Obamacare Exchange Confirms: 'We Are Required to Respond to Certain Requests from Law Enforcement'

    On October 8, THE WEEKLY STANDARD reported that the privacy policy of the Maryland Health Connection (MHC), the state's Obamacare insurance marketplace, included a statement that the marketplace "may share information provided in your application with the appropriate authorities for law enforcement and audit activities."  An email had been sent to the MHC on October 3 requesting clarification of the policy, and included these inquires: Does that include both federal and state authorities?  What type of information from the application might be of interest to law enforcement and/or state/federal auditors?  However, no response was received, and the story was published.

    A follow up email sent to the MHC a day after the story ran was answered by the MHC with the promise of a response the following day, but none was forthcoming.  A third email sent on Friday, October 11, was finally answered late that evening by Communications Manager Betsy Charlow.  The full response reads as follows:

The Maryland Health Connection Privacy Policy has been developed in compliance with federal regulations codified at 45 C.F.R. § 155.260 and 45 C.F.R. § 155.280 to ensure consumer protections and operations of the insurance marketplace. Like all state agencies, we are required to respond to certain requests from law enforcement.

     The regulations cited by Ms. Charlow, while stating that sharing personally identifiable information is proscribed for reasons "that are not permitted or required by law," do not specifically address what types of law enforcement and/or audit activities might qualify for an exception, nor do the regulations detail who is authorized to make the determination for what qualifies for an exception.


Note: A version of this article first appeared at The Weekly Standard.