. "Appendix E: Hypothetical and Illustrative Applications of the Framework to Various Scenarios." Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment. Washington, DC: The National Academies Press, 2008.
The following HTML text is provided to enhance online
readability. Many aspects of typography translate only awkwardly to HTML.
Please use the page image
as the authoritative form to ensure accuracy.
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
required. When private contractors or university partners operate the syndromic surveillance systems, processes will have to be defined to ensure that health officials receive data and analyses in a timely manner with no uncertainties about the validity of analyses.
Syndromic surveillance systems have the potential to contain large amounts of data. Those operating such systems will have to consider how to guarantee appropriate and reliable data as well as appropriate data stewardship. Some questions to consider include: Is the system collecting only the data necessary to detect a threat? Can syndromic data be forwarded to health departments in a manner that protects patient privacy in routine uses but allows identification to subsequently interview particular patients, in keeping with routine public health practice, in crisis? Can the utility of the system be preserved if geographic aggregation or some other form of protection is done to protect individual privacy? What is known about the accuracy of data submitted from different sources? How long do data streams need to be retained? Can records of illness patterns be retained without individual data streams? If such data are retained for long periods, will clinical data about specific patients and their commercial records (e.g., drug purchases) be available in these systems? Who will have access to the data? What policies need to be established to protect from unlawful or unauthorized disclosure, manipulation, or destruction?
The framework asks to consider whether an information-based program, such as syndromic surveillance, is consistent with U.S. law and values. The criteria for such consideration have been divided into three categories: data, programs, and administration and oversight. For effective syndromic surveillance systems, the need for personal medical data from emergency rooms is clear, and in most (not all) current syndromic systems the data are anonymized before being sent to public health agencies. In many published articles on syndromic surveillance, the emergency room data constitute the most important and useful data stream for both detecting and ruling out disease outbreaks. Data from OTC purchases and attendance records seem useful to this system. However, they, as personal data, should be considered only if they are reasonably shown to prove the effectiveness of system. Within currently operating systems, data on OTC medications are used but are more easily associated with particular stores and less easily associated with individuals.11 Linking
For example, individuals may purchase over-the-counter medications with credit cards or store affinity cards. Though these individually identifiable purchase records are not rou