EEIP RIDRM Confidentiality

The information that public health officials collect as part of disease follow-up pursuant to CSG §19a-215, may contain personally identifiable information (PII). PII is any health information that makes the individual or organization supplying it identifiable. Pursuant to CGS §19a-25, PII “shall be confidential and shall be used solely for the purposes of”:

• reducing the morbidity or mortality from any cause or condition
• disease prevention and control by the LHD and DPH
• medical or scientific research
• such information shall not be admissible in any court action

Both state and local public health officials are required to make every effort to limit the disclosure of PII to the minimal amount necessary to accomplish the public health purpose. Administrative and support staff, interns, and local board of health members who may be aware of person information on a case should be familiar with maintaining confidentiality.

We encourage all LHDs to have a written confidentiality policy on file, and a standard confidentiality agreement form for all LDH staff involved in infectious disease follow-up and control to read and sign. This includes directors, epidemiologists, clerical staff who open mail, and information technology (IT) staff with system administrator privileges. Please review the example of the confidentiality pledge DPH uses. 

The DPH also encourages LHDs to utilize a confidential fax machine for infectious disease reporting, investigation, and control. This machine should be located in a secured area where disease control staff work, and should not be accessible to the general public.

All confidential disease records should be stored in a locked file cabinet and, when possible, a room that can be locked. All computers used to enter confidential disease information into must be password to ensure confidentiality.

Page last updated 9/16/2019.