At a glance
See below for requirements related to confidentiality and security provisions to protect data collected through HIV/AIDS surveillance.
Overview
To ensure the protection of data collected through HIV surveillance, grant recipients must develop and implement a comprehensive policy that includes the following elements:
- Confidentiality and Security Provisions: The policy must outline clear protocols for safeguarding the confidentiality of all data collected, including maintaining copies of local data release policies.
- Employee Training: The policy should specify requirements for training all staff members on confidentiality provisions to ensure they understand their responsibilities in protecting sensitive information.
- Compliance with Laws and Regulations: Recipients must include in their policy an overview of state laws, rules, and regulations that govern the protection and release of surveillance information.
- Physical Security Measures: The policy must detail the physical security measures in place for both hard copies and electronic files containing confidential surveillance information.
- Disclosure Guidelines: Recipients are required to describe any laws, rules, regulations, or health department policies that permit or require the release of patient-identifying information collected under the HIV surveillance system to entities outside the public health department. The policy should also outline measures taken by the health department to protect individuals reported in the surveillance system from unauthorized disclosure.
Additionally, recipients should indicate whether their projects require Institutional Review Board (IRB) approval or a certificate of confidentiality as part of their overall data protection strategy.
Content Source:
Office of Financial Resources