Thursday, January 6, 2022

HR 550 IMMUNIZATION INFORMATION SYSTEM DATA MODERNIZATION AND EXPANSION

RE: HR 550, which authorized "IMMUNIZATION INFORMATION SYSTEM DATA MODERNIZATION AND EXPANSION."

Thank you for your reply via email on January 4th to my inquiry as to why you voted “yea” on HR 550. In that response you stated:

“Let me begin by saying that this bill does not create a federal vaccine database or give the government access to patient vaccination records. In fact, H.R. 550 does the opposite. It makes Americans’ immunizations more secure by ensuring all data is confidential and deidentified so that it cannot be accessed by any government entity. It also enhances and modernizes immunization information systems already run by state and local governments to ensure the information in them is secured and kept private. As you can see, H.R. 550 will protect Americans by prohibiting the government from viewing their vaccination status. Additionally, this legislation establishes guardrails so that funds appropriated in the bill cannot be used to enforce vaccine mandates." 

I am now even more concerned that you assert HR 550 “does not create a federal vaccine database” and that the $400 million dollars (nearly ½ a billion, or $783 for every person residing in Lancaster County) “cannot be used to enforce vaccine mandates” when the bill itself contains this definition:

SEC 2824.a.1.f Definition.—In this section, the term ‘immunization information system’ means a confidential, population-based, computerized database that records immunization doses administered by any health care provider to persons within the geographic area covered by that database.

I have some knowledge of government systems and how legal “safeguards” can be circumvented. I am also very familiar with how “data sharing” can link disparate datasets. While you may think “This bill doesn’t create a single federal database...” quite frankly, that does not matter. If the data is federated (e.g., maintained in separate databases but linked via interfaces) then it is a de facto centralized database.

The first paragraph of the bill contains clauses that make the intent clear. The IMMUNIZATION INFORMATION SYSTEM DATA MODERNIZATION AND EXPANSION act authorizes the secretary to “conduct activities (including with respect to interoperability, population reporting, and bidirectional reporting) to expand, enhance, and improve immunization information systems.” In paragraph 1.iv the bill authorizes “... improving the secure bidirectional exchange of immunization record data among Federal, State, local, Tribal, and territorial governmental entities and non-governmental entities...”

While the language is mildly technical, “bidirectional exchange” of data enables centralization. It’s rather disingenuous to claim that the bill “does not create a federal vaccine database.” Of course not – who does that anymore? Monolithic databases are being migrated to clouds and similar decentralized platforms as fast as anyone can afford. Monoliths are being replaced by layered compute and data storage.

If publication and subscription of data were somehow constrained, there might be some support for your contention that it’s not a “database,” however there is no such constraining language in the bill. In fact, the bill states:

"(viii) supporting real-time immunization record data exchange and reporting, to support rapid identification of immunization coverage gaps;”

Why would it need "real-time data exchange"?

It's obvious that this capability does more than limited queries for forensic analysis.

Further, the bill authorizes “(v) supporting the standardization of immunization information systems to accelerate interoperability with health information technology, including with health information technology certified under section 3001(c)(5) or with health information networks;”

While the $400 million does not authorize yet another Oracle database, it does far, far more – it opens up every dataset at every level to real-time exchange and access by the federal government.

The intent and result are the same: a single pane of glass can have access to all records at all data repositories. It doesn’t require a degree in data science to predict what can be done with this federated data. You assert that the act “cannot be used to enforce vaccine mandates,” and yet the bill authorizes “(ix) improving completeness of data by facilitating the capability of immunization information systems to exchange data, directly or indirectly, with immunization information systems in other jurisdictions...”

It’s curious that the “other jurisdictions” are not defined. If they were, then the database connectivity could be constrained. It is not, and so there are no constraints.

I read the bill through several times and have yet to determine what “guardrails” were established to prevent the use of the federated data for vaccine status tracking. Yet even if the data is anonymized, it’s not a stretch to deduce the location, occupation, age, sex, and health care system interaction frequency of who is or is not complying with a mandate. And while the data accessible within this particular system may be anonymized, at some point there is a linkage between record and aggregated data. Are you absolutely certain that the resultant federated dataset cannot be used that the anonymity is a mere chimera?

Like tens of thousands of others, my DoD security clearance investigation data in the Office of Personnel Management (OPM) database was hacked by the Chinese in 2013. They accessed Social Security numbers, names of relatives, place of birth, every address I’ve ever lived at, every employer, every trip to a foreign country -- everything about my background that the US Government required to process my clearance. 

You were unable to protect the most private personal information of thousands of people with top-secret security clearances from being downloaded to servers in China. OPM did not admit this until 2015.

Over a year later I received a letter informing me I would be given “free identity theft protection” for three years. 

Pardon me if assurances from the same government that “guardrails” will protect medical records are met with skepticism. 

Therefore, I am still disappointed that you voted to approve this bill, both for its unconstrained scope and for its huge price tag. But of more concern is the inexorable march towards centralization which only ends up with more control for a few and fewer liberties for the many.

The Assertion that Firearms are designed to kill

A common "talking point" circulating in the "gun control" debate is: "Firearms are designed to kill." I have s...