Current through Register Vol. 48, No. 12, March 22, 2024
a) The
Department will provide facilities the opportunity to review the Consumer Guide
to Health Care (Guide) prior to public release. The entire report will be made
available to each facility on the Department's secure web server for review
before publication. This review period will end 15 working days after the
availability date of the review material. During the review period, each
facility may submit written comments concerning its report content to the
Department. Comments shall be submitted on facility letterhead and shall be
signed by the administrator or designee. All comments received by the
Department will be kept on file. No comments will be accepted after the end of
the review period and no changes to the content of the Guide will be accepted.
If any facility or the Department finds erroneous or incomplete data in the
Guide, these data will be identified and footnoted prior to publication. If the
Department makes an error in the preparation or presentation of the Guide, the
error will be corrected.
b) Limited
Data Product and Report requests approved by the Department shall result in the
creation of the minimum necessary data set from the population of data elements
available to the requester and accompanying data use agreement covering access,
usage, distribution and confidentiality of the data.
1) The Department, in accordance with Section
2310-33 of the Department of Public Health Powers and Duties Law of the Civil
Administrative Code of Illinois, will charge fees to the requesting entity for
providing access to data files or producing studies, data products or analyses
of data. A schedule of fees for standard and custom datasets and products
according to category of purchaser is presented in Section
1010.70 of this Part. In
determining fees, the Department will consider all of the following:
A) Type of data and specified
usage;
B) Record count and computer
time required;
C) Access fees for
computer time;
D) Staff time
expended to process the request; and
E) Handling and shipping charges.
2) All requests for data files,
data products, aggregations or reports containing limited data elements shall
be made in writing to the Department using Department forms available at
https://dph.illinois.gov/content/dam/soi/en/web/idph/files/forms/formsoppsdischarge-data-request-form.pdf.
All data obtained from the Department shall be used solely for the purpose
identified by the requesting entity and for use by the requesting entity. The
scope and term of this usage will be detailed in a data use agreement specific
to each request. Use of the data for any other purpose shall require a separate
and specific written request, approval, and data use agreement.
3) When the Department prepares
facility-specific data, reports or comparative analyses for public release,
affected facilities will be given the opportunity to review and comment on the
data, studies or reports and their content prior to release to the public.
Facilities will be provided access to the entire report on the Department's
secure web server for review prior to publication. The review period will end
15 working days after the availability date of the review material. While no
changes to previously submitted data will be accepted, the Department will
accept written comments and explanations from facilities during the review
period. The Department will keep these comments and explanations on file and,
as appropriate and reasonable, will incorporate them into the text description
of the published report, study or analysis. If a Department error is found in
the publication, the error will be corrected.
c) De-identified Data Files and Reports
1) Public use data files, reports and studies
based on information submitted by hospitals and ambulatory surgical treatment
centers shall contain de-identified data and shall comply with State and
federal law, including, but not limited to, the Gramm-Leach-Bliley Act and the
HIPAA privacy regulations.
2) All
requests for public use files or special compilations, reports, studies or
analyses derived from public use files shall be made in writing to the
Department, with forms available at
https://dph.illinois.gov/content/dam/soi/en/web/idph/files/forms/formsoppsdischarge-data-request-form.pdf.
The release of data related to an approved public use data request shall not
require a detailed data request form or comprehensive data use agreement.
However, each request will be evaluated and, if necessary, will require a
signed data use agreement appropriate to the content of the data requested. The
data use agreement will include, but not be limited to, restrictions on patient
identification and sale or release of the data to third parties.
3) Facility syndromic surveillance data
submitted to the Department may be used for epidemiological investigation or
other disease intervention activities of the Department or local health
department. Investigation shall include obtaining laboratory and clinical data
necessary for case ascertainment. Findings of the investigation shall be used
to institute control measures to minimize or reduce the risk of disease spread
or to reduce exposures in a public health emergency event recognized or
declared by local, State, or federal authorities.
4) Syndromic surveillance data will be
released for local health departments and the Centers for Disease Control and
Prevention, consistent with the Department of Public Health Act and the Control
of Communicable Diseases Code and used for monitoring public health. Release
will be through secure transfer of data and accessed by approved software tools
for data analysis.
5) Release of
aggregate, de-identified syndromic surveillance data is permitted only by the
Department or local health department of the jurisdiction that the data
describes.
6) Release of syndromic
surveillance data to individuals or entities other than the public health
agencies identified requires a data use agreement. A data request form to
initiate the process will be made available publicly at
https://redcap.dph.illinois.gov/surveys/?s=MAPECL9E73.
Any release of syndromic surveillance data must be consistent with the
Department of Public Health Act and Health Statistics Act. Only the Department
can review and approve the release of visit-level syndromic surveillance data
to a third party.
7) Facility user
access is permitted only for data specific to the user's facility or health
care system. Any sharing of data across facilities will require an agreement
between the facilities and provided to the Department or due to provisions in
applicable administrative rules (such as for extensively drug-resistant
organism (XDRO) data or data for the Prescription Monitoring Program (PMP)).
Aggregate data at the State level may be shared with facility users, but
aggregate level of visits to facilities at the county level may not be shared
with facility users.
8) The
Department will
not release any syndromic data or information obtained
pursuant to this Part
to any individuals or entities for
purposes other than the protection of the public health. Release will
be through secure transfer of data and accessed by approved software tools for
data analysis.
A)
All access to data
by the Department, reports made to the Department, the identity of or facts
that would tend to lead to the identity of the individual who is the subject of
the report, and the identity of or facts that would tend to lead to the
identity of the author of the report, the author being an individual or the
reporting facility, in the case of syndromic surveillance, shall be strictly
confidential, are not subject to inspection or dissemination, and shall be used
only for public health purposes by the Department, local public health
authorities, or the Centers for Disease Control and
Prevention.
B)
Entities or individuals submitting reports or providing access to the
Department shall not be held liable for the release of information or
confidential data to the Department in accordance with this
subsection. (Section 2(h)(i)(C) of the Department of Public Health
Act) [20
ILCS 2305/2(h)(i)(C) ]
d) Patient
Confidentiality and Data Security
1)
Patient name, address, any part of the Social Security
number, unique patient identifier based on the last four digits of the
patient's Social Security number, or any other data that the
Department believes could be used to determine the identity of an individual
patient shall be stored and processed in the most secure manner
possible. (Section 4-2(d)(4) of the Act) Only authorized staff will
have access to these data, with all computers and databases secured by
password. Only computers located in controlled Department work sites will allow
access to these data.
2) Patient
name, address, and any part of the Social Security number will not be released
publicly. These data may be used to link discharge data or syndromic
surveillance with other data sets internal or external to the Department, with
linkage results released under guidelines of appropriate Department controls.
The patient name, address, and any part of the Social Security number will not
be released as part of these linkage results. The Department will evaluate any
request for access to any or all of these three specific identifiers by
authorized staff of other Illinois State agencies, local health departments, or
approved research project participants individually. Evaluation criteria
include need and security of patient confidentiality. The unique patient
identifier may be released to State agencies, local health departments and
approved data requesters using appropriate guidelines.