Marylanders who signed up for coverage through the state's new health insurance exchange did so under the condition that their information could be shared with law enforcement.
The policy sparked debate in the conservative blogosphere after the Weekly Standard published a post saying it raised privacy concerns.
"We will not sell your information to others. Any information that you provide to us in your application will be used only to carry out the functions of Maryland Health Connection," the policy states. "The only exception to this policy is that we may share information provided in your application with the appropriate authorities for law enforcement and audit activities."
Maryland Health Connection, the state's health insurance marketplace, opened Oct. 1 as a key part of the federal Affordable Care Act, also known as Obamacare. The online system has been plagued by glitches, but state officials said Friday that 1,121 Marylanders had enrolled.
Danielle Citron, a professor who focuses on privacy at the University of Maryland Francis King Carey School of Law, said the statement describes the standard handling of health insurance information. She said such information would likely only be used if there was a subpoena or some form of court order involved.
"That is something that is consistent with HIPAA," she said, referring to the Health Insurance Portability and Accountability Act, a widely used federal privacy law.
"That sentence leads us to worry that our sensitive health information could be put out there," Citron said. "It is definitely a disturbing line."
Sharfstein said no medical information would ever be released. "This is just restating that we comply with the Maryland Public Information Act, but there are very strong protections for privacy under that law, too," he said.