Improper Data Sharing by Medicaid Sparks Legal Concerns
In a startling revelation, it has come to light that Medicaid officials shared sensitive data on millions of individuals with immigration authorities, which was subsequently transferred to the data analytics firm Palantir. This information surfaced in a recent court filing, indicating that ICE utilized data from an app known as ELITE to identify noncitizens who may be subject to deportation.
This alarming news was disclosed in a complaint filed by over 20 Democratic attorneys general who are currently suing the Trump administration regarding the data-sharing agreements between the Centers for Medicare and Medicaid Services (CMS) and ICE.
Court Ruling on Medicaid Data Disclosure
U.S. District Judge Vince Chhabria ruled in December that health officials could share specific Medicaid data about undocumented immigrants with ICE, including home addresses and immigration status, from states that had initiated lawsuits. However, Chhabria had previously suspended such data sharing for immigration enforcement purposes in late May. This suspension followed an acknowledgment by federal authorities that CMS had shared more information with ICE than permitted under a prior court order, including datasets that improperly contained information about U.S. citizens.
Recent Data Sharing Issues
Following the judge’s order, it was expected that ICE would delete any shared information. Chhabria has scheduled a hearing for August to clarify what categories of noncitizen data can legally be shared. However, recent admissions from federal officials reveal further incidents of unauthorized data sharing, raising significant concerns.
The Justice Department recently disclosed in a court filing that CMS had inadvertently shared a dataset containing millions of names with ICE for the second time. This oversight occurred while the agency was attempting to share unrelated data from other states not involved in the lawsuit. The implications of this error are profound, particularly for individuals whose data was included.
ICE’s Response to the Data Breach
Alberto Briseno, head of ICE’s Homeland Security Investigations Division, stated that the agency deleted the improperly shared file upon discovering the breach. Furthermore, he indicated that a cursory investigation had revealed that several users still retained copies of the January dataset. Although he expressed confidence that no additional copies existed, he acknowledged the challenges of thoroughly verifying the data’s status.
Concerns Over Legislative Changes
Amidst this turmoil, the Justice Department is seeking to expand data sharing, requesting permission for ICE to access broader categories of noncitizens, potentially encompassing all immigrants lacking legal permanent residency. This move has met with fierce resistance from the plaintiffs, who argue that the government’s failure to manage existing data properly undermines the case for increased access.
The attorneys general emphasized that ongoing violations of court orders severely hamper their ability to reassure Medicaid providers and enrollees about the confidentiality and security of health data. This continuous drip of revelations about improper data management only complicates the situation further.
Palantir’s Role and Accountability
Despite requests for clarification, Palantir has yet to comment on whether it deleted the improperly received dataset. Additionally, the Department of Homeland Security’s response regarding the data transfer remains unclear. When questioned about the protocols to ensure data deletion by contractors like Palantir, federal authorities cited that information was communicated through Microsoft Teams, suggesting that shared data was removed from those chats.
U.S. District Judge Vince Chhabria cautioned during an April hearing that if data breaches continue, it may jeopardize the federal government’s ability to utilize Medicaid data in future deportation efforts. “If the federal government can’t do its due diligence, we can’t use the information, right?” he stated, highlighting the fragile balance between data sharing and privacy rights.
