Health records may fall under Patriot Act

The government plans to sign a contract August 31 with US-based Maximus to take over management of BC citizens' health and pharmaceutical records. Maximus is subject to the USA Patriot Act

by Kevin Potvin <kpotvin@republic-news.org>

The government plans to sign a contract August 31 with US-based Maximus to take over management of BC citizens’ health and pharmaceutical records. But the USA Patriot Act that would guide that company’s handling of our records directly contradicts our own Privacy Act that our government has committed any contractor to respecting.

The government of British Columbia plans to sign a contract by August 31 with Maximus Inc to let the Virginia-based company take over the creation of “a new service delivery model for MSP [Medical Services Plan] and PharmaCare.” The primary goal, says the MSP website, “is to ensure patient privacy and personal health information will continue to be protected.”

Maximus is an interesting choice if patient privacy is the government’s top priority. Because Maximus is a US-based firm, it falls under the provisions of the USA Patriot Act. This extraordinary piece of legislation allows federal intelligence agencies virtually unfettered access to all documents in the possession of US companies, without any search warrants.

Not that Maximus is run by the kind of people who would likely judge US intelligence intrusions into personal medical records to be terribly onerous. The President and CEO of Maximus, and founder of the company, is David V Mastran, who graduated with a B Sc in 1965 from United States Military Academy at West Point.

John F Boyer is president and general manager of the health sciences unit at Maximus. Immediately prior to this post, he worked inside the Pentagon doing an unidentified job, but before that, he was a neurological instructor at the US Navy’s medical center. His educational credits include a degree from the Naval Postgraduate School.

James R Thomson, Jr is a director on the board of Maximus. He is a former chairman of the President’s Intelligence Oversight Board, but currently serves as a member of the National Commission on Terrorist Attacks Upon the United States. He also sits on the board of Hollinger International.

Clay Kline is vice president of the Asset Solutions division at Maximus. Previously, he worked for Brown and Root, the huge private US military contractor, and before that, the US Air Force. He received his B Sc at the US Air Force Academy.

One of the top individual investors in Maximus is Thomas Grissen, who previous to his turn at the company directed the implementation of the national fingerprint system in the United Kingdom.

On and on it goes in ties between Maximus and the US military industrial complex. Very little of their military background seems especially suited to the task of managing storage and dissemination of health and pharmaceutical records of BC residents. They are instead more suited to services like surveillance, monitoring, and tracking of individuals—exactly the sort of thing the government says is its priority to avoid.

It is the Patriot Act that turns all information management companies working in the US into de facto arms of the sprawling US intelligence gathering monolith.

The Patriot Act was enacted into law by Congress at the end of the week during which the Congressional building, and much else in the capital, had been closed due to the emergency presented by at least five separate biological weapons attacks on specific leading political figures in Washington. Five workers who handle mail died when they were exposed to weaponized-grade anthrax lurking in what appeared to be posted letters to Tom Daschle, among others, the leader of the Democratic opposition in the Congress. While many offices in the Congressional building remained closed while being scrutinized for biological weapons contamination by investigators wearing full-body contamination suits, the governing side of the Congress introduced The USA Patriot Act. It was passed that same day without debate—and without most voting members of Congress having seen the document, much less read it, since few copies were prepared or delivered, the Congress mail system being that week a crime scene.

Among the provisions of the Patriot Act is to empower all US intelligence gathering agencies to snoop into records managed by private companies without warrants. Also, the act makes it illegal for any company whose records have been examined to reveal that information.

Should Maximus win the contract to manage British Columbian’s health and pharmaceutical records, those records would not only become available to all US intelligence agencies as they please, but Maximus would also be legally obligated to refrain from informing the BC government or British Columbians that a request for records had been made, or that such a request had been served.

The government says in its press release about the search for a private contractor that “ patient privacy will be the critical focus of any solution considered and compliance with all privacy requirements will be mandatory.” Those privacy requirements include the provision that the managing company at least inform MSP that patient records had been handed over to some third party. But the Patriot Act denies any American company the legal ability to do that.

“Proposed solutions will meet or exceed the requirements of the Freedom of Information and Protection of Privacy Act,” the government’s press release continues, “and the successful vendor will manage health-care information in accordance with the act,” it asserts. Yet, if the government pursues a deal with Maximus, as it has strongly indicated it would on August 31, that vendor will be required to act in accordance with the Patriot Act in priority over the BC Protection of Privacy Act. For one thing, the BC Protection of Privacy Act strongly implies that investigators can only win access to information on patients with properly acquired search warrants. The Patriot Act specifically contradicts this key provision in our Privacy Act.

It would be a good idea for affected ministries to study exactly how US companies that manage information are affected by the Patriot Act, and to find where their legal obligations contradict our own privacy legislation. Then it would be smart to formally include in bidding processes a review of this information whenever US-based companies bid for any contracts that have to do with information management.

It would be an especially good idea for the government to announce on August 31 that there will be a delay in the decision about the future management of health records of BC citizens. Blame the delay on incompetent public servants if you want, but delay the signature on that contract. The lay of the land south of the border has been radically changed, and those changes need to be fully understood before we begin exposing our citizens to the risks of privacy invasions, particularly of health and pharmaceutical records.

****