U.S. OFFSHORING OF PERSONAL DATA GROWS

By Diane M. Grassi


According to the Identity Theft Resource Center in San Diego, CA there have been close to 60 reported security breaches of customer financial information from United States corporations thus far in 2005, involving 13.5 million customers’ identities. The companies include Choicepoint, Inc., Bank of America Corp., Wachovia Corp., Ameritrade Holding Corp., DSW Shoe Warehouse, Time Warner Inc., LexisNexis and most recently Citbank Financial Group. While most lost data has involved data storage tapes lost in transit by courier services or UPS, others involved computer security breaches. And as corporate America looks for ways to shore up its security problems rather than face the wrath of Congress, an even more unwieldy problem is brewing abroad.

As holes still exist in protecting the personal information of both customers and employees of corporations in the United States, many of these same corporations, which include the largest financial institutions and two of the three credit reporting agencies, have offshored information technology units which include-back office functions from customer service to software development and engineering.

Yet American customers or consumers are never informed whether or not their personal information and credit history is being offshored, as it is not required by U.S. corporations to do so. Coming to light is that various U.S. government programs and states are utilizing more and more offshore subcontractors in addition to those corporate entities which indirectly do business with the U.S. government. But unknown to the American consumer or taxpayer is the threat of theft of an individual’s identity and financial resources which remain largely unprotected without the ability to enforce U.S. law on foreign land.

Accounting firms are offshoring IRS tax preparation. The U.S Department of Agriculture defers to the states to run food stamp programs, with as many as 43 states offshoring call-centers to India even though federal law dictates that only U.S. government workers should handle the job. The Health Insurance Portability & Accountability Act (HIPAA) which protects the health information of a patient and prevents healthcare companies from selling such information to third parties such as telemarketing firms, does not limit nor prohibit the transfer of information to overseas locations for third party subcontracted services. And many public and private hospitals are sending diagnostic radiology work to India with no law requiring notification to patients that a radiologist in India, unlicensed in the U.S., is reading x-rays and diagnosing illnesses and injuries. Known as “ghosting,” U.S. certified radiologists oversee radiologists in India while x-rays are electronically transmitted. Initiation of regulatory controls is only now in the beginning stages to ensure doctors performing such work are properly trained.

As overseas contractors and subcontractors are outside the jurisdiction of U.S. consumer privacy laws that protect medical and financial information in the U.S., corporations have little recourse in the outsourced host country if a violation of security or theft occurs. India’s IT Act of 2000 does not address the issue of privacy protection and regulation of the use of data. It only covers unauthorized access and data theft directly from computers and networks. Indian law does not cover data interception and computer forgery or fraud at all and no legal remedies in India yet exist for such enforcement.

In the U.S., the Gramm-Leach-Bliley Act of 1999 which applies to financial institutions as well as accounting firms engaged in the practice of tax preparation requires that firms design, implement and put safeguards in place in order to maintain protection of customer information. In addition, such companies must provide their customers with a privacy notice that details the company’s information-collection and information-sharing practices giving the customer the right to “opt-out” and limiting the sharing of such information. Yet to date the Federal Trade Commission has not levied any punishment or fine on any U.S. accounting firm with regard to overseas outsourcing practices and the lack of notification of such to customers.

A growing trend in the legal profession is the overseas outsourcing of paralegal services including legal research. Some of the country’s largest law firms are utilizing such services. According to John Halvey of New York-based Milbank, Tweed, Hadley & McCoy, “I can’t think of a recent deal we did that didn’t have an offshore component.” But issues of attorney-client privilege create limitations on what may or may not be outsourced by a law firm, especially without the consent of law firm clients.

While the U.S. federal government invests more resources into tightening security in a post-9/11 world, multi-national corporations put the U.S. infrastructure at greater risk through offshoring maintenance and development. There are very few areas of information technology which do not impact the operation of infrastructure in the U.S., which in some ways have direct implications on homeland security. Financial and accounting institutions have now been joined by software programmers maintaining operations for U.S. based health care providers, airlines, railroads, power companies and defense contractors, all of which subcontract offshore.

Outsourcing computer networks offshore creates an immediate liability as there no longer is direct company control of data due to dependency on service providers abroad with neither the outsourcing vendor nor the outsourcing client knowing the exact path the data takes. For example, AT&T’s switched network carries economic, financial and military communications, which accounts for a great deal of the foundation of U.S. infrastructure, and relies on programming and maintenance from engineers offshore. Pacific Gas & Electric of California, one of the U.S. companies responsible for maintaining and upgrading the U.S. electrical grid, outsources to a dozen offshore subcontractors, with the largest one in Thailand.

Although there are bills pending in several states that would prohibit overseas outsourcing, one would be apt to think that such would be ripe for federal legislation, yet so far there has been little attention given these issues in either the 108th Congress or the present 109th Congress. Congressman Edward Markey (D-MA) recently appealed to the Internal Revenue Service to hold the tax return preparer responsible when a foreign person hired by a U.S. firm violates the protections which restrict unauthorized disclosure or misuse of personal information as contained in Sections 6713 and 7216 of the Internal Revenue Code. And Senator Hillary Rodham Clinton (D-NY) is calling for federal legislation which gives the “patient the right to know” that x-rays or other private healthcare information are being outsourced to countries outside of the U.S.

With offshoring by the U.S. showing no signs of slowing down in the near future, and with no “safe harbor” requirements in existing law offshore, it remains extremely difficult to prosecute security breaches within the confines of the U.S. justice system. Approximately 85 percent of U.S. critical infrastructure is owned by private, non-government businesses which have some component of their business being outsourced, admittedly with focus on profits and losses more of a priority than homeland security for these companies. In this respect lawmakers are behind the curve in protecting the interests of Americans. Yet it behooves and is incumbent upon the U.S. government, the legal community and privately held entities to join together in order to mandate protection for the best interests of the U.S and preserve the identities and economic health of the American people.

U.S. Government to Help Fund Hospital Care for Illegal Aliens

By Diane M. Grassi

On May 10, 2005 the Bush administration announced the specifics relating to new funding for hospitals and doctors who provide free emergency medical care to illegal aliens. The amount of reimbursement will total $1 billion dollars until September 2008 and is meant to stave the continual closings of hospitals most predominant in California and other border states.

The mainstream press did not comprehensively report on this legislation which is part of the Medicare Modernization Act of 2003, and establishes prescription drug coverage for Medicare recipients. The funding of medical care for illegals has nothing to do with the Medicare program but was an amendment to the bill which was signed into law on December 8, 2003 by President Bush.

There will be controversy following such funding, both from those who support it and from those who do not. Ultimately, the American taxpayers will bear the brunt of the payments, and while up to now such costs have gone unacknowledged by the federal government, individual states had the full responsibility of all costs for illegal aliens seeking medical care by way of the emergency room. On the positive side, the federal government must now recognize that this is indeed a federal government problem. Lack of enforcement of immigration law has landed the United States in this situation, which has caused the closure of 84 hospitals in California over the past several years, with nine more closing in 2004. Arizona has also been badly hit, predominantly by the Mexican population which does not necessarily even stay in the U.S., but merely comes across the U.S. border to access free medical care and then return to Mexico, sometimes in U.S. provided ambulances.

Steve Escoboza, spokesman for the Healthcare Association of San Diego and Imperial Counties agrees that “at least the federal government has recognized this burden, and it’s a significant movement in the right direction.” But Ann Pumpian, CEO of Sharp Healthcare claims “it isn’t coming close to covering the costs of services we provide. San Diego County alone has given illegals more than $100 million every year.” So the problem looms large as the entirety of California will only receive a total of $70 million with San Diego only expecting to get 15% or about $10 million per year of the total amount. According to Jan Emerson, a spokeswoman for the California Hospital Association, “California hospitals provide $500 million in emergency care for illegal immigrants, seven times the amount of the federal grant.” But Emerson did also say, “This is a highly symbolic first step. The federal government is finally acknowledging that it has a responsibility to pay for health care provided for illegal immigrants.”

With the largest allocation going to California in the amount of $70 million per fiscal year, Texas was next with $46 million followed by Arizona with $45 million; New York with $12 million; Illinois with $10 million; Florida at $8.7 million and New Mexico with $5 million. Senator Kay Bailey Hutchison, (R-TX) one of few in the Congress speaking out on immigration reform, said she “was pleased that the money was being made available,” even as she called for “new efforts to secure our borders.”

Under scrutiny is the question of hospitals’ requirement to ask patients for certain documents relating to payment. But according to the Centers for Medicare & Medicaid administrator, Mark McClellan, “a hospital should not directly ask a patient if he or she is an undocumented alien.” Hospitals may ask “indirect questions” such as if the person is eligible for Medicaid; whether the person reported a foreign place of birth; whether the person has a foreign passport, foreign driver’s license or foreign ID.

Hospitals may not directly ask patients if they are U.S. citizens or legal immigrants. In the event they are enrolled in Medicaid, the hospital will bill Medicaid. Hospitals are also required to make photocopies of documents indicating a patient’s immigration status, kept on hand for possible future review by federal auditors. Additionally, McClellan said the department “would not provide information about illegal immigrants to law enforcement officials for use in routine civil immigration proceedings.” In rare cases, however, the information could be used in criminal investigations. But Cecilia Munoz, a vice president for the National Council of La Raza, said that the new requirements “were an improvement over the original proposal but would still discourage some immigrants from seeking treatment.”

Prior to hospitals being awarded reimbursement under the new program, they must first exhaust the possibility of payment from other sources such as Medicaid and private insurance carriers. This will create another obstacle for hospital administrators as they must be very discreet and sensitive to the questions they ask of potential foreign nationals.

In question will be the vehicle used to reimburse hospitals and whether or not this addresses the underlying problem that U.S. taxpayers are ultimately paying for these costs in one way or another. Initially this program will free up some resources for individual state budgets, however the health care coverage of illegal aliens still remains an unresolved problem on the solvency of the U.S. health care infrastructure. Whether it is through taxation or higher insurance premiums and co-pays for the insured, the effort by the government thus far appears to be a gesture of good will, yet it remains to be seen whether or not the program will be successful for the various hospital institutions and will propel more outcry for border reinforcement.
y