health officials become aware of a threat, they may have no alternative but to call upon the police to intervene to enforce the public health mandate, such as the prevention of an imminent threat of infectious disease. Nushawn Williams, an HIV-infected man, represents the most well known contemporary example of a health department decision to disclose the name of an individual to law enforcement officials. In this instance, county health officials sought court permission to reveal his name to the police based on evidence that he had intentionally exposed a number of teenage girls to HIV infection.45 After the police located him in prison, health officials then asked for and received permission from the court to publish his name and picture to alert those who might have been at risk.46,47

Far different are occasions when those charged with law enforcement, immigration control, or the social welfare system seek to obtain and use public health data to fulfill their own functions. They may argue that public security and fidelity to law are just as important as public health. For example, sharing the names of all reported cases of anthrax during a bioterrorist attack might help law enforcement identify those who disseminated the spores and bring them to justice. In the case of HIV, health officials have been ordered to release registry data in prosecutions involving sexual assault or criminal transmission. In Iowa, for example, the law allows for courts to subpoena HIV test results, though not information related to counseling. This creates a tension for public health personnel who are called upon to disclose otherwise confidential information.48 On the one hand, such cases reach the courts because of the limits of counseling, testing, and partner notification programs in persuading some individuals to either modify their own behavior or inform sexual or needle-sharing partners of the risk. But on the other hand, such court-ordered disclosures could do irreparable damage to surveillance activities predicated on the widely held assumption that case reporting may only be used to protect the public health. Because information can often be subpoenaed from other sources, such as medical records, without risking a breach of the public health surveillance system, public health advocates have often insisted on an unbreachable wall of separation.

Research

Health departments routinely follow up on name-based case reports with investigations necessary to elucidate patterns of morbidity and mortality as a prerequisite to intervention. Such follow-up typically takes place in systematic surveillance, outbreak investigations, program evaluations, and quality assurance efforts. Such investigations are integral to the very notion of epidemiology, public health, and the management of clinical care. Yet, in a context where research has been defined by federal regulation, some of these activities have, at times, been construed to be human subjects research requiring ethical oversight. In some instances, it is clear that the activities do represent human subjects research. In many others, the boundary between research and practice has been exceedingly difficult to draw and remains hotly contested.49

When concerns about privacy of cancer registries surfaced in the late 1990s, the central and uncontested argument for preserving tumor notification was the importance of securing the research enterprise.50,51 In the context of HIV/AIDS, the use of registries for public health research has been challenged. For example, Maryland chose not to participate in a CDC study to use its AIDS case registry for follow-up contact designed to investigate the potential impact of name-based HIV reporting on testing behavior. In the context of drafting the Model Public Health Privacy Act, the use of registry data for even epidemiological research was questioned.52 Here privacy advocates wanted nothing less than what the executive director of AIDS Action described as a “firewall between the health departments and people living with AIDS,” which would apply to all uses, including research.53 Lambda Legal Defense fund, for example, initially insisted that because registry data are collected without consent, “a total ban on unconsented research disclosures is appropriate.”31 In Philadelphia, however, although advocates questioned the use of the AIDS registry for research, local public health officials and the CDC supported the supplemental surveillance activity as an appropriate public health activity with necessary human subject approval and oversight.49,54 But even those who argue strongly for the use of surveillance data as a foundation for further investigation acknowledge the existence of the gray borderland between research, with its demands for ethical oversight, and public health practice.49

Data releases

Public health departments routinely distribute aggregate or population-level data drawn from individual case reports. The disclosure of such data does not violate privacy. At the national level, CDC provides aggregate HIV data through a variety of sources to the public including a public-use dataset. CDC programs follow strict policies on the sharing and release of data provided by state health departments to CDC to protect data confidentiality.55,56 But the public sometimes feels an urgent need to have access not simply to aggregated data, but to de-identified or coded datasets in order to assess the hazards to which communities might be exposed.

In New York, a citizen's group sought disaggregated individual data that, while stripped of names and street addresses, included patients' age, zip code, diagnosis, and date of death from the state's cancer registry because of concerns of a cluster of cases in a distinct geographic area. The health department denied the request because, using the Social Security death index available via the Internet, the information could be used to identify individuals in the registry.57 Such a refusal was subject to adjudication in Illinois. An appellate court addressed the conflict between the obligation to inform the public through de-identified data releases and privacy. The court acceded to a newspaper's Freedom of Information Act request for cancer registry incidence data by zip code, type of cancer, and date of diagnosis. The court, over the objection of the state health department, held that the request was consistent with the purpose of surveillance under the Cancer Registry Act, “to monitor incidence trends of cancer and to inform citizens about the risks, early detection, and treatment of cancers whose incidence is known to be elevated in their communities.”58 The court agreed to the release of data, despite the fact that a computer expert had been able to identify individuals from the dataset.59,60

A CODE OF RESTRAINT FOR AFFIRMATIVE DUTIES

Unlike the field of bioethics, which, over the past three decades, has reached consensus on the principles that ought to guide clinical practice and human subjects research, there is no broadly accepted ethical framework for public health at this juncture. What exists, however, is a recognition that the priority of protecting communal well-being must be subject to some limits involving the rights of individuals and the fair distribution of burdens. Nancy Kass, for example, has argued that an ethical framework for public health might best be viewed “as a code of restraint, a code to preserve fairly and appropriately the negative rights of citizens to noninterference” against an affirmative duty to protect and improve the public's health.12 Precisely how to strike the balance among competing claims remains a matter of disagreement. But asserting that there is no inherent tension between the claims of individual privacy and the requirements of public health practice does more to obfuscate than to illuminate difficult choices that public health officials must make.

Data uses

There may be ethical justifications for challenging the acquisition of identifiable data in a given situation. Further, there may well be political and pragmatic reasons for observing some limits on data uses. But once the data are in hand it is the failure to use those data for public health purposes that must be justified. As Childress and colleagues argue, “general moral considerations … provide a prima facie warrant for many activities in pursuit of the goal of public health.”5

Such uses may encompass not only inclusion in research but also direct interventions such as partner notification; isolation and quarantine, where appropriate given the nature of the threat and the existence of adequate procedural protections; triggering occupational or environmental health investigations; notifying parents or physicians about lapses in childhood immunization; or even more comprehensive care management. In the specific case of human subjects research, investigations involving identifiable public health data require compliance with the Common Rule—the federal regulations for protecting human research subjects that have been commonly codified by 15 federal agencies—and review by an institutional review board (IRB).9

Data sharing within and among public health agencies and the conduct of research.

Both the history of, and moral justifications for, public health practice provide a strong basis for data sharing within and among health departments. Moral considerations, which include respect for privacy, as well as historical and legal standards demand that strict norms of privacy must govern the sharing of data. But because extensive sharing always involves a theoretical risk of breaches of privacy, shared data should be de-identified or anonymized unless such efforts will compromise public health practice. When names are sought, it is imperative to ensure that they are justified by a strong public health purpose and that privacy is safeguarded. Thus, those receiving identifiable data should have equivalent confidentiality and security standards in place.

Data releases.

Very different are the instances of data releases, which most fundamentally involve balancing the ethical principles of privacy, out of respect for persons, against either beneficence, the charge to do more good than harm, or social justice, which requires the fair distribution of burdens and benefits. In the instances of releasing data to the public or agencies outside of public health, whether it is identified or de-identified, resolving the tension between these different principles rides heavily on the specifics of each case. Thus, the effort to subject public health practice to ethical analysis does not rest on establishing a hierarchy of ethical principles. It requires that we “assign weight” to the relevant ethical principles “in the context of particular policies, practices, and actions, in order to provide concrete moral guidance.”5 The process of making such assignments is not mechanical but rather will involve systematic, careful, and reflective deliberation that considers but is not straight-jacketed by the history of decision-making in similar cases.

Although the specifics of each individual case must still weigh heavily in these determinations, one way to begin to parse the issues is to consider different kinds of data releases: the release of aggregate data to the public; the release of de-identified data regarding a group of individuals where there remains some risk of individual reidentification; the release of data related to specific individuals to the public; and the release of individual-level data to agencies outside public health such as law enforcement.

Aggregate data releases.

The mandate to use and make available surveillance data to ensure that it will in fact serve the interests of the public in securing and maintaining the well-being of populations are obligations grounded in both beneficence and justice. But just as beneficence and justice may require the use of data to limit threats to the public's health, they also demand the minimization and fair distribution of the burdens that may emerge when vulnerable populations are identified as being at increased risk. Such burdens may include “suffering, stigmatization, prejudice, loss of prestige or self-esteem, or economic loss.”61 Nonetheless, it is those very populations that may potentially benefit as a result of being identified as bearing a disproportionate burden of disease.

If beneficence demands that we do more good than harm, it also demands a kind of risk management: that we maximize potential benefits and attempt to minimize both the potential harms of surveillance and the burden of disease by acting on those data. Thus, when the communication of surveillance data may injure the vulnerable population it is intended to serve, every effort must be made to minimize such risks. There may be no way of avoiding the fact that some communication may be experienced by vulnerable populations as injurious. That does not mean, however, that aggregate data should not be released or that it may be censored. Direct communication with the groups involved and the utilization of transparent procedures could play a crucial, ameliorative role in this regard. It is only the commitment to utilizing public health data to benefit such vulnerable groups that permits its release even if there may be short-term harms. Thus, both beneficence and justice require that sensitive information be interpreted and explained in a manner protective of those at risk and communicated with discretion.

Release of de-identified datasets.

Health officials must take care that when distributing aggregate or population-level data that it is not possible to identify individuals. But data release can never be risk free. Risks, however, vary, and while considerable in some cases they can be more remote in others. Thus, beneficence and justice must be balanced by the right of individuals to control or limit access to their personal information—their right to privacy. Therefore, health officials must consider the circumstances attendant to each request and weigh the magnitude of the risk to individuals against the public's interest in having access to data to identify health risks or advocate for resources or policy initiatives. Where de-identified data release is deemed unacceptable because of the threat to privacy, health departments bear the burden of undertaking the analysis that would assist local communities in understanding the extent to which they are at increased risk.

Disclosures to the public.

In some instances, individual identification is, in fact, either the goal or the inevitable consequence of data release, as in the cases of meningitis, hantavirus, and lead contamination discussed here. If alternative warnings or approaches can accomplish the public health goal, the right to privacy makes the release of identifiable information ethically unjustifiable. Respect for persons, then, requires that health officials use the least intrusive measures available to accomplish the goal of protecting the public. Although not inconceivable, a scenario in which the confluence of particular circumstances and the clinical aspects of a disease would warrant the public identification of individuals would be rare, as we have noted in the case of SARS. How contested such disclosures can be is underscored by the Williams case in New York.

Disclosures to non-public health agencies.

The principles of respect for persons and justice, which have at their core both the notion of procedural and substantive fairness, limit the uses of data collected under the auspices of public health. Public health data acquired without consent pursuant to public health goals represent information that in other social domains might be provided under far more restrictive circumstances—e.g., where there exists a right to remain silent or an obligation to obtain an explicit court order to compel disclosure. To use data collected under the auspices of public health for non-health ends would short-circuit the limitations imposed in other domains.

The principle of beneficence dictates extreme caution when attempts are made to use identifiable public health data for non-public health purposes. Yet it does not preclude all such efforts. It suggests, rather, that the prohibition against data sharing with non-public health agencies such as law enforcement can only be overcome in compelling circumstances involving significant risks of harm to others or to the public's health more generally. Further, such disclosure should only occur when the public health agency itself cannot address or eliminate the threat. Very rarely will such criteria be met. Narrowly defined legal guidelines and strict judicial oversight should govern any such disclosures. But, as the Iowa example underscores, neither juridical oversight nor the crafting of legal guidelines obviate the need for continued ethical scrutiny.

The Figure summarizes a code of restraint for using identifiable public health data.

Figure.

Figure

Open in a new tab

Code of restraint for using identifiable data to achieve affirmative public health duties

CONCLUSION

For much of the 20th century, as public health agencies made use of identifiable data to control morbidity and mortality, the ethical balances struck were rarely the subject of public discussion beyond those of public health officials or outside the development of public health laws or sanitation codes. We now acknowledge that professional and political decisions about data uses must pay heed to ethical considerations and involve a broad range of stakeholders. The mission of public health to safeguard the common good needs to be recognized but subjected to some limits by the right of individuals to a sphere of privacy. Judging the acceptability of public health means and ends is a complex matter at the intersection of ethics, law, and policy. Pragmatic and political considerations may play a defining role. Negotiation and compromise may produce outcomes that reflect the interests of different groups. But these compromises must also be the subjects of ethical scrutiny. Finding the appropriate mechanisms to assure explicit, systematic evaluation based on ethical principles as we make and review decisions regarding the uses of identifiable public health data remains the challenge ahead.

Acknowledgments

The authors acknowledge the contributions of participants in several consultations held by the CDC's Division of HIV/AIDS Prevention in shaping this article.

REFERENCES

  • 1. Whalen v. Roe, 429 U.S. 589 (1977) [PubMed]
  • 2.Department of Health and Human Services (US) Office of Civil Rights—HIPAA. Medical privacy—national standards to protect the privacy of personal health information. [cited 2006 Sep 7]; Available from: URL: http://www.hhs.gov/ocr/hipaa/finalreg.html.
  • 3.Fairchild AL, Bayer R, Colgrove J, Wolfe D. Berkeley: University of California Press; 2006. Searching eyes: privacy, the state, and disease surveillance in America. In press. [Google Scholar]
  • 4.Gostin LO, Hodge JG, Valdiserri RO. Informational privacy and the public's health: the Model State Public Health Privacy Act. Am J Pub Health. 2001;91:1388–92. doi: 10.2105/ajph.91.9.1388. [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 5.Childress JF, Faden RR, Gaare RD, Gostin LO, Kahn J, Bonnie RJ, et al. Public health ethics: mapping the terrain. J Law Med Ethics. 2002;30:170–8. doi: 10.1111/j.1748-720x.2002.tb00384.x. [DOI] [PubMed] [Google Scholar]
  • 6.Public Health Leadership Society. New Orleans: Public Health Leadership Society; 2002. [cited 2006 Sep 7]. Principles of the ethical practice of public health. Version 2.2. Available from: URL: http://www.phls.org/docs/PHLSethicsbrochure.pdf. [Google Scholar]
  • 7.Callahan D, Jennings B. Ethics and public health: forging a strong relationship. Am J Pub Health. 2002;92:169–76. doi: 10.2105/ajph.92.2.169. [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 8.Rothman DJ. New York: Basic Books; 1991. Strangers at the bedside: a history of how law and bioethics transformed medical decision making. [Google Scholar]
  • 9.Protection of Human Subjects. 1991 45 CFR 46. [Google Scholar]
  • 10.World Health Organization. Geneva: WHO; 1968. May, Report of the technical discussions at the Twenty-First World Health Assembly on National and Global Surveillance of Communicable Diseases. A21/Technical Discussions/5. [Google Scholar]
  • 11.Centers for Disease Control and Prevention (US) Atlanta: CDC; 1986. Aug, Comprehensive plan for epidemiologic surveillance. [Google Scholar]
  • 12.Kass NE. An ethics framework for public health. Am J Pub Health. 2001;91:1776–82. doi: 10.2105/ajph.91.11.1776. [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 13.Biggs H. The public health. Monthly Bulletin of the Department of Health of the City of New York. 1913 Jun;3(6):150. [Google Scholar]
  • 14.Tuberculosis and boards of health. New York Medical Journal. 1894:59. [Google Scholar]
  • 15.New York City Department of Health. New York: 1895. Annual report of the Department of Health of the City of New York for the calendar year 1894. [Google Scholar]
  • 16.Billings JS. The registration and sanitary supervision of pulmonary tuberculosis in New York City. Department of Health of the City of New York monograph series. 1912;1:39. [Google Scholar]
  • 17.Gellman RM. Prescribing privacy: the uncertain role of the physician in the protection of patient privacy. North Carolina Law Review. 1984;62:255–94. [PubMed] [Google Scholar]
  • 18.Haven E. A monograph on the epidemic of poliomyelitis [infantile paralysis] in New York City in 1916. 1917 Based on the official reports of the bureaus of the Department of Health New York. [Google Scholar]
  • 19.A model state law for morbidity reports. Public Health Rep. 1913;38:1323–9. [PubMed] [Google Scholar]
  • 20.Langmuir AD. The surveillance of communicable diseases of national importance. N Engl J Med. 1963;268:182–92. doi: 10.1056/NEJM196301242680405. [DOI] [PubMed] [Google Scholar]
  • 21.The National Foundation. White Plains (NY): March of Dimes; 1965. Aug 11, Memorandum to Mr. Joseph F. Nee from Virginia Apgar. [Google Scholar]
  • 22.Walker DK. Integrating birth defects surveillance in maternal and child health at the state level. Teratology. 2000;61:4–8. doi: 10.1002/(SICI)1096-9926(200001/02)61:1/2<4::AID-TERA2>3.0.CO;2-P. [DOI] [PubMed] [Google Scholar]
  • 23.Bayer R, Fairchild AL. The genesis of public health ethics. Bioethics. 2004;18:473–92. doi: 10.1111/j.1467-8519.2004.00412.x. [DOI] [PubMed] [Google Scholar]
  • 24.Fairchild AL. The democratization of privacy: public health surveillance changing conceptions of privacy in the twentieth century. In: Stevens RA, Rosenberg CE, Burns LR, editors. Health care history and policy in the United States. Berkeley (CA): University of California Press; 2006. In press. [Google Scholar]
  • 25.CDC (US) Draft guidelines for national HIV case surveillance, including monitoring for HIV infection and AIDS. Summary of comments from 37 health departments. 1999 On file with authors. [Google Scholar]
  • 26.Stein R. New York City starts to monitor diabetes. The Washington Post. 2005. Jan 11, p. 03. Sect. A:
  • 27.Brewin B. NYC wants to track 530,000 diabetics. [cited 2006 Sep 10];Federal Computer Week. 2005 Jul 13; Available from: URL: http://www.govhealthit.com/article89548-07-13-05-Web.
  • 28.Santora M. Overhaul urged for laws on AIDS tests and data. The New York Times. 2006. Feb 2, p. 1. Sect. B.
  • 29.Frieden TR, Das-Douglas M, Kellerman SE, Henning KJ. Applying public health principles to the HIV epidemic. N Engl J Med. 2005 Dec 1;353:2397–402. doi: 10.1056/NEJMsb053133. [DOI] [PubMed] [Google Scholar]
  • 30.Council of State and Territorial Epidemiologists. Position statement 1995-2. Reporting HIV and TB comorbidity. [cited 2006 Sep 7]; Available from: URL: http://www.cste.org/ps/1995/1995-02.htm.
  • 31. Letter from Stephen Scarborough, Staff Attorney, Lambda Legal Defense and Education Fund, Inc., to Lawrence O. Gostin. 1999 Feb 24 Letter on file with authors.
  • 32.Council of State and Territorial Epidemiologists (CSTE) Resolution 01-ID-04 Reciprocal (Inter-state) Notification of HIV cases. 2001 Resolution on file with authors. [Google Scholar]
  • 33. Comments to CDC on draft 5 of guidelines for public health data uses. 2004 Mar 13. On file with authors.
  • 34.Joint Hearing Before the Committee on Labor and Human Resources. United States Senate and the Subcommittee on Health and the Environment of the Committee on Energy and Commerce. 1993 Apr 21; 103rd Cong., 1st Session. [Google Scholar]
  • 35.Nakashima AK, Fleming PL. HIV/AIDS surveillance in the United States, 1981–2001. J Acquir Immune Defic Syndr 32. 2003;(Suppl 1):S68–85. [PubMed] [Google Scholar]
  • 36.Sorelle R. Disease sleuths try to track down deadly virus. The Houston Chronicle. 1993. Aug 30, p. 7. Sect. D.
  • 37.Crenson M. Rodent suspected of carrying ailment not found in cities; rural trips pose little risk of disease, experts say. The Dallas Morning News. 1993. Jul 7, p. 14. Sect. A.
  • 38.Ly P. Meningitis suspected in teacher's death; Manassas Park officials say students, staff at middle school face little danger. The Washington Post. 1999. Sep 30, p. 2. Sect. B.
  • 39.Altman LK, Bradsher K. Mysterious respiratory illness afflicts hundreds globally. The New York Times. 2003. Mar 15, p. 05. Sect. A.
  • 40.Rhode Island Department of Health. [cited 2006 Sep 8];Lead Poisoning Act Prevention List. Available from: URL: http://lead.health.ri.gov.
  • 41.Patrick MacRoy. (Epidemiologist, Chicago Department of Public Health). 2005. Jul 1, e-mail communication.
  • 42.MacRoy P. In search of safe housing: blood lead levels of past occupants as an indicator of present lead safety. 2001 May 1; Available from: URL: http://envstudies.brown.edu/Dept/thesis/master00_01/Patrick_MacRoy.htm.
  • 43.1996. Nov 14, Letter from CDC to Health Department, Missouri. Letter on file with authors.
  • 44.Gostin LO. A proposed national policy on health care workers living with HIV/AIDS and other blood-borne pathogens. JAMA. 2000;284:1965–70. doi: 10.1001/jama.284.15.1965. [DOI] [PubMed] [Google Scholar]
  • 45.Beebe M. Williams case spurs calls for changes in law. The Buffalo News. 1999. Apr 6, p. B. Sect. 1.
  • 46.Frey J. Nushawn's girls. The Washington Post. 1999. Jun 1, p. 1. Sect. C.
  • 47.Davis HL, Zremski J. Use of drugs, rough sex eyed for role in outbreak. The Buffalo News. 1997. Nov 2, p. A. Sect. 1.
  • 48.Kim Seung Min. Alleged victim testifies in HIV trial. The Daily Iowan. 2004. Feb 10, Sect. Metro.
  • 49.Fairchild AL. Dealing with Humpty Dumpty: research, practice, and the ethics of public health surveillance. J Law Med Ethics. 2003;31:615–23. doi: 10.1111/j.1748-720x.2003.tb00129.x. [DOI] [PubMed] [Google Scholar]
  • 50.National Cancer Institute. Confidentiality, data security, and cancer research: perspectives from the National Cancer Institute. [cited 2006 Sep 10]; Available from: URL: http://www3.cancer.gov/confidentiality.html.
  • 51.North American Association of Central Cancer Registries. Policy statement 99-01: confidentiality. 1997 Nov 17; Statement on file with authors. [Google Scholar]
  • 52. Letter from Stephen R. Scarborough, Lambda Legal Defense and Education Fund, Inc., to Gostin. 1998 Dec 30. Letter on file with authors.
  • 53. Letter from Daniel Zingale, Executive Director, AIDS Action, to Lawrence O. Gostin. 1999 Mar 16. Letter on file with authors.
  • 54. City AIDS registry used for research studies. Philadelphia Gay News 2004 May 28–Jun 4; 28(22)
  • 55.CDC (US) AIDS public information data set. [cited 2006 Sep 8];2000 Dec; Available from: URL: http://www.cdc.gov/hiv/software/apids/apidsman.htm.
  • 56.CDC-CSTE Intergovernmental data release guidelines working group (DRGWG) report: CDC-ATSDR Data release guidelines and procedures for re-release of state-provided data. [cited 2006 Sep 8];2005 Jan 24; Available from: URL: http://www.cdc.gov/od/foia/policies/drgwg.pdf.
  • 57. Hassig v. N.Y. State Department of Health, 294 A.D.2d 781 (2002)
  • 58. Southern Illinoisan v. Department of Public Health 139 Ill. App. 3d 979 (2001)
  • 59. Southern Illinoisan v. Department of Public Health, 349 Ill. App. 3d 431 (2004)
  • 60. Southern Illinoisan v. The Illinois Department of Public Health 218 Ill.2d 390 (2006)
  • 61.Council for International Organizations of Medical Sciences. Geneva: CIOMS; 1991. [cited 2006 Sep 10]. International guidelines for ethical review of epidiological studies. Guidelines 19 and 21. Also available from: URL: http://www.cdc.gov/OD/ads/intlgui3.htm. [Google Scholar]

Articles from Public Health Reports are provided here courtesy of SAGE Publications

RESOURCES