During a Congressional hearing yesterday, Rep. Joe Barton questioned a panel of contractors about commented-out source code in healthcare.gov that tells site users that they have no reasonable expectation of privacy in using the site.
Seemingly basing his questioning on this report on The Weekly Standard, Rep. Barton stated that the hidden (commented-out) code was in direct conflict with HIPAA. With a “Gotcha!” expression on his face and the face of a staffer feeding him questions, he pushed the contractors to agree that the code was in direct violation of HIPAA. Why two contractors had ever testified that the site was HIPAA-compliant and why they didn’t just say that commented-out code has no effect on the privacy policy of the site are questions for another day, but Rep. Barton’s point about commented-out code wouldn’t make sense even if the site has promised HIPAA compliance. Hell, one of the coders could have put “By using this site, you agree that most members of Congress are idiots” in commented-out code and it would have had the same legal effect – none.
You can watch a very small part of Rep. Barton’s questioning and Rep. Frank Pallone’s subsequent testy response here:
Neither the exchanges nor healthcare.gov are covered entities under the HIPAA Privacy Rule, falling instead under the federal Privacy Act and relevant state laws, among others.
Got that, Rep. Barton? You tried to raise a privacy scare where there was none, and all you and your staffer did was display your ignorance of HIPAA to the public. You might want to be better informed on this important piece of legislation.