In the wake of a security breach last month that resulted in the theft of personal taxpayer data, experts are now raising concerns over a government data warehouse that keeps the information of Obamacare enrollees forever.

The system, known as the Multidimensional Insurance Data Analytics System, or MIDAS is vaguely described on the federal healthcare.gov as a “perpetual central repository.” When asked by the Associated Press how many people have direct access to the database, officials refused to say. 

The decision to keep the personal information of enrollees forever has raised the ire and concern of experts. Lee Tien, a senior staff attorney for the Electronic Frontier Foundation stated that it is irresponsible of the government to retain data any longer than is necessary. Similarly, Michael Astrue, a former Social Security Commissioner has argued that there is no justification for keeping this data permanently. Astrue also worried that the federal government is illegally expanding MIDAS by adding personal information from state-run Obamacare exchanges without proper privacy consent.

Almost half of state-run exchanges have faced significant construction and financing problems, with Oregon and Hawaii both shutting down this year after costing taxpayers hundreds of millions of dollars each.

Since MIDAS was first rolled out, watchdog groups have raised concerns over its safeguards. A report released last year by the Government Accountability Office found that MIDAS had been released without proper safeguards in place. As the report states:

“Healthcare.gov had weaknesses when it was first deployed, including incomplete security plans and privacy documentation, incomplete security tests, and the lack of an alternate processing site to avoid major service disruptions.”

As the report concludes, these problems leave the personal information of Obamacare enrollees vulnerable:

“Until these weaknesses are fully addressed, increased and unnecessary risks remain of unauthorized access, disclosure, or modification of the information collected and maintained by Healthcare.gov and related systems, and the disruption of service provided by the systems.”

This news should come as no surprise to taxpayers given the federal government’s repeated inability to safeguard sensitive taxpayer information.

Last month, the IRS disclosed that it had been hacked and 100,000 households had their personal data compromised. During a subsequent hearing, the Treasury Inspector General for Tax Administration (TIGTA) revealed that the IRS had failed to implement 44 recommendations to strengthen protections, including ten more than a three years old. If these recommendations had been implemented, “It would have been much more difficult had they (IRS) implemented all of the recommendations that we made,” TIGTA Chief J. Russell George stated.

Other reports released by TIGTA continue to demonstrate the government’s ineptness. A report released last week found that the IRS is failing to properly administer Obamacare tax credits, resulting in millions of individuals receiving a credit they are supposed to be ineligible for. A separate report found that the IRS did not test their Obamacare processing system until a week before tax filing season began. Earlier this year, the Obamacare CEO admitted that Healthcare.gov will not be completed until Obama leaves office.

Given the continued inability of the federal bureaucracy to safeguard personal information of taxpayers, the decision to permanently keep the personal information of Obamacare enrollees seems a disaster waiting to happen.