SHRI
State Health Registry of Iowa - Iowa Cancer Registry

 

Home
Administrative Code
Confidentiality and Data Security
Data Collection
Iowa Cancer Data
Research
Publications
Glossary
Our Staff
Links
Contact Us
College of Public Health University of Iowa


Confidentiality

Confidentiality of data is extremely important to the operation and maintenance of the Registry. The following are critical elements of the Registry’s comprehensive confidentiality policies and procedures that relate to research uses, reporting and release of cancer data.

Confidentiality policies, pledges and procedures are required in all phases of Registry operation in order to:

  • Protect the privacy of the individual cancer patient;
  • Protect the privacy of the facilities reporting the case;
  • Protect the privacy of the physician responsible for the care of the cancer patient; and
  • Provide public assurance that the data will not be abused.
    HIPAA and Data Security

In 1996 the U.S. Congress passed a law requiring, among other things, uniform federal privacy protections for individually identifiable health information. This law is called the Health Insurance Portability and Accountability Act of 1996, or “HIPAA”. Copies of the HIPAA Privacy Rule, as well as helpful explanatory materials, may be found at the HHS Office of Civil Rights website.

Under HIPAA, a ‘Public Health Authority’ refers to “an agency or authority of the United States, a State or territory, a political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a grant of authority from or contract with
such public agency, including the employees or agents of such public agency or its contractors or persons or entities to whom it has granted authority, that is responsible for public health matters as part of its official mandate. The Iowa Cancer Registry (ICR) is considered a public health authority because our state law mandates our duties.

The ICR has developed and implemented formal policies, procedures and best practices that will safeguard the integrity, confidentiality, and availability of its data. This includes the conduct of personnel with regards to patient data as well as the protection of physical computer systems and buildings and equipment from fire, environmental hazards or intrusion. Processes have been put in place to guard against unauthorized access to data that are transmitted over the communications network.