The imminent health-exchange scandal.
By Michael Astrue
I have been dismayed, but unsurprised, to see that the
Department of Health and Human Services (HHS) is already spinning the
launch of its federal health insurance exchange this October. The
federal and state “exchanges”—HHS recently rebranded them
“marketplaces”—are a linchpin of the Affordable Care Act (ACA) that
would allow uninsured Americans to assess and select health insurance
plans. Repeated HHS assurances that the systems will be ready for launch
have been a critical factor in state decisions as to whether they
should use the HHS portal or build their own; at least 14 states have
wisely chosen to build their own systems.
A
functional and legally compliant federal exchange almost certainly will
not be ready on October 1 for those who will have no choice but to use
the federal portal. The reasons for failure are not short timelines
(Congress gave HHS more than three years), political interference
(Congress has not focused on ACA systems), or complexity (states have
built well-designed exchanges). The reason is plain old incompetence and
arrogance.
After enactment of the ACA, the former administrator of
the Centers for Medicare and Medicaid Services (CMS), Donald Berwick,
had the responsibility of creating systems for the exchanges, which
required peripheral support from the Social Security Administration
(SSA) and the Internal Revenue Service (IRS). Congress did not
appropriate special funding for this initiative, and Berwick was
unwilling to shift adequate funds within CMS for this critical project.
Berwick then failed to persuade HHS secretary Kathleen Sebelius to spend
one penny on this effort from her massive ACA discretionary fund.
Berwick also failed to bully SSA into paying for the entire system; he
brushed aside the blatant illegality of that approach.
Civil servants at CMS did what they could to meet the
statutory deadline—they threw together an overly simplistic system
without adequate privacy safeguards. The system’s lack of any
substantial verification of the user would leave members of the public
open to identity theft, lost periods of health insurance coverage, and
exposure of address for victims of domestic abuse and others. CMS then
tried to deflect attention from its shortcomings by falsely asserting
that it had done so to satisfy White House directives about making
electronic services user-friendly.
In reality, the beta version jammed through a few months
ago will, unless delayed and fixed, inflict on the public the most
widespread violation of the Privacy Act in our history. Almost a year
ago both I and the IRS commissioner raised strong legal objections to
the Office of Management and Budget (OMB), which has statutory oversight
responsibilities for the Privacy Act. As of the time of my resignation
as commissioner of Social Security last February, OMB lawyers could not
bring themselves to bless a portal in which I could change Donald
Trump’s health insurance and he could change mine.
Incredibly, at the time of our appeal, no senior legal
official at HHS had reviewed the legal issues raised by this feature of
the ACA. It is my understanding that OMB, despite the recent furor over
this administration’s lack of respect for the privacy of citizens, has
ordered agencies to bulldoze through the Privacy Act by invoking an
absurdly broad interpretation of the Privacy Act’s “routine use”
exemption.
The Privacy Act is a general prohibition, subject to
narrow exceptions, on disclosure of records between agencies or to the
public. The “routine use” exception allows disclosure when the use of a
record is “for a purpose which is compatible with the purpose for which
it is collected.” Privacy being essential to patient care, it is
impossible to justify a “routine use” exception for a system knowingly
built in a way that will permit disclosure of intimate health care
data.
In this regard, the administration is not only preparing
to violate the law, it is also holding itself to a far lower privacy
standard than that to which it is trying to hold the private sector. In
announcing the administration’s “Consumer Privacy Bill of Rights,” last
year President Obama himself said, “American consumers can’t wait any
longer for clear rules of the road that ensure their personal
information is safe online.”
A June Government Accountability Office (GAO) report
gingerly avoided all the significant privacy and operational issues
surrounding the HHS system, and did little more than report that CMS
admitted it was behind on certain parts of the program but felt it could
catch up. Nowhere did our congressional watchdogs show any sign that
they had actually tested the system and considered its readiness for
public use.
Since the HHS inspector general and GAO have been snoozing
on their watches, it is time for Congress itself to inspect the current
version of the HHS software and decide whether delay of implementation
of the exchanges is the right course of action.
Michael Astrue served as HHS general counsel (1989-1992) and commissioner of Social Security (2007-2013).
No comments:
Post a Comment