HHS; DHS Sued by 20 States for Alleged Illegal Medicaid Data Disclosure
A coalition of 20 state Attorneys General are suing the Department of Health and Human Services (HHS), Department of Homeland Security (DHS), HHS Secretary Robert F. Kennedy Jr., and DHS Secretary Kristi Noem over the alleged illegal disclosure of the Medicaid data of millions of individuals to deportation officials at the DHS.
The Medicaid program was established in 1965 by the Medicaid Act to provide health insurance to lower-income individuals and underserved population groups, including children, seniors, pregnant women, and individuals with disabilities. States are permitted to develop and administer their own unique health plans and set their own eligibility standards and coverage, provided that they meet federal statutory criteria. Currently, more than 78 million Americans are enrolled in Medicaid and the Children’s Health Insurance Program (CHIP) across the United States.
Last month, the Associated Press (AP) reported that the Trump administration had disclosed the personal data of millions of Medicaid recipients to the DHS, which houses the federal law enforcement agency, Immigration and Customs Enforcement (ICE). The AP obtained an internal memo and emails showing Medicaid officials attempted to block the data transfer over legal and ethical concerns; however, that attempt was unsuccessful and two advisors to HHS Secretary Robert F. Kennedy Jr. ordered the data to be transferred, with officials at the HHS Centers for Medicare and Medicaid Services (CMS) reportedly given 54 minutes to comply with the directive.
During the Biden administration, seven U.S. states and D.C. launched programs that allow immigrants who are not legally living in the United States to enroll in their state’s Medicaid program and receive full benefits, with the cost covered entirely by each state’s taxpayer dollars. The data transfers related to Medicaid recipients in California, Illinois, Washington State, and Washington, D.C. The other states that permit non-U.S. citizens to enroll in their Medicaid programs are New York, Oregon, Minnesota, and Colorado. Those states have reportedly not submitted identifiable information on recipients to the CMS.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
HHS spokesperson Andrew Nixon provided a statement to the AP confirming the data transfer, and while no information was given on how the data will be used, he said the data transfer was legal. “With respect to the recent data sharing between CMS and DHS, HHS acted entirely within its legal authority — and in full compliance with all applicable laws — to ensure that Medicaid benefits are reserved for individuals who are lawfully entitled to receive them,” Nixon said. The CMS had announced in late May that it would be reviewing some states’ Medicaid enrollees to ensure that federal funds were not being used to pay for coverage for individuals with an unsatisfactory immigration status.
“[Trump] promised to protect Medicaid for eligible beneficiaries. To keep that promise after Joe Biden flooded our country with tens of millions of illegal aliens, CMS and DHS are exploring an initiative to ensure that illegal aliens are not receiving Medicaid benefits that are meant for law-abiding Americans,” DHS Assistant Secretary Tricia McLaughlin said.
In response to the disclosure, a coalition of 20 state Attorneys General led by California Attorney General Rob Bonta filed a lawsuit in the U.S. District Court for the Northern District of California alleging the disclosures violated several laws. Other states participating in the litigation are Arizona, Colorado, Connecticut, Delaware, Hawaii, Illinois, Massachusetts, Maine, Maryland, Michigan, Minnesota, Nevada, New Jersey, New Mexico, New York, Oregon, Rhode Island, Vermont, and Washington.
States share data with the federal government to help with the administration of the Medicaid program, such as for verification of eligibility for federal funding. Historically, the DHS has not used Medicaid data for immigration enforcement purposes. The lawsuit alleges the federal government has, without formal acknowledgment, adopted a formal policy of allowing the personal data of Medicaid recipients to be used for purposes unrelated to the administration of the Medicaid program.
“In the seven decades since Congress enacted the Medicaid Act to provide medical assistance to vulnerable populations, federal law, policy, and practice has been clear: the personal healthcare data collected about beneficiaries of the program is confidential, to be shared only in certain narrow circumstances that benefit public health and the integrity of the Medicaid program itself,” explained the coalition in a press release.
The Trump administration’s rulemaking and Medicaid data disclosures are alleged to have violated federal data privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Modernization Act (FISMA), and the Privacy Act, and are alleged to be contrary to the Social Security Act and a violation of the Spending Clause.
The coalition has asked the court to find the actions of the Trump administration arbitrary and capricious and without proper procedure, and requests that the court enjoin the HHS from transferring personally identifiable Medicaid data to the DHS and other federal agencies and enjoin the DHS from using the Medicaid data to conduct immigration enforcement.
“The Trump Administration has upended longstanding privacy protections with its decision to illegally share sensitive, personal health data with ICE. In doing so, it has created a culture of fear that will lead to fewer people seeking vital emergency medical care,” said Attorney General Bonta. “I’m sickened by this latest salvo in the President’s anti-immigrant campaign. We’re headed to court to prevent any further sharing of Medicaid data — and to ensure any of the data that’s already been shared is not used for immigration enforcement purposes.”
