An email had been sent to the MHC on October 3 requesting clarification of the policy, and included these inquires: Does that include both federal and state authorities? What type of information from the application might be of interest to law enforcement and/or state/federal auditors? However, no response was received before the story was published.
A follow up email sent to the MHC a day after the story ran was answered by the MHC with the promise of a response the following day, but none was forthcoming. A third email sent on Friday, October 11, was finally answered late that evening by communications manager Betsy Charlow.
Her full response reads as follows:
The regulations cited by Ms. Charlow, while stating that sharing personally identifiable information is proscribed for reasons "that are not permitted or required by law," do not specifically address what types of law enforcement and/or audit activities might qualify for an exception, nor do the regulations detail who is authorized to make the determination for what qualifies for an exception.