This glaring problem has prompted 13 state attorneys general, including Georgia’s Sam Olens, to sound the alarm in a letter to Kathleen Sibelius, secretary of the U.S. Department of Health and Human Services. These officials are right on target in trying to get answers and action from Sebilius on inadequate safeguards of consumers’ personal data that must be protected against fraud and identity theft.
You may have heard the term “navigators,” referring to people who are going to help consumers enroll in health-insurance plans. The problem is that the navigators, who will came from various groups and agencies, including non-profits, “will have considerable access to consumers’ personal information,” Olens said in a news release. “Yet the HHS rules do not provide clear privacy protections.”
That failure, Olens said, “raises serious questions about the security of highly confidential information of potentially thousands of Georgians.” The same holds true for thousands more in the other states whose AGs signed the letter: Alabama, Florida, Kansas, Louisiana, Michigan, Montana, Nebraska, North Dakota, Oklahoma, South Carolina, Texas and West Virginia.
On top of the woefully inadequate safeguards, the training of navigators and other personnel is going to come up short, the AGs warned. Although “extensive” training has been promised by Health and Human Services, the agency’s rule on this “did not set forth any of the applicable standards” beyond another rule “which merely sets forth broad principles for data protection” and no concrete, specific safeguards. Instead, the terms that are used include “individual access,” “data quality and integrity,” “safeguards” and “accountability.”
And get this shocker: “The rule does not even require uniform criminal background or fingerprint checks before hiring personnel,” the letter says. “Indeed, it does not state that any prior criminal acts are per se disqualifying.” How’s that for reassuring consumers signing up for Obamacare?
Another problem: HHS was scheduled to complete awarding grants for exchange programs by Aug. 15 but many programs had not received their grants — and enrollment is set to begin Oct. 1, leaving the participating programs “only 32 business days to screen, hire and train thousands of new personnel nationwide,” the AGs said. “Consumer privacy will be catch-as-catch-can in each program.”
The HHS guidelines “appear to provide significantly less protection to consumers with respect to navigators than the states have provided” concerning insurance agents and brokers. Worse, the agency’s guidelines “could be construed to limit state efforts” to impose licensing requirements “on the numerous nonprofit groups expect to do most of the work of assisting consumers.” Not only so, but the guidelines are “less demanding than many federal privacy requirements.”
Olens and his fellow attorneys general want the privacy rules spelled out and tightened. But, given the track record of the Obama administration, the outlook for that happening ranks between slim and none.