The IRS is allowing its “Taxpayer Privacy Protection Act” to be used to “provide a taxpayer protection to obtain personal health data.”
The law, introduced in March, would allow for an IRS employee to obtain “personal health data” from an individual for “research, education, or professional development” for their own use or for the “care and use” of that individual.
The IRS says it will make the program available to employees who want to do this.
The “personal data” provision is so broad that it would allow an employee to use it for “a variety of purposes.”
The IRS claims it is not creating any new types of “person” or “individuals” but merely “providing the protection” that the IRS wants, including for “the development of personalized health plans and services for individuals who are covered by these plans and/or services.”
The new law would require that “a taxpayer who is a member of the IRS Employee Benefit Research Program or the IRS Professional Development Program has the right to access personal health and other health information.”
The Internal Revenue Service says that it is taking “a proactive approach to address the privacy concerns surrounding the program,” noting that “the IRS is not using the program to collect personal information for any other purpose than research, education or professional consulting.”
The agency has said that it does not intend to use the program “to gather personal information” for “advertising purposes.”
However, the IRS says that if an employee chooses to access their own health information, it is a “reasonable” expectation that they will use that information to “advise” the employee about how the data could be used.
The law says that the data can be used for “marketing purposes,” but the IRS notes that that “individual information will not be used” for such purposes.
The American Taxpayer Advocate says that there is a privacy risk to the program that the law could expose, as individuals are already required to use their own personal information when registering for a tax refund.
In a letter to the IRS on May 17, the American Taxpayers Alliance said that the “taxpayer protection provisions in the [Taxpayer Protections and Privacy Act] would be used in the same manner as the federal government’s current and past privacy laws.”
The A.T.A. says that employees will have to provide their Social Security numbers and a description of themselves when asked to provide personal health or financial information.
It also says that information obtained from “tax-exempt organizations” may be used without permission, as it is in the case of “educational institutions.”
But the A.P.A.’s letter says that any information that is “protected from disclosure under the tax-exempt status of an organization” could be released to the public.
The A,P.S. says in a statement that the agency is “confident that the taxpayer protection provisions would provide appropriate protection to taxpayers for all personal health, financial, and financial data that are received through the taxpayer organization.”