Last month, the Internal Revenue Service submitted a funding request to Congress in order to fulfill its stated role in the Affordable Care Act, charmingly branded as Obamacare. So far, the IRS has assigned 1,200 of its agents to implement the 18 tax provisions and 47 monitoring functions. Perhaps their most disturbing capacity will be to levy extra taxes on every individual who does not comply with the new health insurance regulations. For that, the agency intends to hire an additional 6,700 agents.
It wasn’t so long ago that the Health Insurance Portability and Accountability Act (HIPPA) was enacted by Congress. A key provision of HIPPA is to ensure the privacy of individual health care information. The U.S. Department of Health & Human Services enforces the privacy specs within health care providers and government agency systems. The department holds that, “all Federal agencies must also meet the requirements of the Privacy Act of 1974, which restricts what information about individual citizens – including any personal health information – can be shared with other agencies and with the public.”
There is a bill making its way through the U.S. House of Representatives that hopes to "prohibit the Secretary of the Treasury from enforcing the Patient Protection and Affordable Care Act and the Health Care and Education Reconciliation Act of 2010." Congressman Tom Price (R-GA) is joined by no less than 114 fellow House members in sponsoring this bill that he authored.
The notion of granting health care information to the Federal Government’s taxing agency is troublesome to Cyber Security professionals on a very basic level. This move will create a classic organizational conflict of interest condition. Access control mechanisms are expertly configured in healthcare IT systems throughout the nation in order to protect patient information and to comply with HIPPA. But for every well-designed cyber security system, the insider threat always looms as the hacker’s trump card.