The Truth-O-Meter Says:
Barton

"Hidden" in the healthcare.gov code is language that means users "waive any reasonable right to privacy of your personal information."

Joe Barton on Thursday, October 24th, 2013 in a Fox News interview

Healthcare.gov users 'waive any reasonable right to privacy,' Rep. Barton says

With a host of technical problems at the healthcare.gov website, critics of President Barack Obama’s health care law have gone on the offensive.

Among the claims we've heard recently, Rep. Joe Barton, R-Texas, said people visiting healthcare.gov are unwittingly waiving their privacy rights.

Barton told Fox News that there's a problem in the source code that seems to contradict HIPAA, the 1996 law that, among other things, protects the privacy of patients’ sensitive data.

"Hidden in the code, there is a sentence that says you waive any reasonable right to privacy of your personal information, the transiting of it or the storage of it," Barton said.

We decided to take a peek under healthcare.gov’s hood to see if Barton, the chairman emeritus of the House Energy and Commerce Committee, was right that people are waiving their privacy rights if they use the site.

The source code

Barton’s spokesman sent us the code he referenced during the hearing. It’s the same code the Washington Post published with their own analysis. This is the website’s HTML markup, which is the main language developers use to write websites.

The line in question reads, "You have no reasonable expectation of privacy regarding any communication or data transiting or stored on this information system."

There’s a couple of important HTML symbols around that section of the code, on lines 1406 and 1411. The section starts with a <!-- and ends with -->. That means all the content in between is "commented out," a web development term that tells everything enclosed to not display on the user’s screen.

Clay Johnson, the founder of the company that built President Barack Obama’s 2008 online campaign, said it’s a common technique for developers who want to delete something from a site’s appearance without permanently losing it.

The text is also a standard disclaimer for government websites, as an advanced Google search Johnson ran pointed out. It could’ve been easily copied by a developer as placeholder text.

Spokeswoman Linda Odorisio of CGI Federal, one of the main government contractors that built the site and was responsible for that portion of code, told us that line wasn’t meant to be in the code at all. Rather, it was meant for exchange employees who have access to consumer data.

"It informs them that their interaction with data in the system is monitored and tracked to ensure consumer privacy," she said.

Consumer privacy

Barton pulled up the code at the hearing as a way of backing up his claim that healthcare.gov isn’t compliant with HIPAA regulations on privacy.

Parts of Obama’s law must be compliant with HIPAA, but not the website itself, since HIPAA covers health care providers, health plans and health care clearinghouses.

That doesn’t mean the site doesn’t have privacy regulations in place, as we’ve noted before. The Affordable Care Act outlines processes for ensuring privacy and complying with existing privacy regulations.

As for the "hidden" code, users can’t legally accept a waiver they can’t see, so they can’t possibly be waiving their right to privacy.

The Department of Health and Human Services, the agency that oversees the marketplace, referred us to the site’s privacy policy, which addresses what officials can and can’t do with your sensitive information. They can use what you input only to confirm your eligibility to buy a marketplace premium.

In other words, the lines inserted in the code may be embarrassing, but they carry no legal weight.

"It’s bizarre and kind of sad to see that that would even be put in there as a comment note because that doesn’t accurately represent the privacy protections in place," said Christopher Rasmussen, a Health Privacy Project senior policy analyst.

Our ruling

Barton claimed healthcare.gov has "hidden" code indicating that consumers waive their rights to privacy when they apply for insurance. The website’s markup does include a sentence along these lines that isn’t visible to the user. But because it’s not displayed to the public, it carries no legal weight and consumers can’t consent to it. Bottom line, it doesn’t change a thing about the privacy protections in place at healthcare.gov. We rate Barton’s claim False.

Advertisement
About this statement:

Published: Tuesday, October 29th, 2013 at 5:50 p.m.

Subjects: Health Care, Privacy, Technology

Sources:

The Atlantic Wire, "Congressman Lashes Out in Obamacare Hearing: This is a ‘Monkey Court!’ " Oct. 24, 2013

Email interview with Clay Johnson, federal government open source expert, Oct. 28, 2013

Email interview with Fabien Levy, U.S. Department of Health and Human Services press secretary, Oct. 28, 2013

Email interview with Linda Odorisio, CGI Federal spokeswoman, Oct. 28, 2013

Email interview with Sean Brown, Rep. Joe Barton’s spokesman, Oct. 29, 2013

Fox News, " ‘Monkey Court?’ Rep. Joe Barton Defends Obamacare Hearings," Oct. 25, 2013

Mother Jones, "4 Ways the Healthcare.gov Hearing Was Not About Healthcare.gov," Oct. 24, 2013

PCWorld, "Contractors: More Testing of Healthcare.gov Was Needed," Oct. 24, 2013

Phone interview with Abner Weintraub, The HIPAA Group co-founder, Oct. 29, 2013

Phone interview with Christopher Rasmussen, Health Privacy Project analyst, Oct. 28, 2013

Healthcare.gov, "Privacy Policy," accessed Oct. 28, 2013

PolitiFact, "The Health Care Marketplaces Have ‘No Privacy Protections,’ Cotton says," Oct. 9, 2013

U.S. Department of Health and Human Services, "What Is a ‘Covered Entity’ Under HIPAA?" accessed Oct. 29, 2013

U.S. Government Printing Office, "The Patient Protection and Affordable Care Act," March 23, 2010

Washington Post, "The Biggest Fight at the Obamacare Hearing Was Over These 47 Lines of Code," Oct. 24, 2013

Written by: Julie Kliegman
Researched by: Julie Kliegman
Edited by: Louis Jacobson

How to contact us:

We want to hear your suggestions and comments.

For tips or comments on our Obameter and our GOP-Pledge-O-Meter promise databases, please e-mail the Obameter. If you are commenting on a specific promise, please include the wording of the promise.

For comments about our Truth-O-Meter or Flip-O-Meter items, please e-mail the Truth-O-Meter. We’re especially interested in seeing any chain e-mails you receive that you would like us to check out. If you send us a comment, we'll assume you don't mind us publishing it unless you tell us otherwise.

Browse The Truth-O-MeterTM:
Subscribe: