Obamacare website: Does it violate privacy rights?

At a congressional hearing Thursday, Republicans implied that the Obamacare website violates a federal privacy law – a characterization that prompted one Democrat to say, 'I will not yield to this monkey court!'

A man looks over the Affordable Care Act signup page on the HealthCare.gov website in New York in this October 2, 2013 photo illustration.

Mike Segar/Reuters

October 24, 2013

Lawmakers in Congress exchanged heated words Thursday about the Obamacare website – and the issue they were concerned about was privacy, not just the site’s technical troubles.

Republicans implied that the website violates a federal privacy law.

Democrats objected to that characterization, with one saying, “I will not yield to this monkey court!"

Democrats begin soul-searching – and finger-pointing – after devastating loss

The privacy law at issue is the Health Insurance Portability and Accountability Act (HIPAA), which includes provisions to safeguard Americans’ privacy in the arena of health care.

At a congressional hearing Thursday on the website, an indignant Rep. Joe Barton of Texas led the Republican attack by citing a nugget of information reported recently by The Weekly Standard. The conservative publication reported that “buried in the source code of Healthcare.gov is this sentence that could prove embarrassing: ‘You have no reasonable expectation of privacy regarding any communication or data transiting or stored on this information system.’ ”

“How in the world can this be HIPAA compliant?” Representative Barton asked panelists at the hearing – federal contractors who had helped build the website.

Cheryl Campbell, an executive at the contractor CGI Federal, passed the buck on that question to the agency that took the lead role in creating the website, the Centers for Medicare & Medicaid Services.

Some technology experts, however, said it’s not unusual for source code to contain extraneous verbiage that’s not relevant or intended to be read by users. The Weekly Standard article itself referred to the no-privacy statement as something “not visible to users and obviously not intended as part of the terms and conditions” for use of the website.

They took up arms to fight Russia. They’ve taken up pens to express themselves.

Some Democrats at the hearing fired back at Barton.

Rep. Frank Pallone of New Jersey accused him of trying to “scare people” about the Affordable Care Act. The HIPAA privacy standards focus specifically on the sharing of personal medical information, and such information is not moving across the Obamacare website, Representative Pallone said.

It was when Barton asked Pallone to yield so he could respond that the New Jersey congressman erupted: “I will not yield to this monkey court!”

Another Democrat at the hearing made the same point about privacy, noting that the Obamacare enrollment process asks whether an individual smokes and for some other personal details (age, name, income, etc.), not for medical information.

The Health and Human Services Department, on its website, says, “the HIPAA Privacy Rule ... protects the privacy of individually identifiable health information.”

Democrats appeared to get the upper hand on the issue with their pushback. That doesn’t mean, however, that the HealthCare.gov website won’t continue to draw scrutiny and concern over privacy issues.

Several million American households are expected to enter personal information, such as about their finances and current health-insurance status, on the website in coming months. Both outside security experts and some members of Congress are concerned that the safeguarding of that information is at risk.

Rep. Mike Rogers (R) of Michigan, who also chairs the House Intelligence Committee, voiced concern that vast amounts of information, passing back and forth among Obamacare computers systems and insurance firms or other federal agencies, will be vulnerable to data theft.

“I am more nervous [than] when I got here," he said partway through the hearing.