RE: HR 550, which authorized "IMMUNIZATION INFORMATION SYSTEM DATA MODERNIZATION AND EXPANSION."
Thank you for your reply via email on January 4th to my inquiry as to why you voted “yea” on HR 550. In that response you stated:
“Let me begin by saying that this bill does not create a federal vaccine database or give the government access to patient vaccination records. In fact, H.R. 550 does the opposite. It makes Americans’ immunizations more secure by ensuring all data is confidential and deidentified so that it cannot be accessed by any government entity. It also enhances and modernizes immunization information systems already run by state and local governments to ensure the information in them is secured and kept private. As you can see, H.R. 550 will protect Americans by prohibiting the government from viewing their vaccination status. Additionally, this legislation establishes guardrails so that funds appropriated in the bill cannot be used to enforce vaccine mandates."
I am now even more concerned that you assert HR 550 “does not create a federal vaccine database” and that
the $400 million dollars (nearly ½ a billion, or $783 for every person residing
in Lancaster County) “cannot be used to enforce vaccine mandates” when the bill
itself contains this definition:
SEC
2824.a.1.f Definition.—In this section, the term ‘immunization information
system’ means a confidential, population-based, computerized database that
records immunization doses administered by any health care provider to persons
within the geographic area covered by that database.
I have some knowledge of government systems and how legal “safeguards” can be
circumvented. I am also very familiar with how “data sharing” can link
disparate datasets. While you may think “This bill doesn’t create a single
federal database...” quite frankly, that does not matter. If the data is
federated (e.g., maintained in separate databases but linked via interfaces)
then it is a de facto centralized database.
The first paragraph of
the bill contains clauses that make the intent clear. The IMMUNIZATION
INFORMATION SYSTEM DATA MODERNIZATION AND EXPANSION act authorizes the
secretary to “conduct activities (including with respect to interoperability,
population reporting, and bidirectional reporting) to expand, enhance, and
improve immunization information systems.” In paragraph 1.iv the bill
authorizes “... improving the secure bidirectional exchange of immunization
record data among Federal, State, local, Tribal, and territorial governmental
entities and non-governmental entities...”
While the language is
mildly technical, “bidirectional exchange” of data enables centralization. It’s
rather disingenuous to claim that the bill “does not create a federal vaccine
database.” Of course not – who does that anymore? Monolithic databases are being
migrated to clouds and similar decentralized platforms as
fast as anyone can afford. Monoliths are being replaced by layered
compute and data storage.
If publication and subscription of data were somehow constrained, there might be some support for your contention that it’s not a “database,” however
there is no such constraining language in the bill. In fact, the bill states:
"(viii) supporting real-time immunization record data exchange and reporting, to support rapid identification of immunization coverage gaps;”
Why would it need "real-time data exchange"?
It's obvious that this capability does more than limited queries for forensic analysis.
Further, the bill authorizes “(v) supporting the standardization of immunization information systems to accelerate interoperability with health information technology, including with health information technology certified under section 3001(c)(5) or with health information networks;”
While the $400
million does not authorize yet another Oracle database, it
does far, far more – it opens up every dataset at every level to real-time
exchange and access by the federal government.
The intent and result are the same: a single pane of glass can have access to all records at all data repositories. It doesn’t require a degree in data science to predict what can be done with this federated data. You assert that the act “cannot be used to enforce vaccine mandates,” and yet the bill authorizes “(ix) improving completeness of data by facilitating the capability of immunization information systems to exchange data, directly or indirectly, with immunization information systems in other jurisdictions...”
It’s curious that the “other
jurisdictions” are not defined. If they were, then the database connectivity
could be constrained. It is not, and so there are no constraints.
I read the bill through
several times and have yet to determine what “guardrails” were established to
prevent the use of the federated data for vaccine status tracking. Yet even if the
data is anonymized, it’s not a stretch to deduce the location, occupation, age,
sex, and health care system interaction frequency of who is or is not complying
with a mandate. And while the data accessible within this particular system may
be anonymized, at some point there is a linkage between record and aggregated
data. Are you absolutely certain that the resultant federated dataset cannot be
used that the anonymity is a mere chimera?
Like tens of thousands of others, my DoD security clearance investigation data in the Office of Personnel Management (OPM) database was hacked by the Chinese in 2013. They accessed Social Security numbers, names of relatives, place of birth, every address I’ve ever lived at, every employer, every trip to a foreign country -- everything about my background that the US Government required to process my clearance.
You were unable to protect the most private personal information of thousands of people with top-secret security clearances from being downloaded to servers in China. OPM did not admit this until 2015.
Over a year later I received a letter informing me I would be given “free identity theft protection” for three years.
Pardon me if assurances from the same government that “guardrails” will protect medical records are met with skepticism.
Therefore, I am still disappointed that you voted to approve this bill, both for its unconstrained scope and for its huge price tag. But of more concern is the inexorable march towards centralization which only ends up with more control for a few and fewer liberties for the many.
