On Monday, four U.S. lawmakers from California sent a letter to Covered California Executive Director Peter Lee raising privacy concerns about the exchange’s plan to analyze enrollee data, Politico‘s “Morning eHealth” reports (Pittman/Tahir, “Morning eHealth,” Politico, 7/21).
Background
In April, Covered California entered a five-year, $9.3 million contract with Truven Health Analytics to collect insurer data on enrollees’:
- Hospital stays;
- Physician visits; and
- Prescriptions.
The exchange plans to collect the data on how exchange enrollees use their health coverage in an effort to measure care quality, hold insurers and providers accountable and potentially negotiate better premiums.
Under the initiative, Truven will strip identifying information from the data before sending the information to state researchers (California Healthline, 6/22).
Details of Letter
The letter was sent by California Reps.:
- Tony Cárdenas (D);
- Judy Chu (D);
- Mark DeSaulnier (D); and
- Anna Eshoo (D).
In the letter, the lawmakers raised concerns that consumers’ data were not adequately protected against cyberthreats (“Morning eHealth,” Politico, 7/21).
According to a release, the lawmakers’ concerns were prompted by recent cyberattacks and data breaches in California affecting millions of state residents (Cárdenas release, 7/20).
The lawmakers in the letter wrote that they “are concerned about the cybersecurity and privacy risks involved in collecting such a large volume of sensitive data ” Specifically, they expressed concerns about:
- How the exchange will inform consumers about how their data are being used;
- How the data will be encrypted;
- Notification policies for potential data breaches;
- What measure Covered California and its subcontractors are taking to ensure cybersecurity; and
- Whether consumers will be able to opt out of medical data collection (Lawmakers’ letter, 7/20).
Meanwhile, Cárdenas added, “The state and Covered California absolutely must take every step possible to ensure these records are completely protected during any data mining operations” (Cárdenas release, 7/20).