The Israel Health Ministry has given personal information about millions of Israelis to more than 250 local governments and other government agencies since the coronavirus pandemic began.
The data included the names and addresses of people who were ill or quarantined, test results, contact tracing information and information about vaccination status. In most cases, the data was provided without the person’s knowledge or consent, but also without violating the Privacy Protection Act.
Data released by the ministry in response to a freedom of information request from Haaretz shows that between February 2020 and last month, 267 public bodies requested such details from the ministry at least once. Altogether, these requests covered most, or sometimes all, Israelis.
Three requests were rejected for procedural reasons and three others because they hadn’t been approved by the Helsinki Committee, the agency that rules on the ethics of clinical trials on human beings.
The virus led to a massive effort to collect information on citizens. This campaign included cellphone tracking by the Shin Bet security service as well as regular data transfers from health maintenance organizations, hospitals, laboratories and contact tracers to the ministry, which used the data to fight the pandemic.
Nevertheless, the information included a great deal of personal information, including medical data. The collection of this data and its wide accessibility worried individuals and privacy rights organizations.
The lion’s share of the approved requests – 240 – came from local governments seeking information on ill or quarantined residents. This information included resident names, identity card numbers, addresses and phone numbers.
- COVID Vaccination Is Important, but So Is Privacy
- What Medical Data Is Israel Sharing With Pfizer - and Is It Protected?
- The Police Are Tracking Us. Israelis, Wake Up and Fight for Your Privacy
Under ministry rules, such data could be shared only if the goal of the request was to help people in quarantine and their families find places to quarantine or cope with the difficulties of quarantine. The recipient was supposed to delete the information once it was no longer necessary or after a predetermined length of time. For instance, data on people who were quarantined but didn’t have the virus was supposed to be deleted 21 days after it was received. Data on actual coronavirus patients had to be deleted 14 days after they were allowed to leave quarantine.
The data was generally sent to the director of the municipal welfare department, who was responsible for protecting it. However, mayors could decide to make a different department head responsible for helping people in quarantine and could also authorize the data to be shared with other employees. The ministry didn’t set any rules for how to protect the information.
In addition to local governments, the ministry authorized the Finance Ministry in May 2020 to obtain data on coronavirus patients, quarantined people and hospitalized patients. Last October, it approved the sharing of data on ill or quarantined educational staff and students with the Education Ministry. In January, it authorized the Education Ministry to obtain data on these groups’ vaccination status as well. That same month, it authorized the police’s chief medical officer to get information on vaccination rates among police officers.
The Population, Immigration and Border Authority’s border control department and the National Insurance Institute also received data on coronavirus patients and quarantined people. In addition, the Central Bureau of Statistics was given extensive access to information for statistical purposes, including lists of coronavirus patients, deaths, participants in the ministry’s serological survey, people who tested negative for the virus, people in quarantine and people who were subject to contact tracing.
Researchers from The Hebrew University of Jerusalem got data on contact tracing and testing to use in helping the government set policy. In addition, Sheba, Ichilov and Kaplan hospitals were given information about verified patients and testing for research purposes. Finally, in the run-up to March’s election, information about verified patients and people in quarantine was shared with the Central Elections Committee.