Tuesday, October 8, 2013

Obamacare Marketplace: Personal Data Can Be Used For "Law Enforcement and Audit Activities"

    Maryland's Health Connection, the state's Obamacare marketplace, has been plagued by delays in the  first days of open enrollment.  If users are able to endure long page-loading delays, they are presented with the website's privacy policy, a ubiquitous fine-print feature on websites that often go unread.  Nevertheless, users are asked to check off a box that they agree to the terms.
    The policy contains many standard statements about information automatically collected regarding internet browsers and IP addresses, temporary "cookies" used by the site, and website accessibility.  However, at least two conditions may give some users pause before proceeding.
    The first is regarding personal information submitted with an application for those users who follow through on the sign up process all the way to the end.  The policy states that all information to help in applying for coverage and even for making a payment will be kept strictly confidential and only be used to carry out the function of the marketplace.  There is, however, an exception: "[W]e may share information provided in your application with the appropriate authorities for law enforcement and audit activities."  Here is the entire paragraph from the policy the includes the exception [emphasis added]:
Should you decide to apply for health coverage through Maryland Health Connection, the information you supply in your application will be used to determine whether you are eligible for health and dental coverage offered through Maryland Health Connection and for insurance affordability programs. It also may be used to assist you in making a payment for the insurance plan you select, and for related automated reminders or other activities permitted by law.  We will preserve the privacy of personal records and protect confidential or privileged information in full accordance with federal and State law. We will not sell your information to others.  Any information that you provide to us in your application will be used only to carry out the functions of Maryland Health Connection. The only exception to this policy is that we may share information provided in your application with the appropriate authorities for law enforcement and audit activities. 
     The site does not specify if "appropriate authorities" refers only to state authorities or if it could include the federal government, as well.  Neither is there any detail on what type of law enforcement and/or audit activities would justify the release of the personal information, or who exactly is authorized to make such a determination.  An email to the Maryland Health Connection's media contact seeking clarification has not yet been answered
    The second privacy term that may prompt caution by users relates to email communications.  The policy reads:
If you send us an e-mail, we use the information you send us to respond to your inquiry. E-mail correspondence may become a public record. As a public record, your correspondence could be disclosed to other parties upon their request in accordance with Maryland’s Public Information Act.
    Since emails to the marketplace could conceivable involve private matters regarding finances, health history, and other sensitive issues, the fact that such information could be made part of the "public record" could prevent users from being as free with their information than they might otherwise be.  However, as noted, any requests for such emails would still be subject to Maryland's Public Information Act which contains certain exceptions to the disclosure rules.


Note: A version of this post first appeared at The Weekly Standard.

No comments:

Post a Comment