PHI

NC DETECT receives data on at least a daily basis from five data sources: emergency departments (ED), the statewide poison center (CPC), the statewide EMS data collection system, a regional wildlife center and laboratories from the NC State College of Veterinary Medicine.  A Web portal is available to users at state, regional and local levels and provides syndromic surveillance reports as well as reports for broader public health surveillance such as injury, occupational health, and post-disaster.  The current portal is built on access controls initially designed in 2002 for hospital-based users only.  The role-based access was modified slightly in 2004 to accommodate public health epidemiologists (PHEs) at the local, regional and state levels who wanted county-based report access.  The design used, however, was shortsighted and limited.  For example, the controls cannot accommodate certain users’ access to non-ED data sources as well as the ability to retrieve protected health information (PHI) via the portal when needed for investigation.  These evolving user needs have led to a full system redesign with a much more robust security model.

Objective

This paper describes the role-based access used in the North Carolina Disease Event Tracking and Epidemiologic Collection Tool (NC DETECT) Web portal for early event detection and timely public health surveillance.