State violated Open Records Act with conditional use agreement

The Cabinet for Health and Family Services violated the Open Records Act by making the release of information requested by USA TODAY conditioned on a use agreement, according to an attorney general opinion released August 13.

The opinion, In re: USA TODAY/Cabinet for Health and Family Services, concerned an appeal by USA TODAY after the cabinet agreed to comply with a request, but then made the release of information conditioned on a reporter completing a use agreement that would not have allowed her to name healthcare providers found within the information.

USA TODAY reporter Alison Young had requested “access to and an electronic copy of data contained in the state’s public use dataset of hospital inpatient discharge data for calendar years 2012, 2011 and 2010,” according to the opinion, “as part of a major examination of rising rates of maternal morbidity and mortality in the United States.”

Young sought release of the data without any restriction on being able to name the hospitals or healthcare providers identified in the database by “provider ID,” according to the opinion.

The use agreement requested by the cabinet would have prohibited USA TODAY “from using or permitting others to use the data ‘to learn the identity of any provider that may be represented in the data.’ ”

Young had sought “de-identified” data, meaning that information relating to individual patients had been removed, and USA TODAY argued that the cabinet’s interpretation of the relevant Kentucky statute was “nonsensical” because it would mean any person could access the public information requested but then be prohibited from discussing or otherwise publicizing the same information.

The cabinet maintained that a state regulation required the person requesting the data to agree to the use agreement, but the attorney general said that the cabinet exceed its statutory authority by conditioning release of the information on the use agreement and that the conditional release violated the Open Records Act.

Kentucky law requires a data-use agreement only when the cabinet releases patient-specific data, the attorney general said, and nothing permits the cabinet “to prohibit a requester from re-releasing the names of providers contained in the datasets.”

While the privacy of individual patients must be protected, the relevant Kentucky statute and regulation “are not concerned with shielding providers or hospitals from public scrutiny,” the attorney general said.