[MUSIC] I'm now going to talk about the flow of surveillance data and the associated privacy issues. And I think it's particularly important to understand how data really moves through these different surveillance systems. And what are some of the privacy issues to consider within that data movement. Now, broadly speaking, the data for surveillance systems begins and ends with the public. That is to say that from reports of different illnesses or conditions, those get fed into a surveillance system. Then it is the job of the public health unit to analyze those data, and then to inform health agencies that inform health providers, that then re-inform the public about conditions that are happening in their communities in real time, or as close to real time as possible. So as one can see it really is a natural loop of data, and I think very consistent with the surveillance cycle that was presented to you in a different module by Emily Girly. Where we talked about data being collected, analyzed, interpreted, disseminated, and then intended to inform a policy. Now here I'll give a schematic of surveillance flow within Canada. And I think actually this schematic is consistent with surveillance flow in many different places around the world. An individual feels ill, and that individual seeks medical care from a health professional. The health professional makes a clinical diagnosis of infectious disease. They may send a sample to the lab, and the lab may also make a diagnosis. Now the health professional if it's a notifiable disease as I'll soon talk abou, then has to inform the regional health authority or the public health unit. The regional health authority may take appropriate action such as declaring an outbreak. They may also get that information if a laboratory made a diagnosis of a notifiable disease. The regional health authority and public health unit will then inform the province. If this is happening across multiple jurisdictions of the province, the province may take an appropriate action such as declaring an outbreak. Similarly, those data may have emerged from laboratory data alone. That the laboratory data at the provincial level may have observed patterns of increases in different infectious diseases, that would have resulted in a declaration of an outbreak, even in the absence of clinical diagnosis. Finally, the province has to inform the public health agency of Canada, and that may have happened based on clinical data or laboratory data. And if the public health agency of Canada is noticing this across multiple provinces, it may declare an outbreak across the country. So as one can see the data really starts at the level of the individual, moves to a health professional to a laboratory, to the regional health authority or public health unit, to the province, and eventually to the country. Now the National Electronic Telecommunication System for Surveillance represents an electronic system for the reporting of notifiable diseases across the United States. It is a collaboration between the Council of State and Territorial Epidemiologists and the Centers for Disease Control and Prevention. Now, the list of notifiable diseases is revised at an annual CSTE meeting. And while there's mandated reporting at the state level, there's actually voluntary reporting by the states to the Centers for Disease Control, although all of them now participate in this program. But interestingly and importantly, different diseases are reportable in different states. Public can access these data including through the morbidity and mortality weekly reports or the MMWR, in addition to the National Center for Health Statistics in Hyattsville, Maryland. So here I presented an example of reportable diseases in Virginia, and there are two different levels of reportable diseases. Here you can see conditions presented in both black as well as read. Some of the conditions in red include anthrax, botulism, brucellosis, cholera. Importantly, the ones that are on this list within red writing, have to be reported within 24 hours of either a suspected or confirmed diagnosis, by the most rapid means which can include faxes, emails, phone calls. But that's really because they have high outbreak potential, or high case fatality rates, and really require rapid intervention. The other diseases that are included in black here, those can include HIV and AIDS, campylobacter, chancroid, chicken pox, are reportable, but the timeline for reporting is less likely to be mandated. Now, there are varied data sources for surveillance systems. As I've just talked about, there can be notifiable diseases and laboratory specimens, one can use vital statistics including the national infant mortality surveillance birth and death records. There are registries including hospital discharge summaries hospital records that are actively abstracted. There are cancer and other disease registry systems, including the surveillance, epidemiology, and end results registry. There are also surveys that are population-based surveys including the National Health Interview Survey, NHANES, or the National Health and Nutrition Examination Survey. They're also surveys of providers including the National Hospital Discharge Survey, the National Ambulatory Medical Care Survey. Importantly there are also administrative data systems, including billing systems. And then there are other data sources including a Vaccine Adverse Event Reporting System, the CDC drug service, and others. But it's important to keep in mind that all of those taken together really provide the CDC, and on down including state municipal and other health authorities, the information that they need in their local health authorities to make the decisions that they need to make. But they're also privacy legislations that really dictate and legislate how public health practitioners can use these data. The federal and state privacy laws, including statutes and regulations, have defined protected health information or PHI. Those started with the federal Privacy Act in 1974, that's specified when protected health information can be disclosed without consent. And it really prevents governments from keeping protected health information, unless it's needed to fulfill an agency purpose. The HIPAA Act of 2004 provided more control on the public use of protected health information. And then those are really complemented by state privacy laws that really regulate specific protected health information data recipients, which include public health units, health insurers, among others. And these state privacy laws also defined notifiable diseases. Because as we've talked about, those are diseases that can be reported and will be reported, and are mandated to be reported to health authorities, even in the absence of consent from the individual from whom those samples or that information was taken. Now, I will say that this is a very dynamic area, and the ways and means by which we legislate access to private and protected health information is rapidly changing in the era of big data and digital Data. And it's really requiring us to revamp the ways and means by which we legislate the access to and the use of protected health information. [MUSIC]
