• DSHS HIV/STD Program

    Post Office Box 149347, MC 1873
    Austin, Texas 78714

    Phone: (737) 255-4300

    Email the HIV/STD Program

    Email data requests to HIV/STD Program - This email can be used to request data and statistics on HIV, TB, and STDs in Texas. It cannot be used to get treatment or infection history for individuals, or to request information on programs and services. Please do not include any personal, identifying health information in your email such as HIV status, Date of Birth, Social Security Number, etc.

    For treatment/testing history, please contact your local Health Department.

    For information on HIV testing and services available to Persons Living with HIV and AIDS, please contact your local HIV services organization.

302.001

Release of Tuberculosis (TB), Human Immunodeficiency Virus (HIV), Sexually Transmitted Disease (STD) and Viral Hepatitis Data

Policy
Policy Number  302.001
Effective Date  April 9, 1999
Revision Date  November 25, 2019
Subject Matter Expert Surveillance Specialist
Approval Authority  TB/HIV/STD Section Director
Signed by  Felipe Rocha, M.S.S.W.

1.0 Purpose

This policy describes guidelines for the release or publication of data associated with the Texas Department of State Health Services (DSHS) TB/HIV/STD Section. This policy aligns with requirements in the DSHS HIV and STD Program Operating Procedures and Standards ( dshs.texas.gov/hivstd/pops/), the Centers for Disease Control and Prevention’s (CDC) Program Operations Guidelines for STD Prevention, ( cdc.gov/std/program/overview.pdf), and the CDC’s Data Security and Confidentiality Guidelines for HIV, Viral Hepatitis, Sexually Transmitted Disease, and Tuberculosis Programs ( cdc.gov/nchhstp/programintegration/docs/pcsidatasecurityguidelines.pdf) wherever possible and/or appropriate. The policy also aligns with the expectations of Circular 55 entitled “Employee Data Request, Research, and Publication Policy” as found in the HHSC Policies and Rules repository online..

 

2.0 Authority

All information obtained and compiled by DSHS related to a disease report is confidential and may be used or released only as permitted by Health and Safety Code §81.046. Additionally, DSHS is legally bound by federal assurances of confidentiality (Sections 306 and 308(d) of the Public Health Service Act, 42 US Code 242k and 242m(d)) which prohibit disclosure of any information that could be used to directly or indirectly to identify patients. This policy has been written in accordance with the Texas Health and Safety Codes §81.046 and §81.103 and the Texas Administrative Codes Title 25 §97.146 and §98.13.

 

3.0 Definitions

Aggregate Data: Information—usually summary statistics—that might be compiled from personally identifiable information (PII) but is grouped so as to preclude identification of individual persons.

Central Office: The TB/HIV/STD Section, DSHS main office located in Austin, Texas.

Confidential Information: Any private information about an identifiable person who has not given consent to make that information public.

Confidentiality: Protection of personal information collected by public health organizations. The right to such protection is based on the principle that personal information should not be released without the consent of the person involved except as necessary to protect public health.

Contracted Sites: Regional programs and agencies currently under contract with the DSHS TB/HIV/STD Section for surveillance, public health follow up, and other activities for which data is collected through routine public health activities.

Data release: Dissemination of data either in a public-use file or as a result of an ad hoc request which results in the data steward no longer controlling the use of the data. Data may be released in a variety of formats including, but not limited to, tables, person-level records, or online query systems.

Data sharing: Granting certain individuals or organizations access to data that contain personally identifiable information with the understanding that personally identifiable or potentially identifiable data cannot be re-released further unless a special data-sharing agreement governs the use and rerelease of the data and is agreed upon by the receiving program and the data provider(s).

Data-sharing agreement: Mechanism by which a data requestor and data provider can define the terms of data access that can be granted to requestors.

De-identified (pseudo-anonymous) Data: Individual record-level data which has been stripped of personal identifiers (e.g., name, address, social security number) but may contain potentially identifying information (e.g., age, sex, race/ethnicity, locality) that when combined with other information may identify an individual. If the combining of information could identify an individual, the data is no longer considered to be de-identified, but confidential.

External: Entities outside of the DSHS Central Office that the TB/HIV/STD Section contracts with or works in association with to conduct public health activities related to TB/HIV/STD and viral hepatitis surveillance, epidemiology, public health follow-up and the medication program.

Fifty Rule: Refers to the acceptable threshold for the release of aggregate TB/HIV/STD & Viral Hepatitis related data. The underlying population which the data describes must be greater than fifty people. The underlying population must also be at least twice the number of persons in the released data point.

Geocode: A set of geographical coordinates corresponding to a location.

Geographic Information System (GIS): An information system capable of integrating, storing, editing, analyzing, sharing, and displaying geographically-referenced data.

Institutional Review Board (IRB): A group that has been formally designated to approve, monitor, and review biomedical and behavioral research involving humans with the aim to protect the rights and welfare of the subjects.

Local Responsible Party (LRP): An official who accepts responsibility for implementing and enforcing TB/HIV/STD Section policies and procedures related to the security and confidentiality of TB/HIV/STD surveillance, epidemiology, public health follow-up, and medication program data and information for a specifically defined workgroup. The LRP is responsible for reporting and assisting in the investigative breach process. LRPs will be designated both internally and externally.

Overall Responsible Party (ORP): The DSHS official who accepts overall statewide responsibility for implementing and enforcing TB/HIV/STD and Viral Hepatitis security standards and practices. The ORP is responsible for protecting data as they are collected, stored, analyzed, and released. Annually, the ORP must also provide certification to CDC that all program security requirements are being met. The TB/HIV/STD Section Director is the designated ORP in Texas.

Personal Identifier: A datum or collection of data which allows a user to identity an individual with a specified degree of certainty; a personal identifier may permit the identification of an individual within a given database. Personal identifiers may include name, address or place of residence, social security number, telephone number, fax number, and date of birth.

Population: A group of people defined by demographic characteristics such as age, race, sex, or location of residence.

Potentially Identifying Information: Information that allows the identity of a person to be determined with a specified degree of certainty. This could be a single piece of information or several pieces of data which, when taken together, may be used to identify an individual. Therefore, when assembling or releasing analysis data sets, it is important to determine which fields, either alone or in combination, could be used to identify a person and which controls provide an acceptable level of security.

Surveillance: The ongoing and systematic collection, analysis, and interpretation of health data in the process of describing and monitoring a health event. This information is used for assessing public health status, triggering public health action, defining public health priorities and evaluating programs.

TB/HIV/STD Section: A Section in the DSHS Laboratory and Infectious Disease Services Division which includes: the HIV/STD Prevention and Care Branch, the TB/HIV/STD Epidemiology and Surveillance Branch, the Tuberculosis and Hansen’s Services Branch and the Pharmacy Branch.

 

4.0 Policy

The purpose of this policy is to ensure that any HIV, STD, TB and/or viral hepatitis data which are released and/or published maintain patient confidentiality. The policy also ensures that individual record-level data containing personal identifiers are only released with proper legal authority. TB/HIV/STD Section staff must assess the potential impact of proposed data releases on confidentiality, and staff responsible for the release of TB/HIV/STD and viral hepatitis data must take steps to prevent the identification of individuals within these data.

A secondary purpose of this policy is to ensure that all data published by DSHS and contracted sites is consistent and accurate across all publications.

 

5.0 Persons Affected

Persons affected are DSHS employees, contracted sites, and external entities that have access to or are requesting any data collected, administered and/or maintained by the TB/HIV/STD Section. This data includes, but is not limited to surveillance, prevention program, public health follow-up, HIV Care and HIV medications data.

 

6.0 Responsibilities

The Local Responsible Party (LRP) is responsible for implementing and enforcing these data release guidelines. At DSHS Central Office, the managers of the TB/HIV/STD Epidemiology and Surveillance Branch, the HIV/STD Prevention and Care Branch, the HIV Medications Program, and the Tuberculosis and Hansen’s Services Branch act as the LRP responsible for the appropriate release of data maintained by their program area. The director of the TB/HIV/STD Section serves as Overall Responsible Party (ORP). The ORP accepts overall statewide responsibility for implementing and enforcing TB/HIV/STD and viral hepatitis security standards and practices (also see definition of ORP in §3.0).

Regional DSHS programs and contracted sites must designate an LRP to oversee the release of TB/HIV/STD and viral hepatitis data from their program. Regional programs and contracted sites that access and/or use TB/HIV/STD surveillance, epidemiologic, and public health follow-up data must adhere to DSHS TB/HIV/STD Section’s policy outlining guidelines for the release of local data.

 

7.0 Data Release Guidelines

7.1 Data Release Schedule

Data collected and maintained by the TB/HIV/STD Section undergoes extensive cleaning, editing, and verification before it can be made available to external agencies in aggregate or record-level format. This is necessary to ensure data completeness and accuracy. Data that has not yet undergone or is in process of this finalization is called provisional data. Provisional data is subject to change until it is finalized

 

7.1.1 Surveillance Data

HIV and STD Surveillance data for a given calendar year and years prior will be “frozen” into a fixed, permanent dataset in July of the following year. This delay provides time for surveillance staff to conduct data cleaning and verification. For example, a dataset comprising data for years 2017 and prior will be frozen in July 2018. This dataset will be used to fulfill all subsequent data requests and create reports until creation of the next year’s dataset in July of the following year.

TB Surveillance data will follow a similar procedure; however, a provisional TB dataset for the previous calendar year and years prior will be created in March of the following year (e.g. 2017 TB provisional dataset will be created in March 2018) after submission of final case counts to the CDC. A final TB dataset inclusive of all variables will be created in July in conjunction with the HIV and STD datasets.

It should be noted that data from previous calendar years, such as case counts by year, may change with each file creation as case reports are updated, added, and/or deleted according to new information reported to surveillance.

Record level and aggregate provisional surveillance data may be released to Central and Regional DSHS programs and contracted surveillance programs for program monitoring and planning purposes. This provisional data may not be shared with external entities in any format, including verbal communication, unless there is a demonstrated need for this information to mitigate a threat to public health and safety (please see §7.2.4.1). In this type of circumstance, the LRP and ORP at the DSHS Central Office must be notified prior to release.

Contracted entities may request a subset of the annual fixed datasets pertaining to surveillance activities in their jurisdiction for their own use on an annual basis (see §7.3). Regional DSHS programs and contracted surveillance programs with access to data surveillance systems may not publicly release or publish any data that is not derived from the fixed datasets compiled annually by DSHS Central Office. The public release or publishing of data not derived from the DSHS fixed dataset is a direct violation of the DSHS TB/HIV/STD Section’s Data Release Policy. This requirement is to ensure consistency in published surveillance data and promote a unified, transparent approach to communication with the public.

 

7.1.2 Texas HIV Medication Program Data

Data from the Texas HIV Medication Program is frozen quarterly. This frozen data is used for specific programmatic reports; other ad-hoc aggregate data requests may be queried from the live data system used to track eligible clients.

 

7.1.3 HIV Care Services Data

DSHS staff within the Program Evaluation Group may release aggregate data from the Ryan White Services database (currently AIDS Regional Information and Evaluation System or ARIES) for grant requirement purposes. All aggregate Ryan White services data may only be released to staff associated with Administrative Agencies or providers that receive Ryan White grant funds. All aggregate data released from ARIES must meet the Rule of Fifty (see §7.2.1).

 

7.1.4 Data from DSHS Funded Prevention Programs

Data from DSHS-funded Prevention Program sites is transferred from these sites to DSHS monthly and used to create frozen static datasets on a quarterly basis. This frozen data is used for programmatic reports; however, ad-hoc aggregate data requests may be queried from the datasets sent by programs on a monthly basis. Data transfer will always take place over a secure FTP site designated by DSHS Central Office.

 

7.2 Aggregate Data

Aggregate data combines individual level data to create summary statistics describing a population, disease, or health condition of interest. The use of aggregate data to answer public health research or evaluation questions is always preferable to individual-level data because it provides greater protection of private health information.

When persons external to DSHS or DSHS employees without current data access request TB/HIV/STD or Viral Hepatitis data, every effort should be made to respond to their request using aggregate data tables, graphs, or other data visualizations. Release of aggregate data is limited by the following guidelines.

 

7.2.1 The Rule of Fifty

Aggregate TB, HIV, STD, and Viral Hepatitis data may only be released if both of the following conditions are true:

  1. The underlying population (also known as the population denominator) consists of more than fifty (50) people
    AND
  2. The underlying population is at least twice the number of cases or persons with the condition or characteristic being measured.

The size of the underlying population must be verified using one of the U.S. Census Bureau’s data products, such as the U.S. Decennial Census [Census.gov] or American Community Survey (ACS) [Census.gov], or a population estimate derived from U.S. Census data, such as the Texas Demographics Center’s population estimates.

Population estimates of the following demographic groups are available from these data products for public use:

  • Race
  • Ethnicity
  • Age
  • Birth sex
  • Geographic residence (at the state, county, ZIP code, and census tract level)

Generally, data pertaining to a geographic or demographic strata for which population estimates are not available cannot be released because the Rule of Fifty cannot be verified. Due to the lack of underlying population data on people who inject drugs (PWID), transgender persons and men who have sex with men (MSM), data on these populations may not be released if the aggregate number of cases or persons with the condition in a ZIP code or census tract is less than 6. This is to protect the identity and health information of persons in these populations. If the aggregate number of cases or persons with the condition is less than 6 at the county, HIV service delivery area (HSDA), eligible metropolitan area/transitional grant area (EMA/TGA), or DSHS Public Health Region (PHR) level, it may be released.

 

7.2.1.1 Examples of the Rule of Fifty

  1. A local provider requested the number of Black females between the ages of 15-24 who were diagnosed with HIV in Smith County in 2015. The total number of Black females in Smith County in 2015 was 75, and 35 of these were between the ages of 15-24. The number of HIV diagnoses in this group cannot be released because there were fewer than 50 Black females between the ages of 15-24 living in Smith County in 2015.

  2. A student requested the number of Asian females diagnosed with tuberculosis in Travis County in 2013. The total number of Asian females living in Travis County in 2013 was 2,000, and 25 Asian females were diagnosed with tuberculosis in 2013. This data can be released because the underlying population (all Asian females in Travis county in 2013) is greater than 50 and is also more than twice the number of tuberculosis cases in this age group (2*25=50 < 2,000).

  3. A community-based organization in Harris County requested the number of syphilis cases diagnosed in men who report sex with other men in Harris County in year 2015. Because this request is for data on a population group defined by a behavior that is not visually discernable, the number of syphilis diagnoses in this group can be released.

  4. A local Ryan White administrative agency wants to know the number of Hispanic males living with HIV in Brewster County who achieved viral suppression in 2014. There are only 19 Hispanic males living with HIV who resided in Brewster County in 2014. However, because it is not possible to know which Hispanic males in Brewster County are living with HIV, the number of Hispanic males living with HIV who are virally suppressed may be released.

Tables consisting of cells that do not satisfy the Fifty Rule may be released if the data in those cells are suppressed prior to release Additional cells may also need to be suppressed to prevent the derivation of the suppressed data.

For example, a researcher has requested to know the number of primary syphilis diagnoses in adult White males, by age group, for the year 2013 in Texas County. The data is as follows:

Age Group

18-29

30-39

40-49

50+

Total

Primary syphilis diagnoses in White Males

*

4

3

2

15

Population of White Males

49

60

75

65

249

Although the number of syphilis diagnoses in White males ages 18-29 has been appropriately suppressed because the underlying population does not meet the Rule of Fifty, including the total number of diagnoses for all age groups would allow the requestor to derive the number of primary syphilis diagnoses in this age group via subtraction (15 – (4+3+2) = 6). Despite the fact that the underlying total population of adult White males meets the Rule of Fifty, the total number of primary syphilis diagnoses among White males ages 18-29 should be suppressed to prevent disclosure of data for the subgroup on White males ages 18-29 that does not meet the Rule of Fifty.

An alternative option is to collapse data categories if the data has been stratified by one or more categories, such as sex or age.

In the above example of primary syphilis diagnoses in White males, the four age groups could be collapsed into 2 groups.

Age Group

18-39

40+

Total

Primary syphilis diagnoses in White Males

10

5

15

Population of White Males

109

140

249

Now the underlying population in each age group meets the Rule of Fifty and the number of primary syphilis diagnoses in each age group is acceptable for public release.

 

7.2.2 Geographic Data

Data depicted on a map must meet the aforementioned Rule of Fifty. Geographic areas with populations that do not satisfy the Rule of Fifty must be aggregated with data from one or more other geographic areas, although mapped data points with values of zero are acceptable for release.

The release of data in a map format created with GIS should not be accompanied by the individual layers and corresponding attribute tables used in the production of the map. The map should be released as a static image of a final product (e.g., JPEG format).

 

7.2.3 ZIP Code and Census Tract Level Data

Aggregate counts of diagnosed and/or prevalent cases of HIV, STDs, and TB may be released at the ZIP code or census tract level if the underlying population denominator meets the aforementioned Rule of Fifty. The Rule of Fifty for ZIP code and census tract level data will be verified against the most recent U.S. Census ACS 5-year estimates (contained in Table DP05).

  • To ensure identifying information is not released, only data on single stratum will be released at the ZIP code and census tract level. For example, Tuberculosis cases in males in a particular ZIP code may be released, but not cases in males ages 20-24.
  • Rates of disease at the ZIP code or census tract level may only be released for stratum that meet the Rule of Fifty. Rates should be calculated using population estimates from the Summary File SF1 of the most recently available U.S. Decennial Census.
  • Metrics for which no population denominator exists or is visually discernable may be released at a ZIP code or census tract level may be released in accordance with §7.2.1.

 

7.2.4 Exceptions to the Rule of Fifty

7.2.4.1 Release of Data Necessary to Mitigate an Imminent Threat to Public Health and Safety

In exceptional circumstances involving significant risk of harm to the public, it may be necessary to release provisional data or data that does not meet the Rule of Fifty. In these circumstances, the LRP and their legal counsel should review any request for PII to determine the specific data, if any, that must be released and all possible alternatives to the use of identifiable or provisional data should be examined before the release of such data. In addition, the LRP and ORP at the DSHS Central Office should be notified and included in this decision prior to release. When information is ordered for release as part of a judicial proceeding, any release or discussion of information should occur in closed judicial proceedings, if possible.

 

7.2.4.2 Texas HIV Medication Program

The Texas HIV Medication Program (THMP) may release aggregate program utilization and cost data without adherence to the Rule of Fifty. Due to statutory provisions protecting the confidentiality of the manufacturers’ drug pricing data (Federal Omnibus Budget Reconciliation Act of 1990 and in Section 340B of the Public Health Services Act, 42 U.S.C. 256B), drug pricing lists are considered restricted and cannot be released. Sub-county level data or stratified data must be reviewed and approved by the THMP manager or designee prior to release.

 

7.2.5 Responding to Requests for Aggregate Data

Requests for data present an opportunity for direct interaction between the TB/HIV/STD Section and our customers in the public, media, legislature, and other public health agencies. DSHS staff fulfilling data requests should extend the most professional, courteous, accurate, and rapid service possible. The following procedure provides guidance for fulfilling data requests.

Data requests are typically initiated via telephone and/or e-mails. DSHS staff should clarify specifics of the requested data. Key criteria for defining data requests may include:

  • Disease(s), diagnosis, or condition
  • Reported cases versus diagnosed cases
  • Number of cases, disease/infection rates, and/or other metric
  • Time period
  • Geographic location(s)
  • Demographic crosstabs (e.g., age, sex, race, risk group, etc.) and/or restrictions (e.g., living cases, male cases, female cases, etc.)
  • Date the data request must be completed

Occasionally, the requestor may not know how to define the data needed. In such cases, staff should help define the request based on the question(s) the requestor is trying to answer.

If not initially provided, staff should obtain the customer’s contact information, including e-mail address, in order to send the data. When possible, staff members should accept and meet the customer’s deadline for receiving the data. If the deadline is unusually short, cannot be met, and/or another deadline cannot be negotiated, staff should consult the LRP.

When completing data requests, staff will save the SAS or other data query system syntax and output files in a designated folder for future reference. The requested data should be saved in an electronic file format (e.g., Excel, Word, CSV, etc.) and e-mailed to the requestor. All data files should be clearly annotated, including titles and notes to thoroughly describe what the data represent. Additional notes should also be included to describe any special circumstances or limitations of the data, such as why some cells are suppressed. Once the data results are complete and in compliance with the guidelines in this policy, they may be sent to the requestor along with the staff member’s contact information. Requests from internal DSHS staff should be documented in the same manner as requests from external consumers.

For requests involving data to which the TB/HIV/STD Section does not have direct access (for example, teen pregnancy data, other infectious disease data, vital statistics, etc.), program staff should make every effort to refer the customer to the appropriate program contact at DSHS or elsewhere, if possible.

Note that staff are not permitted by state law to inquire about why formal Public Information requests are being made.

 

7.3 Individual Record-Level Data

The TB/HIV/STD Section occasionally releases de-identified or limited individual record-level datasets for approved research or public health purposes. All persons who will have access to datasets released for these purposes must sign a Data Use Agreement (DUA) prior to receiving the data. The DUA will detail:

  • Evidence of a legitimate public health or research need for the data elements requested,
  • Evidence of appropriate software available to analyze the data,
  • Permitted uses, disclosures, and final disposition of the data,
  • The names and role of all persons who will have access to the data,
  • Detailed security procedures that will be used to prevent unauthorized use and disclosure of the data, and
  • Detailed procedures for destruction of the data after analysis has concluded.

The LRP at Central DSHS must approve and sign the DUA prior to release of the data. The LRP or designee will provide the requestor with a signed copy of the Data Release Agreement. Appropriate DSHS subject matter experts should also review the data request to ensure DSHS is releasing the appropriate and minimum amount of data needed to address the proposed public health or research activity.

Data may only be transferred to the requestor via an approved secure File Transfer Site (e.g. Texas Public Health Information Network [TXPHIN]).

All persons in receipt of DSHS STD, HIV, TB and Viral Hepatitis datasets are responsible for ensuring that any publications using these data meet the requirements outlined in this document, including the Rule of Fifty. The TB/HIV/STD Section has developed a checklist for data release and publication for persons using this data (available here (link will be provided once checklist is developed).

 

7.3.1 De-identified Individual Record-level Data Requests for Research Purposes

Requests for individual record-level data from the TB/HIV/STD Epidemiology and Surveillance Branch for research purposes by external and non-contracted entities must be reviewed and approved by the DSHS Institutional Review Board (IRB) and appropriate LRP. Procedures for submitting data requests to the DSHS IRB can be found at dshs.texas.gov/irb/.

When appropriate, the requestor must also obtain approval from an IRB at the institution responsible for oversight of their own research program. Prior to releasing datasets, all personal identifiers will be removed. Datasets provided for research purposes must be maintained by the recipient in a manner consistent with the most current DSHS confidentiality and security guidelines regarding physical and electronic security.

Upon approval by the IRB(s), a DUA must be signed prior to releasing the data (see Section 7.3 above). All persons in receipt of data must adhere to the regulations for data security outlined in the TB/HIV/STD Section Confidential Information Security Procedures 2016.001 ( dshs.texas.gov/hivstd/policy/procedures/2016-01.shtm).

 

7.3.2 Data Destruction at the End of the Data Release Agreement Period

All the data must be removed from all electronic files and hard copies at the conclusion of the timeframe specified in the Data Release Agreement. DSHS Central Office will follow-up with recipients of individual record-level data to ensure that the data and any additional data files created have been adequately destroyed on their stated project completion date. The recipient of the data must provide documentation that these data have been destroyed in a confidential manner.

 

7.3.3 Registry Matching

Confidential TB/HIV/STD data are routinely matched with data in other disease registries (e.g., cancer, vital records) and data systems to improve data quality as a part of routine disease surveillance. TB/HIV/STD and Viral Hepatitis data may not be used by other programs or external entities for matching. All matching to other disease registries and data systems should be performed by the TB/HIV/STD Section staff.  

 

7.4 Personally Identified Individual Record-level Data Examples of the Rule of Fifty

The TB/HIV/STD Section strongly discourages the release of individual patient records that contain personal identifiers. In very limited circumstances, a patient’s personal records may be released to providers, legal entities, and/or directly to the patient. The TB/HIV/STD Section may also disclose individual patient data for limited, specific public health purposes.

HIV/STD public health follow-up data will not be released to patients, providers, or legal entities under any circumstances, as those data contain partner information. Client-level data from the Texas HIV Medication Program, DSHS-funded HIV Prevention Programs, and the AIDS Regional and Evaluation System (ARIES) will not be released to any external entities, with the exception of reporting client-level data to funding agencies to fulfill specific programmatic requirements.

 

7.4.1 Requests from Legal Entities

Providers and/or legal entities representing a patient may only request data relating to their patient or client. Individuals may only request data relating to themselves. The patient must sign a medical record release form and the LRP must see and approve this form before any data are released.

Requests for individual TB/HIV/STD and Viral Hepatitis records initiated via court orders, subpoenas, or legal counsel for anyone other than the patient must be directed to the DSHS Office of General Counsel.

Requests for individual records made to contracted sites should be directed to their agency health attorneys; the DSHS Central Office TB/HIV/STD Section security officer should be notified within 10 business days. The local LRP must see the medical record release form and approve before data is released.

 

7.4.2 Requests by Patients or Providers

Providers requesting patient records or patients requesting their own records must be directed to the DSHS Office of General Counsel. A medical record release form must be signed by the patients and the LRP must see the medical release form and approve before data is released. Requests for THMP client records do not need to be directed to the DSHS Office of General Counsel.

For external sites, these form of requests must be directed to their agency health attorneys. A medical record release form must be signed by the patient and the LRP must see the medical release form and approve before data is released.

 

7.4.3 Texas HIV Medication Program

Client records containing personal identifiers may be released to treating physicians, servicing pharmacies, the patient, or other programs as necessary for the client to obtain services. The LRP is responsible for ensuring that data sharing agreements or appropriate contracts are in place when Texas HIV/STD/TB and Viral Hepatitis data are shared.

 

7.4.4 Data on Persons Identified as Part of a Molecularly-linked HIV Cluster

Information on a relationship that may exist between PLWH who are linked to other PLWH through a partner services investigation or molecular cluster cannot be released outside of DSHS Central Office or contracted surveillance entities.

 

7.4.5 Requests from Special Customers

7.4.5.1 Requests from Media

Staff should respond to requests from the media by following Policy Number AA-5007 ( http://online.dshs.internal/media-relations/policies.aspx).

 

7.4.5.2 Requests from Legislators and Legislative Staff

All DSHS staff who receive a legislative request should notify the appropriate Branch Manager and Section Legislative Liaison immediately. Before responding to a legislative request, staff must obtain approval from the appropriate Branch Manager and Government Affairs prior to releasing data. Immediately following the completion of a legislative request, a Legislative Contact Report should be completed and e-mailed. At minimum, this report will be submitted to the assigned staff member’s supervisor, the Branch Managers of the TB/HIV/STD Epidemiology and Surveillance Branch, the HIV/STD Prevention and Care Branch, the TB and Hansen’s Disease Branch, and the Section Legislative Liaison. The Legislative Liaison will send this report to the Government Affairs Unit contact. Government Affairs is the contact for legislative offices and provides responses (in concert with Associate Commissioners or program staff if necessary). Government Affairs may decide if the response will come directly from its office or program staff.

This report should contain the following information:

  • Who made the request – which Legislator’s office, contact person’s name, telephone number and other contact information
  • When the request was received
  • What the question or issue was that prompted the request
  • Summary of the response or copy of data released
  • Any future follow-up required
  • Name and contact information for the employee that responded to the request

 

7.4.5.3 Open Records Requests and Requests Made Under the Public Information Act

Staff who receive an Open Records or Public Information Act request should follow DSHS’ Open Records Policy ( dshs.texas.gov/policy/openrecords.shtm) and immediately notify their Branch Manager of the request.

 

8.0 Revision History

Date Action Section
Revision History
11/25/2019 Numerous revisions throughout All
9/1/2017 Changed "TB/HIV/STD Unit" to "TB/HIV/STD Section" to reflect new program designation -
1/21/2016 Added section 7.1.5 Zip Code and Census Tract Level Data 7.1.5
9/4/2014 Numerous revisions throughout All
Converted format (Word to HTML) -
11/9/2009 Clarification that local policy must be at least as restrictive as DSHS policy 6.0
Clarification that the local LRP can approve data released at the local program level 7.1.1
7/2/2008 Extensive revision too numerous to list, therefore treated as new policy. Previously, this policy was numbered as 020.061 N/A

 


Last updated June 15, 2020