The federal government's plan to create a national database of health care claims data is raising red flags for privacy advocates. The proposal, they argue, gives lip service to ensuring the privacy and security of the data and needs considerable additional details.

In a notice published Oct. 5, the U.S. Office of Personnel Management briefly outlined the Health Claims Data Warehouse that will contain a range of protected health information culled from claims handled by three federal insurance programs (see story). They are the existing Federal Employee Health Benefit program and two benefit programs created under the health reform law: The National Pre-Existing Condition Insurance Program and the Multi-State Option Plan.

The data warehouse plan envisions widespread sharing of data for a variety of purposes, including research. The Office of Personnel Management contends that "in many instances" data will be de-identified. But there is no explanation of how the data will be de-identified, say Deborah Peel, M.D., and Andrew Blumberg, leaders of the Patient Privacy Rights Foundation. "Even the imperfect HIPAA requirements to achieve 'de-identified' data sets by removing 17 identifiers will not be used," they argue in a joint statement to Health Data Management. The proposal, they add, "does not seem to acknowledge how easy it is to re-identify health data."

The concern, Peel and Blumberg say, is that anyone who claims to be doing research could access the database. "This is identical to the 'research loophole' in HIPAA which has enabled the massive commercialization and sale of the nation's health information," they contend. "More generally, at the present time most use of protected health information is for commercial purposes, NOT to help patients or to help their doctors take care of them. As such, this loophole in light of the unsophisticated discussion of de-identification makes us very worried about the likelihood that this proposal will be a boon to providers of 'business analytics.'"

There is wide recognition of the importance for the government to take a look at the claims data from the it's employee benefit program and the two coverage programs being created for citizens unable to get insurance elsewhere, says Devon McGraw, director of the Health Privacy Program at the Center for Democracy & Technology in Washington. But the government simply doesn't need a new, centralized database, she adds. McGraw serves on the HIT Policy Committee, an advisory body to the Department of Health and Human Services. She also chairs the committee's privacy/security Tiger Team workgroup.

Speaking for the Center for Democracy & Technology, McGraw asserts the government can request the health plans it contacts with to generate requested reports against their internal claims databases. "Send the queries to where the data already is by asking plans to run the reports rather than sending data to a centralized source."

That's how the Food and Drug Administration get its reports, she adds, by querying industry databases that already exist. For instance, FDA can ask Kaiser Permanente for the number of patients in its databases experiencing an adverse reaction to a particular drug.

McGraw also worries about how patients' claims data will be used if broadly made available to researchers in and out of government. "This is just way too little information to satisfy public privacy concerns," she notes. "It seems to me they should have a specific plan and details before they do this."

Further, the Office of Personnel Management's intention to use names and Social Security numbers to retrieve data goes against its own directives that require federal agencies to have plans to reduce unnecessary use of Social Security numbers. Use of the numbers also may be counterproductive, McGraw says. "It's my understanding health plans are trying to reduce their use of the Social Security number as an identifier."

--Joseph Goedert

 

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access