Home > Security > Privacy

Computerworld - In response to considerable privacy concerns, the federal Office of Personnel Management (OPM) could soon release more details on its plans to build a controversial new database containing information on the healthcare claims of millions of Americans.

The agency will also likely delay its planned Nov. 15 launch of the new database to accommodate a broad public evaluation of its plans, said an analyst from the Center for Democracy and Technology (CDT), a Washington-based think tank.

The CDT was one of 16 organizations that late last month sent a letter to OPM Director John Berry asking for more information on the agency's proposed Health Claims Data Warehouse. The letter was prompted by what the CDT and the other organizations claimed was a serious lack of details about the new database, and by the OPM's assertions that it would share collected health-related data with law enforcement, third-party researchers and others.

The letter, whose signatories included officials from the American Civil Liberties Union and the American Federation of Government Employees, urged the OPM not to establish such a database without giving the public a fair chance to review its plans.

Harley Geiger, policy counsel for the CDT, said on Monday that the OPM had informed the CDT that it will soon be releasing more detailed information on the database, and on the privacy and security controls that will be put into place to protect the data.

A formal notice describing the OPM's plans will be published in the Federal Register some time after Nov. 15, after the agency has had a chance to review all the comments it has received on its proposed database, Geiger said.

Geiger stressed on Monday that the CDT is not opposed to the creation of an electronic health records (EHR) system. Such a system will bring significant new efficiencies that a paper-based system such as the one in place today simply cannot deliver, he said.

The CDT's purpose in pressing the OPM for more details is solely to ensure that any new database that is created is really needed and has all the necessary security and privacy controls in place, he said. "People are not going to trust EHR if the confidentiality of their records is at risk," Geiger said.

A spokeswoman for the OPM would neither confirm nor deny whether the agency was going to provide more details on the database, or if the launch would be delayed. "Unfortunately, that is not something we have information about currently," the spokeswoman said by e-mail.

The OPM first announced details of its proposed Health Claims Data Warehouse in a so-called system of records notice (SORN) in the Federal Register in early October.

In its notice, the OPM said that the new database would help the agency more cost-effectively manage the Federal Employee Health Benefit Program (FEHBP), the National Pre-Existing Condition Insurance Program and the Multi-State Option Plan.

The OPM said that it would establish direct data feeds with each of those three programs and would continuously collect, manage and analyze health services data.

The data collected would include individuals' names, addresses, Social Security numbers and dates of birth, plus the names of their spouses and other information about dependents, and information about their healthcare coverage, procedures and diagnoses, the OPM said in its notice.

In addition to using the data for its own internal analysis, the OPM will also make the information available, if required, for law enforcement purposes and for use in judicial or administrative proceedings, and to "researchers and analysts" inside and outside government for healthcare research purposes, the OPM notice said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at  @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Read more about Privacy in Computerworld's Privacy Topic Center.