H.I.V. Groups Warn of Privacy Risks in How C.D.C. Tracks Virus Samples

The Centers for Disease Control and Prevention on Friday revised its guidelines for tracking the genetic signatures of viruses collected from people newly diagnosed with H.I.V., a controversial practice used by state and local health departments to curb infections.

The updated policy encouraged health officials to be more transparent with their communities about the tracking, one of many changes sought by H.I.V. advocacy organizations concerned about how so-called molecular surveillance could violate patients’ privacy and civil rights.

But the agency stopped short of adopting more significant changes that some advocates had pushed for, such as allowing health agencies to opt out in states where people can be prosecuted for transmitting H.I.V.

“We’re in a period in which health data is increasingly used in criminal prosecutions, as seen in prosecutions of people seeking abortion care or who have perhaps miscarried,” said Carmel Shachar, a professor at Harvard Law School who specializes in health care. The revised policy did not go far enough, she said, to protect people with H.I.V.

Dr. Alexandra Oster, who leads the C.D.C.’s molecular surveillance team, said the benefits of the program far exceed the risks. “We need to do it well,” she said. “But we need to keep doing it.”

H.I.V. has a distinctive genetic signature in each person that helps doctors decide which drugs are likely to thwart it. But the information can also be used to track its spread through a population — including identifying clusters of people who carry closely related viruses.

The C.D.C. has for decades used molecular surveillance to track flu, salmonella and, more recently, Covid.

In 2018, the C.D.C. began requiring health departments that received federal funding for H.I.V. programs to share such data gleaned from people with the virus. Patients do not have to be informed that their viral samples are tracked.

Molecular surveillance has identified more than 500 H.I.V. clusters in the country since 2016, the C.D.C. said. Health officials can then interview people in the clusters to identify their sexual or drug-use partners and connect them to testing, needle exchanges and medications that block transmission.

For example, Dr. Carlos Saldana, an infectious disease expert at Emory University, reported in March that molecular surveillance had identified infected people in Atlanta who may have otherwise feared seeking help because of their immigration status or lack of insurance.

Still, many H.I.V. activists have long argued that such tracking could violate people’s rights and discourage testing and treatment.

Before the data is reported to the C.D.C., health departments strip it of information that could readily identify the patient. But personal data is held by state and local health departments.

In some states, people have been prosecuted for transmitting H.I.V. or for not telling their partners that they carry it. No criminal prosecution in the United States has been known to involve molecular surveillance data, but activists remain wary of the possibility. They also fear that advances in technology might eventually be able to determine who infected a specific person.

In October, 110 H.I.V. and human-rights organizations sent a letter to the C.D.C. expressing “serious concerns” that molecular surveillance was carried out without the informed consent of people with H.I.V.

The C.D.C. said that it met with the activist coalition’s representatives last fall and incorporated their input in the revised policy.

A similar conflict with H.I.V. activists arose in the late 1990s, when the C.D.C. pushed for states to collect names of diagnosed people in state-run databases, which the agency said would help combat a disease that by then had killed hundreds of thousands of Americans. But many activists protested the policy, delaying its rollout for a decade. Since 2008, all states have collected the names of people diagnosed with H.I.V.

The C.D.C. said the information is secure, and that it knew of only one names-related data breach, in Florida in 1996. It said it knew of no such privacy violations related to molecular surveillance data.

Changes in the agency’s molecular surveillance policy include explicit recommendations that health departments try to foster trust in their local communities. They should be “communicating proactively” about the surveillance, the updated policy says, including by publishing regular reports on its use and how they safeguard patient privacy.

The new policy did not allow waivers for opting out of molecular surveillance in places where such data could be used in criminal proceedings, a change that had been recommended by the National Alliance of State and Territorial AIDS Directors, a nonprofit representing public health officers.

Representatives from more than 40 state or county health departments that the federal government prioritizes for H.I.V. prevention told The New York Times that the molecular surveillance policy had been generally useful in their efforts to prevent transmission. None knew of any data breaches.

Dr. Matthew Golden, director of the H.I.V. program at the Seattle-area health department, said molecular surveillance had helped his team respond to an outbreak of H.I.V. among homeless people who injected drugs.

Many people with H.I.V. who were reached thanks to molecular surveillance have told his team they supported its use. “We haven’t really seen huge opposition,” he said.

You May Also Like