Privacy Concerns Unfounded for State Health Exchange
Maryland’s new health insurance exchange, opened as required under the Affordable Care Act on Oct. 1, has raised some privacy issues over how health information will be shared.
The Maryland Health Connection (MHC) reportedly alerts people who sign up that while it will not sell their personal information and that it can only be used for the exchange’s purposes, an exception exists for “law enforcement and audit activities,” according to the Baltimore Sun.
Despite assurances from the state’s health secretary that such a warning is standard for personal health information, opponents of Obamacare were quick to jump on the language and cry foul.
The paper quoted a law professor as dismissing concerns about the improper sharing of health information under the new exchange, saying that federal law already covers this issue and allows for the sharing of such information if it is subpoenaed.
Standard Operating Procedure
But the worries seem unnecessary, given the protections of medical information that already exist.
Chapter 3 of the Maryland Public Information Act, in fact, “suggests that the custodian of a record (in this case Maryland Health Connection) has the authority to withhold any record that would constitute an invasion of privacy,” points out Christopher Rasmussen, a policy analyst with the Health Privacy Project at the Center for Democracy & Technology in San Francisco.
Chapter 3 indicates several exceptions exist to the Public Information Act’s general requirement of disclosure of public records. “Many of the exceptions are an attempt by the Legislature to balance individual privacy interests against the public right of access,” notes the law.
“Disclosure of ‘medical records’ is restricted by the Maryland Confidentiality of Medical Records Act,” the law specifically states.
Fraud Could Result in Disclosure
When would law enforcement need access to one’s health records? “If someone were suspected of fraudulently applying for health insurance coverage through MHC and the police wanted to look at his application to confirm their suspicions, that would likely result in a release of personal information,” Rasmussen explains.
“In addition, the Affordable Care Act regulations allow the federal Department of Health and Human Services Inspector General’s office to review state exchange records — in a very broad sense that is ‘law enforcement’ too.”
“As for the open records request, that likely varies significantly by state,” he says. “I know California’s insurance exchange does mention its public records act, but it too has a carve-out that would prevent disclosure of personal information.”
Rasmussen indicates that consumers should not be worried about language of the sort targeted by the Sun.
“I’m sure it might be disconcerting to some to see language like ‘law enforcement,’ especially given the hyper-sensitive times we are living in,” he says, pointing to the NSA scandals and a seemingly high level of suspicion of government in general. “But really if consumers look at their doctor or physician privacy practice notices they’ll see similar language.”