DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Not-So-Confidential HIV Testing

Posted on March 4, 2013 by Dissent

If people are not being given full information as to what happens to sensitive information and cannot have it removed, that’s concerning. Read the following report and see if you think Michigan has adequate data and confidentiality protections in place.

Todd Heywood writes:

Since 2003, the Michigan Department of Community Health has been secretly collecting the names, dates of birth, risk categories, and other demographic information of people submitting for confidential HIV testing at grant-funded locations throughout the state and storing them in a massive database, a months-long investigation by The American Independent has discovered.

The database also includes the coded identities of people who have been identified as sexual and needle-sharing partners of persons living with HIV.

The state says this database is necessary to track the number of tests conducted using federal grants, as well as to determine reach and success of targeted testing programs designed to draw in people who are at high risk for HIV infection.

All the information that is collected is maintained in the database “indefinitely,” said MDCH spokeswoman Angela Minicuci, and a person whose information is captured does not have a way to remove it.

While MDCH claims the database does not contain personally identifiable information, a recent study, published last month in the University of California Press’ journal Social Problems, has found that some Michigan local health departments with access to the database are using it to pursue both civil actions – known as “health threat to others” actions – and criminal prosecutions against people living with HIV.

The study, authored by University of Michigan Ph.D. candidate Trevor Hoppe, found that the database has been used specifically to identify and target sexual or needle-sharing partners of newly diagnosed HIV-positive persons where the infected person may not have disclosed his or her status to partners; women who are HIV-positive and have become pregnant; and HIV-positive persons who have been diagnosed with other sexually transmitted infections.

Michigan law requires that funded agencies provide two options for HIV testing. The first is anonymous testing, where a code is used in place of a client’s name. The second option is confidential testing, where the state certified tester is given a client’s name along with other personally identifying information. Only those who opt for a confidential test will receive a piece of paper with their name and test results.

The department argues that this is not a names-based or identity-based database because the name, date of birth, and gender are encoded through a special formula in the database. The code, which is unique to each individual, is used to file testing and counseling information relative to that specific person. It is called a “unique identifying number” (UIN).

“There is no ‘path’ for ‘persons’ (if person refers to an individual who has received a confidential HIV test at a publically funded testing site that enters data into the HIV Event System) to ‘remove their name and information’ from the HIV Event System because no names are saved in the system,” Minicuci said in an email to The American Independent.

“It is not possible for us to match a person (as defined above) to a HIV Event System record or records, using just her/his name and date of birth,” she continued. “We would also need the agency that the person was tested at, the date of the test, and additional information to ensure that the correct record was identified. It is highly unlikely that a person (as defined above) would have evidence to prove that they were tested at a specific agency, on a specific date, etc. In other words using just a name and date of birth would not allow us to guarantee that we had found that person’s record.”

But MDCH acknowledged that a user – for example, a local health department disease investigator – can, in fact, enter data for, say, “John Doe” into the computer program to create a UIN and obtain the corresponding number. With that UIN, an authorized user can search and read records for that person.

Minicuci said there is no way to be certain the records one is reviewing belong to a specific person, because the name does not appear in the system.

A state document created by MDCH explains that in Michigan test results are confidential. It specifically states that, “All positive HIV tests are reported to the health department.” It does not disclose, however, that negative tests results are also being reported and collected by the state.

Multiple state-certified HIV testers confirmed with TAI that they are taught in mandatory certification training to tell clients that testing information is kept confidential but not to mention that the information is collected and maintained by the state. The testers, who are employed by various agencies receiving MDCH money to conduct HIV testing, spoke on the condition of anonymity out of concern for their funding.

“‘You have two options,” one tester said she tells clients, based on state-mandated certification training. “‘You can test anonymously, where you don’t give us your name, but you do give us you date of birth and ZIP code. Or you can test confidentially, where you do give us you name but that is not shared with anyone unless you test positive; and then it is shared with the health department.'”

“It is not standard practice to review with testing clients what data is entered into the HIV Event System, or how client data is encrypted using the Health Resources Service Administration algorithm,” Minicuci said. “Clients must, under Michigan law, be provided with the option to be tested anonymously or confidentially. The difference between these types of tests are described and any questions the client has are answered before the counselor obtains the client’s consent to be tested.”

Source: The American Independent.

Related posts:

  • Michigan Department of Community Health notifying 2,595 individuals of breach
  • Advocacy Group Issues Recommendations on Using Surveillance Data for HIV Care Linkage and Retention
Category: Uncategorized

Post navigation

← Nassau County DA says multiple ID theft crews hit North Shore-LIJ
Oral Argument on DNA Searches Provides Scary Glimpse Into the Future of Privacy →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people
  • Terrible tales of opsec oversights: How cybercrooks get themselves caught
  • International Criminal Court hit with cyber attack during NATO summit
  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”
  • Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.