Feds move toward health claims database despite privacy fears
But newly revised plans limit scope, add greater transparency
Computerworld - Despite lingering privacy concerns, the U.S. Office of Personnel Management (OPM) is plowing ahead with plans to build a massive centralized database containing detailed healthcare claims information on millions of federal employees and their families.
The agency on Wednesday released two formal notices in the Federal Register detailing plans for the new Health Claims Data Warehouse. One of the notices describes how the OPM will use the database, the other describes how the OPM Inspector General's office will use it.
Work on the database begins July 15.
The notices -- known in government parlance as systems-of-records notices -- are aimed at addressing some of the concerns raised by several privacy groups when the OPM first detailed its plans last October. The outcry prompted the OPM to push back its original deadline.
Wednesday's notice, for instance, substantially limits the scope of the database, narrows the circumstances under which information from it will be used and clarifies that only de-identified data will be released outside of OPM.
The revised plans go a long way in addressing some of the original concerns, said Harley Geiger, policy council at the Center for Democracy and Technology (CDT), which has been vigorously arguing for more privacy controls.
Even so, several other fundamental issues, including database architecture and data anonymity, that remain unaddressed, Geiger said.
According to the OPM, the data warehouse is designed to help the agency better manage federal health claims programs. Under the effort, the agency will collect and analyze health services data from the Federal Employees Health Benefits Program (FEHBP). Members of the FEHBP include federal and postal employees, uniformed service members and retirees.
As part of its plan, OPM will establish a direct data feed with the FEHBP to continuously collect, manage and analyze health services data. The information collected includes individuals' names, addresses, Social Security Numbers and dates of birth, plus the names of their spouses and other information about dependents, as well as information about their healthcare coverage, medical conditions, procedures and diagnoses.
The OPM will use identifiable data to create 'longitudinal' long-term health records for each individual in the database. However, OPM analysts, who access the data for analyses, will only have access to de-identified records.
"OPM will analyze the data in order to evaluate: The cost of care; utilization of services; and quality of care for specific population groups, geographic areas, health plans, health care providers, disease conditions, and other relevant categories," the OPM notices said.
The inspector general's office, meanwhile, will use the claims database for audit and investigative purposes to detect fraud and waste, according to one notice.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts