Obamacare Security Testing Lags Behind, How Safe is Your Data?

By

Published August 07, 2013

| FOXBusiness

The clock is ticking for the rollout of health-care exchanges and the government has reportedly hit another bump in the road, and this time consumer privacy may be at risk.

The federal government is lagging months behind certain deadlines it set for testing data security for the central hub—a vital point that details personal information to determine consumers’ eligibility for insurance, according to a May inspector general report from the Department of Health and Human Services that was released last week. These security check points are required before the health-exchanges go public on Oct.1

Chapin White, senior health researcher for the Center for Studying Health System Change, says the data provides real-time information on subsidy eligibility based on what consumers’ employers offer and their income level. The qualification process draws on data from several different government agencies, meaning privacy and security should be of paramount concern with such personal information at risk.

“So that's tying together data from the Department of Homeland Security, from the Internal Revenue Service, from Veterans Affairs, and trying to give instant feedback on what kind of subsidies you qualify for. So it's an ambitious undertaking. It's something that hasn't happened yet in this country,” White told FOX Business.

It is important to note that medical records will not be travelling through this hub, but the information that is passing through has the potential for both medical identity theft and standard identity theft if compromised, says Emily Peters, vice president of marketing communications at Practice Fusion, an electronic medical records community online.

“There are about five million cases of medical identity theft in the U.S. every year—which is small in comparison to [standard] identity theft, but it’s more difficult to undo,” Peters says. “There is a risk for a centralized hub of information being a target for identity thieves.”

Most medical identity theft comes from doctors or patients downloading records to computers or phones and misplacing them, allowing the information to fall into the wrong hands.

“It’s more on the human error side of things,” she says.

The Centers for Medicare & Medicaid Services (CMS), the agency that built and manages the exchange hub, says the report is not up-to-date with the agency’s progress.

“We are on schedule and will be ready for the Marketplaces to open on October 1. This [inspector general] study was conducted in May, and we have made significant progress in the three months since then. CMS has extensive experience building and operating information technology systems that handle sensitive data.  This experience comes from many years administering the Medicare, Medicaid, and CHIP programs,” Brian Cook, CMS spokesperson, told FOX Business.

Cook says the hub operates by “securely routing and transferring information requests from Marketplace systems to other federal agency’s systems, and routing the results securely back to the requesting system.” He adds the hub itself does not store this information.  “The hub provides one highly secured connection to trusted federal and state databases instead of requiring each agency to set up what could have amounted to hundreds of independently established connections.”

According to Cook, testing has been on schedule to be at 100% operating capacity by the time open enrollment begins.

White seems less certain the exchanges will be ready by Oct. 1, but says subsidies will still be available for those who want to buy qualified health plans in 2014.

“There’s a lot of wild cards in this. One is the fact that states are involved heavily in implementing these exchanges. A lot of states have been really gung-ho to set up their own exchanges. Some of them are having to face the fact that they’re not able to get the IT systems up the way they thought  they were going to. The federal government is stepping in to help them out and push them over the finish line and get things ready. So the fact that so much is left up to the states makes this a lot more complicated than if it were just purely a federal task,” he says.

If there is a delay in setting up the exchanges and hub, Peters says consumers should be glad, after all the delay is due to testing for data security.

“It sounds like consumers will still be able to apply, but the approval process may be slower,” she says. “In Massachusetts where similar systems have been set up, it usually takes a few days to get a response back, so this may mean it takes a few weeks.”

URL

http://www.foxbusiness.com/personal-finance/2013/08/07/obamacare-data-security-testing-behind/