AGs want answers on exchange privacy


AGs want answers on insurance exchange privacy

As the Department of Health & Human Services (HHS) invests $67 million in insurance exchange navigators and $150 million more in enrollment assistance, some attorneys general are raising privacy and fraud concerns.

The attorneys general of Alabama, Florida, Georgia, Kansas, Louisiana, Michigan, Montana, Nebraska, North Dakota, Oklahoma, South Carolina, Texas and West Virginia — 13 of the 36 states set to have federally-run insurance exchanges — are asking HHS Secretary Kathleen Sebelius for answers to several privacy questions.

Among them: Where does liability rest when a consumer outreach program causes harm through the use of personal information?

HHS recently awarded $67 million in grants to 105 organizations to serve as navigators, helping consumers choose and select qualified health plans in-person, over the phone or online. In May, HHS announced $150 million worth of grants available for in-person enrollment assistance programs at community health centers.

The attorneys general said they’re concerned that HHS cannot “adequately protect the privacy of those who will use the assistance programs,” because the current guidance and rules have “numerous deficiencies.”

HHS’s final rules lay out principles for consumer assistance data management, discuss various federal penalties for identity theft, and call for “reasonable operational, administrative, technical and physical safeguards to ensure confidentiality, integrity and availability and to prevent unauthorized or inappropriate access.

The attorneys general think those guidelines are too broad to guarantee that consistent safeguards are put into practice.

“For example, the guidelines appear to provide significantly less protection to consumers with respect to navigators than the states have provided with respect to insurance agents and brokers,” the attorneys wrote.

They criticized HHS’s final navigator rules for not mandating licensing, as is required of insurance brokers and agents in most states. HHS’s rules call for states to ultimately decide whether consumer assistance groups are licensed, but require that at least one navigator group in each state not be a licensed broker or agent.

They criticized HHS’s personnel guidelines for not requiring background checks and for not explicitly disqualifying convicted criminals from working as navigators, calling the standards “less demanding than many federal privacy requirements, such as those applicable to federal census workers.”

HHS is requiring navigators to be certified, after completing a 20-to 30-hour training program and passing an exam.

The attorneys, all of them Republicans, also asked for specification on certain issues. While HHS proposed monitoring organizations receiving consumer assistance grants, the agency “did not articulate what those requirements would be,” the attorneys wrote. And the agency did not “identify exactly what would constitute” a data breach, they said.

“The short time remaining before exchange enrollment begins will only exacerbate unclear standards,” the attorneys wrote.

With HHS awarding the final round of grants in mid-August, consumer assistance and navigator organizations will have a little more than 30 business days to “screen, hire and train thousands of personnel.” Consumer privacy and anti-fraud vigilance could end up being “catch-as-can in each program,” the attorneys wrote.

“Unscrupulous counselors, who are not properly screened out or supervised, will have easy means to commit identity theft on consumers seeking enrollment assistance,” the attorneys wrote. “Without more protections, this a privacy disaster waiting to happen.”

Fraud and identity theft are bound to be problems for health insurance exchanges in general, beyond the consumer assistance programs, wrote Washington and Lee University law professor Timothy Jost in Health Affairs. “Wherever there is money there will be fraud, and the ACA will be no exception.”

There’ve already been reports of telephone and Internet scams using various pitches to get peoples’ identifying information — and those scams may be limited to the telephone and web, Jost surmised.

Many of the organizations awarded navigator grants are well-established nonprofits, like the United Way of Metropolitan Tarrant County, in Texas, which received $5.8 million. “They have reputations and organizational assets to protect, and are likely to be careful in hiring and monitoring navigator personnel,” Jost wrote.