Policy

Obamacare Will Collect and Share Americans' Data 'Without the Consent of the Individual'

|

Insurance Marketplace
U.S. Government

If you were starting to fret that the National Security Agency was the only government body that cared enough to stalk you, fret not! It turns out that the concerned folks slapping together Obamacare exchanges plan to hoover up your personal information in something called a Data Services Hub in order to determine your privileges and exemptions under the new government health care regime. Even better, officials intend to share your data with federal and state agencies, private contractors and consultants, explicitly without asking for your leave to do so.

John Merline of Investors Business Daily reports:

The Health and Human Services Department earlier this year exposed just how vast the government's data collection efforts will be on millions of Americans as a result of ObamaCare.

Sen. Max Baucus, D-Mont., asked HHS to provide "a complete list of agencies that will interact with the Federal Data Services Hub." The Hub is a central feature of ObamaCare, since it will be used by the new insurance exchanges to determine eligibility for benefits, exemptions from the federal mandate, and how much to grant in federal insurance subsidies.

In response, the HHS said the ObamaCare data hub will "interact" with seven other federal agencies: Social Security Administration, the IRS, the Department of Homeland Security, the Veterans Administration, Office of Personnel Management, the Department of Defense and — believe it or not — the Peace Corps. Plus the Hub will plug into state Medicaid databases.

And what sort of data will be "routed through" the Hub? Social Security numbers, income, family size, citizenship and immigration status, incarceration status, and enrollment status in other health plans, according to the HHS.

The Center for Consumer Information & Insurance Oversight at the Centers for Medicare & Medicaid Services provides some reassurances for those concerned by such concentration of personal information.

For all marketplaces, CMS is also building a tool called the Data Services Hub to help with verifying applicant information used to determine eligibility for enrollment in qualified health plans and insurance affordability programs.  The hub will provide one connection to the common federal data sources (including but not limited to SSA, IRS, DHS) needed to verify consumer application information for income, citizenship, immigration status, access to minimum essential coverage, etc.  CMS has completed the technical design, and reference architecture for this work, is establishing a cross-agency security framework as well as the protocols for connectivity, and has begun testing the hub.  The hub will not store consumer information, but will securely transmit data between state and federal systems to verify consumer application information. Protecting the privacy of individuals remains the highest priority of CMS.

No stored consumer information? Privacy is the "highest priority"? Well, that's all right, then. Except … Damn it. Government agencies often say one thing publicly, and quite aother privately. Merline points out that the Centers for Medicare & Medicaid Services portrayed the Data Services Hub in a somewhat different light in an obscure regulatory notice filed on February 6, 2013:

In accordance with the requirements of the Privacy Act of 1974, CMS is establishing a new system of records titled, "Health Insurance Exchanges (HIX) Program," to support the CMS Health Insurance Exchanges Program established under provisions of the Affordable Care Act (PPACA) … The system of records will contain personally identifiable information (PII) about certain individuals who apply or on whose behalf an application is filed for eligibility determinations for enrollment in a qualified health plan (QHP) through an Exchange, and for insurance affordability programs.

So, the database "will contain personally identifiable information" after all. And just how "highest priority" is the privacy of the stored data?

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM
A. Entities Who May Receive Disclosures Under Routine Use

These routine uses specify circumstances, in addition to those provided by statute in the Privacy Act of 1974, under which CMS may release information from the HIX without the consent of the individual to whom such information pertains. …

Among the listed "entities who may receive disclosures under routine use" without your consent are federal agencies, state agencies, agency contractors, consultants, CMS grantees and non-profit entities operating exchanges for states.

Those are just the entities authorized to have access to your information, As we know, employees of government agencies from local police departments to the Internal Revenue Service have a history of misusing databases for fun and profit.