1 / 29

Privacy Issues in Archives Access

Privacy Issues in Archives Access. Anne Gilliland, MA, MLIS University of North Carolina—Chapel Hill And Judith A. Wiener, MA, MLIS The Ohio State University. Introduction. Our background How we got interested The questions we were asked.

chava
Download Presentation

Privacy Issues in Archives Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Issues in Archives Access Anne Gilliland, MA, MLIS University of North Carolina—Chapel Hill And Judith A. Wiener, MA, MLIS The Ohio State University

  2. Introduction • Our background • How we got interested • The questions we were asked

  3. What methods or policies can librarians and archivists put into place that balance both the interests of scholars and families that desire access to historical mental health records and maintain privacy as required by either federal or state laws?

  4. Widely-Available Digitization • Controlled environment of reading room vs. open access of the open web • Risk lessened in reading room environment even if protected information is made available by error.

  5. Digitize But Restrict Access • Preservationally-sound option • Saves staff time of scanning on demand • Controlled access that allows for greater sharing off-site • Records not as accessible as they would be on the open Internet

  6. Privacy Boards • Another option to longer process of IRB • Allows institution to set up appropriate membership to fit needs of varied interested parties (patients, families, scholars) • Creates wait for materials and may be deterrent to access by some

  7. Selective Redaction • Required when dealing with PHI and a covered entity under HIPAA or other legislation. • 18 Protected Health Information (PHI) fields. • May be an option that is elected, even if not required by law. • Need not redact originals

  8. Redaction and Digitization • Proactive redaction can be very time and cost intensive. • Can make digitized materials useless, depending on level of protected information available. • Access is the key in the need for redaction.

  9. Careful Selection of Materials • Analyze reason for digitization-preservation or access or both? • Analyze typical researcher needs. What information is most likely needed and wanted on a widely-accessible basis. • Look for the win-win. What can we make as openly available as possible without a lot of access control or redaction needed • annual reports instead of individual cases. • published reports with PHI already removed

  10. Have these examples increased the financial or staffing costs to libraries that maintain such archival records?

  11. Redaction • Up front or proactive redaction may be expensive & time-consuming • By request redaction less costly and time-consuming but response time can be slow. • Technology may soon be available to help redact standardized data • Many historical records will still need to be redacted by hand • Redaction for digitization can make records almost useless.

  12. Open Access Online • Higher risk option. • Consumes staff time with selection and up-front privacy sensitivity audits. • May be an option for some record types but not recommended for entire collections with significant privacy concerns. • Need to create policy and proceedure for redaction requests.

  13. Closed Access System • Lower risk, in general, because access is internal and controlled. • Allows for less-costly mass digitization solution. • Need to invest in security solutions. • Ongoing costs need to be considered • Maintenance, trouble shooting, migration of files, quality control.

  14. Closed Access Systems • Process and logistics for collection access need to be addressed. • Encumbers staff time for very hands-on requests. • Privacy Board can be costly, dependent on location of members, time needed to meet, meeting frequency.

  15. Cost vs. Risk • Risk is high for unselective open access system. Liability is far greater than initial costs of time or systems. • Financial penalties in legislation • Risk in reputation, lives, public opinion • But embargoing records incurs other costs • Risk is high to the historical record, heritage, decedents.

  16. How have scholars and families responded to these methods and policies instituted to both increase access yet maintain privacy of these records?

  17. Families and Patients • Securing permission after the fact—Digital Library of Georgia • Genealogists’ keen interest • Family members—what happened to them? • Access Anxiety—the historian’s perspective

  18. What is Consent? What is Anonymity? • The Lacks Family • Patients Like Me and other sites • Rare Diseases and unusual situations

  19. What examples exist of how such a balance has been developed and maintained in other states? Identify the states

  20. The Ceiling and the Floor • Most restrictive law will usually control. • For example, in a HIPAA situation, HIPAA preempts unless state law is more restrictive. • State laws—choice of law problems and conflicts • Privacy laws not written with the historian or archivist in mind but rather toward contemporary identity theft

  21. Four Approaches to Health Information • The Cigarette Papers—handled through takedown notices • Johns Hopkins (all considered covered entity—IRB/Privacy Board) • Columbia—75 year rule (not a covered entity) • University of Minnesota—use stringent HIPAA rules even for non-covered entity

  22. Ohio State University Medical Heritage Center • Privacy Board in development • Selective digitization • Description of patient records series only on-line

  23. North Carolina Supreme Court Briefs Digitization • Digitization of briefs submitted in NC Supreme Court cases from the late 19th century through 2000 • Project funded and work plan in development • Will be online and exposed to Google • Will use software for redacting SSNs and driver’s license numbers • Open public records law in NC is very broad, but briefs have been obscure • Are we a publisher when we put them online and does our liability change? • More recent judicial opinions are often written more circumspectly

  24. State Approaches: Mental Hospital Records • Indiana State Archives mental hospital records • Lincoln Hospital Records—Duke University • Illinois mental hospital records at State Archives • Athens Asylum records at Ohio University

  25. Are there examples where there have been violations that compromised privacy rights; and how have they been handled?

  26. Redaction and Breaches • Cigarette Papers • Tentative plans in North Carolina • An Industry example—Epic • Wall of Shame—Breaches affecting 500 or more individuals

  27. Data Breaches • On the rise • State breach notification law • Most suits within the academic/research community are settled or controversies never reach the point of litigation

  28. Re-identification • Experts differ on the extent and scope of this problem • The William Weld example • May not be able to completely control

  29. Conclusion

More Related