Data Collection and Exchange: The Foundation of Public Health

December 10, 2023

Introduction

Over the last year, data interoperability and data security were a significant area of focus for public health agencies at the local, state and territorial, and federal levels. The collection, storage, use, and sharing of public health information remains at the forefront of discussions about how best to fund and modernize our nation’s public health system.

During the 2023 session, state legislatures again focused on issues around data privacy—paying particular attention to consumer health data privacy—and continued to explore how health information exchanges can assist health agencies and our healthcare delivery system build necessary efficiencies. In addition to the familiar topics addressed in 2022, the 2023 legislative session saw significant focus on state-managed vital records systems seeking to better collect and access these records.

Legislative Trends

Data Access and Privacy

The 2023 legislative session was big for consumer health data privacy across state legislatures, covering data collected by third party apps, mobile devices, and fitness trackers. Along with Washington state (the “My Health My Data Act,” WA HB 1155), Connecticut (CT SB 3), Maryland (MD HB 812 and MD SB 786), and Nevada (NV SB 370) all enacted laws that provide more protection for consumer health data and require disclosure of any third-party access to consumer health information. Nevada and Connecticut’s bills also specifically prohibit health data geofencing, a location-targeting feature in many mobile apps that uses RFID, Wi-Fi, GPS, or cellular data to trigger targeted advertisements to the device user.

In addition to increasing privacy protections for health data (or, at a minimum, requiring that consumer health information sharing be explicitly disclosed within a privacy policy), at least one state is addressing data sharing between health authorities. Illinois passed the Access to Public Health Data Act (IL HB 2039) this session, which requires the Illinois Departments of Public Health, Human Services, and Department of Children and Family Services to, when requested, provide jurisdiction residents’ public health data to a local public health department for the purposes of preventing or controlling disease, injury, or disability.

Health Information Exchanges

Health information exchanges (HIEs) are a vital partner in data collection and aggregation for public health departments. While they were initially developed to allow streamlined health data connections between different health providers, more health departments are realizing the potential of partnering with HIEs to fill data gaps and to ensure accurate data is conveyed to providers for patient treatment purposes.

Nevada passed a bill (NV AB 7) requiring new regulations governing the electronic exchange of health information and granting certain liability protections to healthcare providers who use an HIE for this exchange. Maryland passed companion bills (MD SB 914 and MD HB 811) collectively known as the Josh Siems Act, which primarily focuses on a new requirement to include fentanyl in hospital drug screenings, but also requires that these deidentified screening results be sent to the Maryland Department of Health via the state-designated HIE. Maryland also passed SB 584, which requires the Maryland Department of Health to collaborate with the state-designated HIE to publish and maintain a website with information related to Parkinson’s disease in preparation for the potential establishment of a state-run Parkinson’s disease registry.

Vital Records

The vital records data landscape can be complex, as it relies on jurisdictions to efficiently collect timely, confidential, and coordinated data. As states attempt to modernize their data systems, at least 14 states (Arkansas, Illinois, Indiana, Kansas, Louisiana, Minnesota, Nebraska, Nevada, New Hampshire, North Dakota, Oregon, Utah, West Virginia, and Wyoming) enacted vital records legislation, and an additional 24 states introduced bills related to vital records office operations, vital record amendments procedures, and live birth sheets. Birth, or live birth, worksheets collect information after the birth of a child to process a birth certificate and enhance the quality of reliable data to improve the health of mothers and newborn infants. For example, New Hampshire enacted SB 105, which changes the required retention period for birth worksheet records from indefinite to seven years.

Additionally, several states took steps to make vital records more accessible to individuals seeking certified copies of their birth certificate. Illinois, Minnesota, Nebraska, Nevada, North Dakota, and West Virgina all passed legislation to waive fees for these vital records requests for specific individuals (e.g. adoption agencies, survivors of domestic violence, and individuals experiencing homelessness). In a similar vein, Oregon passed HB 2420, establishing a workgroup to examine “equitable access to birth and death certificates…and equitable fee revenue to maintain and improve the… vital record system.”

Looking Ahead

ASTHO expects states and territories to continue considering legislation that expands public health access to health data while addressing ongoing privacy concerns. New legislation may:

• Strengthen protections for identifiable health data, particularly consumer health data.
• Increase public health authorities’ ability to access data more directly through systems like health information exchanges.
• Require updates to public health data systems and health information exchanges to increase interoperability, particularly with new data exchange frameworks on the horizon like the Trusted Exchange Framework and Common Agreement (TEFCA).
• Address concerns and expand efficiencies in public health data and artificial intelligence (A.I.) technologies.