Some of that personal health care information that you want kept private and confidential is anything but private and confidential.
Apparently, Obama White House pressure led to changes to Healthcare.gov privacy policies, making it possible for certain private information to be shared with advertisers and who knows who else.
On the fifth anniversary of the passage and signing of the so-called Patient Protection and Affordable Care Act, widely known as Obamacare, it has become clear that the law offers neither protection nor affordability. Millions of Americans have already seen premiums skyrocket, and thousands more have lost access to their medical providers as a result of the law. As the Daily Signal has reported, the plans offered under Obamacare have limited provider networks, making it difficult for certain consumers to keep their original doctors without paying additional costs, if they can keep them at all. So much for affordability or keeping your doctor and insurance if you like it, as Obama falsely promised to sell his pet project.
That’s disturbing enough, but now Americans are also finding that right from the beginning, security on the Obamacare site was viewed as little more than an “afterthought.” Further, 70,000 Healthcare.gov records have been easily viewable using Google, and the top security figure in charge of Healthcare.gov refused to sign off on its launch. Those are just some of the disturbing highlights Judicial Watch has pulled out of the new documents the organization obtained from the U.S. Department of Health and Human Services (HHS). What may be most disturbing are documents that show the Department of Homeland Security (DHS) worked with HHS on security for Healthcare.gov.
The government officials on the receiving end of the Freedom of Information Act (FOIA) lawsuit Judicial Watch filed on March 18, 2014, were not exactly forthcoming. The 117 pages the organization received were heavily redacted, but a close look revealed troubling information.
In a heavily redacted November 6, 2013, email, Julie Bataille (former CMS director of the office of communications) informed then-CMS Administrator Marilyn Tavenner and Jeffrey Zients (former Healthcare.gov “tech surge” manager), that “the Dept Homeland Security’s public affairs team reached out to ASPA” (an apparent reference to the assistant secretary for public affairs). The outreach originated with Kevin Greene, program manager – software assurance, of the DHS Cyber Security division.
On November 8, 2013, Tavenner forwarded Bataille’s email to David Nelson (acting CMS chief information officer) and Tony Trenkle (outgoing CMS chief information officer) with the message, “For you guys to follow up. I support. Thanks.” The following email exchange shows when the Department of Homeland Security began working with Obamacare officials on Healthcare.gov:
- November 8, 2013, Nelson to Greene: “As the new Acting Chief Information Officer for CMS, I would be very interested in talking to you about the type of support DHS may be able to provide for Healthcare.gov.”
- December 9, 2013, Greene to Nelson: “I had a very productive meeting with Kevin Charest [HHS Chief Information Officer] and his team on last week and would love to meet with you soon. Please let me know a good time to schedule a meeting.”
- December 11, 2013, Lisa Mack (special assistant to David Nelson) to Greene and Nelson: “Dave is available in Baltimore on Monday, January 13th between 1:00 – 2:00 pm.”
It is bad enough that the IRS is empowered to monitor your health care choices under Obamacare — now Judicial Watch has learned that DHS, another federal law enforcement agency, is potentially snooping around your private health and other personal information, and at the very least, is responsible for the security of that information.
Why did it take a Judicial Watch lawsuit to uncover the Department of Homeland Security’s secret involvement in Obamacare’s Healthcare.gov? What private health information was shared with DHS by the Obama administration?
Assuming it was proper to work with DHS, these documents show (again) that Healthcare.gov was operating for a full month with known and unaddressed security issues.
It is little wonder that it takes “the most transparent administration in history” months to review and release 117 pages.
The documents also show that it was pressure from the Obama White House, desperate to boost enrollment in its unpopular government health care program, which may have led to a mass breach of the privacy of innocent Americans.
Members of Congress from both parties were up in arms after a January 2015 report by The Associated Press that revealed that HHS was disclosing health and other private information of Healthcare.gov users to advertisers:
The government’s health insurance website is quietly sending consumers’ personal data to private companies that specialize in advertising and analyzing Internet data for performance and marketing, The Associated Press has learned.
The scope of what is disclosed or how it might be used was not immediately clear, but it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer’s Internet address, which can identify a person’s name or address when combined with other information collected by sophisticated online marketing or advertising firms.
So who was behind this massive breach of trust, confidentiality, and privacy of the millions forced to use the Obamacare site? The Obama White House.
Why else would bureaucrats in HHS think they had the authority to violate potentially both the Privacy Act and the Health Insurance Portability and Accountability Act (or HIPAA, the federal health care privacy law referenced on the numerous medical forms Americans fill out every day)?
The documents Judicial Watch forced out of the Obamacare bureaucracy at HHS include a January 2014 email chain, in which one subject line is “Call on Tagging Issues.” One of the emails in this chain notes that Jon Booth (director of the CMS Web and Media Group) informs his colleagues in the computer information and press operations of the White House’s interest in employing Healthcare.gov user information for advertising.
“There is a huge push from the White House,” Booth writes, “to implement a robust (and more importantly) measureable digital ad campaign.”
Typically, “tagging” means tagging user information for later use, such as for targeted advertising. Reading between the redactions, it is now clear that the Obama White House was pressuring HHS to push “digital media campaign tagging,” leading to the changes in Healthcare.gov privacy policies that would allow certain private information of Healthcare.gov users to be shared with advertisers.
And it isn’t as if the Obamacare gang at HHS was oblivious to the security and privacy concerns in using this sensitive government health information that citizens, under law, had to give to the Obama administration. In this very email chain was a link to an informative website posting by a security expert who details that security was an “afterthought” on the Obamacare website, that 70,000 Healthcare.gov records were easily viewable using Google, and that “the head of [Healthcare.gov’s] security, who had to sign off on the security of the website during its launch wouldn’t, and was forced out the door…”
There’s some history here that comes full circle with these latest revelations. Back in September 2014, Judicial Watch received 94 pages of HHS documents in response to this same FOIA lawsuit. These documents showed that in the days leading up to the rollout of Obamacare, top CMS officials knew of massive security risks with Healthcare.gov and chose to roll out the website without resolving the problems. These documents also showed CMS officials, including then-CMS Chief Information Officer Tony Trenkle and CMS Director Marilynn Tavenner, were aware of the gaping security flaws, yet Tavenner chose to launch the website anyway. Seemingly wanting not to be a party to the mess, Trenkle himself resigned before the site’s launch date.
In fact, Judicial Watch forced the Obama administration to provide details about security flaws that were previously withheld from public disclosure and from Congress.
The watchdog also obtained “Sensitive Information – Special Handling” memos sent from CMS to Mitre Corporation, the Healthcare.gov security testing company, in which CMS rated “political … damage” and “public embarrassment to CMS” as factors in defining “Risk Rating” priorities.
Recall that the Healthcare.gov portal was hacked back in July 2014.
A few days prior to the AP report detailing the Obama White House’s desperate push to misuse Americans’ private information to boost enrollment in the Obamacare scheme, CMS Administrator Marilyn Tavenner took one for the Obama team and resigned after being accused of padding Obamacare enrollment numbers. According the New York Times:
Representative Darrell Issa, Republican of California and former chairman of the House Committee on Oversight and Government Reform, said Ms. Tavenner “had to go.” He said that she had “padded the Obamacare enrollment numbers” to make them look larger than they were.
Congressional investigators discovered in November that the administration had overstated enrollment by including about 400,000 dental insurance subscribers in the total of 7.1 million people with coverage purchased through the exchanges.
This administration’s Obamacare lawlessness is not just a political fight in D.C. between Congress and President Obama. It is about the rule of law. It is about every American’s private health care information being safe and secure. It is about fraud, waste, and abuse of taxpayer dollars. And it is about the Obama administration’s contempt for federal transparency law.
And thankfully, it is also about Judicial Watch, one watchdog group doing the hard work of exposing this corruption so, at a minimum, citizens can be warned: If you share private information on Healthcare.gov or a related Obamacare site, you should assume that your private information is unsecure, will be used to tag and target you for advertising/government propaganda, is at risk of being used by the Department of Homeland Security, and is at risk of being hacked by criminals outside of government.