Under the law, the multi-state plans are to supplement state-based insurance plans, with the goal of ensuring there is true competition in all markets. OPM, which currently administers the Federal Employees’ Health Benefits Program, will be the administrator of the multi-state plans.
In proposing rules for running these plans, the administration has said it intends to give OPM the same level of access to claims payment and enrollment data that the agency currently has over health claims for federal employees. Yet these are records of people who aren’t federal employees at all.  This capability to collect and store individuals’ health data in a centralized, government-run warehouse is unnecessary, and it creates needless privacy and security risks.
Right now, this information is collected by individual, private insurance companies as a routine function of administering benefits.  Ironically, keeping data at the source also helps safeguard it.  Unnecessarily duplicating sensitive data and storing it in one location increases the risk and severity of data breaches.  In essence, this central database would create a big, delicious target for hackers and other miscreants—who have to work much harder to access the information if it is stored in multiple locations. What’s more, the cost of creating and securing the database would be borne by federal taxpayers, instead of insurance companies that now pay this expense. 
It is critical that this information be available to OPM for analytics purposes described in the rule for exchange plans. But this can be done without introducing the risks of centralization.  The administration should instead use a distributed approach to accessing and analyzing this critical data. The data needed for analysis would be collected and stored by the private insurance companies; no personal data would be transmitted to the government.
Here’s how it would work: Multi-state insurance plans would provide OPM with access to the data in a secure environment, such as an edge server or cloud storage. The insurers would format the information in ways that OPM deems necessary, and the government would still be able to meet its analytic needs. Alternatively, the government could write appropriate code and share this with the insurance plans, which would then have to analyze the data in-house and provide the results to the government.
Government agencies already are using these types of approaches with success.  For example, the Food and Drug Administration is using a distributed approach to monitor the safety of products the agency regulates.  And the Centers for Medicare and Medicaid Services (CMS) decided last year to use this approach for data needed to support other aspects of the new health reform law.
In the era of “big data,” and the opportunities it can provide for ground-breaking analysis, there’s always a temptation to create a big, new database. But that doesn’t mean there is a need for one.
To the contrary, individual privacy and data security are not well served when large repositories of data and copies of identifiable personal information are created unnecessarily.  This is especially true when the same information already is available on existing systems, and can be securely and appropriately accessed for analysis.
Using a decentralized approach to data storage makes everyone’s health records more secure and costs taxpayers less. These are two goals the Obama administration shares --and should honor-- by abandoning its proposal for an unneeded central database.

McGraw is the director, Health Privacy Project at the Center for Democracy and Technology.