Computerworld reports that 16 organizations (including the Center for Democracy and Technology, ACLU and National Network to End Domestic Violence) have sent a letter (pdf) to the U.S. Office of Personnel Management detailing privacy concerns with the agency’s proposal to create the Health Claims Data Warehouse, which would house the personal health data of millions of Americans.
The letter argues against the proposal to allow data-sharing with a variety of entities, noting:
OPM states that the WarehouseÊ¼s purposes would include
- Disclosing enrolleesÊ¼ information to law enforcement agencies for prosecutionsÂ and investigations of possible violations of laws or regulations,
- Disclosing enrolleesÊ¼ information to Congress in response to congressionalÂ inquiry at the request of the enrollee,
- Disclosing enrolleesÊ¼ information to federal agencies, courts, and other partiesÂ during litigation or administrative proceedings in which the government isÂ authorized to appear,
- Disclosing enrolleesÊ¼ information to researchers inside and outside the federalÂ government,
- Analyzing enrolleesÊ¼ information to evaluate health care programs, and
- “Other purposes.”
Computerworld reports: “According to the OPM, the planned Health Claims Data Warehouse is designed to help the agency more cost-effectively manage three health claims programs: the Federal Employee Health Benefit Program (FEHBP), the National Pre-Existing Condition Insurance Program and the Multi-State Option Plan. […] In aÂ formal notice published in the Federal Register last month, the OPM said that creating a central and comprehensive database would allow it to more actively manage the programs and ensure “best value for both enrollees and taxpayers.”
The advocacy groups argue that “OPM does not need to create the Warehouse in order to accomplish the purposes described in the [System of Records Notice]. The government, researchers, and covered entities already possess the necessary authority to carry out the described uses for the WarehouseÊ¼s data. Rather than duplicate sensitive enrollee information by copying it into the Warehouse, government agencies and researchers could access data already routinely collected in the ordinary course of business by the health plans participating in the affected insurance programs.”
The groups urged the agency to “should consider effective alternatives that would not violate the publicÊ¼s expectations of privacy or create unnecessary privacy and security problems.”
An alternative would be to leave raw enrollee data with the current record holders â€“ such as the health plans â€“ and use a query system that can search diverse databases. The Food and Drug Administration already operates a similar system, called the Sentinel Initiative. […] Through Sentinel, the FDA can query product data and send questions to the data holders (which include health plans), but the data remains with and is managed by the participating data holders. Sentinel also operates under established privacy and security standards aimed at constant protection of personal information.