"Hidden" in the healthcare.gov code is language that means users "waive any reasonable right to privacy of your personal information."

Joe Barton on Thursday, October 24th, 2013 in a Fox News interview

Healthcare.gov users 'waive any reasonable right to privacy,' Rep. Barton says

With a host of technical problems at the healthcare.gov website, critics of President Barack Obama’s health care law have gone on the offensive.

Among the claims we've heard recently, Rep. Joe Barton, R-Texas, said people visiting healthcare.gov are unwittingly waiving their privacy rights.

Barton told Fox News that there's a problem in the source code that seems to contradict HIPAA, the 1996 law that, among other things, protects the privacy of patients’ sensitive data.

"Hidden in the code, there is a sentence that says you waive any reasonable right to privacy of your personal information, the transiting of it or the storage of it," Barton said.

We decided to take a peek under healthcare.gov’s hood to see if Barton, the chairman emeritus of the House Energy and Commerce Committee, was right that people are waiving their privacy rights if they use the site.

The source code

Barton’s spokesman sent us the code he referenced during the hearing. It’s the same code the Washington Post published with their own analysis. This is the website’s HTML markup, which is the main language developers use to write websites.

The line in question reads, "You have no reasonable expectation of privacy regarding any communication or data transiting or stored on this information system."

There’s a couple of important HTML symbols around that section of the code, on lines 1406 and 1411. The section starts with a <!-- and ends with -->. That means all the content in between is "commented out," a web development term that tells everything enclosed to not display on the user’s screen.

Clay Johnson, the founder of the company that built President Barack Obama’s 2008 online campaign, said it’s a common technique for developers who want to delete something from a site’s appearance without permanently losing it.

The text is also a standard disclaimer for government websites, as an advanced Google search Johnson ran pointed out. It could’ve been easily copied by a developer as placeholder text.

Spokeswoman Linda Odorisio of CGI Federal, one of the main government contractors that built the site and was responsible for that portion of code, told us that line wasn’t meant to be in the code at all. Rather, it was meant for exchange employees who have access to consumer data.

"It informs them that their interaction with data in the system is monitored and tracked to ensure consumer privacy," she said.

Consumer privacy

Barton pulled up the code at the hearing as a way of backing up his claim that healthcare.gov isn’t compliant with HIPAA regulations on privacy.

Parts of Obama’s law must be compliant with HIPAA, but not the website itself, since HIPAA covers health care providers, health plans and health care clearinghouses.

That doesn’t mean the site doesn’t have privacy regulations in place, as we’ve noted before. The Affordable Care Act outlines processes for ensuring privacy and complying with existing privacy regulations.

As for the "hidden" code, users can’t legally accept a waiver they can’t see, so they can’t possibly be waiving their right to privacy.

The Department of Health and Human Services, the agency that oversees the marketplace, referred us to the site’s privacy policy, which addresses what officials can and can’t do with your sensitive information. They can use what you input only to confirm your eligibility to buy a marketplace premium.

In other words, the lines inserted in the code may be embarrassing, but they carry no legal weight.

"It’s bizarre and kind of sad to see that that would even be put in there as a comment note because that doesn’t accurately represent the privacy protections in place," said Christopher Rasmussen, a Health Privacy Project senior policy analyst.

Our ruling

Barton claimed healthcare.gov has "hidden" code indicating that consumers waive their rights to privacy when they apply for insurance. The website’s markup does include a sentence along these lines that isn’t visible to the user. But because it’s not displayed to the public, it carries no legal weight and consumers can’t consent to it. Bottom line, it doesn’t change a thing about the privacy protections in place at healthcare.gov. We rate Barton’s claim False.