Skip to Content

Checklist of Review Criteria for Public Health Agencies to Evaluate Proposed Collection, Access and Sharing of De-identified Data

February 11, 2019


The checklist is intended to guide public health practitioners in identifying appropriate review criteria to analyze factual information concerning de-identified data collection, access and sharing.

After the public health attorney or privacy officer collects all of the facts involving the proposed data collection, access or sharing, review criteria are addressed. Privacy requirements must be determined at each data transfer point, so that all governing laws are identified. Laws may specify whether the proposed action with deidentified data is lawful, as well as how it must occur. Factual information may reflect increased risk to individuals or the public health agency and application of additional privacy controls may be appropriate. Collection of a new data stream should be evaluated in light of Freedom of Information laws, particularly where the proposed data stream is highly sensitive or potentially stigmatizing to a community.