A secret list of people with AIDS has been leaked from the Pinellas County Health Unit in what could be the most extensive security breach ever of confidential information used to track the disease.
State officials confirmed Thursday that a major breach has occurred, although they stopped short of saying that the approximately 4,000 names on computer discs were leaked from confidential files.
The incident has sparked nationwide concern amid an ongoing discussion of security issues surrounding the national AIDS surveillance system.
AIDS activists fear the security breach will stop people from being tested while privacy experts say it represents the worst of what can happen with sensitive medical information, even when it appears to be adequately protected.
"It is without question shocking," said David Smith, a spokesman for the Human Rights Campaign, a gay rights organization in Washington, D.C. "This sort of thing sadly drives people underground and discourages people from coming in and being tested, which is so vital for saving lives."
Investigators from the state Department of Health and Rehabilitative Services began an investigation early Thursday. They called in the Florida Department of Law Enforcement almost immediately after determining security had been breached.
"It was nearly immediately clear there had been a violation of the law," said HRS spokesman Tony Welch.
FDLE officials would say little about the investigation late Thursday, except that investigators spent the day examining records at the health department and interviewing people. They also would not confirm a suspect in the case.
But attention in the case has focused on William B. Calvert III, one of three employees in the Pinellas County Health Unit who has access to the computer files identifying individuals in the county who have AIDS. Calvert was placed on administrative leave with pay on Wednesday when health officials first learned of accusations against him.
The accusations came in an anonymous letter mailed along with a computer disc to the St. Petersburg Times and the Tampa Tribune. The letter claimed Calvert had been bragging about the disc in a Treasure Island gay bar, Bedrox, and showing it to other people.
Elaine Fulton-Jones, a district spokeswoman for HRS, said Calvert has denied to health officials that he leaked confidential information. She said he was placed on leave as a precaution until the investigation has been completed.
After receiving the disc, the Times promptly gave the disc and its envelope to attorneys for the paper. The Times then contacted Pinellas County Sheriff Everett Rice, who sent a member of his department to pick up the disc at the Times' law firm.
"We did not scrutinize the list or make notes from it. We do not know the name of any individual on the list," said Paul Tash, the Times' executive editor.
"We understand and share the profound concerns about the privacy of citizens on that registry," Tash said. "We have tried to limit any risk that their privacy will be further compromised, even as we fully report the circumstances surrounding this breach of confidentiality."
The leaked information came from a data base maintained at the health unit as part of the national AIDS surveillance program.
Started in 1983, the national program seeks to collect data on as many AIDS cases as possible as a method of tracking the disease. Among other things, the information is used to spot trends in the course of the disease and to focus efforts at slowing its spread.
Security has been an issue since the beginning and especially in recent years as the data bases have become computerized and reporting requirements are being extended.
Twenty-six states now have laws requiring that health care providers report not only people with AIDS, but those infected with HIV. Florida passed a similar law this year and HIV reporting will begin here in January.
The controversy over security reignited recently when a bill was introduced in Congress to require mandatory name reporting of HIV nationwide.
"We hear again and again that people who work in public health are very responsible, but all it takes is one person who goes off the deep end," said Matt Coles, a spokesperson with the Gay and Lesbian Rights Project of the ACLU. "What happened here today with the AIDS/HIV information could happen to people with cancer tomorrow. It could happen to people with sexually transmitted diseases the next day."
Information is collected by local health departments then forwarded to the Centers for Disease Control and Prevention in Atlanta. Reports come into the local health unit from doctors, hospitals and other health care providers. AIDS surveillance workers, such as the three designated in Pinellas County, also visit hospitals and other health care sites to collect information.
At the local level, the data base contains names of people with AIDS and other personal information, including telephone numbers, addresses, dates of birth, information about how they got AIDS and other health information. When the information is forwarded to the CDC, the names are removed and each case is assigned a code.
Health departments maintain similar data bases containing names of people who have or have had any of 60 other diseases that health care providers are required to report to the CDC. They include sexually transmitted diseases, hepatitis and tuberculosis.
Officials say names are kept at the local level to avoid duplication. It's the easiest way to ensure that a single case isn't reported more than once, especially because one person may visit several doctors or health clinics.
Until now, health officials have believed security measures were adequate.
"AIDS surveillance has been referred to many times as the gold standard in surveillance," Liberti said. "It has a track record that is truly outstanding."
States are free to design their own security systems, but the CDC oversees the program and requires certain security measures, said Dr. Patricia Fleming, chief of the CDC's HIV/AIDS reporting and analysis surveillance branch.
States are required to submit documentation of their security measures. They also must restrict access to the information and have password protection on computer systems. In addition, states must train people who are granted access and have them sign a confidentiality pledge.
"We are very concerned about security and confidentiality being maintained," Fleming said. "We have never heard of anything like this."
In Pinellas, the computer containing the list is in a double-locked room. The computer itself has a key lock and a password system. Paper files are kept in a locked file cabinet in the same room.
HRS is planning a statewide review of its AIDS surveillance system and security measures, but health officials said on Thursday they believe the system itself is a good one.
"I think it's important to let people know the physical security is excellent," Fulton-Jones said. "But if you're going to have an employee who's going to break the law. . . ."
The only way for the data to be truly secure, say AIDS activists and computer experts, is for names and other identifying information to be deleted from the list. Studies of ways to do that are under way, two of which are being funded by the CDC.