Secrecy breeds suspicion. The role of secrecy in health care is practically non-existent so when we see examples of secrecy, as in the operational details of the Federal Data Services Hub, we get the recent outcry from a range of politicians and journalists waving privacy flags. For Patient Privacy Rights, this is a teachable moment relative to both advocates and detractors of the Affordable Care Act.
There’s a clear parallel between the recent concerns around NSA communications surveillance and health care surveillance under the ACA. Some surveillance is justified, to combat terrorism and fraud respectively, but unwarranted secrecy breeds suspicion and may not help our civil society.
“The Hub” is described by the government as:
“For all marketplaces, CMS [the Centers for Medicare and Medicaid Services] is also building a tool called the Data Services Hub to help with verifying applicant information used to determine eligibility for enrollment in qualified health plans and insurance affordability programs. The hub will provide one connection to the common federal data sources (including but not limited to SSA, IRS, DHS) needed to verify consumer application information for income, citizenship, immigration status, access to minimum essential coverage, etc.
CMS has completed the technical design, and reference architecture for this work, is establishing a cross-agency security framework as well as the protocols for connectivity, and has begun testing the hub. The hub will not store consumer information, but will securely transmit data between state and federal systems to verify consumer application information. Protecting the privacy of individuals remains the highest priority of CMS.”
Here’s where the secrecy comes in: I tried to find out some specific information about the Hub. Technical or policy details that would enable one to apply Fair Information Practice Principles? Some open evidence of privacy by design? Some evidence of participation by privacy experts? I got nothing. Where’s Mr. Snowden when we need him?
And here’s where the suspicion comes in: The rhetoric around privacy risks of the Hub may be vastly overblown. As with terrorism, the harms are dramatized to make a point. Hacking risk (an argument free Internet advocates present to oppose surveillance back-doors) and government abuse of power are almost exactly the same argument in both the communications and health surveillance discussions.
The teachable moment here is about real privacy and transparency in health information exchange. There’s a reason citizens don’t have access to our own health information and that privacy advocates are not welcome at the citizen information management table. Keeping our own data and data flows secret allows all of us to be fleeced of $1 Trillion per year (that’s about $3,000/yr per person) through a combination of price manipulation, upcoding fraud, unwarranted treatments and a dearth of practical quality measures. The risk of identity theft is economically trivial by comparison.
The health information exchange secrecy drama is playing out today in many federal and state venues. Some of it is directly linked to the ACA and HITECH, but that’s incidental. The limited access to our own information and confusion around government policymaking are both because $1 Trillion of potential health industry decrease creates immense political forces. Calling for delay of the Hub, delay of ICD-10 coding, delay of Meaningful Use Stage 2, delay of patient access to state health information exchanges, delay of automated patient access to copies of personal health data (known as Blue Button Plus), along with ongoing efforts to hide transfers and sale of our health information under misguided HIPAA exemptions, are the real face of these political forces.
The privacy take home message of the Hub is that a systemic lack of transparency and the manipulation of our personal information are the means large institutions use to maintain control over market shares, prevent patient control over data use, and block innovation.
Update (8/15/2013, 6:33pm ET):
An update to this still-developing story: CMS is announced a plan to do identity matching as part of the Data Services Hub.http://www.ihealthbeat.org/articles/2013/8/15/cms-seeks-to-create-matching-agreements-for-aca-data-hub
The announcement is needed because US persons, by law, do not have a federal identity. Each federal agency that has data about us, (CMS and IRS for example, in the Data Services Hub) under different identities as a privacy-protecting measure. To protect privacy, matching of people across the different services, a form of surveillance, is subject to strict controls and citizen notice. So far, so good for the Data services Hub in the sense that today’s announcement is restating what was already obvious and simply pointing us to the applicable laws and regulations.
When it comes to state-level and private-sector surveillance of our health care visits, through state health information exchanges, prescription drug monitoring programs, all payer claims databases, and private exchanges like the insurance information bureaus and the planned CommonWell Health Alliance, citizens do not have the same rights to privacy as we have across federal service providers. All health information exchanges today, depend on “master patient index” matching / surveillance technology. This technology is unregulated and completely opaque to us. We don’t know when it’s used, we don’t know if it has errors and, worst of all, we can’t control when this technology is used to combine health services like mental health or family planning that we might prefer to keep from being “matched” along with the rest of our healthcare.
The federal laws covering citizen surveillance are a step in the right direction. Shouldn’t our state and private health surveillance agencies be held to even higher privacy standards?
Adrian Gropper, MD is Chief Technical Officer of Patient Privacy Rights and participates in Blue Button+, Direct secure messaging governance efforts and the evolution of patient-directed health information exchange.