Does Obamacare offer sufficient privacy protections or is it vulnerable to security breaches that would expose personal information?
The Obamacare healthcare exchanges are supposed to go live on October 1 for enrollment, but the secure federal data hub that can access the health records of millions of Americans is way behind schedule. And the network firewall still hasn’t been tested.
This web portal will contain a massive amount of individual personal information such as medical records and tax information that will be shared across many government agencies.
A report from the US Health and Human Services Department Inspector General suggests that the necessary privacy safeguards have yet to be implemented before the enrollment period begins. The Inspector General’s office did not conduct any actual beta tests of the system software to determine its potential vulnerabilities, however. “Effective security controls are necessary to protect the confidentiality, integrity, and availability of system and its information,” the report indicated.
State-based healthcare exchanges or marketplaces (where they exist) and various federal agencies will use the hub to access health information to determine applicants’ eligibility for the Affordable Care Act.
Summarizing the IG’s findings, Forbes explains that “In order for Obamacare to work, the government will need to know a lot about your financial, medical, and employment situation. Has the Obama administration set up adequate safeguards to protect Americans’ privacy under the law? According to the Office of the Inspector General of the Department of Health and Human Services, the answer is no.”
Rep. Diane Black (R-TN) previously wrote in US News that “With so much personal information going in and out of the Hub likely privy to both government employees and contractors, many of whom will have discretion over health care coverage and tax penalties, the potential for abuses is staggering.”
Former HHS General Counsel and Social Security Administration Commissioner Michael Astrue described the privacy situation, which reportedly was tasked to the Centers for Medicare and Medicaid Services (CMS), as chaotic and lacking necessary privacy safeguards. According to Astrue, “It’s chaos. It’s been chaos for several years. [The former CMS administrator] deliberately went very, very slowly in designing these systems and then they played catchup, and they didn’t have the time and money to do it right — they started doing shortcuts, they started doing shortcuts on privacy… and then they made a very political decision to abuse the Privacy Act and ram this right down the agency’s throat.”
He attributed the problems inherent in securing the massive government database to incompetence on the part of key government officials involved in the Obamacare implementation.
To give the system a green light, CMS apparently intends to conduct a 51-day security review in just 10 days.
Deven McGraw, director of the health privacy project at the non-profit Center for Democracy & Technology, told Reuters that “They’ve removed their margin for error. There is huge pressure to get (the exchanges) up and running on time, but if there is a security incident they are done. It would be a complete disaster from a PR viewpoint.”
Investors Business Daily argues that Obama administration officials may have lied to Congress about status of the data hub, adding that “If the hub isn’t sufficiently secure when the exchanges open up, it will create a huge opening for identity thieves and other such criminals… The bottom line is that if Obamacare starts on Oct. 1 with an incomplete and unsecured data hub, it could create a privacy nightmare for millions of Americans.”
Given the recent revelations about IRS and NSA abuse, are you confident that personal medical records privacy will be adequately protected and secured under Obamacare?