An intensive care nurse treat a patient at intensive care unit at the Klinikum Bad Hersfeld hospital on March 20, 2020 in Bad Hersfeld, Germany. (Photo: Thomas Lohnes/Getty Images)
No to Expanded HHS Surveillance of COVID-19 Patients
The new program called HHS Protect poses a grave threat to the data privacy of all Americans.
The federal government plans to process more of our personal data, in the name of containing COVID-19, but without showing that this serious privacy intrusion would actually do anything to protect public health. EFF filed comments in opposition to these new plans from the U.S. Department of Health and Human Services (HHS).
The U.S. Centers for Disease Control (CDC) leads our nation's efforts to contain infectious diseases. Thus, CDC for decades has managed the federal government's processing of personal data about infection. It did so during the early months of the COVID-19 outbreak. But in July 2020, HHS stripped this tracking authority from the CDC, and transferred it to a new program called "HHS Protect."
HHS issued two new Systems of Records Notices (SORNs) about this new HHS program. The federal Privacy Act requires federal agencies to issue SORNs to advise people about personally identifiable information that the government maintains about them.
Unfortunately, HHS Protect poses a grave threat to the data privacy of all Americans. As set forth in the SORNs, it would greatly expand how the federal government collects, uses, maintains, and shares all manner of personal information. We highlighted the following ways that HHS Protect would substantially burden privacy without a necessary or proportionate benefit to protecting public health.
New data collection. The SORNs would allow collection of personal information about physical and psychological health history, drug and alcohol use, diet, employment, and more. Data collected would also include "geospatial records," which countless research has shown is difficult to de-identify. Data would be collected not just about people who test positive, but also about their family members, as well as people who test negative, and perhaps people who have not tested at all. Data would be collected from countless different sources, including federal, state, and local governments, their contractors, the healthcare industry, and patients' family members.
New data sharing. The SORNs would allow sharing of these vast sets of data with additional federal agencies, unspecified outside contractors, and even "student volunteers." These additional federal agencies would be allowed, in turn, to share the data with their contractors. Patient consent would not be required for this sharing.
New data use. The SORNs would allow use of this data in litigation and "other proceedings" whenever the federal government has "an interest" in them (such use now is allowed only when HHS is a defendant in litigation).
New data storing. The SORNs would allow permanent retention of data with "significant historical and/or research value" (retention now is limited to four years).
No doubt, the ongoing COVID-19 crisis requires a coordinated governmental response, which in turn requires robust data concerning the spread of the disease. But HHS has made no showing that CDC's existing epidemiological data systems are not up to the task.
Thus, EFF filed comments with HHS, asking the agency to withdraw these two SORNs. They violate the Privacy Act and create new threats to privacy without any showing of public health benefit.
Urgent. It's never been this bad.
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission from the outset was simple. To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It’s never been this bad out there. And it’s never been this hard to keep us going. At the very moment Common Dreams is most needed and doing some of its best and most important work, the threats we face are intensifying. Right now, with just two days to go in our Spring Campaign, we're falling short of our make-or-break goal. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Can you make a gift right now to make sure Common Dreams not only survives but thrives? There is no backup plan or rainy day fund. There is only you. —Craig Brown, Co-founder |
The federal government plans to process more of our personal data, in the name of containing COVID-19, but without showing that this serious privacy intrusion would actually do anything to protect public health. EFF filed comments in opposition to these new plans from the U.S. Department of Health and Human Services (HHS).
The U.S. Centers for Disease Control (CDC) leads our nation's efforts to contain infectious diseases. Thus, CDC for decades has managed the federal government's processing of personal data about infection. It did so during the early months of the COVID-19 outbreak. But in July 2020, HHS stripped this tracking authority from the CDC, and transferred it to a new program called "HHS Protect."
HHS issued two new Systems of Records Notices (SORNs) about this new HHS program. The federal Privacy Act requires federal agencies to issue SORNs to advise people about personally identifiable information that the government maintains about them.
Unfortunately, HHS Protect poses a grave threat to the data privacy of all Americans. As set forth in the SORNs, it would greatly expand how the federal government collects, uses, maintains, and shares all manner of personal information. We highlighted the following ways that HHS Protect would substantially burden privacy without a necessary or proportionate benefit to protecting public health.
New data collection. The SORNs would allow collection of personal information about physical and psychological health history, drug and alcohol use, diet, employment, and more. Data collected would also include "geospatial records," which countless research has shown is difficult to de-identify. Data would be collected not just about people who test positive, but also about their family members, as well as people who test negative, and perhaps people who have not tested at all. Data would be collected from countless different sources, including federal, state, and local governments, their contractors, the healthcare industry, and patients' family members.
New data sharing. The SORNs would allow sharing of these vast sets of data with additional federal agencies, unspecified outside contractors, and even "student volunteers." These additional federal agencies would be allowed, in turn, to share the data with their contractors. Patient consent would not be required for this sharing.
New data use. The SORNs would allow use of this data in litigation and "other proceedings" whenever the federal government has "an interest" in them (such use now is allowed only when HHS is a defendant in litigation).
New data storing. The SORNs would allow permanent retention of data with "significant historical and/or research value" (retention now is limited to four years).
No doubt, the ongoing COVID-19 crisis requires a coordinated governmental response, which in turn requires robust data concerning the spread of the disease. But HHS has made no showing that CDC's existing epidemiological data systems are not up to the task.
Thus, EFF filed comments with HHS, asking the agency to withdraw these two SORNs. They violate the Privacy Act and create new threats to privacy without any showing of public health benefit.
The federal government plans to process more of our personal data, in the name of containing COVID-19, but without showing that this serious privacy intrusion would actually do anything to protect public health. EFF filed comments in opposition to these new plans from the U.S. Department of Health and Human Services (HHS).
The U.S. Centers for Disease Control (CDC) leads our nation's efforts to contain infectious diseases. Thus, CDC for decades has managed the federal government's processing of personal data about infection. It did so during the early months of the COVID-19 outbreak. But in July 2020, HHS stripped this tracking authority from the CDC, and transferred it to a new program called "HHS Protect."
HHS issued two new Systems of Records Notices (SORNs) about this new HHS program. The federal Privacy Act requires federal agencies to issue SORNs to advise people about personally identifiable information that the government maintains about them.
Unfortunately, HHS Protect poses a grave threat to the data privacy of all Americans. As set forth in the SORNs, it would greatly expand how the federal government collects, uses, maintains, and shares all manner of personal information. We highlighted the following ways that HHS Protect would substantially burden privacy without a necessary or proportionate benefit to protecting public health.
New data collection. The SORNs would allow collection of personal information about physical and psychological health history, drug and alcohol use, diet, employment, and more. Data collected would also include "geospatial records," which countless research has shown is difficult to de-identify. Data would be collected not just about people who test positive, but also about their family members, as well as people who test negative, and perhaps people who have not tested at all. Data would be collected from countless different sources, including federal, state, and local governments, their contractors, the healthcare industry, and patients' family members.
New data sharing. The SORNs would allow sharing of these vast sets of data with additional federal agencies, unspecified outside contractors, and even "student volunteers." These additional federal agencies would be allowed, in turn, to share the data with their contractors. Patient consent would not be required for this sharing.
New data use. The SORNs would allow use of this data in litigation and "other proceedings" whenever the federal government has "an interest" in them (such use now is allowed only when HHS is a defendant in litigation).
New data storing. The SORNs would allow permanent retention of data with "significant historical and/or research value" (retention now is limited to four years).
No doubt, the ongoing COVID-19 crisis requires a coordinated governmental response, which in turn requires robust data concerning the spread of the disease. But HHS has made no showing that CDC's existing epidemiological data systems are not up to the task.
Thus, EFF filed comments with HHS, asking the agency to withdraw these two SORNs. They violate the Privacy Act and create new threats to privacy without any showing of public health benefit.