Considering a cross-sector public health project? Know your data laws, experts say

Fragmented data laws are preventing public health from getting to the next level, one speaker said. (Getty Images/the-lightwriter)

PHOENIX—Laws that govern the use of data protection in public health are a fragmented “patchwork,” making it difficult for advocates and policymakers to leverage data effectively to address public health problems, according to a pair of public health legal analysts.

The public health realm can utilize many types of data, such as social services or law enforcement data, in addition to health data, said Jennifer Bernstein, a staff attorney with the Network for Public Health Law.

But “there’s a whole scheme of federal laws,” as well as “an overlay of state law,” that govern the use of all sorts of personal information, she noted.

Free Daily Newsletter

Like this story? Subscribe to FierceHealthcare!

The healthcare sector remains in flux as policy, regulation, technology and trends shape the market. FierceHealthcare subscribers rely on our suite of newsletters as their must-read source for the latest news, analysis and data impacting their world. Sign up today to get healthcare news and updates delivered to your inbox and read on the go.

As a result, there is no unified framework for public health data, said Cason Schmit, a professor at Texas A&M University. Some laws contain “squishy definitions” of identifiable data. Others lead to inconsistencies from one state to another.

RELATED: Data sharing is the backbone to community-based population health efforts

These issues create confusion and uncertainty—and “a substantial, if not a primary barrier to us leveraging cross-sectoral data,” Schmit said.

“In the age of big data, where merging datasets [and] linking records is the frontier to allow us to test different things, this is really a substantial barrier to public health going to the next level,” he added.

In addition, some entities incorrectly believe they are legally prohibited from using certain types of identifiable data. But working with de-identified data can make it difficult to learn more about public health problems and address social determinants of health.

RELATED: JAMA study examines variation in type, extent of health data breaches over time

As Bernstein said, “the challenge is really understanding which laws apply to the collaboration and the data collection you want to do, knowing that law governs pretty much everything that you’re going to be doing.”

It’s also important to understand how multiple laws apply together, Schmit added. But the fragmented nature of data protection laws can make that a difficult task. 

As tech giants see more scrutiny from the federal government and the general for mismanaging data, Schmit said there may be an opportunity to rethink public health data sharing.

"We are seeing the opening of a window of political opportunity to…get a patch on this incoherent quilt [or] scrap the quilt and build something better, something more coherent.”