however, that no standard approach to ensuring security is consistently reported.
Confidentiality issues, particularly in light of the 1996 Health Insurance Portability and Accountability Act (HIPAA) (Department of Health and Human Services, 2000) and accompanying regulations, remain a major concern among developers of syndromic surveillance systems. Public health officials in Hawaii, Seattle, and other settings have expressed concerns regarding the inability to access meaningful syndromic data because of HIPAA-related constraints cited by insurers or clinical/laboratory sources (Duchin, Public Health—Seattle and King County, Personal Communication, 2002; Chang, Hawaii Department of Health, Personal Communication, 2002). While health systems may access patient-specific data in response to syndromic aberrations or flags, public health departments may need to rely on clinical investigators on-site to review relevant data and determine the cause of aberrations and the need for additional investigation (Mandl, Children’s Hospital Boston, Personal Communication, 2002). Although the new regulations permit the practice of sharing protected health information with public health authorities who are authorized by law to protect the health of the public, further clarification of this rule with health care providers will be needed (NEDSS, 2001). Integration of NEDSS standards into syndromic surveillance projects may facilitate compliance with the rule, as the NEDSS security standards meet the HIPAA requirements.
The analytic challenge in outbreak or cluster detection using syndromic data is to isolate a signal of an actual event from the large amount of background “noise” that is present in the data. Syndromic surveillance systems use an array of aberration detection methods to identify increases in the syndrome of interest above some predetermined threshold. Many systems are so new that minimal historical data exist for comparison. Drop-in surveillance systems have generally gathered syndromic data for 3–7 days prior to initiation of the event-related system. Some larger, electronic health system-wide or city-wide emergency medical system (EMS) call systems have several years of historical data for baseline comparison (Institute of Medicine, 1988; RODS).
Time-series analysis has been used to detect outbreaks using surveillance data. CDC has modified a statistical method called cumulative sums (CUSUM) (Hutwagner et al., 1997) that utilizes moving averages for the detection of clusters. This method looks at the day-to-day variability of the data and takes into account patient volume. Modified CUSUM methods have been used by drop-in surveillance systems and some sustained emer-