There is a general trend among some businesses and government agencies to develop a new database for every analytic need, and too often these databases collect data centrally. This is particularly problematic when the database contains individual health information.
Although CDT supports cost-cutting and fraud detection goals of centralized health claims databases, individual privacy and data security are at risk when repositories and copies of identifiable personal information are created unnecessarily. When possible, government agencies and businesses should create databases using methods that minimize data transfer and maintain the relative anonymity of data subjects. This can be accomplished through a decentralized approach.
On September 21, 2012, the U.S. Office of Personnel Management (OPM) submitted a request for comments on a draft of the application for the Multi-State Plan Program (MSP). The OPM, which runs the Federal Employees Health Benefits Program, is mandated by the Affordable Care Act (ACA) to contract with at least two health insurance issuers to offer individual and small group coverage through MSPs. In turn, health insurance issuers who wish to offer MSPs will complete an application, to be evaluated by OPM.
There are several important privacy features in this draft. CDT commends OPM for committing to evaluate applicants on their privacy and security compliance. We are also pleased that OPM will require applicants to describe their compliance with Fair Information Practice Principles. We urge OPM to retain these evaluation criteria in the final MSP application.