Saturday, June 08, 2013

The IRS, NSA, and Justice Department Scandals and What They Mean for HIPAA

As my head reels at the implications of the IRS scandal mushrooming in Washington, the IRS's recently disclosed ability to access e-mails without warrant, the intricacy of the NSA PRISM wiretap techiques that includes their ability to acquire tech firms' digital data, and even the Justice Department's ability to secretly acquire telephone toll records from the Associated Press, I wonder (as a doctor) what all this means for the privacy protections afforded by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in our new era of mandated electronic medical records.  Are such privacy protections credible at all?

It doesn't seem so.

Now it seems everyone's health data is just as vulnerable to federal review as their Google search data.  This is not a small issue.  We have already seen that discovering "leaks" of personal health information has produced some very handsome rewards for the feds, so it is not beyond reason to think that HIPAA might also be a funding tool for our government health care administration disguised as a beneficent effort to protect the health care data of our populace.

But even more concerning is the role the IRS scandal has for America's health care system.  After all, the Affordable Care Act is ultimately funded by the IRS by administering some 47 tax provisions.  These include the right to levy a penalty against businesses and individuals who don't provide or acquire insurance and determining how to distribute annual subsidies to 18 million people who make less than $45,000 a year and thus qualify for subsidies in buying health coverage. In addition, the agency will collect taxes on medical devices and a surtax on people making more than $200,000 a year, as well as conducting compliance audits of tax-exempt hospitals.

We are left to wonder: given the IRS's recent actions in favor of one political party, could other aspects of our evolving health care system be similarly politically targeted?  What if the government agencies turn a disapproving eye on physician-run hospitals or independent concierge medical practices?  What if the market place emergence of a two-tier health care system is systematically crushed?  For these types of concerns we instinctually rely on a fair, beneficent government, but these latest revelations challenge that assumption.

To the political class, the ends always justifies the means.  Now, we're seeing that the means includes stealth digital tracking, e-mail browsing, and wiretaps.

Health care data protection by HIPAA?

Meh.

We should think about the far-reaching implications of what we're seeing from our government agencies as we turn the reins of health care financing over to them lock, stock, and barrel.  Perhaps Peggy Noonan said it best:
What does it mean when half the country—literally half the country—understands that the revenue-gathering arm of its federal government is politically corrupt, sees them as targets, and will shoot at them if they try to raise their heads? That is the kind of thing that can kill a country, letting half its citizens believe that they no longer have full political rights.

Those who think this is just business as usual are ahistorical, and those who think nothing can be done, or nothing serious should be done, are suffering from Cynicism Poisoning.
In the blink of an eye, HIPAA privacy protections now seem small.

Very, very small.

-Wes

Addendum: Thanks to @BillHart46 for pointing me to this: Suit Alleges IRS Improperly Seized 60 Million Personal Medical Records

8 comments:

ClinkShrink said...

HIPAA contains an exception for threats to national security. There was never any protection from the NSA under HIPAA.

Anonymous said...

The IRS targeting individuals?! That couldn't really happen--could it? Do you think that the Medicare/IRS cooperative could set up a RBM (radiology benefit manager) program that surreptitiously denies testing in red states or limits ICDs in 'enemies' of the administration based upon byzantine rules? (Too many ICDs being placed in Florida or Texas, just cut the number by 10%)

Surely, this is purely paranoia...

Anonymous said...

My country tis of thee, sweet land of liberty... not

Anonymous said...

I'm so glad you've written about this but does your concern extend the pharma marketers that have been data mining perscription records for years and it has been ok'd by SCOTUS...

http://www.forbes.com/sites/kashmirhill/2011/06/23/drug-data-miners-have-a-constitutional-right-to-buy-prescription-records-rules-supreme-court/

Anonymous said...

This just all makes me sick. You know the bottom hasn't fallen out yet. What's next?

Gary M. Levin said...

It is an oxymoron to consider having the IRS audit and enforce the ACA. A separate Health Trust would be more accountable and trustworthy given the current NPO debacle. HIPAA is a non-sequitor given the NSA's capability to penetrate anything it deems necessary to prove anything.

Anonymous said...

There is no such thing as privacy anymore, if there every was. In 1994 CALEA, or Communications Assistance fo Law Enforcement was passed, requiring telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to insure they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic in real time.

Anonymous said...

I am a strong advocate for privacy, but I am employed in an organization that excells in legally violating that "privacy". the result is that I know what much about really goes on in so-called privacy initiatives. As a consumer I get annoyed by the faux privacy restrictions of HIPPA, so I conducted a demonstration about the lack of privacy for my own medicsl records. Without using ANY information other than my name, I ewas easily able to retrieve more information about myself than I knew existed. Using these techniques, I was able to collect medical records about me over thirty years old. These are medical records that my physicians and hospital said "were not available". After reading these old records I learned of old lab tests that predicted a few medical problems I have today. If only those old medical records were not "lost" to the normal medical inquiries of my own physicians who are treating me. Yes, HIPPA is only "security theater". Most of us trust HIPPA to protect our privacy. Using simple and LEGAl means it was possible for me to reconstruct a history of my medical records that I did not know existed. I used ONLY my name, no age, SSN, CCDL, DOB, former addresses or names of health care providers. HIPPA was never a solution to our privacy concerns.