Health Privacy Project Director Deven McGraw expressed apprehension about the Obama administration proposing that the Office of Personnel Management (OPM) create a health insurance claims database in a recent TheHill.com blog post. McGraw fears that lost in the administration’s multi-state plans is the risk involved in allowing the OPM payment and enrollment access that, in turn gives them the capability to aggregate patient data and centralize it in a government depository. She believes this this puts patient data privacy and security rights in jeopardy.
Right now, this information is collected by individual, private insurance companies as a routine function of administering benefits. Ironically, keeping data at the source also helps safeguard it. Unnecessarily duplicating sensitive data and storing it in one location increases the risk and severity of data breaches. In essence, this central database would create a big, delicious target for hackers and other miscreants—who have to work much harder to access the information if it is stored in multiple locations. What’s more, the cost of creating and securing the database would be borne by federal taxpayers, instead of insurance companies that now pay this expense.
The OPM’s data analytics goals can still be accomplished without consolidating patient data and putting it at risk. Instead, she proposed a distributed approach where the OMP can get ahold of the data via a secure edge server or cloud environment. Additionally, it could write code to share with insurance plans for them to individually look at data and then report to the administration.
McGraw raises valid points about the potential privacy issues with large patient data repositories being managed by non-healthcare entities and how the Obama administration responds will be worth watching.