• Oxford Reference definition for surveillance – https://www.oxfordreference.com/display/10.1093/acref/9780199976720.001.0001/acref-9780199976720-e-1820?rskey=8UMMgN&result=2057 

• Office of the National Coordinator’s (ONC) technical definition of EHI – https://www.healthit.gov/sites/default/files/page2/2021-12/Understanding_EHI.pdf 

• Network for Public Health Law definition of a HIPAA Hybrid Entity – https://www.networkforphl.org/resources/topics/health-information-and-data-sharing/hipaa-hybrid-entity-status/ 

• About Tribal Epidemiology Centers – https://tribalepicenters.org/ 

Training courses for privacy risk in public health. 

• CSTE Learn Training Courses – https://learn.cste.org/courses/course/basic-principles-of-privacy-risk-in-public-health 

A website providing numerous resources for STLT PHAs related to public health law. 

• ASTHO Public Health Law Resources. https://www.astho.org/Programs/Preparedness/Public-Health-Emergency-Law/Public-Health-Law-Resources/ 

A federal government resource providing information on public health law. 

• CDC Public Health Law Program. https://www.cdc.gov/phlp/index.html

A resource focused on public health law as it relates to data sharing. 

• Network for Public Health Law – Health Information and Data Sharing. https://www.networkforphl.org/resources/topics/health-information-and-data-sharing/ 

This webpage is to provide a central location for Tribal data resources and information at HHS. This site includes HHS’s Department-wide data access policies for Tribes and Tribal Epidemiology Centers (TECs). It also provides Division-level information about Tribal data points of contact, data resources, and data access processes. It also includes a webform for Tribes and TECs to request assistance with data requests. 

• Department of Health and Human Services. HHS Tribal Data Access Policy and HHS TEC (Tribal Epidemiology Centers) Data Access Policy. https://cdo.hhs.gov/s/tribal-data. Accessed July 18, 2025. 

This paper provides good legal argument information for when a hospital sued a health department to prevent access to records and the health department successfully defended their authority. 

• Daly, E. R., Herrick, J. P., Maynard, E. X., Montero, J. T., Adamski, C., Dionne-Odom, J., Talbot, E. A., & Alroy-Preis, S. (2015). Taken to court: defending public health authority to access medical records during an outbreak investigation. Public health reports (Washington, D.C. : 1974), 130(3), 278–283. https://doi.org/10.1177/003335491513000315 

• https://pmc.ncbi.nlm.nih.gov/articles/PMC4388227/ 

The Trusted Exchange Framework Common Agreement™ or TEFCA™, outlines a common set of principles, terms, and conditions to support the development of a Common Agreement that helps enable the nationwide exchange of electronic health information (EHI) across disparate health information networks (HINs). The TEFCA is designed to scale EHI exchange nationwide and help ensure that HINs, health care providers, health plans, individuals, and many more stakeholders have secure access to their electronic health information when and where it is needed. 

• Trusted Exchange Framework Common Agreement™ (TEFCA™) rce.sequoisproject.org Accessed on July 23, 2025.  

The toolkit provides more information on hybrid entities and how to receive the designation as a hybrid entity. 

• Network for Public Health Law Hybrid Entity Toolkit https://www.networkforphl.org/resources/resource-collection-hipaa-hybrid-entity-toolkit/ 

The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. 

• Indian Health Service Privacy Information – https://www.ihs.gov/privacy/ 

• Breach Notification Rule – https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html 

Spotlight on Bidirectional communication and data sharing between PHAs and HCOs related to healthcare acquired infections. 

• CORHA Policy Workgroup – https://corha.org/news/importance-of-data-sharing-and-reporting-a-conversation-with-corhas-policy-workgroup-co-chairs 

This Spotlight Series article makes the case for electronic health information sharing between healthcare organizations and public health authorities, and provides several resources to support sharing. 

• Kim, Moon; Terashita, Dawn; Abramson, Jaclyn. Importance of Data Sharing and Reporting: A Conversation with CORHA’s Policy Workgroup Co-Chairs. July 31, 2024. https://corha.org/news/importance-of-data-sharing-and-reporting-a-conversation-with-corhas-policy-workgroup-co-chairs Accessed July 15, 2025. 

This site includes HHS’s Department-wide data access policies for Tribes and Tribal Epidemiology Centers (TECs). It also provides Division-level information about Tribal data points of contact, data resources, and data access processes. It also includes a webform for Tribes and TECs to request assistance with data requests. 

• HHS Office of the Chief Data Officer – Tribal Data Access Policies https://cdo.hhs.gov/s/tribal-data 

This document recommends standards for all NCHHSTP programs that, when adopted, will facilitate the secure collection, storage, and use of data while maintaining confidentiality. Designed to support the most desirable practices for enabling secure use of surveillance data for public health action and ensuring implementation of comprehensive evidence-based prevention services, the standards are based on 10 guiding principles that provide the foundation for the collection, storage, and use of these public health data. They address five areas: program policies and responsibilities, data collection and use, data sharing and release, physical security, and electronic data security. Intended for use by state and local health department disease programs to inform the development of policies and procedures, the standards are intentionally broad to allow for differences in public health activities and response across disease programs. 

• CDC Data Security and Confidentiality Guidelines for HIV, Viral Hepatitis, Sexually Transmitted Disease, and Tuberculosis Programs: Standards to Facilitate Sharing and Use of Surveillance Data for Public Health Action. https://www.cdc.gov/sti/media/pdfs/pcsidatasecurityguidelines.pdf 

The Health Data Utility Framework is intended to guide states, regions, HIEs, and community partners in the design and implementation of an HDU that provides deeper integration of health-related data to support public health and care delivery. 

• Civitas Networks for Health. Health Data Utility Framework. https://www.civitasforhealth.org/hduframework/ Accessed July 23, 2025.  

This toolkit walks agencies through the process of assessing their own informatics readiness and current state and then using that assessment to inform strengthening and strategic activities–allowing them to scale up informatics capacity to meet the evolving needs of the modern public health landscape. 

• Public Health Informatics Institute (PHII) Informatics Savvy Toolkit – https://phii.org/course/informatics-savvy-health-department-toolkit/ 

This pilot study examined the feasibility of using electronic case reporting to detect additional cases of occupational lung disease. 

• Creswell, Paul D. PhD; Mader, Sara RN, MPH; Modji, Komi K.S. MD, MS, CPH; McCoy, Katherine E. PhD. A Breath of Fresh Air: Pilot Testing Electronic Case Reporting for Public Health Surveillance of Occupational Lung Diseases in Wisconsin. Journal of Public Health Management & Practice 31(4):p 558-565, July/August 2025. DOI: 10.1097/PHH.0000000000002147 https://journals.lww.com/jphmp/abstract/2025/07000/a_breath_of_fresh_air__pilot_testing_electronic.8.aspx Accessed June 24, 2025.