Stand up for the facts!

Our only agenda is to publish the truth so you can be an informed participant in democracy.
We need your help.

More Info

I would like to contribute

By Julie Kliegman October 29, 2013 users 'waive any reasonable right to privacy,' Rep. Barton says

With a host of technical problems at the website, critics of President Barack Obama’s health care law have gone on the offensive.

Among the claims we've heard recently, Rep. Joe Barton, R-Texas, said people visiting are unwittingly waiving their privacy rights.

Barton told Fox News that there's a problem in the source code that seems to contradict HIPAA, the 1996 law that, among other things, protects the privacy of patients’ sensitive data.

"Hidden in the code, there is a sentence that says you waive any reasonable right to privacy of your personal information, the transiting of it or the storage of it," Barton said.

We decided to take a peek under’s hood to see if Barton, the chairman emeritus of the House Energy and Commerce Committee, was right that people are waiving their privacy rights if they use the site.

The source code

Barton’s spokesman sent us the code he referenced during the hearing. It’s the same code the Washington Post published with their own analysis. This is the website’s HTML markup, which is the main language developers use to write websites.

The line in question reads, "You have no reasonable expectation of privacy regarding any communication or data transiting or stored on this information system."

There’s a couple of important HTML symbols around that section of the code, on lines 1406 and 1411. The section starts with a <!-- and ends with -->. That means all the content in between is "commented out," a web development term that tells everything enclosed to not display on the user’s screen.

Clay Johnson, the founder of the company that built President Barack Obama’s 2008 online campaign, said it’s a common technique for developers who want to delete something from a site’s appearance without permanently losing it.

The text is also a standard disclaimer for government websites, as an advanced Google search Johnson ran pointed out. It could’ve been easily copied by a developer as placeholder text.

Spokeswoman Linda Odorisio of CGI Federal, one of the main government contractors that built the site and was responsible for that portion of code, told us that line wasn’t meant to be in the code at all. Rather, it was meant for exchange employees who have access to consumer data.

"It informs them that their interaction with data in the system is monitored and tracked to ensure consumer privacy," she said.

Consumer privacy

Barton pulled up the code at the hearing as a way of backing up his claim that isn’t compliant with HIPAA regulations on privacy.

Parts of Obama’s law must be compliant with HIPAA, but not the website itself, since HIPAA covers health care providers, health plans and health care clearinghouses.

That doesn’t mean the site doesn’t have privacy regulations in place, as we’ve noted before. The Affordable Care Act outlines processes for ensuring privacy and complying with existing privacy regulations.

As for the "hidden" code, users can’t legally accept a waiver they can’t see, so they can’t possibly be waiving their right to privacy.

The Department of Health and Human Services, the agency that oversees the marketplace, referred us to the site’s privacy policy, which addresses what officials can and can’t do with your sensitive information. They can use what you input only to confirm your eligibility to buy a marketplace premium.

In other words, the lines inserted in the code may be embarrassing, but they carry no legal weight.

"It’s bizarre and kind of sad to see that that would even be put in there as a comment note because that doesn’t accurately represent the privacy protections in place," said Christopher Rasmussen, a Health Privacy Project senior policy analyst.

Our ruling

Barton claimed has "hidden" code indicating that consumers waive their rights to privacy when they apply for insurance. The website’s markup does include a sentence along these lines that isn’t visible to the user. But because it’s not displayed to the public, it carries no legal weight and consumers can’t consent to it. Bottom line, it doesn’t change a thing about the privacy protections in place at We rate Barton’s claim False.

Our Sources

The Atlantic Wire, "Congressman Lashes Out in Obamacare Hearing: This is a ‘Monkey Court!’ " Oct. 24, 2013

Email interview with Clay Johnson, federal government open source expert, Oct. 28, 2013

Email interview with Fabien Levy, U.S. Department of Health and Human Services press secretary, Oct. 28, 2013

Email interview with Linda Odorisio, CGI Federal spokeswoman, Oct. 28, 2013

Email interview with Sean Brown, Rep. Joe Barton’s spokesman, Oct. 29, 2013

Fox News, " ‘Monkey Court?’ Rep. Joe Barton Defends Obamacare Hearings," Oct. 25, 2013

Mother Jones, "4 Ways the Hearing Was Not About," Oct. 24, 2013

PCWorld, "Contractors: More Testing of Was Needed," Oct. 24, 2013

Phone interview with Abner Weintraub, The HIPAA Group co-founder, Oct. 29, 2013

Phone interview with Christopher Rasmussen, Health Privacy Project analyst, Oct. 28, 2013, "Privacy Policy," accessed Oct. 28, 2013

PolitiFact, "The Health Care Marketplaces Have ‘No Privacy Protections,’ Cotton says," Oct. 9, 2013

U.S. Department of Health and Human Services, "What Is a ‘Covered Entity’ Under HIPAA?" accessed Oct. 29, 2013

U.S. Government Printing Office, "The Patient Protection and Affordable Care Act," March 23, 2010

Washington Post, "The Biggest Fight at the Obamacare Hearing Was Over These 47 Lines of Code," Oct. 24, 2013

Browse the Truth-O-Meter

More by Julie Kliegman users 'waive any reasonable right to privacy,' Rep. Barton says

Support independent fact-checking.
Become a member!

In a world of wild talk and fake news, help us stand up for the facts.

Sign me up