The Department of Health and Human Services’ (HHS) Office of the Assistant Secretary for Preparedness and Response is currently seeking public comment on a 52-page draft of the proposed “National Health Security Strategy 2015-2018” (NHSS).
The deadline for comment is 5 pm EST on May 21st. (See Draft National Health Security Strategy 2015-2018.pdf)
“Health situational awareness includes biosurveillance and other health and non-health inputs (e.g., lab/diagnostics, health service utilization, active intelligence, and supply chain information), as well as systems and processes for effective communication among responders and critical health resource monitoring and allocation,” the draft states.
But Brase warns that the NHSS proposal would allow the federal government to monitor an individual’s behavior before, during and after any government-defined health “incident” – which could be anything from a local outbreak of the flu to a terrorist anthrax attack.
“It’s very broad. It doesn’t seem to have any limits, except they say something about, you know, properly protecting the data. But from our perspective, if the government gets access to this kind of data, [and] is allowed to do research with the data…then our privacy has already been compromised. The government has already said that our data is their data for their purposes of national health security,” Brase told CNSNews.com.
“It’s very clear to us that really the government is moving toward real-time access, toward close collaboration of government and doctors for ready access to the electronic medical record and then to conduct research and analysis.”
“I don’t think they ever mentioned the word merging, but this is a very close connection they want between public health, which is the government, and clinical health, which is your doctor’s office and the hospital, for whatever diseases they choose to have reported,” she added.
Brase noted that the information collected by the government will be “all-encompassing” and include “what our health status is, whether we exercise, how often we get a cold, or what kind of medications we’re taking. They’re also looking at the climate, and the economic condition of the country, as all being a party of this National Health Security Strategy.”
“In other words, anything and everything could become a health threat by the government’s standards,” she said.
According to the draft proposal, NHSS will create “health situational awareness” by “collecting, aggregating and processing data from both traditional and nontraditional sources (such as social media) and from various governmental and nongovernmental stakeholders….Decision-makers will have the capability to visualize and manipulate data from many sources to create an operational picture suited to the specific situation and the decisions before them.”
But Brase warns that the government’s biosurveillance plan is much more intrusive than the data collection currently being done by the Centers for Disease Control and Prevention (CDC).
“We’re of the mind that the Fourth Amendment actually means something, so you can’t access everybody’s patient’s medical record just because you say there is a security threat or just because you say it’s good for the American public,” she told CNSNews.com.
“But the fact of the matter is that [the Health Insurance Portability and Accountability Act] HIPPA already allows the federal government and the state government and the local government and anyone who is a public health agency to have access to our medical records - identifiable medical records - without our consent. It’s in the HIPPA Privacy Rule, which has the full force and effect of law. But that wasn’t actually put in by Congress. It was put in by the Department of Health and Human Services.” (See HIPAAPrivacyRegs_EconomicStimulusChanges.pdf)
One of the dangers, Brase pointed out, is that this vast amount of medical data warehoused in a giant electronic database will only be available to government-approved researchers.
“Now, it could be the entire electronic medical record, it could be that they just have ready access to the electronic medical records because it’s on a state health information exchange, for instance, and if they are one of the partners in the state health information exchange, they can start this data draw.
“One of the things we look at is how research can be done in a way to push policies that we disagree with. They come up with findings that nobody else can validate because nobody else has access to all that data the way the government has, and nobody can ever counter it,” Brase told CNSNews.com.
According to “National Biosurveillance Science and Technology Roadmap” written last June, “effectively, appropriately, and securely sharing health event data, including parts of electronic patient records and laboratory data, has significant potential to improve national awareness of incidents that could progress to impact national security.”
The NHSS is part of what President Obama called “the first-ever National Strategy for Biosurveillance” which was announced by the White House in July 2012 as “a top national security policy.” (See National_Strategy_for_Biosurveillance_July_2012.pdf)
Biosurveillance is defined as “the process of active data-gathering with appropriate analysis and interpretation of biosphere data that might relate to disease activity and threats to human or animal health – whether infectious, toxic, metabolic, or otherwise, and regardless of intentional or natural origin – in order to achieve early warning of health threats, early detection of health events, and overall situational awareness of disease activity.”
“Extending electronic reporting of health information, including laboratory results, to public health serves as an example of rapidly communicating useful information….Routine, daily use of such capabilities may be leveraged to address critical requirements in the context of an emergency,” the White House document said.
Brase pointed out that much of the architecture for the government’s biosurveillance plan is already in place.
“The Obama administration in the [American] Recovery and Reinvestment Act [of 2009] forces every doctor to have interoperable electronic medical records by January 1, 2015 or face penalties from Medicare, financial reductions in their payments. So that’s one thing that’s happening,” she told CNSNews.com.
“A second thing that’s happening is that the federal government has been funding the creation of state health information exchanges (HIEs) with the purpose of creating a national health information network. And they’re interoperable, which means they’re accessible to government and others, because they have to follow certain protocols and data standards that the government sets. So that’s another thing that’s happening.
“And the third thing that’s happening is that the health plans often require, may require with their contracts with doctors, that they submit their bills electronically. So all this is forcing everybody’s medical records online,” she explained.
“It’s not clear exactly how the federal government plans to get access” to these online records, Brase said, but it could include requiring health insurers to send all claims data to the government, forcing state insurance exchanges to open a special portal specifically for federal bureaucrats, or demanding that hospitals and clinics report directly to the feds.
“Is this a juggernaut that’s unstoppable at this point” CNSNews.com asked Brase.
“It is not unstoppable,” she replied. “HIPPA is a data-sharing law. It has noting to do with privacy. HIPPA and the HITECH Act (part of the 2009 stimulus bill) together already allow 2.2 million entities to have legal access to your private medical records without your consent, and that is a federal number in the 2010 federal regulation.”
Those entities include hospitals, pharmacies, physicians’ offices, diagnostic imaging centers, medical equipment suppliers, home health services, outpatient care centers, health insurers, third-party administrators and any of their business associates.
“But the one thing that HIPPA says is that if the states create a stronger privacy law, then everyone in that state must conform. Minnesota and Iowa are two of the states that have stronger privacy laws with more restrictions on access. And every state could do that and make it difficult for the federal government to implement this entire thing.
“For instance, they’d have to get your consent before they put you in a health information exchange. They could require consent for any kind of public health purpose, and therefore challenge the federal government to tell them exactly where the federal government thinks they have a right to gather all this information for public health purposes,” Brase told CNSNews.com. “There’s all sorts of things states could do if they had a mind to do it.”
“I think people are worried about things like HIV or something stigmatizing or embarrassing. But they should be very concerned about the fact that this is really a sweeping strategy to oversee your entire life with the intention of keeping you, and making you keep yourself, healthy,” she continued.
“And that is a government that is too big. That is a government that says you have no freedom, because if you are not free from surveillance, you are not free.”