HealthCare.gov Database Draws Concerns About Consumer Privacy
June 16, 2015 in News
On Monday, the Obama administration said it has not yet determined how long it will retain data from HealthCare.gov in its Multidimensional Insurance Data Analytics System, which has raised some concerns about consumer privacy, AP/ABC News reports.
Details of Database
A federal website describes MIDAS as the “perpetual central repository” for data collected under the Affordable Care Act, according to AP/ABC News. The system contains information such as individuals’:
- Employment status;
- Financial accounts;
- Passport numbers; and
- Phone numbers.
In January, a government privacy assessment of the database stated that information “is maintained indefinitely at this time.”
The Obama administration has not yet disclosed how long the system will keep the data. The National Archives has advised that the data be retained for 10 years.
The scope of the information in the system, as well as the lack of a plan for destroying the data, has resulted in concerns about privacy and the federal government’s judgment about technology, AP/ABC News reports.
Lee Tien, a senior staff attorney with the Electronic Frontier Foundation, said, “A basic privacy principle is that you don’t retain data any longer than you have to,” adding, “Even 10 years feels long to me.”
Former Social Security Administration Commissioner Michael Astrue, a Republican who has opposed Obama’s policies, said, “I accept they have an operational reason, if not a legal obligation, to keep data for a reasonable period,” but he said there is no justification for the government to keep the data indefinitely. He added, “I don’t think they should be allowed to do it.”
Independent technology and privacy experts have voiced similar concerns, according to AP/ABC News.
Michelle De Mooy, deputy director for consumer privacy at the Center for Democracy Technology, said HealthCare.gov does not notify consumers that their data are going to be stored in MIDAS.
Obama Administration’s Comments
The Obama administration has said MIDAS is critical to operating the federal insurance exchange under the ACA. Further, the administration has said the database meets or exceeds federal standards for privacy and security.
Marilyn Tavenner, the CMS administrator when HealthCare.gov launched, has said, “We especially focused on storing the minimum amount of personal data possible” (Alonso-Zaldivar, AP/ABC News, 6/15).
Rep. Black Raises Concerns
Rep. Diana Black (R-Tenn.) released a response to the AP report about MIDAS, saying lawmakers “repeatedly warned of privacy concerns under the data hub only to be told by the [Obama administration] that this hub would not collect personally identifiable information — instead it would only be used to pass information between the appropriate agencies to verify an Obamacare applicant’s eligibility status.” She added, “While personal information may not be stored in the … data hub, these reports confirm that it is indeed held indefinitely in” the system.
Further, Black urged lawmakers to pass the Federal Data Breach Notification Act (HR 555), which would require the government to notify affected individuals if their information from HealthCare.gov is breached (Black release, 6/15).