The Data Oversight Council (hereinafter referenced as DOC) believes in a policy of access that allows the broadest possible use of information resources for consumers, purchasers, health care facilities, health care insurers, health care professionals, researchers, and governmental agencies. State and federal regulations, as well as statutes and the nature of the data necessitates that measures be taken to ensure data security and quality.  This need for security and quality in health care information systems and data encompasses two fundamental goals: confidentiality and integrity. Confidentiality is the control over access to information and must assure absolute confidentiality for individual patients and appropriate confidentiality for health care facilities, insurers, and professionals.  The integrity of the databases means that the accuracy, reliability, and timeliness of the information provided must be of the highest caliber.

MISSION STATEMENT

The mission of the DOC is to provide information to assist health care providers, consumers, insurers, elected officials, and government agencies in the formulation of health policy which places South Carolina in a leadership role now and in the future by: 

• Recommending data to be collected based on constituent input
• Controlling collection and release of data while safeguarding the privacy of patients and providing appropriate safeguards for medical care providers
• Promoting the awareness and appropriate use of health care data and information
• Evaluating the usefulness of the DOC process

PRINCIPLES 

1. The right to privacy is a basic right of every South Carolinian.  The confidentiality of the patient shall be of the utmost concern.  The release or re-release of data, in raw or aggregate form, that can be reasonably expected to reveal the identity of an individual patient will be made only when a mandate has been established by statutory law.
2. The policy of the DOC shall be to make determinations on requests for information in favor of access, subject to the specific limitations concerning use, confidentiality, security, and accuracy.
3. The DOC believes that through the Revenue and Fiscal Affairs Office, Data Integration and Analysis Division (hereinafter referenced as RFA), educational programs should be designed and implemented to make its information understandable and usable to purchasers, facilities, government agencies, and the general public.  This information will assist consumers in making informed health care decisions.  The RFA will also provide additional information to government agencies and facilities to assist them in making health care policy.

DATA RELEASE PROTOCOL

Data Elements Required to be Reported

The DOC under Section 44-6-170 has the authority to designate the data elements to be reported by all health care providers. The following health care providers are required to report to the RFA:

• General acute care hospitals
• Specialized hospitals including, but not limited to,
  • Psychiatric hospitals
  • Alcohol and substance abuse hospitals
  • Rehabilitation hospitals
• Hospital-based and free-standing surgical facilities as defined in Section 44-7-130
• Hospital emergency departments licensed under Chapter 7, Article 3
• Licensed home health care agencies
• Any health care setting providing on an outpatient basis the following services:  observation services, radiation therapy, cardiac catheterizations, lithotripsy, magnetic resonance imaging, positron emission therapy, and other providers offering services using equipment requiring Certificate of Need

The DOC, to the extent possible, will adhere to national standards developed under the United States Department of Health and Human Services, Health Insurance Portability and Accountability Act of 1996 for defining data elements to be collected and the electronic formats used to transmit the data.  The DOC will seek the input of data users and affected health care providers of data as part of a periodic review process to identify data elements to be collected. The current listing of data elements required to be collected is found in Appendices A through D. 

Classification and Release of Data

In order to balance the principles of access and confidentiality, the DOC has devised a classification scheme for the data elements collected under the authority of Section 44-6-170 as amended, Code of Laws of South Carolina, 1976.  This classification scheme aims to promote the use of accurate health data, provide equal treatment of data requestors and data providers, expedite the release process, and encourage the release of the broadest spectrum of data elements without compromising patient confidentiality and appropriate confidentiality for health care providers, insurers, and facilities.  Efforts will be made to present data elements in a manner that balances the needs for public information and confidentiality.  The rationale for not releasing certain data elements is that these fields either alone or in conjunction with other publicly available data will or have the potential to identify a patient, health care provider, health care facility, and/or health care insurer.   

The data elements are classified into four categories: encounter-level, restricted, confidential, and never releasable.

1. Encounter-level: Data elements that are available for general public release subject to an application and a data use agreement.
2. Restricted:  Data elements that require approval for release through the DOC subject to an application and confidentiality contract.
3. Confidential:  Data elements that will only be released if a mandate has been established by statutory law subject to verification of authority.
4. Never releasable: Data elements that may be used for statistical linking purposes only

The current classification of data elements will be periodically reviewed.  New data elements will be reviewed and classified by the DOC.  Until new data elements are classified, they will be considered restricted data.

The DOC recognizes the importance of releasing information that meets the quality and completeness standards established by the RFA. Therefore, while databases and/or reports may be authorized for release, the RFA may release this information only after these quality and completeness standards have been met. 

Encounter-level data will be released upon request and are subject to the confidentiality provisions set forth in Final Regulations, Revenue and Fiscal Affairs Office, Chapter 19, Statutory Authority:  1976 Code Section 44-6-170, Article 11, “Data Release for Medical Encounter Data & Financial Reports.”  Failure to comply with the confidentiality provisions in these regulations can result in legal action as specified in Section 44-6-180, as amended, Code of Laws of South Carolina, 1976. 

Encounter-level data files contain individual patient-level data using encounter-level data elements; release of these files requires an application and a signed Data Use Agreement.  However, the RFA has permission to release aggregate customized reports based on encounter-level data without formal approval from the Data Oversight Council.

The following considerations will be applied by the RFA in creating encounter-level data files:

Dates: All data elements that are date fields are considered restricted data.  Date fields provide unique information that when linked with other databases may identify an individual.  On encounter-level files:

• Age is reported in five-year age groupings and an “under one category” (for children under one year of age),“one to four” (for children one to four years of age), and for those ages 85 years or older an “85 and over” category is used
• Length of stay is provided rather than admission and discharge dates
• Month and day of week is provided in lieu of admission date and/or discharge date

Procedure Coding: Depending on the instructions in the Uniform Billing Manual (UB-04), procedure codes are ICD-10-PCS procedure codes, HCPCS procedure codes, and/or CPT4 procedure codes.  When using the HCPCS and/or CPT4 procedure codes, the units of service are required according to the UB-04 coding manual.

The admitting diagnosis, patient reason for visit, admission hour, and discharge hour data elements were added beginning with October 1, 2007 encounters and are setting specific.  Modifications to the E-Codes or external cause of injury codes became effective beginning with October 1, 2007 encounters for ICD-9-CM coded data. The present on admission data elements for all diagnoses were added beginning with January 1, 2008 encounters. The NPI data element was added beginning with May 23, 2007 encounters.

A.  Encounter-Level Data Elements

1.         Inpatient Hospitalization Encounter-Level Data Elements

• Length of stay (days)
• Day of the week of admission
• Month of admission
• Day of the week of discharge
• Month of discharge
• Admission source
• Admission type
• Patient age in five-year age cohorts at admission. Patient age at admission in years is reported in five-year groupings except for the following:  ages less than five years which is reported as an “under one” category (for children under one year of age), “one to four” (for children one to four years of age), and if age is over eighty-four, an “eight-five and over” category is used.
• Patient sex
• Patient race/ethnicity
• County of patient residence
• Admitting diagnosis
• Discharge Diagnosis codes, primary and all secondary diagnoses codes reported to RFA (including coding methodology)
• Present on admission indicator code for all discharge diagnoses
• Procedure codes, primary and all secondary procedure codes reported to RFA (including coding methodology)
• Procedure day in relationship to admission date
• Time from admission hour to discharge hour
• Major diagnostic categories
• External cause of injury codes
• AHRQ (Agency for Health Care Research and Quality) CCS broad level diagnostic categories
• AHRQ CCS detailed diagnostic categories
• DRG
• Primary expected payer classification (i.e., Medicare, Medicaid, TRICARE, Worker’s Compensation, Commercial, HMO, Self-pay, Indigent, and Other)
• Charges by summary revenue codes
• Total charges
• Days in special units (e.g. ICU, CCU, etc.)
• Physician specialty code (attending, surgical, other)
• Patient discharge status
• All Patient Refined-DRG, severity level, and risk of mortality
• All Patient Refined-DRG Label 

The requestor may choose one of the following facility characteristics

• Urban/rural status of health care facility
• Bed size based on licensed beds (100 beds or less, 101-299, 300 or more beds)
• Teaching status of the facility
• Level of trauma service
• Level of perinatal service
• Other facility and professional characteristics that would not permit the identification of the health care facility or professional

2.   Emergency Department and Observation Visit Encounter-Level Data Elements 

• Day of the week of admission
• Month of admission
• Admission source
• Admission type
• Patient age in five-year age cohorts at admission. Patient age at admission in years is reported in five-year groupings except for the following:  ages less than five years which is reported as an “under one” category (for children under one year of age), “one to four” (for children one to four years of age), and if age is over eighty-four, an “eight-five and over” category is used.
• Patient sex
• Patient race/ethnicity
• County of patient residence
• Patient reason for visit
• Diagnosis codes, primary and all secondary diagnoses codes reported to (including coding methodology)
• Procedure codes, primary and all secondary procedure codes reported to RFA (including coding methodology)
• External cause of injury codes
• AHRQ CCS broad level diagnostic categories
• AHRQ CCS detailed diagnostic categories
• Primary expected payer classification (i.e., Medicare, Medicaid, TRICARE, Worker’s Compensation, Commercial, HMO, Self-pay, Indigent, and Other)
• Charges by summary revenue codes
• Total charges
• Physician specialty code (attending, surgical, other)
• Patient discharge status
• Days in special units (e.g. ICU, CCU, etc.) 

The requestor may choose one of the following facility characteristics

• Urban/rural status of health care facility
• Bed size based on licensed beds (100 beds or less, 101-299, 300 or more beds)
• Teaching status of the facility
• Level of trauma service
• Level of perinatal service
• Other facility and professional characteristics that would not permit the identification of the health care facility or professional

3. Free-standing and Hospital-Based Ambulatory Surgery Center, Imaging, and Other Services/Equipment Requiring a Certificate of Need Visit Encounter-Level Data Elements

• Day of the week of admission
• Primary expected payer classification (i.e., Medicare, Medicaid, TRICARE, Worker’s Compensation, Commercial, HMO, Self-pay, Indigent, and Other)
• Month of admission
• Total charges
• Physician specialty code (attending, surgical, other)
• Patient age in five-year age cohorts at admission. Patient age at admission in years is reported in five-year groupings except for the following:  ages less than five years which is reported as an “under one” category (for children under one year of age), “one to four” (for children one to four years of age), and if age is over eighty-four, an “eight-five and over” category is used.
• Patient sex
• Patient race/ethnicity
• County of patient residence
• Diagnosis codes, primary and all secondary diagnoses codes reported to (including coding methodology)
• Procedure codes, primary and all secondary procedure codes reported to RFA (including coding methodology) CPT/HCPCS with modifiers.
• AHRQ CCS Services and Procedures Categories for CPT/HCPCS – broad level procedural categories
• AHRQ CCS Services and Procedures Categories for CPT/HCPCS – detailed level procedural categories

4.  Home Health Encounter-Level Data Elements 

• Number of months in episode
• Day of the week of admission
• Primary expected payer classification (i.e., Medicare, Medicaid, TRICARE, Worker’s Compensation, Commercial, HMO, Self-pay, Indigent, and Other)
• Month of admission
• Year of admission
• Day of the week discharge
• Month of discharge
• Admission source
• Total charges
• Physician specialty code (attending)
• Patient age in five-year age cohorts at admission. Patient age at admission in years is reported in five-year groupings except for the following:  ages less than five years which is reported as an “under one” category (for children under one year of age), “one to four” (for children one to four years of age), and if age is over eighty-four, an “eight-five and over” category is used.
• Patient sex
• Patient race/ethnicity
• County of patient residence
• Diagnosis codes (including coding methodology)
• Skilled nursing services number of encounters by month of service
• Physical therapy services number of encounters by month of service
• Occupational therapy services number of encounters by month of service
• Speech therapy services number of encounters by month of service
• Respiratory therapy services number of encounters by month of service
• Medical social services number of encounters by month of service
• Home health aide number of encounters by months of service
• Other services number of encounters by month of service
• Discharge status
• Admission referral source

B.  Application for Use of Encounter-Level Data

Persons receiving encounter-level data must complete an application and submit the signed data use agreement to the RFA.  The requestor must indicate which data set(s) is(are) being requested: inpatient hospitalizations, emergency department visits, ambulatory surgery visits, imaging, other services/equipment requiring a Certificate of Need, or home health encounters by completing the appropriate data elements form(s).  The Application for Use of Encounter-Level Data is available upon request or https://rfa.sc.gov/boards-committees/dataoversight.

The following data elements are classified as restricted data elements.  These data elements can either directly, indirectly, or in combination with other data elements when linking databases, identify a patient, health care facility, health care professional, or health care insurer.  Access to these data elements may be gained by special request and approval by the DOC for health care facility, professional, or insurer identifiable data.

C. Geographic Information Data

A geographic information system (GIS) is an integrated collection of computer software and data used to view and manage information about geographic places, analyze spatial relationships, and model spatial processes. A GIS provides a framework for gathering and organizing spatial data and related information so that it can be displayed and analyzed. Geocoding is a GIS operation for converting addresses into spatial data that can be displayed as features on a map by referencing address information from a locator. Using GIS software, spatial data can be stored locally and published as services for interactive web products.

The principal GIS services offered for requests include:

• Geocoding addresses into point locations
• Geographic data enrichment
• Spatial aggregation to other geographic units
• Spatial Analysis
• Mapping Services

 Point location means the mapping of information showing the exact point, or address, for an event.  Data visualization services aggregate the data so that the maps do not identify a single event. 

The RFA has the ability to geocode all encounter-level databases at the patient, facility, and/or health care provider level. The release of health care facility, health care provider, and/or private insurer point-level data requires that approval of the DOC through the data release process.  Nothing in this section is to be construed as to restrict the release of data back to the originating health care provider, facility, and/or insurer. The DOC considers the release of point location data at the patient-level to be equivalent to releasing patient identifiable data. Consequently, the release of point-level data for patients requires that an entity have statutory authority for these data.

In the case of requests for zip code level information, the DOC grants permission to the RFA to satisfy requests that RFA deems non-confidential by a properly qualified statistician using accepted analytic techniques concluding the risk is substantially limited to identify the subject of the information in accordance with the HIPAA Privacy Regulations [45 CFR § 164.514(b)] without requiring an application for release of restricted data.

II.  Restricted Data

A. Restricted Data Elements

1.  Inpatient Hospitalization Restricted Data Elements

• Admission date
• Discharge date
• Admission hour
• Discharge hour
• Patient birth date
• Patient age in years
• Medical record number
• Patient number, facility assigned
• Encrypted unique patient number, RFA-assigned
• Procedure dates
• Encrypted carrier codes – health care insurer
• Patient zip code (digits 1-5)
• Health care professional identifier
• Encrypted unique health care professional number, RFA-assigned
• Health care facility identifier
• Encrypted unique health care facility number, RFA-assigned

2.    Emergency Department and Observation Visit Restricted Data Elements

• Admission date
• Patient birth date
• Patient age in years
• Medical record number
• Patient number, facility-assigned
• Encrypted unique patient number, RFA-assigned
• Procedure dates
• Encrypted carrier codes – health care insurer
• Patient zip code (digits 1-5)
• Health care professional identifier
• Encrypted unique health care professional number, RFA-assigned
• Health care facility identifier
• Encrypted Unique health care facility number, RFA-assigned

3. Free-Standing and Hospital-Based Ambulatory Surgery, Imaging, and Other Services/Equipment Requiring a Certificate of Need Visit Restricted Data Elements

• Admission date
• Patient birth date
• Patient age in years
• Patient number, facility-assigned Encrypted unique patient number, RFA-assigned
• Encrypted carrier codes
• Patient zip code (digits 1-5)
• Health care professional identifier
• Encrypted unique health care professional number, RFA-assigned
• Health care facility identifier
• Encrypted unique health care facility number, RFA-assigned

4. Home Health Restricted Data Elements

• Admission date(s)
• Discharge date(s)
• Services dates by discipline
• Patient start of care date
• Service coverage period
• Patient birth date
• Patient age in years
• Patient number, facility-assignedEncrypted unique patient number:  RFA-assigned
• Patient zip code (digits 1-5)
• Health care professional identifier
• Encrypted unique health care professional number, RFA-assigned
• Health care facility identifier
• Encrypted unique health care facility number, RFA-assigned
• Charges by Type of Service (nursing, therapies, home health aide and other)

B.  Application for Encounter Data Containing Restricted Data 

Persons requesting access to restricted data must complete a data application for restricted data and a Confidentiality Contract. The DOC, in accordance with The Principles and Protocol for the Release of Health Care Data, will review this application.  If approved, persons receiving restricted data elements, including the Principal Investigator, chief executive officer, and the data processing manager must sign and submit confidentiality contracts to the RFA.  Researchers submitting requests for restricted data files must furnish, along with an application, a copy of their organization’s Internal Review Board (IRB) approval.  The Application for Use of Restricted Data Files is available upon request or at https://rfa.sc.gov/boards-committees/dataoversight.

C. Reports

Historically, the RFA has released two types of health care facility-specific reports; first, reports shared with the health care facility supplying the data and secondly, reports released to the general public. 

The first type of facility-specific reports include Zip Code Market Share, quarterly and year-to-date trends, Patient Origin, and Out-migration Market Share.  The DOC endorses the policy that entities supplying data to the RFA should have access to their data.  This policy attempts to balance the need for confidentiality of the patient and the appropriate confidentiality of health care providers, insurers, and facilities with regards to competitive health care information against the open release of data.

Because of the sensitivity of competitive information such as financial information and market share data, the DOC will release market share or financial reports, which identify providers, professionals, or carriers, only as listed under the Report Approved for Release by the DOC. 

1.  Reports Approved for Release by the DOC 

The following is a listing of the DOC-approved reports for inpatient hospitalizations, emergency department visits, and ambulatory surgery visits:

• Summary Statistics, by hospital
  • Inpatient Hospitalization Data
• Patient Origin, by facility
  • Inpatient Hospitalization Data
  • Emergency Department Visit Data
  • Ambulatory Surgery Visit Data
• Number And Percent Of Persons Treated Outside Their County Of Residence (Out migration)
  • Inpatient Hospitalization Data
  • Emergency Department Visit Data
  • Ambulatory Surgery Visit Data
• Summary Injury Report, by county of patient residence
  • Inpatient Hospitalization Data
  • Emergency Department Visit Data

No report will be released if it cannot meet appropriate levels of accuracy as determined by the RFA.  A third party may not reproduce reports without inclusion of comments from affected health care professionals and/or facilities.

The RFA will continue to develop health care facility and professional specific reports which do not release financial or market share information.  The DOC believes in the use of constituent-based subgroups to make recommendations for the types of reports necessary in the areas of health care policy, planning, and outcomes.  Before the release of any new, not previously DOC-approved, health care facility, and/or professional specific reports, the RFA and the DOC will follow the New Report Review Process to ensure the accuracy and validity of the reports.  After a report has gone through the New Report Review Process, subsequent releases of the report will be subject to the Previously Approved Report Review Process.

2. The New Report Review Process

New reports, not previously approved by the DOC, will be developed utilizing the most current data available and will be provided to the affected health care facilities and/or professionals for review before release.  The affected health care facilities and/or professionals will have 30 days to review these reports and to notify the RFA of any errors in the data that would affect the accuracy of the report. 

1. Errors in Data Reporting: Upon review of the reports, if health care facilities and/or professionals identify errors in reporting which were not discovered through normal editing procedures and which would change significantly the analytic results, as determined by the DOC, health care facilities and/or professionals will have 3 months to resubmit a corrected data file.  Health care facilities and/or professionals unable to correct their data may submit comments for inclusion in the report.  In extraordinary cases, the health care facilities and/or professionals may request an extension from the DOC.  The RFA will provide revised reports to health care facilities and/or professionals for an additional 14 days to review the revision of the report and submit comments for inclusion in the release.  Health care facilities and/or professionals may request an extension from the DOC.
2. Errors in Report Format or Methodology:  Upon review of the report, if the health care facilities and/or professionals identify errors or enhancements in format or methodology which the DOC determines to substantially alter the results, the RFA will make the necessary modifications within 30 days and provide health care facilities and/or professionals a 14-day review period to submit comments for inclusion in the release.  After making the necessary adjustments, the RFA will provide the reports including the health care facilities’ and/or professionals’ comments to the DOC for approval and release.  Subsequent releases of these reports will be subject to the Previously Approved Report Review Process. 

3. Previously Approved Report Review Process

Previously approved reports will utilize the most current data available and be reviewed by the affected health care facilities and/or professionals. The affected health care facilities and/or professionals will have 14 working days (from date of receipt of the report) to review these reports and to submit comments for inclusion in the release.  After making the necessary adjustments, the RFA will release the reports including the health care facilities’ and/or professionals’ comments.

D.   Special Requests

A special request is the release of restricted data elements in a manner that would allow the identification of patients and/or health care facilities and/or professionals.  If the special request requires the RFA to aggregate the data by a restricted data element but not release the restricted data element, the request will be handled as a release of unrestricted data, so long as the confidentiality of patients and the appropriate confidentiality for health care professionals, insurers, and facilities will not be compromised.  The release of the patient-level data containing identifiers for health care professionals, facilities, and/or private insurers will be made to researchers and government entities only. 

All applicants for special requests will submit to the RFA the required documentation including, but not limited to, the following: a list of the requested data elements, time frame for the requested data elements, a study protocol, intended uses of the data, policies for the protection of the restricted data elements, a Confidentiality Contract signed by the Principal Investigator, and a detailed listing of individuals who will have access to the data.  Data requests may include multiple years of prospective data, for the same research protocol, so that an application need not be filed for each year.  It is the policy and practice of the RFA to provide technical assistance to applicants to assist in the application process.

Health care professional, private insurer, and facility identifiable data elements approved for the applicant’s use by the DOC may not be released in any product, publication, or communication without the written approval of the DOC and review and comment by the affected health care facilities and/or professionals (as specified in Section 44-6-170, as amended, Code of Laws of South Carolina, 1976).  All third-party reproductions of the reports must include comments from the affected health care facilities and/or professionals.

If the application requests the linking of a RFA database with other database(s), the DOC will approve the manner in which the linkage is done.

E.  Health Data Analysis Task Force

The Health Data Analysis Task Force (HDATF), as specified in Section 44-6-170, as amended, Code of Laws of South Carolina, 1976, may be a committee or committees convened to make recommendations concerning types of analyses needed to carry out the goals and objectives of the DOC.  The task force will be composed of members as deemed appropriate by the subject being considered and may include technical representatives of universities and other private sector and public agencies including, but not limited to, health care providers and insurers.  The DOC may request the RFA to convene the HDATF for study and review of specific data issues. 

The Chair of a HDATF will be appointed by and serve at the pleasure of the Chair of the DOC and RFA.  The HDATF will meet as needed.  A quorum for the HDATF will be a majority of its members. 

F.  Follow-back Studies

For entities without statutory authority to access patient identifiable data, patient contact for follow-back studies using patient identifiable data must be conducted through the health care facility and/or professional and requires the informed consent of the patient or the patient's representative.  When trying to locate patients for follow-back studies, the purpose of these studies shall not be disclosed to anyone other than the entity originally providing the RFA with the data, the patient, or the patient’s representative.  No undue burden shall be placed upon health care facilities and/or professionals to comply with follow-back studies.  For on-going data activities, the data users with assistance from the RFA in conjunction with the South Carolina Health Information Management Association shall develop an informed consent form for use by the appropriate facilities.

For entities having statutory authority to access patient identifiable data with confidentiality requirements comparable to the RFA, follow-back studies using patient identifiable data will be requested to be conducted in accordance and with the approval of an IRB or Privacy Board.

Confidential data will only be released if a mandate has been established by statutory law.  Confidential data elements for inpatient hospitalizations, emergency room visits, observation visits, ambulatory surgery visits, services requiring a Certificate of Need, and home health visits include, but are not limited to, patient name and address (except as otherwise provided herein) and patient zip code (digits 6-9).

A.  Release of Data to Entities as Required by Law

If an entity obtains statutory authority for the release of restricted and/or confidential data elements, that entity must submit to the RFA:

1. Written statutory evidence indicating entitlement of access to the data and
2. A copy of or citation of the statute(s) and/or regulation(s) that requires the entity to maintain the confidentiality and security of the data that satisfy the intent of Section 44-6-170, or
3. If statutory and/or regulatory requirements for the maintenance of the confidentiality and security of the data do not exist or do not satisfy the intent of Section 44-6-170, as amended, Code of Laws of South Carolina, 1976 and in Final Regulations, Revenue and Fiscal Affairs Office, Chapter 19, Statutory Authority:  1976 Code Section 44-6-170, Article 11, “Data Release For Medical Encounter Data & Financial Reports,” all persons (including staff, subcontractors and committees) with access to the data will be required to sign a Confidentiality Contract supplied by the RFA.  These contracts shall be available upon request by the RFA.

Statutory law must mandate release of confidential data elements for follow-back investigations.  The DOC encourages entities performing follow-back investigations with confidential data to adopt the DOC’s policies for follow-back investigations.

The RFA recognizes that DPH has a public health responsibility based on legal authority that requires the receipt and use of data maintained by the RFA.  Therefore, the RFA will provide data for DPH’s surveillance activities and epidemiological investigations, as required by law.

State agencies and other organizations that have a mandate established by statutory law to access these data will be provided technical assistance for linking data sets and will be encouraged to use the RFA for data set linkages.