By Kyle Lovern
August 15, 2013
CHARLESTON - Attorney General Patrick Morrisey today announced that West Virginia and 12 other states have sent a letter to the U.S. Department of Health and Human Services (HHS), expressing grave concerns about regulations associated with the new health insurance exchanges putting consumers’ private information at risk.
The letter from attorneys general in WV, Alabama, Florida, Georgia, Kansas, Louisiana, Michigan, Montana, Nebraska, North Dakota, Oklahoma, South Carolina and Texas points out that there are woefully inadequate privacy protections written into HHS’s rules governing programs that assist consumers with enrolling in the new health care exchanges created as part of the Affordable Care Act (ACA).
“It is not enough to simply adopt vague policies against fraud,” Morrisey stated. “There are significant holes in the rules HHS has implemented already. We are very concerned about the risk of identity theft if those holes aren’t addressed immediately or if the implementation of health care exchanges isn’t delayed to allow for better regulations, more training for consumer outreach programs and better fraud prevention. In the rush to push forward, the Administration is leaving consumers in West Virginia and the rest of the country behind.”
The ACA provides funding for groups, such as “navigators,” to help consumers enroll in health insurance plans. As part of that process, these navigators and other assistance personnel will have significant access to consumers’ private and personal data. However, the letter states that HHS’s rules fail to ensure that navigators will be adequately trained to safeguard data provided by consumers. Nor do the rules make clear who is responsible if an identity theft occurs.
Even more concerning for the attorneys general is that HHS currently does not require criminal background checks or fingerprint checks of potential navigator employees and does not list any prior criminal acts as being a disqualifier for someone seeking to work with consumers.
“These vague ‘standards’ could open up a Pandora’s box of privacy and security issues for consumers, states and even the federal government,” Morrisey said. “Consumer privacy will be catch-as-catch-can in each program. It seems inevitable that personnel will be inadequately screened and trained, and they will be more prone to misappropriate private data * whether intentionally or unintentionally. This is a disaster waiting to happen.”
In their letter, the attorneys general raise eight areas of concern and ask HHS a series of questions about steps the agency will take to ensure citizens are protected. The attorneys general ask HHS to respond to their questions no later than the 28th day of this month.