Speak with an Agent1-800-920-4994

A HealthNetwork Partner

We’d Like to Know a Little Bit About You for Our Files – Private Health Information Exposure

A Picture of Abby Coleman Abby Coleman

The American Spectator

A new HHS regulation will create a government database of your private health information.

David Catron


While armies of attorneys battle the Justice Department over Obamacare’s constitutionality, and politicians hold forth about their strategies for repealing and replacing the unpopular law, bureaucrats at the Department of Health and Human Services (HHS) have been working around the clock to assure that the President’s “signature domestic achievement” becomes a permanent fixture of your life. HHS Secretary Kathleen Sebelius and her accomplice Donald Berwick have been promulgating regulations as quickly as their minions can get them written. The most recent fruit of their combined labor has emerged from the bowels of the bureaucracy in the form of a “proposed rule” that, if permitted to stand, will profoundly change your relationship with government and eliminate what vestiges of personal privacy you still enjoy.

The new regulation, a copy of which can be found here if you have the intestinal fortitude to wade through 27 pages of excruciating bureaucratese, requires insurance companies to submit detailed health information about their patients to the HHS mother ship. And the “information collection requirements” (ICRs) set forth in this Byzantine edict will not be limited to federal programs like Medicare, or even to carriers involved in Obamacare’s insurance exchanges. As the rule matter-of-factly phrases it, ICRs will apply to “all health insurance issuers both inside and outside of the exchanges” and affect carriers “in the individual and small group markets.” The new regulation includes several alternatives for gathering and reporting your health data, but opting out is not among the choices offered.

In fact, some members of Congress are concerned that the apparatchiks of HHS have already begun moving forward with their data collection project before properly completing the required public comment process that must precede implementation of federal regulations. Congressman Denny Rehberg, chairman of the House Appropriations Subcommittee on Labor, Health & Human Services and Education, wrote to Secretary Sebelius last Thursday asking about this: “I have been told that HHS has already procured a contractor to build a database and that this contractor has already taken steps to acquire personal health care data from a large claims database. I would like to know if these reports are, in fact, true. If so, it would represent an egregious violation of the privacy rights that the American public rightfully demands.”

On the same day Rep. Rehberg’s letter went out, several GOP congressmen held a news conference and demanded that HHS cease work on its patient database. The group emphasized patient confidentiality. Congressman Tim Huelskamp put it as follows: “There are major problems here.… The first is the threat to patient privacy… we have plenty of evidence that the government is ill-suited to handle large amounts of data and keep it secret.” Indeed we do. Just this fall, in fact, HHS contractor Science Applications International Corporation (SAIC) breached the privacy of five million patients. Nor can we derive much comfort from the assurance, on page 12 of the rule, that the bureaucrats are now cognizant of “concerns related to consumer privacy.” HHS learned so much from this error that it just awarded SAIC another $15 million contract.

The most ironic feature of this blunder, and the failure to learn from it, is that HHS is the federal agency charged with enforcing health privacy regulations in the private sector. Yes, this is the government agency that supposedly assures that the Health Insurance Portability and Accountability Act (HIPAA), whose primary provisions protect patient privacy, is followed to the letter by health care providers. And HHS routinely metes out punishment to hospitals and other entities that inadvertently lose patient data. Earlier this year, for example, it fined Massachusetts General Hospital $1 million because an employee lost 192 patient records on a commuter train. Nonetheless, the department has repeatedly demonstrated that it is incapable of living up to its own standards. The SAIC screw-up was by no means an isolated incident.

Not to worry, says Director of the Center for Consumer Information and Insurance Oversight (CCIIO) Steve Larsen: “Protecting an individual’s personal health information continues to be among CMS’s highest priorities.” CMS and CCIIO fall under the aegis of HHS, of course, and it is to Mr. Larsen’s bureaucratic fiefdom that your health information will be transmitted along with that of your fellow Americans. Does this man’s name sound familiar? It should. This is the guy who issued the infamous Obamacare waivers to a motley miscellany of Democrat donors. And it is Larsen who continues to ignore congressional and media requests to provide the criteria by which CCIIO made its decisions to grant or deny the waivers. Would you put a gigantic database of sensitive health data into the care of this man?

Even if such bureaucrats could be trusted to keep your health information secure, it is difficult to get comfortable with their stated purpose for creating the database: “[PPACA] directs the Secretary to develop a list of 50 to 100 medical conditions to identify high cost individuals.” Why do Sebelius, Berwick, and their minions need such a list? The proposed rule advises us that they want to “mitigate the impact of potential adverse selection and stabilize premiums in the individual and small group markets.” Can any rational voter accept that claim at face value, remembering how Secretary Sebelius lied about the moribund CLASS Act, how Dr. Berwick dodged congressional questions about his views on rationing, and how Larsen thumbed his nose at Congress? Can any sane electorate continue to trust such people with anything of importance?

And yet it is these very officials who want to compile a national database of our private health information and develop a list of “high cost individuals.” While we chuckle at the discomfiture of DOJ attorneys who must argue that not buying insurance is a kind of interstate commerce, and nod approvingly when politicians give stem winder speeches about repealing Obamacare, these bureaucrats are cranking out life-altering regulations at breakneck speed. Today they want to know a little bit about us for their files. Tomorrow it will be something else. If we don’t stop them soon, say in 2012, they will fulfill the Obama’s 2008 promise to “transform the United States of America.” Your new and improved country will be a place where such things as personal privacy will be subordinated to the demands of the state.

David Catron is a health care revenue cycle expert who has spent more than twenty years working for and consulting with hospitals and medical practices. He has an MBA from the University of Georgia and blogs at Health Care BS.

Health Network Group
301 Clematis Street
Suite 3000
West Palm Beach, FL 33401
This website is privately owned and all information and advertisements are independent and are not associated with any state exchange or the federal marketplace. Additionally, this website is not associated with, sanctioned by or managed by the federal government, the Centers for Medicare & Medicaid or the Department of Health and Human Services.