According to web security experts, the ObamaCare website, www.HealthCare.gov, is not following best practices when it comes to protecting Americans’ private information.
A government data warehouse stores personal information forever on millions of people who seek coverage under President Obama’s health care law, including those who open an account on HealthCare.gov but don’t sign up for coverage. At a time when major breaches have become distressingly common, the vast scope of the information — and the lack of a clear plan for destroying old records — have raised concerns about privacy and the government’s judgment on technology.
“A basic privacy principle is that you don’t retain data any longer than you have to,” said Lee Tien, a senior staff attorney with the Electronic Frontier Foundation. “The more data you keep, the more harm an attacker or unauthorized person can do.”
Electronic record-keeping systems are standard for businesses and government agencies. But they are supposed to have limits on how long data is kept. The health care system, known as MIDAS, is described on a federal website as the “perpetual central repository” for information that the Affordable Care Act authorizes federal agencies to collect.
“Data in MIDAS is maintained indefinitely at this time,” says another document, a government privacy assessment dated Jan. 15. It lists the kinds of information stored, including names, Social Security numbers, birthdates, addresses, phone numbers, passport numbers, employment status and financial accounts.
Considering all the errors and hiccups that Heathcare.gov suffered from during the initial launch of the ObamaCare website, some might say your private information MIDAS well be public information. (You see what I did there?)