Right in the source code for the Obamacare website is the statement “You have no reasonable expectation of privacy regarding any communication of data transiting or stored on this information system“.

It curious why this message would be placed in the source code where no one would have any expectation of ever seeing it.

In the video below (which came out last week’s Congressional testimony) Rep. Joe Barton (R-Texas), a member of the House Energy and Commerce Committee, grilled Cheryl Campbell, senior vice president of CGI Federal Inc., the company that built the Obamacare health care exchange website, on the hidden language and on HIPAA compliance. 

Campbell testified that the system is HIPAA Compliant.

“The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information.”

In repeated questioning, Barton got Campbell to admit she knew that the “no reasonable expectation of privacy” line was in the code.

Barton then asked “How the hell could it be HIPAA compliant?” Campbell refused to answer the question.

The original source of the video appears to be CNS News. CNS has a longer video clip, which can be seen below titled Hidden Code on Obamacare Website Says ‘No Reasonable Expectation of Privacy’.


In the longer video, after Democrat Rep. Frank Pallone got the floor, Barton asked Pallone to yield. Pallone responded “I will not yield to this monkey court!”

Pallone went on to say “the statement is no legitimate concern of this committee.”

UPDATE: The Weekly Standard now reports:

When Kathleen Sebelius testified at a congressional hearing on Wednesday, she acknowledged the presence of a worrisome statement included in the source code of Healthcare.gov and promised that work was already underway to remove it. A search of one portion of the code later on Wednesday revealed that the revision was at least partially complete. The “no reasonable expectation” statement is gone from a large section of code where it had previously appeared. Repeated attempts on Wednesday to verify that the code had been revised on the specific page where users are asked to accept the privacy policy were unsuccessful due to a system outage at Healthcare.gov for much of the day. However, Thursday morning, a successful logon revealed the statement has been removed there as well: