Letter from Rep. Dick Armey (R-TX) to Secretary of Health and Human Services Tommy Thompson.
Re: Government issued medical ID numbers.
Date: May 15, 2001.
Source: Office of Rep. Dick Armey.

May 15, 2001

The Honorable Tommy G. Thompson
U.S. Department of Health and Human Services
200 Independence Avenue, SW
Washington, D.C. 20201

Dear Secretary Thompson,

In view of your strong commitment to privacy, I wanted to draw your attention to a serious privacy concern falling under your jurisdiction, one that predates your entrance into office but appears to be on-going.

As you know, since 1998 federal law has prohibited the development of a "unique health identifier for individuals" - a government-issued medical ID number for every American. Congress forbade the creation of such an identifier for good reason: It raises serious privacy concerns. It would enable government agencies to monitor our medical secrets in detail. It would likely be abused by private entities, as happens today with Social Security Numbers.  And it would provide a key element needed for a government takeover of health care, la Clintoncare. When press reports revealed that HHS officials were working on this concept in 1998, Vice President Gore rushed to assure the public that the project was being suspended, and Congress quickly followed with a legal prohibition. That prohibition remains in effect.

Yet, on page 147 of the May 2000 implementation guide for data standards, HHS officials instruct private health-care entities to reserve a field in their software programs for a forthcoming government-issued ID number for all Americans.  (See attached photocopy and appendix.) The document states:

The value 'ZZ', when used in this data element, shall be defined as 'HIPAA Individual Identifier' once the identifier has been adopted. Under the Health Insurance Portability and Account-ability Act of 1996, the Secretary of the Department of Health and Human Services must adopt a standard individual identi-fier for use in this transaction.

Note that this document says "when" the identifier has been adopted, not "if," and declares that HHS "must" adopt one-as if Congress had never spoken on the subject.

Mr. Secretary, are these May 2000 guidelines still in effect? If so, federal law is being violated, and I would respectfully urge you to take swift corrective action.

Imagine the implications for personal privacy if everyone had a government-issued medical ID number and the government had an unfettered search-and-seizure power over private medical records. That unfettered search-and-seizure power is currently poised to become law, thanks to the Clinton privacy regulations that are being finalized right now. The addition of a universal identifier would make that power all the more troubling.

I realize the health-care industry is more paperbound than most. But as other industries have shown, standardizing digital transactions can be achieved voluntarily through private-sector cooperation without government mandates. Even supposing the streamlining of medical claims-processing is possible only with a government-issued patient identifier, we shouldn't issue one.  Better to forego projected cost savings than to acquiesce in a major encroachment on our liberties. At the very least, a decision of this weight ought to be made by Congress after a thorough public debate, and not by anonymous bureaucrats who are disregarding the law.

Therefore, Mr. Secretary, until Congress speaks again on this subject, I would respectfully ask that you bring the medical ID project to a complete halt.

With gratitude for your continuing commitment to the rights and freedoms of the American people,

Respectfully,


DICK ARMEY
Member of Congress


APPENDIX

Universal Government-Issued Medical Identifier: Key Documents

Enacted, August 1996: "Sec. 1173(b) ... The Secretary [of HHS] shall adopt standards providing for a standard unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system." Source: Health Insurance Portability and Accountability Act of 1996 (HIPAA) (42 U.S.C. 1320d-2(b)).

Enacted, October 1998 (and re-enacted in 1999 and 2000): "Sec. 514. None of the funds made available in this Act [the HHS appropriation act for the next fiscal year] may be used to promulgate or adopt any final standard under section 1173(b) of the Social Security Act (42 U.S.C. 1320d-2(b)) providing for, or providing for the assignment of, a unique health identifier for an individual (except in an individual's capacity as an employer or a health care provider), until legislation is enacted specifically approving the standard." Source: Public Law 106-554, 106th Congress (114 STAT. 2763).

Published, under HHS auspices, May 2000: "The value 'ZZ', when used in this data element, shall be defined as 'HIPAA Individual Identifier' once the identifier has been adopted. Under the Health Insurance Portability and Accountability Act of 1996, the Secretary of the Department of Health and Human Services must adopt a standard individual identifier for use in this transaction." Source: HHS-approved May 2000 implementation guide for data standards, page 147.