Thursday, September 03, 2009

Merge the Databases, and Privacy Be Damned

No doubt the rush to get health care reform through during an unassociated economic crisis is the legitimizing factor to place huge risks in the privacy of all the proletariat.
One of the problems with any proposed law that's over 1,000 pages long and constantly changing is that much deviltry can lie in the details. Take the Democrats' proposal to rewrite health care policy, better known as H.R. 3200 or by opponents as "Obamacare." (Here's our CBS News television coverage.)

Section 431(a) of the bill says that the IRS must divulge taxpayer identity information, including the filing status, the modified adjusted gross income, the number of dependents, and "other information as is prescribed by" regulation. That information will be provided to the new Health Choices Commissioner and state health programs and used to determine who qualifies for "affordability credits."

Section 245(b)(2)(A) says the IRS must divulge tax return details -- there's no specified limit on what's available or unavailable -- to the Health Choices Commissioner. The purpose, again, is to verify "affordability credits."

Section 1801(a) says that the Social Security Administration can obtain tax return data on anyone who may be eligible for a "low-income prescription drug subsidy" but has not applied for it.

Over at the Institute for Policy Innovation (a free-market think tank and presumably no fan of Obamacare), Tom Giovanetti argues that: "How many thousands of federal employees will have access to your records? The privacy of your health records will be only as good as the most nosy, most dishonest and most malcontented federal employee.... So say good-bye to privacy from the federal government. It was fun while it lasted for 233 years."
Interesting, but the journalist in this case seems to not be convinced of the threat. Note to self, never take security or privacy advice from a journalist.
I'm not as certain as Giovanetti that this represents privacy's Armageddon. (Though I do wonder where the usual suspects like the Electronic Privacy Information Center are. Presumably inserting limits on information that can be disclosed -- and adding strict penalties on misuse of the information kept on file about hundreds of millions of Americans -- is at least as important as fretting about Facebook's privacy policy in Canada.)

A better candidate for a future privacy crisis is the so-called stimulus bill enacted with limited debate early this year. It mandated the "utilization of an electronic health record for each person in the United States by 2014," but included only limited privacy protections.

It's true that if the legislative branch chooses to create "affordability credits," it probably makes sense to ensure they're not abused. The goal of curbing fraud runs up against the goal of preserving individual privacy.
He adds an update that EPIC condemns the bill. I just find it fascinating that he is willing to weight fraud prevention equally against opening everyone's records to bureaucrats at the state and federal level. No doubt there won't be any abuse anything like what happened to "Joe the Plumber." The more people have open and free access to information, the more probable abuse will become. Legislating this with no limitations on access is asking for abuse.

Wonder why he won't mention that little things like databases can be accessed by programs to determine whether the person can receive benefits. If the program is in the IRS and will provide a simple yes or no answer to the query then there would be no reason for anyone to have full and open access. But hey, let's just open it all up instead of thinking about implementations.

UPDATE: In timely fashion here is a Schneier post that aids my point.

No comments: