When the National Association of Chronic Disease Directors (NACDD) planned to publish data dashboards with visualizations showing chronic disease prevalence, it considered potential challenges. To be valuable at the local level for meaningful public health actions, the dashboards needed to provide data at the ZIP code level—a more granular view than what is allowable under the Safe Harbor provision of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). NACDD decided to engage with privacy experts to establish that the chance of identifying any individual within the data would be “very small” and to support more robust, public facing data availability. Privacy Analytics worked with NACDD, providing guidance on how to meet the highest standards of privacy protection.
The Challenge
Publishing disease data at the ZIP code level
NACDD manages the Multi-State EHR-Based Network for Disease Surveillance (MENDS), generating estimates of chronic disease measures at the national and local levels. The network leverages data from electronic health records (EHRs) and provides information vital to promoting health and reducing the burden of chronic disease. MENDS includes 5 partner sites that leverage EHR data from approximately 91 health system and clinic partners and represents more than 10 million patients across the United States.
In furthering the transparency goals of its funder, the Centers for Disease Control and Prevention (CDC), NACDD planned to publicly share dashboards of aggregated, population-weighted prevalence estimates. Previously, these data were only accessible to partners—specifically, authorized state and local health departments working with MENDS data contributors under data privacy and security agreements. Weighted data that will be published can be used by more than 7000 chronic disease professionals in state, tribal, and territorial health departments; non-profit organizations; academia; and private industry. And, as a result, NACDD would be achieving one of its data modernization goals under the CDC’s Data Modernization Initiative, which aims “to get better, faster, actionable insights for decision-making at all levels of public health.”
"Privacy Analytics were very accommodating. Our input was reflected in the end product."
Kate Hohmann,
Associate Director for the Center for Public Health Leadership at NACDD
Data availability at the ZIP code level is especially important to local health departments, as this information provides critical insights into high-risk communities and subpopulations that can guide public health decision-making and interventions to improve health outcomes. However, even though the data would be aggregated, data provided at the ZIP code level would not comply with HIPAA’s Safe Harbor provision. NACDD asked Privacy Analytics to make an Expert Determination that people could not be identified in the data, as required by HIPAA. Beyond NACDD’s own need to comply with privacy regulations, the organization sought to assure its data contributors that the privacy of people in the data release would be strongly protected.
The Solution
A roadmap for compliance
Privacy Analytics’ senior data scientists tackled the assignment on two fronts. First, they did a risk determination, assessing the likelihood that individuals could be identified in the data. Through this work, the data scientists were able to recommend an implementable de-identification strategy to protect individuals in the data. This de-identification strategy included a recommended minimum cell size (known as a cell-size rule), which is the minimum number of people represented in an aggregation. For example, a cell-size rule might dictate that data include at least 15 individuals when reporting on the number of males with hypertension for a given parish in the state of Louisiana.
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
Second, they sought to identify ways in which the de-identification strategy could be circumvented. Would it be possible to compare successive data releases over time to learn about individuals or small groups? Could someone look at the data in different ways to uncover values hidden through the de-identification strategy? Privacy Analytics provided guidance to avoid such attacks and to ensure that the data continues to be protected as it evolves over time.
Kate Hohman, Associate Director for the Center for Public Health Leadership at NACDD, was grateful for the transparency provided by Privacy Analytics. “They explained clearly how they planned to work, and as the project neared completion, we were able to ask questions and provide comments,” she said. “They were very accommodating. Our input was reflected in the end product.”
The final report gave NACDD guidelines for how the data could be presented safely and Privacy Analytics walked through several illustrative examples to explain where there were hidden risks. Hohman continued, “I was able to learn a lot through their continued support and detailed explanations.”
The Results
Meaningful data to guide health programming decisions
Privacy Analytics’ guidance has made it possible for NACDD to proceed with developing its dashboards for public release. These data, featuring chronic disease prevalence estimates and related variables, will be welcomed by public health professionals, healthcare providers, and community organizations alike to aid their decision making.
Public health decisions are often based on self-reported patient data that may be outdated and not include clinical details (e.g., blood pressure measurements). EHR-based distributed networks, like MENDS, can complement traditional surveillance with timely, reliable prevalence estimates. As a result, public health professionals will be able use the detailed and granular information at the ZIP code level to allocate their limited resources most effectively, develop programs for specific audiences, evaluate the impact of their interventions, and continually strengthen the impact. In addition, the data will give provider health systems/clinics a broader perspective of the health status of their communities beyond their own patient population.
NACDD shared a summary of Privacy Analytics’ report with its data contributors and contracted partner sites to emphasize the care being taken to protect the privacy of people represented in the data. The work that Privacy Analytics did in collaboration with NACDD will help to provide these partners with confidence in their decision to share the data for public health purposes. When the dashboards are released publicly, they will also bear a statement attesting that the data has been de-identified in accordance with HIPAA standards.
Hohman appreciates what she learned through working with Privacy Analytics. She added, “It was illuminating for us as an organization to understand the process. And, we have a partner in Privacy Analytics whom we can – and will – engage in the future as needed. After a period of time, the data and what we do with it may change, in which case, we’ll need to call upon Privacy Analytics to refresh their analysis.”