A secret list of people with AIDS has been leaked from the Pinellas County Health Unit in what could be the most extensive security breach ever of confidential information used to track the disease.
State officials confirmed Thursday that a major breach has occurred, although they stopped short of saying that the approximately 4,000 names on computer discs were leaked from confidential files.
The incident has sparked nationwide concern amid an ongoing discussion of security issues surrounding the national AIDS surveillance system.
AIDS activists fear the security breach will stop people from being tested while privacy experts say it represents the worst of what can happen with sensitive medical information, even when it appears to be adequately protected.
"It is without question shocking," said David Smith, a spokesman for the Human Rights Campaign, a gay rights organization in Washington, D.C. "This sort of thing sadly drives people underground and discourages people from coming in and being tested, which is so vital for saving lives."
Investigators from the state Department of Health and Rehabilitative Services began an investigation early Thursday and almost immediately called in the Florida Department of Law Enforcement.
"It was nearly immediately clear there had been a violation of the law," said HRS spokesman Tony Welch. Sharing confidential information from the AIDS files is a misdemeanor under Florida law.
FDLE officials would say little about the investigation late Thursday, except that investigators spent the day examining records at the health department and interviewing people. They would not confirm a suspect in the case.
But attention in the case has focused on William B. Calvert III, one of three employees in Pinellas County who have access to the computer files identifying people in the county who have AIDS. Calvert was placed on administrative leave with pay on Wednesday when health officials learned of accusations against him.
The accusations came in an anonymous letter mailed along with a computer disc to the St. Petersburg Times and the Tampa Tribune. The letter claimed Calvert had been bragging about the disc in a Treasure Island gay bar, Bedrox, and showing it to other people.
Elaine Fulton-Jones, a district spokeswoman for HRS, said Calvert has denied to health officials that he leaked confidential information. She said he was placed on leave as a precaution until the investigation has been completed.
After receiving the disc, the Times promptly gave the disc and its envelope to attorneys for the paper. The Times then contacted Pinellas County Sheriff Everett Rice, who sent a member of his department to pick up the disc.
"We did not scrutinize the list or make notes from it. We do not know the name of any individual on the list," said Paul Tash, the Times' executive editor. "We have tried to limit any risk that their privacy will be further compromised, even as we fully report the circumstances surrounding this breach of confidentiality."
The leaked information came from a data base maintained at the health unit as part of the national AIDS surveillance program.
Started in 1983, the national program seeks to collect data on as many AIDS cases as possible as a method of tracking the disease. Among other things, the information is used to spot trends in the course of the disease and to focus efforts at slowing its spread.
Security has been an issue since the beginning and especially recently as data bases have become computerized and reporting requirements are being extended.
Twenty-six states now have laws requiring that health care providers report not only people with AIDS, but those infected with HIV. Florida passed a similar law this year and HIV reporting will begin here in January.
The controversy over security reignited recently when a bill was introduced in Congress to require mandatory name reporting of HIV nationwide.
"We hear again and again that people who work in public health are very responsible, but all it takes is one person who goes off the deep end," said Matt Coles, a spokesperson with the Gay and Lesbian Rights Project of the ACLU. "What happened here today with the AIDS/HIV information could happen to people with cancer tomorrow. It could happen to people with sexually transmitted diseases the next day."
Information on cases of AIDS is collected by local health departments then forwarded to the Centers for Disease Control and Prevention in Atlanta. Reports come into the local health unit from doctors, hospitals and other health care providers. AIDS surveillance workers, such as the three designated in Pinellas County, also visit hospitals and other health care sites to collect information.
The AIDS list is unrelated to testing for HIV, the virus that causes AIDS. Anonymous testing for HIV is available at the public health unit and its satellite offices and will continue to be available even after the new law goes into effect requiring private health care providers to report HIV-infected individuals. Under anonymous testing, people are given a number they later use to obtain results.
At the local level, the data base contains names of people with AIDS and other personal information, including telephone numbers, addresses, dates of birth, information about how they got AIDS and other health information. When the information is forwarded to the CDC, the names are removed and each case is assigned a code.
Health departments maintain similar data bases containing names of people who have or have had any of 60 other diseases, that health care providers are required to report to the CDC. They include sexually transmitted diseases, hepatitis and tuberculosis.
Officials say names are kept at the local level to avoid duplication. It's the easiest way to ensure that a single case isn't reported more than once, especially because one person may visit several doctors or health clinics.
Until now, health officials have believed security measures were adequate.
"AIDS surveillance has been referred to many times as the gold standard in surveillance," Liberti said. "It has a track record that is truly outstanding."
States can design their own security systems, but the CDC oversees the program and requires certain security measures, said Dr. Patricia Fleming, chief of the CDC's HIV/AIDS reporting and analysis surveillance branch.
States are required to submit documentation of their security measures. They also must restrict access to the information and have password protection on computer systems. In addition, states must train people who are granted access and have them sign a confidentiality pledge.
"We have never heard of anything like this," Fleming said.
In Pinellas, the computer containing the list is in a double-locked room. The computer itself has a key lock and a password system. Paper files are kept in a locked file cabinet in the same room.
HRS is planning a statewide review of its security measures, but health officials said on Thursday they believe the AIDS system itself is a good one.
"The physical security is excellent," Fulton-Jones said. "But if you're going to have an employee who's going to break the law . . ."
The only way for the data to be truly secure, some say, is for names to be deleted from the list.
"The list that's safe is the list that's not created," said Anna Forbes, an AIDS policy analyst. "There have always been ways in which records have been violated."
_ Times researcher Kitty Bennett contributed to this report.