Cross-jurisdictional Data Sharing and Immunization Information Systems
January 19, 2017
Cross-jurisdictional data sharing requires the application of varying, and sometimes conflicting local, state and federal laws. These laws often present barriers and prevent the efficient and effective use of data to tackle important public health challenges. A national IIS cross-jurisdictional data-sharing memorandum of understanding (MOU) has been developed to help address these challenges and will be piloted in six states.
The opportunity to strengthen public health data sharing across states to support improvements in public health programs is central to the continued improvement of population health outcomes. The success of immunization information systems (IIS) has shown the power of consolidating, analyzing and acting upon relevant data to ensure communities are protected against vaccine-preventable diseases. A comprehensive legal framework for cross-jurisdictional data sharing could provide greater impact related to immunizations as well as other areas affecting public health, such as chronic disease and communicable disease.
Cross-jurisdictional data sharing requires the application of varying, and sometimes conflicting local, state and federal laws. These laws often present barriers to data sharing, both real and perceived, and prevent the efficient and effective use of data to tackle important public health challenges. In recognition of these challenges to cross-jurisdictional data sharing between states, the Network for Public Health Law has been actively working with states seeking legal solutions. As part of this effort and in conjunction with the 2016 National Public Health Law Conference, the Network for Public Health Law–Mid-States Region and the Office of the National Coordinator for Health Information Technology hosted a State Cross-Jurisdictional Data Sharing meeting on September 15, 2016. The attendees included state health department attorneys and privacy officers from 16 states as well as representatives from the U.S. Dept. of Health and Human Services, the Joint Public Health Informatics Taskforce, the American Immunization Registry Association and the Association of State and Territorial Health Officials (ASTHO).
The purpose of the meeting was to discuss the present state of cross-jurisdictional sharing of IIS data and a national IIS cross-jurisdictional data-sharing memorandum of understanding (MOU) to be piloted in six states. Over the course of a year, ASTHO worked with the Network for Public Health Law and the six pilot states in a collaborative process to develop the template interstate data sharing MOU. The template MOU provides for secure, electronic exchange of immunization information among governmental entities that operate a population-based IIS. It suggests terms and conditions that might be included in an MOU, including identifying legal authority for cross-jurisdictional sharing of IIS data, setting terms for data sharing, providing for monitoring of the data sharing and setting provisions regarding states’ accountability for compliance with the terms of the MOU. The MOU recognizes that laws that govern IIS vary among jurisdictions and modifications may be needed to address specific state laws.
Attendees at the State Cross-Jurisdictional Data Sharing meeting were asked to bring their own state’s laws to allow several states to discuss the aspects of their state laws that they find most beneficial or problematic for data sharing and to talk about data sharing efforts in their states. During the meeting, organizers facilitated a robust discussion of state law provisions that would allow for or present challenges to each state’s participation in the adoption of the IIS cross-jurisdictional data sharing MOU. Attendees worked collaboratively to identify barriers and challenges to the adoption of the template IIS cross-jurisdictional data sharing MOU in their state.
There was considerable positive feedback regarding the template MOU and the possibility of additional states joining the pilot project. However, concerns remain, especially with regard to the Health Insurance Portability and Accountability Act (HIPAA). Attorneys expressed concerns over how a states’ designation (covered entity, hybrid entity or non-covered entity) would affect the adoption of the MOU and data sharing between states with different designations. The template MOU does have a section that addresses states that are designated as covered entities under HIPAA, but attendees determined that further analysis was needed to fully understand variations in state law that would affect attempts at a national adoption of the MOU. Feedback from this meeting will be used as we continue to work towards increased cross-jurisdictional public health data sharing.
The Network for Public Health Law will continue to provide leadership in the area of public health data sharing law and support states wishing to expand their public health data sharing capabilities. If your state is interested in receiving more information about the national IIS cross-jurisdictional data-sharing memorandum of understanding (MOU) or the pilot project, please contact Jennifer Bernstein, email@example.com.
This post was prepared by Jennifer Bernstein, J.D., Deputy Director, Network for Public Health Law – Mid-States Region Office,
The Network for Public Health Law provides information and technical assistance on issues related to public health. The legal information and assistance provided in this document does not constitute legal advice or legal representation. For legal advice, readers should consult a lawyer in their state.
Support for the Network is provided by the Robert Wood Johnson Foundation (RWJF). The views expressed in this post do not necessarily represent the views of, and should not be attributed to, RWJF.