The Centers for Disease Control and Prevention (CDC) Director Robert Redfield and the Department of Health and Human Services (HHS) Chief Information Officer Jose Arrieta provided an update for members of the media on HHS efforts to gather and disseminate real-time hospital data on COVID-19.
Their statements included:
We at the CDC know that the lifeblood of public health is data. Collecting and disseminating that data as rapidly as possible is our top priority, and the reason for the policy change we’re discussing today.
As many of you know, CDC operates a system called the National Health Safety Network (NHSN). This is an important surveillance system in our nation’s hospitals, which focuses on fighting antibiotic resistance.
In April, HHS leaders, with input from CDC, created a new system, called HHS Protect, that allows us to combine data through systems like NHSN, as well as other public and private sources. The data reported from hospitals that went into HHS Protect either came through the NHSN, directly to HHS Protect from the states, or through a system called TeleTracking.
What we have now asked is that, going forward, states provide data from hospitals directly through the TeleTracking system or directly to the HHS Protect system. This reduces confusion and duplication of reporting. TeleTracking also provides rapid ways to update the type of data we are collecting—such as adding, for instance, input fields on what kind of treatments are being used. In order to meet this need for flexible data gathering, the CDC agreed that we needed to remove NHSN from the collection process, in order to streamline reporting. This streamlining will allow the NHSN to increase its focus on another critical area for COVID-19, the nursing home and long-term care facility reporting needs—which, as we know, is also an absolutely central element of our pandemic response.
On the back end, whether collected by the CDC’s system, the third party vendor, or the states, the data ends up aggregated in the HHS Protect platform, where the CDC team and other federal response teams still have access to this information for their use in the response. Additionally, state and local public health departments also have access to this information in HHS Protect which allows them to access and use the same information that the federal response teams are using.
Arrieta states:
Approximately 1,000 CDC experts continue to have access to the raw data collected in HHS Protect—in addition to thousands of other public health professionals across HHS. Our experts at the CDC are essential to our response, and that is why they have always had and continue to have access to all of the data we are collecting.
The need to modernize these systems was one of the key goals I identified as soon as I arrived at the CDC. HHS Protect was a way to provide real-time data during this crisis. In the long term, we will be working with all of our partners across HHS, as well as states and hospitals, to determine how we can build a system that provides this capability for the long term.
During the pandemic, it became clear that we needed a central way to make this data visible to first responders at federal, state, and local levels and we needed to collect this data as fast as possible. That’s why we created HHS Protect, a secure set of capabilities powered by eight commercial technologies for sharing, parsing, housing, and accessing COVID-19 data, based on the 225 datasets and reporting avenues we had. The system was developed based on four principles: transparency, sharing, privacy, and security.
Before HHS Protect, CDC NHSN received data regularly from 3,000 hospitals related to COVID-19. However, there are approximately 6,200 hospitals in the United States. Through Teletracking, HHS was able to start collecting additional data from 1,100 hospitals. HHS Protect collects data directly from 20 states and approximately 2,000 hospitals for COVID-19 data. The additional capabilities provided by Protect and TeleTracking provided increased visibility rapidly. Currently, we have 1,200 users and approximately 950 state CDC partners and CDC partners.
Access is only granted to authorized federal/military employees and contractors, who are granted access as necessary by mission need. We authenticate and authorize every user to ensure only mission essential activity is occurring within HHS Protect. All data in HHS Protect is de-identified, meaning that there is no personally identifiable information attached. HHS has made the security and protection of the data involved a top priority. Least-privilege and National Institute of Standards and Technology (NIST) cybersecurity frameworks have been applied to support confidentiality, integrity, and availability.