News reports cite the concerns of data privacy advocates over the long-term retention of consumers’ personal data in the database supporting HealthCare.gov
According to a report at iHealthBeat online, “A federal website describes MIDAS as the ‘perpetual central repository’ for data collected under the Affordable Care Act, according to AP ABC News. The system contains information such as individuals’ names, addresses, phone numbers, birthdates, employment status, financial accounts, and passport numbers.” In January, a federal assessment of the database stated that information “is maintained indefinitely at this time.”
The iHealthBeat report quoted a report from Associated Press, via ABC News, that quoted Lee Tien, a senior staff attorney with the Electronic Frontier Foundation as saying, “A basic privacy principle is that you don’t retain data any longer than you have to. Even 10 years feels long to me,” Tien was quoted as saying.
Similarly, Michelle De Mooy, deputy director for consumer privacy at the Center for Democracy & Technology, was quoted as stating that HealthCare.gov does not notify consumers that their data are going to be stored in MIDAS.
In response to privacy advocates’ concerns, the AP/ABCS News report from June 15 quoted Marilyn Tanner, R.N., who was CMS Administrator when HealthCare.gov was launched, as having said in 2013, prior to the launch of HealthCare.gov, that “We are especially focused on storing the minimum amount of personal data possible.”
Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.