Federal Claims Database Plan ProceedsPrivacy Advocates Had Expressed Concerns
The revised plan for a Health Claims Data Warehouse, announced in two Federal Register notices June 15 by the U.S. Office of Personnel Management, took effect July 15 "without any further changes," an official at the office confirmed to HealthcareInfoSecurity.com. In the notices, the office said it would launch the plan "unless comments are received that would result in a contrary determination."
The office, in its revised plan, called for using the database to help manage only the Federal Employee Health Benefit Program, rather than three federal programs as it originally proposed (see:Privacy Advocates Win Database Delay). That program includes federal employees, postal employees, uniformed service members, retirees and their family members who voluntarily participate in the program.
The agency will use the database, which will gather patient-identifiable information from participating insurance carriers, to analyze the costs and utilization of services "to ensure the best value for both enrollees and taxpayers," according to the revised proposal now being implemented.
Privacy Advocates' ConcernsPrivacy advocates, including the Center for Democracy and Technology, blasted the original proposal for its lack of detail on privacy and security issues. Harley Geiger, policy counsel for the center, said in June that the revised proposal provided far more details, including a commitment to comply with HIPAA. "I think the Office of Personnel Management deserves a fair amount of credit for being responsive to the issues that CDT raised," Geiger said.
In a blog, he also noted the agency pledged "to use only de-identified information for analysis purposes and to release only de-identified information to external parties." And he noted plans to sharply curtail the level of health information sharing called for in the original proposal.
Another advocacy group, Patient Privacy Rights, criticized the revised plan for failing to describe its methods for de-identifying data. "OPM did not acknowledge how difficult it is to anonymize data for public use databases," said Deborah Peel, M.D., founder of the group. Peel contended that the modifications made in the revised proposal were only "minor" and failed to adequately address numerous privacy concerns.
Centralized Database CriticizedIn addition, the Center for Democracy and Technology contended the centralized database approach, still called for in the revised plan that's now being rolled out, is not needed. Instead, it advocated a "decentralized query-based system" that would leave enrollee health information with the health plans that serve the federal program, "rather than compile new copies of the health information into one big system."
Geiger also said in his blog: "Although CDT supports cost-cutting and fraud detection goals of health claims databases, individual privacy and security are ill-served when repositories and copies of identifiable personal information are created unnecessarily. To the extent possible, government agencies and businesses should seek to meet their objectives through methods that leave data in existing systems and maintain the relative anonymity of data subjects."
The privacy group also questioned why the Office of Personnel Management must collect "fully identifiable" health information, including Social Security numbers, to conduct its analyses. The office's fraud detection goals could be achieved, the privacy group argued, using a limited data set that has several direct identifiers stripped away. Or, it could use a one-way hash function to scramble the identifiers.