HHS identifier puts privacy at risk
One of the most valuable benefits computers offer the government is the ease and speed of collecting and storing vast amounts of data. That ability allows policy-makers to quickly analyze information to create and run federal programs. But that ability is a double-edged sword because when the data is associated with individuals, the technology puts personal privacy at risk.
So it is with caution that the Department of Health and Human Services should approach its task of developing a health identifier number for all Americans in order to build a database of health information. As required by the Health Insurance Portability and Accountability Act of 1996, HHS must create a standard identifier so individuals' medical records could be made widely available, regardless of their health care program. The end result, Congress hopes, is to make a patient's medical records so easily accessible that a doctor could offer more personalized— and therefore better— health care by calling up all a patient's medical history on a computer.
But the ease of use is precisely why privacy advocates believe the health identifier would be used for nefarious reasons. They need only to point to how individuals' Social Security numbers have become a de facto national ID number that are linked to credit reports and other financial information.
Although Congress intends the identifier to be used only by health care providers— just as the Social Security number was intended to be used just by the Social Security Administration— privacy experts say it could fall into the hands of law enforcement agents, credit card companies, employers, schools and the Internal Revenue Service. History shows us that it is all too possible.
There is no reason to believe that when Congress inserted the requirement for a standard health identifier into the health insurance law that it had any intention of creating a national ID system that public and private groups could use for their own purposes. But that is a danger any time government builds systems to collect data, despite its best intentions.
For an example, look no further than SSA's Personal Earnings and Benefit Estimate Statement (PEBES), a program SSA launched last year that allows individuals to electronically access their personal information in Social Security records. Newspaper reports showed how easy it was for anyone to access someone else's account. SSA still has not put PEBES back online.
The benefits of quicker and more personalized health care are too great not to pursue the health care ID database. But the government should not underestimate the risks associated with this use of technology, and it must make privacy one of the top requirements for building a system that will store such sensitive data on its citizens. They deserve nothing less.