Bioterrorism surveillance and privacy: intersection of HIPAA, the Common Rule, and public health law.

The threat of bioterrorism in the wake of the September 11, 2001, terrorist attacks cannot be ignored. Syndromic surveillance, the practice of electronically monitoring and reporting real-time medical data to proactively identify unusual disease patterns, highlights the conflict between safeguarding public health while protecting individual privacy. Both the Health Insurance Portability and Accountability Act and the Common Rule (which promulgates protections for individuals in federally sponsored medical research programs) safeguard individuals. Public health law protects the entire populace; uneven state-level implementation lacks adequate privacy protections. We propose 3 models for a nationwide bioterrorism surveillance review process: a nationally coordinated systems approach to using protected health information, creating public health information privacy boards, expanding institutional review boards, or some combination of these.