Skip to main content

Data Security & Confidentiality

Retention Guidelines for HIV Medical Records
(Michigan Department of Community Health, 2006)

The purpose of this document is to provide HIV/AIDS counselors and administrators with guidelines for maintaining HIV/AIDS medical records. This document should only be considered an interpretation of Michigan law and is not a substitute for your agency's own legal research.

Health Insurance Portability and Accountability Act of 1996 (HIPAA): Health Information Privacy
(U.S. Department of Health & Human Services)

Find guidance and information about the HIPAA Privacy Rule, including what information is protected and how health information can be used and disclosed. Per Section 164.512(b) of the HIPAA legislation, the reporting of communicable diseases and infections (including HIV and STIs) to the local or state health department or immunizations to the Michigan Childhood Immunization Registry are exempt because they are mandated within the Michigan Public Health Code and are used for surveillance and prevention of communicable diseases and infections.

Michigan Disease Surveillance System (MDSS) HIV and AIDS Confidentiality Policy
(Michigan Department of Community Health, 2010)

MDSS, a Web-based communicable disease reporting system developed for the state of Michigan, provides an alternative method of reporting HIV or AIDS infection to the health department that will enhance the timeliness and quality of the data. The purpose of this policy is to ensure the confidentiality of HIV or AIDS information when using MDSS as a reporting tool.

MDSS Security and Confidentiality Training & Guidelines
(Michigan Department of Community Health, rev. 2011)

All MDDS users who have HIV Program access should have policies and procedures in place to protect the security and confidentiality of HIV data. In addition, users should complete a security and confidentiality training on an annual basis. This training, along with the MDSS HIV and AIDS Confidentiality Policy, provide the recommended guidelines for the protection of HIV data within MDSS.

National Center for HIV/AIDS, Viral Hepatitis, STD, and TB Prevention (NCHHSTP) Program Collaboration and Service Integration (PCSI) Data Security and Confidentiality Guidelines
(Centers for Disease Control and Prevention)

One of NCHHSTP's goals is to strengthen collaborative work across disease areas and integrate services that are provided by state and local programs for prevention of HIV/AIDS, viral hepatitis, other STIs, and tuberculosis. A major barrier to achieving this goal is the lack of standardized data security and confidentiality procedures acts as a major barrier to achieving this goal. Adoption of common practices for securing and protecting data can provide a critical foundation and be increasingly important for ensuring the appropriate sharing and use of data as programs begin to modify policies and increasingly use data for public health action.