Inside HHS’ New Coronavirus Data-Reporting System

The Department of Health and Human Services has streamlined COVID-19 data reporting to securely collect, analyze and share health information across the country and to inform decision-makers guiding the nation’s pandemic response.

HHS Protect, the coronavirus biosurveillance system comprised of several different technology capabilities, aims to provide near real-time data to first responders, such as policy officials and health experts, and serve as a common vantage point for what’s happening in the United States regarding COVID-19.

Under new guidance, hospitals are to report data either directly to HHS Protect or to TeleTracking, a collection component of the HHS Protect ecosystem that all 50 states and six territories have access to, said Centers for Disease Control and Prevention Director Robert Redfield, according to a transcript of prepared remarks.

The recent pivot for hospitals to report data using the new system, instead of a prior submission process through the CDC’s National Healthcare Safety Network, was to improve large-scale data access, sharing and security.

“Around April 5, we were asked by CDC to take a proof of concept that they had developed and to solve a specific problem that they were having related to identity [and] access management authentication,” CIO Jose Arrieta told GovernmentCIO Media & Research. “We took that proof of concept and scaled it into HHS Protect … We launched HHS Protect on April 10.”

The agency stood the system up as part of a longstanding need at the department to streamline public health data and case reporting from state and local hospitals.

“The need to modernize these systems was one of the key goals I identified as soon as I arrived at CDC,” said Redfield in prepared remarks. “This has no effect on CDC’s ability to use this data and continue churning out the daily data, the [Mortality and Morbidity Weekly Reports] and the guidance we publish. In fact, the new infrastructure we have now actually provides our CDC team with easier access to a much broader variety of data sets than they would have without it.”

In addition to streamlining the reporting structure and sharing of the data, the system offers significantly improved privacy and security through secure identity access management.

“Our goal with HHS Protect is to ensure privacy and security, maximize transparency, and maximize our ability to share data,” said Arrieta in an interview. “In order to do that, the first thing you need to do is have an identity and access management authentication capability that’s extremely flexible, and then make sure that you provide control to any partner that you’re engaging — we have federal, state, local, and commercial partners that actually have access to the platform. Having a flexible identity access management capability is key.”

With the new system, HHS also has the ability to verify everything that has been done to the original data submitted on the platform, ensuring the validity of the data and that the single sources of truth exist within one secure location.

“We’re using a hashing technology with a time stamp that literally records every activity that occurs as it relates to that data so that you can revert to the raw format with which we received the data,” Arrieta explained. “Within every single second, we can track curation, parsing, sharing and who’s accessed the data.”

Critics of the new data-reporting process have claimed that the move prevents transparency of data — especially as it pertains to coronavirus — and fear that the data will be politicized. HHS officials have cited the need for faster, secure and complete data-sharing from health care partners nationwide for a unified pandemic response.

“We publish the raw data sets, even with missing data elements, because we want to drive this conversation across the United States that we need 100% reporting. The only way we can get to 100% reporting rapidly is if we are completely transparent in the data elements that we’re missing,” Arrieta said. “We want to show what data elements are missing in larger data sets that are submitted by hospitals and submitted by states so we can motivate states and hospitals to fill in those data elements because that’s going to help us get to a vaccine quicker.”

“When we think of the technology, we’re just there to make sure that we facilitate the collection of data in the simplest manner possible. I think we’re doing that,” Arrieta further explained, “but when you’re dealing with a novel disease that nobody in the history of the world has ever seen, it requires collecting additional data — that may be a burden. But the collection of that additional data saves lives, [and] it’s a challenge that the health care sector and the U.S. government has to manage.”

On top of a modern identity access and management capability, the platform utilizes commercial-cloud technology, a supervised machine-learning capability, as well as a policy and data use agreement technology, among other data analytics tools.

Still, modernizing data systems to share timely public health data and research to address other alarming public health issues, such as youth vaping and lung-related illnesses, remains a significant challenge, the CDC director suggested.

Investing in solutions that involve both hospitals and health agencies adopting interoperable systems and standard data-sharing processes will be critical to support more proactive public health responses going forward.

“All of you have heard me say repeatedly, including before Congress, [that] we need to dramatically improve public health data and case reporting in America. Everyone at CDC and every member of our team at HHS knows that data is the fuel of any effective public health response,” said Redfield in his remarks. “We will be working with all of our partners across HHS, as well as states and hospitals, to determine how we can build a system that provides this capability for the long term.”