American Independent: Mich. HIV data collection violates intent of statute, says lawmaker who helped create law
The American Independent reports on a controversy concerning the privacy of medical information in an HIV database in Michigan:
LANSING, MICH. – Michigan’s health department is violating the legislative intent of an HIV-related statute – and maybe the law itself – by indefinitely collecting information on people who test for HIV at federally funded clinics, says a former state lawmaker, who helped pass sweeping health reforms in the wake of the AIDS epidemic.
“The intent of the law was to encourage people to know what their status was, but also to protect people’s privacy,” said former Rep. Susan Grimes Gilbert, a Republican, in a phone interview. Grimes Gilbert – whose last name was previously Grimes Munsell before she remarried – represented the city of Howell from 1987 to 1996.
“The fact that they’ve clearly had a violation of privacy means that the department better review – should review – their operations and procedures,” she said. “And it’s not just the violation [of privacy]; it’s the fact they’re keeping this data that it was never the intent of the legislature that they keep.” […]
At issue is a provision of Michigan’s Public Health Code, which requires local municipalities to destroy, after 90 days, information collected in voluntary partner-notification programs. That provision went into effect in 1988.
But since 2003, the Michigan Department of Community Health has been requiring local health departments to enter that data into the state’s HIV Event System – where it is stored indefinitely and can be accessed at any time by local health authorities, The American Independent reported recently. As of June 2012, the HIV Event System has collected nearly 7,000 entries of partners identified through the voluntary partner-services program, according to records obtained through a Freedom of Information Act request. […]
The information in the HIV Event System is entered by local health department employees or state-certified HIV test counselors at local AIDS service organizations. These officials enter a person’s name, date of birth, and gender into the database, which generates a coded “unique identifying number” that is assigned to that individual. All subsequent files in the system are linked to that number. Therefore, if someone with access to the database knows the appropriate variables – a person’s name, date of birth, and gender – the database can provide the unique number for that person. Then it would be possible to access all other files associated with that person, including the identities of his or her sexual and needle-sharing partners. […]
Joshua Moore, a lawyer at Detroit Legal Services, which works specifically on HIV-related legal issues, also said the data collection is a way around the law. He is advising newly diagnosed HIV-positive persons not to participate in the voluntary partner-services programs offered by local health departments.