Public Health and Information Sharing Toolkit


Public Health and Information Sharing Toolkit banner

Public Health and Information Sharing Key Issues & Concepts

Executive Overview

This document provides a brief overview of important issues and concepts related to public health agencies' authority to collect, use, and share information to prepare and respond to a public health emergency. Additional details on these and other concepts are contained in other fact sheets and issue briefs in the ASTHO Public Health & Information Sharing Toolkit. (Download a printable PDF.)

Public Health Authority and Information

Public health agencies must collect, use and share information to prevent disease and injury, as well as protect the public against natural, accidental, and intentional health threats. For this reason, "information sharing" is one of the 15 capabilities for national public health preparedness standards that CDC developed to assist state and local public health departments in their strategic planning.  Public health agencies often need information that is personal or sensitive in nature. This may include information that identifies an individual, contains business proprietary information, or reveals critical infrastructure information or other details related to national and state security. Public health agencies need to understand their authority and limitations for information sharing activities.

Collection and Use

Public health agencies have broad authority to require reporting and access to information for public health purposes. However, this authority is not absolute. State or federal laws may limit public health's authority to request certain information or prohibit data providers (such as healthcare providers, schools, and others) from releasing information. At times, data providers may deny access to identifiable information because they misunderstand privacy laws that allow exceptions for public health. This means that public health agencies must understand the scope of their authority and be able to explain this authority to reluctant data providers. Individual rights-established by the United States Constitution or a state's constitution-may limit public health authority. Individuals and businesses often give consent for public health investigators to enter and search their premises, copy records, take specimens or samples for testing, and remove evidence that might be relevant to a public health concern. However, absent consent or another exception, under the Fourth Amendment, public health agencies must comply with U.S. constitutional requirements by obtaining an administrative warrant to search someone's premises or seize their property. Public health threats that may involve criminal activities present special challenges because of strict legal constraints that apply to collecting evidence for criminal prosecutions. To satisfy legal constraints and promote effective working relationships, public health agencies and law enforcement may benefit from joint investigative training and development of protocols.


Broad authority to collect and use information for public health purposes means a concomitant duty to protect the privacy of identifiable information. This duty may be statutory, regulatory, or ethical. Regardless of the source, it is essential to ensure the public's trust and protect individuals from embarrassment, stigma, and discrimination that may result from disclosing personal information. However, some information sharing is necessary. Public health agencies must often decide whether to share identifiable information with other public or private sector entities that have a role in protecting or providing for the public's health or safety. There may be rare but compelling circumstances where it is necessary to disclose identifiable information to protect the public. State laws vary in addressing privacy concerns and the scope of permissible sharing. They also vary when information must be disclosed, for example, in response to a request for information under a state's freedom of information or public records law (FOI laws).


FOI laws require that governmental agencies provide records upon request unless an exemption applies. This general policy of public disclosure may prove problematic when records contain personal or sensitive information, or preliminary or incomplete findings. Public health agencies need to understand the requirements under their states' FOI laws and specific exemptions that they may use to protect information when necessary.


Note: This document was compiled from April–November 2012 and reflects the laws and programs current then. It reflects only portions of the laws relevant to public health emergencies and is not intended to be exhaustive of all relevant legal authority. This resource is for informational purposes only and is not intended as a substitute for professional legal or other advice. The document was funded by CDC Award No. 1U38HM000454 to the Association of State and Territorial Health Officials; Subcontractor Subcontractor University of Michigan School of Public Health, Network for Public Health Law – Mid-States Region.