Additional Requirement – 4: HIV/AIDS Confidentiality Provisions

Recipients must have confidentiality and security provisions to protect data collected through HIV/AIDS surveillance, including copies of local data release policies; employee training in confidentiality provisions; State laws, rules, or regulations pertaining to the protection or release of surveillance information; and physical security of hard copies and electronic files containing confidential surveillance information.

Describe laws, rules, regulations, or health department policies that require or permit the release of patient-identifying information collected under the HIV/AIDS surveillance system to entities outside the public health department; describe also the measures the health department has taken to ensure that persons reported to the surveillance system are protected from further or unlawful disclosure.

Some projects may require Institutional Review Board (IRB) approval or a certificate of confidentiality.