If people are not being given full information as to what happens to sensitive information and cannot have it removed, that’s concerning. Read the following report and see if you think Michigan has adequate data and confidentiality protections in place.
Todd Heywood writes:
Since 2003, the Michigan Department of Community Health has been secretly collecting the names, dates of birth, risk categories, and other demographic information of people submitting for confidential HIV testing at grant-funded locations throughout the state and storing them in a massive database, a months-long investigation by The American Independent has discovered.
The database also includes the coded identities of people who have been identified as sexual and needle-sharing partners of persons living with HIV.
The state says this database is necessary to track the number of tests conducted using federal grants, as well as to determine reach and success of targeted testing programs designed to draw in people who are at high risk for HIV infection.
All the information that is collected is maintained in the database “indefinitely,” said MDCH spokeswoman Angela Minicuci, and a person whose information is captured does not have a way to remove it.
While MDCH claims the database does not contain personally identifiable information, a recent study, published last month in the University of California Press’ journal Social Problems, has found that some Michigan local health departments with access to the database are using it to pursue both civil actions – known as “health threat to others” actions – and criminal prosecutions against people living with HIV.
The study, authored by University of Michigan Ph.D. candidate Trevor Hoppe, found that the database has been used specifically to identify and target sexual or needle-sharing partners of newly diagnosed HIV-positive persons where the infected person may not have disclosed his or her status to partners; women who are HIV-positive and have become pregnant; and HIV-positive persons who have been diagnosed with other sexually transmitted infections.
Michigan law requires that funded agencies provide two options for HIV testing. The first is anonymous testing, where a code is used in place of a client’s name. The second option is confidential testing, where the state certified tester is given a client’s name along with other personally identifying information. Only those who opt for a confidential test will receive a piece of paper with their name and test results.
The department argues that this is not a names-based or identity-based database because the name, date of birth, and gender are encoded through a special formula in the database. The code, which is unique to each individual, is used to file testing and counseling information relative to that specific person. It is called a “unique identifying number” (UIN).
“There is no ‘path’ for ‘persons’ (if person refers to an individual who has received a confidential HIV test at a publically funded testing site that enters data into the HIV Event System) to ‘remove their name and information’ from the HIV Event System because no names are saved in the system,” Minicuci said in an email to The American Independent.
“It is not possible for us to match a person (as defined above) to a HIV Event System record or records, using just her/his name and date of birth,” she continued. “We would also need the agency that the person was tested at, the date of the test, and additional information to ensure that the correct record was identified. It is highly unlikely that a person (as defined above) would have evidence to prove that they were tested at a specific agency, on a specific date, etc. In other words using just a name and date of birth would not allow us to guarantee that we had found that person’s record.”
But MDCH acknowledged that a user – for example, a local health department disease investigator – can, in fact, enter data for, say, “John Doe” into the computer program to create a UIN and obtain the corresponding number. With that UIN, an authorized user can search and read records for that person.
Minicuci said there is no way to be certain the records one is reviewing belong to a specific person, because the name does not appear in the system.
A state document created by MDCH explains that in Michigan test results are confidential. It specifically states that, “All positive HIV tests are reported to the health department.” It does not disclose, however, that negative tests results are also being reported and collected by the state.
Multiple state-certified HIV testers confirmed with TAI that they are taught in mandatory certification training to tell clients that testing information is kept confidential but not to mention that the information is collected and maintained by the state. The testers, who are employed by various agencies receiving MDCH money to conduct HIV testing, spoke on the condition of anonymity out of concern for their funding.
“‘You have two options,” one tester said she tells clients, based on state-mandated certification training. “‘You can test anonymously, where you don’t give us your name, but you do give us you date of birth and ZIP code. Or you can test confidentially, where you do give us you name but that is not shared with anyone unless you test positive; and then it is shared with the health department.'”
“It is not standard practice to review with testing clients what data is entered into the HIV Event System, or how client data is encrypted using the Health Resources Service Administration algorithm,” Minicuci said. “Clients must, under Michigan law, be provided with the option to be tested anonymously or confidentially. The difference between these types of tests are described and any questions the client has are answered before the counselor obtains the client’s consent to be tested.”
Source: The American Independent.