Ten Guiding Principles for Data Collection, Storage, Sharing, and Use to Ensure Security and Confidentiality
- Public health data should be acquired, used, disclosed, and stored for legitimate public health purposes.
- Programs should collect the minimum amount of personally identifiable information necessary to conduct public health activities.
- Programs should have strong policies to protect the privacy and security of personally identifiable data.
- Data collection and use policies should reflect respect for the rights of individuals and community groups and minimize undue burden.
- Programs should have policies and procedures to ensure the quality of any data they collect or use.
- Programs have the obligation to use and disseminate summary data to relevant stakeholders in a timely manner.
- Programs should share data for legitimate public health purposes and may establish data-use agreements to facilitate sharing data in a timely manner.
- Public health data should be maintained in a secure environment and transmitted through secure methods.
- Minimize the number of persons and entities granted access to identifiable data.
- Program officials should be active, responsible stewards of public health data.
Adapted from Lee, LM, Gostin, LO. Ethical collection, storage, and use of public health data: a proposal for national privacy protection. JAMA 2009; 302:82-84.
Page last reviewed: March 5, 2014