Overview
The Network’s Privacy Officer Peer Group convenes privacy officers from public health agencies to provide peer support and share resources. Each year, the Network hosts quarterly Peer Group Learning Sessions on topics relevant to the work of privacy officers in public health. The four sessions held in 2024 addressed a range of issues relevant to privacy officers and provided opportunities for group discussion.
Privacy officers are tasked with navigating complex legal—and increasingly technological—frameworks to ensure compliance with state and federal laws. The Network for Public Health Law’s (Network) Privacy Officer Peer Group convenes privacy officers from state and local public health agencies across the country to provide peer support and share resources regarding emerging legal and compliance issues related to the collection, maintenance, use, and storage of data for public health purposes.
Each year, the Network hosts quarterly Peer Group Learning Sessions on topics relevant to the work of privacy officers in public health. The four sessions held in 2024 addressed a range of critical issues and provided opportunities for group discussion.
In March, members presented to their peers on Implementing Privacy Impact Assessments in a State Health Department. A privacy impact assessment is an analysis of how personally identifiable information is collected, stored, protected, shared, and managed in an agency. The assessment can be used to ensure legal compliance and identify risks while also providing opportunities to improve collaboration between privacy, information security, information technology, and public health program staff.
During the second Peer Group Learning Session of the year, Network attorneys presented an overview of the HIPAA Privacy Rule to Support Reproductive Health Care Privacy. The new protections prohibit the use or disclosure of protected health information to investigate or impose liability on a person for particular actions related to reproductive health care. Provisions in the Final Rule are designed to prevent public health reporting and disclosure requirements from being used to circumvent the strengthened privacy protections for protected health information related to reproductive health care. A fact sheet summarizing the Final Rule is available from the Network.
In the fall, Peer Group members attended a presentation by Cason Schmit, J.D., an assistant professor at the Texas A&M University School of Public Health, on Regulating Artificial Intelligence (AI) as a Structural Determinant of Health. The session included a discussion of AI as a public health tool and different approaches to AI governance with a focus on the importance of public health perspectives in the development of governance models. The risks of harm from bias, discrimination, inequity, and civil liberty infringements in the use of AI were discussed along with other ethical considerations.
The December session focused on 2024 Updates to 42 CFR Part 2 (“Part 2”) and the Confidentiality of Substance Use Records. Several changes better align Part 2 requirements with HIPAA regulations, including those concerning consent and disclosures for treatment, payment, or operations (TPO), a new provision on substance use counseling notes, civil money penalties, and breach notification. For more information on Part 2, see the Network’s resource on the updated regulations.
Additional Peer Group Learning Session topics in recent years have included data disaggregation, data sharing with Tribal Epidemiology Centers, HIPAA hybrid entities, Master Person Indexes, and the information blocking rule.
Privacy officers are encouraged to attend the Network’s Public Health Law Conference, which will be held in Seattle, Washington from September 16-18, 2025. The Conference will feature a track dedicated to data access, sharing, and privacy, along with plenary sessions and sessions on health equity, advocacy and community engagement, public health authority, harm reduction, and more. In addition, there will be a live Peer Group Learning Session open to all conference attendees to provide an opportunity to learn and connect.
The Privacy Officer Peer Group is always open to new members. If you are a privacy officer seeking resources and support, please submit a request to join. Members gain access to upcoming quarterly Peer Group Learning Sessions, recordings of past Peer Group Learning Sessions, a member directory, and the Privacy Officer Peer Group email listserv—a space for members to ask questions and discuss relevant issues. Please contact Phyllis Jeden and Susan Fleurant with any questions.
This post was written by Susan Fleurant, Staff Attorney, Network for Public Health Law — Mid-States Region.
The Network promotes public health and health equity through non-partisan educational resources and technical assistance. These materials provided are provided solely for educational purposes and do not constitute legal advice. The Network’s provision of these materials does not create an attorney-client relationship with you or any other person and is subject to the Network’s Disclaimer.
Support for the Network is provided by the Robert Wood Johnson Foundation (RWJF). The views expressed in this post do not represent the views of (and should not be attributed to) RWJF.
