especially if, as is often the case, the ultimate uses or potential uses of the data are not known at the time that the permission is obtained. In addition, new knowledge might make parents want existing data elements to be kept confidential. State laws and regulations differ on this point, though generally uses of data are restricted to what was included in the original consent. Federal guidance on this point will be increasingly important as new technologies push the current boundaries of research and make possible previously unforeseen analyses.
With any collection of data containing personal identifiers or a potential for breach of confidentiality, there will be questions about who has access to the data and who makes access decisions. Advisory groups consisting of data experts, data providers, and data users, frequently used by state health departments to guide data system development, can be created to provide guidance consistent with federal, state, and local laws and policies for dealing with issues of access, privacy, and ethics. Advisory groups can decide which data elements should be excluded in the data system, or should be accessible only after the identifiers have been removed, or should be shared only after a unique identifier has been assigned. This same advisory committee could also develop protocols on what data could be available to researchers or other groups and under what conditions. Policies and procedures should be developed before proceeding with the development of the data system. Guided by state laws regarding confidential data, state health departments have such procedures and policies in place for health department data.
Even data that are a matter of public record have the potential to stigmatize counties. Many states distributing data for HIV/AIDS cases do not report a number for a county until the total number of cases reaches a specified level. The concern is that if only a couple of cases of HIV/AIDS are reported in a small community, certain individuals might be labeled, correctly or incorrectly, as having AIDS due to their sexual preference or life-style. Communities have also expressed concern about reporting certain youth characteristics (e.g., a high percentage of sexually active adolescents or a high incidence of sexually transmitted diseases). Schools have refused to participate in surveys designed to determine risk behaviors of students if the results were to be made known by school or community, fearing that characteristics perceived as negative can stigmatize the school and create problems for the school with community leaders. Many state public health departments have developed their own rules about suppression of small numbers of cases. HIPAA also includes data suppression and reporting rules. Additional federal standards on this issue could facilitate a consistent approach across states.
Some security concerns relate to the technological design and maintenance of a system. Over the past few years, several widely publicized breaches of network