PogoWasRight.org

Menu
  • About
  • Privacy
Menu

No to Expanded HHS Surveillance of COVID-19 Patients

Posted on August 17, 2020 by pogowasright.org

Adam Schwartz writes:

The federal government plans to process more of our personal data, in the name of containing COVID-19, but without showing that this serious privacy intrusion would actually do anything to protect public health. EFF filed comments in opposition to these new plans from the U.S. Department of Health and Human Services (HHS).

The U.S. Centers for Disease Control (CDC) leads our nation’s efforts to contain infectious diseases. Thus, CDC for decades has managed the federal government’s processing of personal data about infection. It did so during the early months of the COVID-19 outbreak. But in July 2020, HHS stripped this tracking authority from the CDC, and transferred it to a new program called “HHS Protect.”

HHS issued two new Systems of Records Notices (SORNs) about this new HHS program. The federal Privacy Act requires federal agencies to issue SORNs to advise people about personally identifiable information that the government maintains about them.

Unfortunately, HHS Protect poses a grave threat to the data privacy of all Americans. As set forth in the SORNs, it would greatly expand how the federal government collects, uses, maintains, and shares all manner of personal information. We highlighted the following ways that HHS Protect would substantially burden privacy without a necessary or proportionate benefit to protecting public health.

New data collection. The SORNs would allow collection of personal information about physical and psychological health history, drug and alcohol use, diet, employment, and more. Data collected would also include “geospatial records,” which countless research has shown is difficult to de-identify. Data would be collected not just about people who test positive, but also about their family members, as well as people who test negative, and perhaps people who have not tested at all. Data would be collected from countless different sources, including federal, state, and local governments, their contractors, the healthcare industry, and patients’ family members.

New data sharing. The SORNs would allow sharing of these vast sets of data with additional federal agencies, unspecified outside contractors, and even “student volunteers.” These additional federal agencies would be allowed, in turn, to share the data with their contractors. Patient consent would not be required for this sharing.

New data use. The SORNs would allow use of this data in litigation and “other proceedings” whenever the federal government has “an interest” in them (such use now is allowed only when HHS is a defendant in litigation).

New data storing. The SORNs would allow permanent retention of data with “significant historical and/or research value” (retention now is limited to four years).

No doubt, the ongoing COVID-19 crisis requires a coordinated governmental response, which in turn requires robust data concerning the spread of the disease. But HHS has made no showing that CDC’s existing epidemiological data systems are not up to the task.

Thus, EFF filed comments with HHS, asking the agency to withdraw these two SORNs. They violate the Privacy Act and create new threats to privacy without any showing of public health benefit.

Source: EFF

Category: HealthcareSurveillanceU.S.

Post navigation

← Privacy news stories you may have missed
GAO Releases Report on Privacy, Discrimination Risks of Facial Recognition →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • FTC dismisses privacy concerns in Google breakup
  • ARC sells airline ticket records to ICE and others
  • Clothing Retailer, Todd Snyder, Inc., Settles CPPA Allegations Regarding California Consumer Privacy Act Violations
  • US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car
  • Google agrees to pay Texas $1.4 billion data privacy settlement
  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed

RSS Recent Posts on DataBreaches.net

  • International cybercrime tackled: Amsterdam police and FBI dismantle proxy service Anyproxy
  • Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
  • N.W.T.’s medical record system under the microscope after 2 reported cases of snooping
  • Department of Justice says Berkeley Research Group data breach may have exposed information on diocesan sex abuse survivors
  • Masimo Manufacturing Facilities Hit by Cyberattack
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy