The Centers for Disease Control and Prevention (CDC) and the Agency for Toxic Substances and Disease Registry (ATSDR) are the nation’s principal disease prevention and health promotion agencies. To fulfill their missions, both agencies routinely collect, manage, and interpret scientific data. Although CDC recognizes the value of releasing data quickly and widely, CDC also recognizes the need to maintain high standards for data quality, the need for procedures that ensure that the privacy of individuals who provide personal information is not jeopardized, and the need to protect information relevant to national security, criminal investigations, or misconduct inquiries and investigations. The goal in creating this policy was to establish guidelines for data release and sharing that balances the desire to disseminate data as broadly as possible with the need to maintain high standards and protect sensitive information

CDC believes that public health and scientific advancement are best served when data are released to, or shared with, other public health agencies, academic researchers, and appropriate private researchers in an open, timely, and appropriate way. The new policy was issued on April 16, 2003. The purpose of CDC’s data release/sharing policy is to ensure that (1) CDC routinely provides data to its partners for appropriate public health purposes and (2) all data are released and/or shared as soon as feasible without compromising privacy concerns, federal and state confidentiality concerns, proprietary interests, national security interests, or law enforcement activities.

 
Data Covered by this Policy

This policy applies to any new data collection occurring 90 days or more following approval of this policy.
Existing (previously established) data collections systems should be in compliance with this policy either within 3 years of policy approval (the cycle for surveillance and information system evaluation stipulated by the CDC Surveillance Coordination Group) or at the time of data system revisions, whichever occurs first. The following data are covered by this policy:

• Data collected by CDC using federal resources.
• Data collected for CDC by other agencies or organizations (through procurement mechanisms such as grants, contracts, or cooperative agreements).
• Data reported to CDC (e.g., by a state health department).

 
Data Not Covered by this Policy

This policy does not cover data shared with CDC but owned by other organizations (e.g., data provided to
CDC by a managed care organizations, preferred provider organizations, or technology firms for a specific research project). Such data may be covered by other policies or procedures that reflect pertinent laws, regulations, and agreements (such as the Freedom of Information Act.)

 
Guiding Principles

All CDC procedures on releasing or sharing data must be guided by the following principles.

• Accountability – As a public health agency of the U.S. government, CDC is accountable to the public and to the public health community for the data it produces through research.
• Privacy and Confidentiality – CDC recommends that, unless there is valid public health purpose (e.g., a longitudinal study that requires record linkage), programs should not collect nor maintain identifiable data.
• Stewardship – CDC holds data in public trust. Good stewardship of data requires that CDC release or
  share data in accordance with the objectives and conditions under which the data were collected or obtained and that appropriate policies and procedures for data release be set up.
• Scientific Practice - Before any data are released/shared, all phases of data collection, transmission, editing, processing, analysis, storage, and dissemination must be evaluated for quality.
• Efficiency - Releasing data to the public and sharing data with partners is an efficient way of ensuring that data are used to their full potential, that work is not duplicated, and that funds are not spent unnecessarily.
• Equity - CDC strives to have data release policies that are fair to all users, regardless of their organizational affiliation.

 
How to Release Data

All released data must be as complete and accurate as possible, and data must be released in accordance with the guiding principles set out in this document in one of two ways:

• Release for public use without restrictions.
• Release to particular parties with restrictions.

Restrictions can be imposed because of legal constraints or because releasing the data would risk (1) disclosing proprietary or confidential information, or (2) compromising national security or law enforcement interests. CDC recommends that data be released in the form that is closest to microdata and that still preserves confidentiality.

• Release of data for public use
  Data that CDC collects or holds and that can be legally released to the public should be released through a public-use data set within a year after the data are evaluated for quality and shared with any partners in data collection. CIOs may release data without restrictions for public use through the CDC Information Center. Data may also be shared through the CDC/ATSDR Scientific Data Repository, which is managed by CDC’s Epidemiology Program Office. Finally, CIOs may respond to individual requests.
• Data shared with restrictions
  To the extent possible, CDC recommends sharing data that cannot be released for public use with public health partners. For such restricted data, special data sharing agreements must be developed. Below are two examples of how data can be shared with partners; these methods are not mutually exclusive:
  • Data release under controlled conditions
    Data that cannot be released through a public-use data set or a special-use agreement may be analyzed by appropriate non-CDC researchers at CDC-controlled data centers (e.g., the Data Center established at NCHS; see http://www.cdc.gov/nchs/r&d/rdc.htm for a description).
  • Data release through a special-use agreement:
    Data that cannot be released publicly but that need not always be under CDC’s control can be released to appropriate non-CDC researchers through a special-use agreement.
     

Appeals

Programs may petition not to have a particular data set released by appealing to the CDC’s Deputy Director for Public Health Science.