This story was originally published by Data-Smart City Solutions.
A key part of the promise and potential of technology is to help agencies integrate and rationalize services so that beneficiaries receive the kind of streamlined and efficient service we have all begun to expect in this high-tech era. For human services agencies, a key barrier to unlocking this potential is the multitude of regulations governing and restricting data integration.
While data sharing concerns may prevent some agencies from considering new, innovative technology projects, this need not be the case. The combination of effective foresight and planning can help agencies at all levels move forward, while targeted policy changes could clear away remaining hurdles and embolden local and state governments take an even more aggressive approach to technology innovation.
PRIVACY CONCERNS WELL-INTENTIONED BUT OUTWEIGH REALITY
Federal and state governments have recognized that the collection of private data incurs a risk of improper dissemination, use, or even theft. To protect individual privacy, a number of regulations pertain to how various data sets – such as medical history, educational records, and personal identifiers – are shared.
When we interviewed local and state innovators, the sheer volume of regulations protecting data and restricting its sharing emerged as a key concern. A community partner who worked on a state-level project frankly stated that “confidentiality could’ve very well killed this project.
Part of the problem is not the reality that integration of services through technology actually runs afoul of regulations, but mere perceptions that confidentiality laws might be violated. Whether these anxieties are founded or not, the effect is the same—a reluctance by human services agencies to undertake technology innovation for fear of running afoul of governing regulations. A local official told us that “you’re constantly thinking about how it could be an issue. I don’t know of any actual issues, but regulations are constantly on our minds.” Another local manager recounted that these perceptions foster a reluctance on the part of human services workers to share information, explaining that “caseworkers are used to protecting all the information pretty severely, and are at risk of prosecution if they share too much.” As a result, said a local administrator, “The interpretation has often been more rigid than [the laws] really necessitate.”
A culture of fear erects barriers to effective exploration of the actual confidentiality issues at stake in technology projects. In the words of one local administrator, “I think there’s a lot of myth around confidentiality, so a big part of the process was picking out the stuff that isn’t confidential.” A technologist from another locality echoed with this assessment, observing that “everyone’s operating at a different level of understanding about what they could or could not share. A lawyer might say that there’s no problem with data sharing between partners ‘A’ and ‘B,’ and ‘B’ might disagree.” This problem can be exacerbated by program silos which set different conditions on data sharing for related services at the state and county level.
SMART PROCESSES CAN ALLEVIATE CONCERNS
Despite the complex regulatory environment concerning data sharing and confidentiality, conversations with local and state innovators revealed several strategies to address confidentiality without abandoning their visions.
First, many of those to whom we spoke cited the importance of consulting early and often with legal counsel within government. In New York City, for example, leaders brought together agency officials and legal counsel to address data sharing regulations as part of the HHS-Connect project. Said a city administrator, “One of the keys to the governance was the ability to set up a legal group across agencies.” With the endorsement of the Mayor’s Office in the form of an executive order, city attorneys thoroughly surveyed the legal landscape, seeking feasible opportunities for data sharing. The committee “identified the confidentiality provisions governing their agencies’ data and determined what data could and couldn’t be shared,” a city administrator explained. Recognizing the various confidentiality provisions covering different program areas helped city officials plan for the implementation of the HHS-Connect project, “We said, ‘Let’s start building this where there’s least [legal] resistance, and tackle pieces as they come along,’” said another official.
Second, agencies can also retain external counsel and support where effective. In Allegheny County, Pennsylvania, the Department of Human Services was building a Data Warehouse that would cut across program silos. Collecting and storing this information necessarily raised compliance concerns. Legal counsel, brought in by community partners, helped work through the issues. “The legal analysis is important in helping people make policy decisions, saying that you can do this much, you can go here or here,” stated one administrator.
Third, local and state governments can develop a consistent predictable framework through the strategic use of memoranda of understanding (MOUs). A technologist in Boulder County, Colorado, noted that the County uses “a lot of MOU-type tools, elaborate agreements governing who has access to what, for what purposes.” Many officials whom we interviewed found that establishing legal agreements actually helped to solidify trust among partner agencies and organizations. “We have agreements and understandings, self-policing as information moves through the system, and checks and balances within and between our organizations,” said one administrator in San Diego County. Even a small number of memoranda can prompt other organizations to join in, assuaging concerns about the legality of data sharing practices. A Boulder County technologist said that “when the others see that groups are getting on board, they realize it’s not a big departure and they can sign on as well.”
POLICY STEPS THAT CAN MAKE A DIFFERENCE
While technology offers substantial opportunities for agencies and program areas to collaborate and more effectively deliver services and benefits to families, many of those to whom we spoke were insistent then federal policy changes were equally essential in fostering an environment that promotes – or at least does not inhibit – the sharing of crucial data. In fact, we heard several concrete suggestions to enhance federal policy in this area.
One approach would be to streamline existing regulations. Many technology projects are covered under an array of federal privacy regulations. Legislation such as the Health Information Portability and Accountability Act (HIPAA), Title 42 of the Code of Federal Regulations, and the Family Educational Rights and Privacy Act (FERPA) restrict the exchange of information deemed as sensitive, except under certain conditions. Each regulation designates different types of information as sensitive, and imposes varying restrictions on covered data. Keeping track of the overlapping regulatory requirements poses a major hurdle to would-be innovators and requires a significant investment in legal counsel. Some of those interviewed said that federal agencies could cooperate to explain how states and localities can prioritize and coordinate existing regulations in a way that effectively protects consumer privacy. As one local official remarked, federal officials “can hardly do [too much] when it comes to helping bring clarity and modernize our data practices rules to better serve our customers efficiently and effectively.”
A second approach would be to rethink these regulations altogether. Several of those interviewed hoped that federal officials would review data regulations with an eye towards improving data sharing practices. Said one researcher, “I think federal agencies ought to look at how rules are jeopardizing technical innovation.” A county official proposed that ideally, federal guidance would permit “more free exchange of data across all health, social service, and safety programs.”
In our day-to-day lives, we’re accustomed to a level of streamlined service that is simply unimaginable in the delivery of many human services programs and benefits. Technology provides a critical opportunity to do better. Realizing this potential means serious deliberation by agencies considering these projects as well as needed enhancements to federal policy. Confidentiality laws exist to protect sensitive information, not to stifle innovation. These rules and a dynamic technology ecosystem are not mutually exclusive. Action by agencies and federal officials can make a difference.