A HIPAA and FERPA compliant public health informatics data warehouse and data management system is at the core of the Population Health Observatory (PHO) activities. 

The PHO has the capacity to receive and enter data in virtually any form or format to the warehouse through Internet web applications, paper and pencil data entry, or electronic data transfer. The warehouse is populated with population-based databases that were constructed from mail surveys, Internet surveys, downloaded files from government websites, data transfers from collaborators, or collected from a variety of sources by the PHO. Prior to entering the warehouse, data are handled according to data handling SOPs (See, for example, the ECO project data handling SOP) that are HIPAA and FERPA compliant). Once the data are entered, PHO data managers follow HIPAA compliant data management SOPs .

Data Security and Confidentiality

The PHO maintains a data management environment that ensures the security and confidentiality of data. We are fully HIPAA and FERPA compliant and follow a security/confidentiality protocol that meets the more stringent standards of the New York State Office of Information Technology and Project Management. PHO staff and faculty attend an annual HIPAA training session presented by the PHO HIPAA Compliance Officer and a confidentiality training session presented by a representative from the New York State Department of Health.