URGENT! Private Security Risk of Obama’s Health Care Plan

Say no to obamacare

[UPDATE] On a conference call with Chief Deputy Republican Whip Kevin McCarthy (R-CA), Rep. Peter Roskam (R-IL), Rep. Charlie Dent (R-PA), this issue was raised to much of the surprise of the participating GOP Members of Congress. None of those in attendance realized that such a risk to private identity existed and stated that “it goes to the larger issue of showing exactly how complex this bill is in that it needs to be thoroughly examined and discussed and debated” Please help us pass this issue along and hold members of congress accountable for examining this extremely sensitive issue!

If the proposed health care bill is passed, your private information to include social security number, birth date, full medical history, financial information and others will certainly be at risk. You can be sure of that!

The question is not “Will my private information be at risk?” The question is “What is at risk and how grave is the security risk?”

In recent news, there has been much discussion about section 245(b)(2)(A), as it mandates that the IRS divulge tax return details on private citizens. However, a little discussed clause in the stimulus bill (page 244) has already set up the public option, with regard to your medical history. A report done by Declan McCullagh at CBSNews.com says this about the stimulus bill:

A better candidate for a future privacy crisis is the so-called stimulus bill enacted with limited debate early this year. It mandated the “utilization of an electronic health record for each person in the United States by 2014,” but included only limited privacy protections.

Ms. McCullagh is referring to a massive system that will contain everyone’s medical information, in a government controlled database. There is concern that the information contained in these databases will be accessible by too many people.

The concerns are valid, but even more alarming is the fact that the risk may be much more severe than anticipated.

The Department of Veterans Affairs (VA) employs a system very similar to the way a government controlled national health care system would be managed. The VA employs over 290,000 people while maintaining records on over 26 million veterans. Thousands of VA employees have access to private information to nearly every veteran that is enrolled in the VA system. The Veteran Benefits Administration (VBA) utilizes a centralized database called VETSNET that allows employees to have access to personal information to include social security numbers (as well as access to their social security records), dependent names and birth dates, bank account and routing numbers, and other personal information. Medical records are also available thru the Compensation and Pension Record Interchange (CAPRI) that is used by the VBA and the Veterans Health Administration (VHA). If you only pay attention to one sentence in this article, let it be this: Many of these employees are given access to all of this personally identifying information for these hundreds of thousands of veterans before they have had a complete background check completed. This is the norm, as supervisors are generally tasked to have access granted for many employees within the first week of employment. Please think about the ramifications of such access given to those who have not been properly vetted, given the recent headlines both the White House has made for its lack of vetting and ACORN has made for its corruption.

This level of access is perceived as a normal standard of work for the majority of VBA employees, and similar access is given for many VHA employees that handle personal information on a daily basis. The security risk to Personal Identifiable Information (PII) is high, while overall protection is low. Access is granted based on need and job function. However, no security measures are in place that prevent, or detect, employees from downloading, copying or printing personal information. This includes those with “read-only” access. The best line of defense currently in place is protection that will pick up personal information in the subject line of an email. While the VA does practice the safeguarding of PII, and violations are not tolerated, their protections are limited. In addition, many employees have this level of access granted prior to having a full background check completed, as the process can take months to years.

Due to the fact that this level of personal information is made available to thousands of government employees, many without background checks completed, the opportunity for malicious acts is unlimited. The risk is shared with everyone who has electronic records maintained in the system.

This type of management will be adopted by a government controlled health care system. For a system large enough to cover and maintain records on millions of people, it is the only effective way to do business. An increase in security measures that would restrict access to needed information, or require approval for every transaction, would result in an already slow process to come to a stand still. Benefit claims that take months to process, may then take years. Lines at the clinics would go from hours, to days. Health care may ultimately result in an alarming rate of rationing and the quality and availability of care would likely decrease.

Security issues within the VA can provide a glimpse of what to expect in a government controlled health care plan. For example, the VA has a long history of severe security breaches. In may 2006, a VA laptop was stolen that contained the private information of over 26 million veterans. Just a few months later, another computer was stolen that contained the private information of over 300,000 veterans. Some measures have been put into place designed to prevent further occurrences, but individual employee access is still a major concern. There have been identity theft instances in which VA employees have used personal information derived from VA records. Veterans often claim that they receive documents and personal information that do not belong to them in the mail.

Still, a larger issue looms. Proponents of the President’s health care plan, and President Obama himself, claim that your personal information will be protected. However, If the President knows of a better way of protecting participants in a government controlled health care system, then why not implement the system with the VA? I am sure the 290,000 employees and 26 million veterans would welcome it. If not, then the Obama administration and congressional proponents of the House and Senate health care bills need to be honest and forthcoming concerning the inevitable private security risks associated with both plans. Either way, a lot of explaining is in order!

Ask yourself this. Would you rather have your personal and private information under the protection of your local doctor and hospital, or in the hands of thousands of government employees with a clear record of mismanaging personal information?

Nonetheless, this is how the government will manage a nationalized health care system.

Furthermore, with nearly 300,000 employees serving 26 million veterans (7.85 million receiving health care), it operates on an annual budget of $90 billion per year, of which $45.5 billion appropriated to health care. But remember, President Obama said he could cover 47 million people (now 30 million) with a $90 billion annual budget.

Imagine the privacy risk and the true amount of tax payer dollars that it will take to provide health care to the administration’s quoted 30 million currently uninsured Americans, and eventually the entire U.S. population of over 307 million people, that means you! The greater the system, the greater the risk.

I would rather not imagine it, much less be forced to live in it.

Note: The author is a former VA employee