HIPAA/HITECH
,
Standards, Regulations & Compliance
California AG Leads Effort to Prohibit DHS, ICE From Accessing Personal Health Data
California and 19 other states’ attorneys general are suing the Trump administration to stop the U.S. Department of Health and Human Services’ from allegedly disclosing Medicaid beneficiaries’ personal health information to the Department of Homeland Security and its Immigration and Customs Enforcement agency.
See Also: Using the Netskope HIPAA Mapping Guide
California Attorney General Rob Bonta on Tuesday announced the lawsuit accusing the Trump administration of upending “longstanding privacy protections with its decision to illegally share sensitive, personal health data with ICE” as part of President Trump’s “anti-immigration” campaign.
Since Congress enacted the Medicaid Act 70 years ago, “federal law, policy and practice has been clear: The personal healthcare data collected about beneficiaries of the program is confidential, to be shared only in certain narrow circumstances that benefit public health and the integrity of the Medicaid program itself,” Bonta said.
But in mid-June, California and other states learned that Medicaid data files containing personal health records for millions of people were released to DHS for the creation of a federal database to assist in “mass deportations” and other large-scale immigration enforcement purposes, the states allege.
The lawsuit filed in a Northern California federal court seeks to block any new disclosures or uses of Medicaid data for immigration purposes.
The litigation claims the Trump administration in allegedly sharing Medicaid health data with DHS and ICE for immigration enforcement is in violation of several federal laws and regulations, including HIPAA, the Federal Information Security Modernization Act and Privacy Act.
Some personal data is exchanged between the states and the federal government for administering Medicaid, including verifying eligibility for federal funding. But, “historically, DHS has acknowledged that the Medicaid Act and other federal healthcare authorities foreclose the use of Medicaid personal information for immigration enforcement purposes,” Bonta said.
“Yet now, the federal government appears to have – without formal acknowledgment – adopted a new policy that allows for the wholesale disclosure and use of state residents’ personal Medicaid data for purposes unrelated to Medicaid program administration,” he said.
Other states joining California in the lawsuit include Arizona, Colorado, Connecticut, Delaware, Hawaii, Illinois, Massachusetts, Maine, Maryland, Michigan, Minnesota, Nevada, New Jersey, New Mexico, New York, Oregon, Rhode Island, Vermont and Washington.
New Jersey Attorney General Matthew Platkin in a statement said the disclosure of Medicaid information to ICE may hinder many people – including parents with children, low income individuals and pregnant women – from enrolling in Medicaid and seeking medical care due to fear that their privacy will be violated.
“This will not prevent people from getting sick – instead, it will cause them to become even sicker, putting them at risk for death or disability – and will leave state taxpayers footing tremendous bills for uncompensated care delivered through hospital emergency departments,” Platkin said.
HHS did not immediately respond to Information Security Media Group’s request for comment on the lawsuit.