Report Questions Security As HHS Invites Consumers To Set Up Personal Accounts To Prepare For Exchange Enrollment Period

August 6, 2013

Report Highlights Concerns About Security Of Sensitive Personal Information Americans Will Share With HHS Exchange Portal AS HHS Invites Consumers To Set Up Personal Accounts

The reported finding that the Department of Health & Human Services (HHS) has yet to complete the necessary security arrangements and testing for the web-portal Incomplete security arrangements and testing necessary to ensure the security of personal health and other information shared by consumers on the health insurance exchange Hub that Obamacare charged the HHS Centers for Medicare & Medicaid Services (CMS)  with creating under Obama Care raises concerns about whether these security issues might undermine the security of the sensitive personal information that a consumer might share now or in the future when exploring or enrolling in health coverage options offered through the health insurance exchange.

On Monday, August 5, 2013, HHS sought to beef up interest and anticipation among Americans for the new health insurance exchange option by inviting consumers to prepare for the upcoming enrollment period scheduled to begin October 1, 2013 by creating their personal accounts on HHS’ website now.

HHS began encouraging Americans to the HHS website “” to open a personal account, the first step to buying coverage through one of the health insurance exchanges that HHS is creating under the Patient Protection & Affordable Care Act reforms.  See Consumers Can Take First Step To Enrolling In New Insurance Options Today.  HHS is encouraging Americans to prepare for enrollment today by setting up their personal account on the HHS Website,  A HHS Twitter Tweet yesterday announced , “Today you can be 1 step closer to getting health ins. by creating your Marketplace account:.” The website main page now invites Americans to “[a]nswer a few questions to get some personalized info here.”

Unfortunately, HHS kicked off this campaign on the same day that the HHS’s Office of Inspector General (OIG) released a report titled Observations Noted During The OIG Review Of CMS’s Implementation Of The Health Insurance Exchange—Data Services Hub (Report) that raises questions about the adequacy of the current security of the data portal and whether HHS will complete the arrangements and testing to verify it appropriately safeguards the security of the sensitive personal information that consumers will share there when the enrollment period begins and thereafter.

Data shared by Americans as part of the process of exploring and enrolling in coverage through the health insurance exchanges will be collected and shared through a data security Hub that will host and transmit that data.  The OIG Report raises clear concerns about the existing security arrangements that CMS has implemented to protect that data, as well as questions about whether CMS will complete the necessary arrangements to secure and protect that sensitive data before enrollment begins October 1.

The findings reported by OIG in the Report raise significant questions about whether Americans should accept the HHS invitation to establish their personal accounts now in anticipation of the October 1, 2013 beginning of the  enrollment period for applying for coverage through the health insurance exchanges that would take effect on January 1, 2014.

The Report makes clear that OIG found reason for concern about the Hub security currently and whether these issues will be adequately addressed by the time the enrollment period begins on October 1, 2013.

OIG reports many critical tasks required to implement and test necessary security controls are unfinished.  It states “[S]everal critical tasks remain to be completed in a short period of time, such as the final independent testing of the Hub’s security controls, remediating security vulnerabilities identified during testing, and obtaining the security authorization decision for the Hub before opening the exchanges. CMS’s current schedule is to complete all of its tasks by October 1, 2013, in time for the expected initial open enrollment period.”

While acknowledging that CMS has affirmed its commitment to complete and implement the necessary security arrangements before enrollment begins on October 1, 2013, the OIG Report also notes that CMS already has missed several critical target dates in its efforts to implement the required security measures.

The Report additionally states: “CMS is working with very tight deadlines to ensure that security measures for the Hub are assessed, tested, and implemented by the expected initial open enrollment date of October 1, 2013. If there are additional delays in completing the security assessment and testing, the CMS CIO may have limited information on the security risks and controls when granting the security authorization of the Hub.” (emphasis added).

The security concerns highlighted in the Report should raise questions about the adequacy of the security of information that an individual might enter on the portal in response to the invitation of HHS extended beginning yesterday. 

The importance of the security concerns raised in the reports becomes evident when one considers that consumers establishing their personal accounts must “Choose  your user name and password; Create security questions to add an extra layer of protecting your information.”   While many may be temped to discount the significance of the security concerns because the information that HHS currently asks individuals to share when they create their personal accounts appears relatively harmless, it merits noting that the creation of the login and security password that will be used to control access to the personal account of registrants are among those initial elements. To the extent security deficiencies compromise the security of this information, these security deficiencies could undermine the security of the personal accounts and all of the information they contain.

The Report does not make clear whether the security issues identified in the Report could compromise logon and password security of the personal accounts established by consumers now or in the future. However, it bears noting that securing the logon and passwords used to access electronic resources containing sensitive personal health care information and establishing other appropriate safeguards to protect the security of personal health information is one of the key responsibilities that  the Health Insurance Portability & Accountability Act (HIPAA) Security Rules require health plans, health care providers, health care clearinghouses and their business associates to protect and secure.  Failure to implement and administer appropriate safeguards for logons and passwords could compromise all the sensitive data in the personal account now or in the future.   Until questions about the security issues and their implications on the logon, password and other information associated with personal accounts are established,  Americans concerned about the security of their personal information may want to hold off entering data in response to the HHS’s invitation.  Additionally, Americans concerned about these and other security issues also may want to share their feedback with HHS and members of Congress.

Are you concerned about whether health care reform preparations are on track or have other health care policy concerns. Tell us what you think by responding to our poll. 

Join the discussion about health care reform and share your input by joining Project COPE: Coalition for Patient Empowerment here.

About Project COPE: The Coalition On Patient Empowerment & Its  Coalition on Responsible Health Policy

Sharing and promoting the use of practical practices, tools, information and ideas that patients and their families, health care providers, employers, health plans, communities and policymakers can share and offer to help patients, their families and others in their care communities to understand and work together to better help the patients, their family and their professional and private care community plan for and manage these  needs is the purpose of Project COPE, The Coalition on Patient Empowerment & It’s Affiliate, the Coalition on Responsible Health Policy.

The best opportunity to improve access to quality, affordable health care for all Americans is for every American, and every employer, insurer, and community organization to seize the opportunity to be good Samaritans.  The government, health care providers, insurers and community organizations can help by providing education and resources to make understanding and dealing with the realities of illness, disability or aging easier for a patient and their family, the affected employers and others. At the end of the day, however, caring for people requires the human touch.  Americans can best improve health care by not waiting for someone else to step up:  Step up and help bridge the gap when you or your organization can. Speak up to help communicate and facilitate when you can.  Building health care neighborhoods filled with good neighbors throughout the community is the key.

The outcome of this latest health care reform push is only a small part of a continuing process.  Whether or not the Affordable Care Act makes financing care better or worse, the same challenges exist.  The real meaning of the enacted reforms will be determined largely by the shaping and implementation of regulations and enforcement actions which generally are conducted outside the public eye.  Americans individually and collectively clearly should monitor and continue to provide input through this critical time to help shape constructive rather than obstructive policy. Regardless of how the policy ultimately evolves, however, Americans, American businesses, and American communities still will need to roll up their sleeves and work to deal with the realities of dealing with ill, aging and disabled people and their families.  While the reimbursement and coverage map will change and new government mandates will confine providers, payers and patients, the practical needs and challenges of patients and families will be the same and confusion about the new configuration will create new challenges as patients, providers and payers work through the changes.

We also encourage you and others to help develop real meaningful improvements by joining Project COPE: Coalition for Patient Empowerment here by sharing ideas, tools and other solutions and other resources. The Coalition For Responsible Health Care Policy provides a resource that concerned Americans can use to share, monitor and discuss the Health Care Reform law and other health care, insurance and related laws, regulations, policies and practices and options for promoting access to quality, affordable healthcare through the design, administration and enforcement of these regulations.

Other Helpful Resources & Other Information

We hope that this information is useful to you.   If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available here .  You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,”  using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.

Recent examples of these publications include:

For important information about this communication click here.

©2013 Cynthia Marcotte Stamer.  Nonexclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.


Justice Department Sues Texas Bus Company For Illegal Discrimination Against Citizens When Hiring H-2B Program Workers

August 6, 2013

A federal lawsuit against Houston-based bus company Autobuses Ejecutivos LLC, d/b/a Omnibus Express, reminds U.S employers hiring foreign workers under the H-2B or other special worker visa programs to use care to ensure that they can prove that their need for foreign workers is not the result of recruitment and hiring practices that illegally discriminate against work-eligible members of the U.S. workforce already in the United States.

The Justice Department announced on August 6, 2013 that it and the Executive Office of Immigration Review’s Office of the Chief Administrative Hearing Officer (OCAHO) are suing Omnibus Express for allegedly violating the Immigration and Nationality Act’s (INA) anti-discrimination provisions by preferring to hire for bus driver positions temporary nonimmigrant visa holders on H-2B visas over work-eligible U.S. citizens, certain lawful permanent residents and other protected individuals.

H-2B Program Hiring Prohibited If Need Based On Illegal Discrimination

The H-2B program allows U.S. employers to bring foreign nationals to the United States to fill temporary nonagricultural jobs only when there are not enough U.S. workers who are able, willing or qualified to do the temporary work.  While H-2B program hiring can be invaluable when a legitimate need exists, businesses contemplating or using the program need to be prepared to show their need to hire workers on H-2B visas is not the result of discriminatory hiring practices prohibited by the INA or other federal employment discrimination laws.

The INA generally protects work-eligible individuals in the United States, such as U.S. citizens, certain lawful permanent residents, refugees and asylees, from unlawful discrimination in hiring based on their citizenship status prohibiting employers from discriminating in hiring against these protected work-eligible workers based on their citizenship status.

Accordingly, while the H-2B program provides a valid opportunity to hire foreign workers consistent with the H-2B visa program requirements when in fact there are insufficient work-eligible, qualified applicants already in the U.S. to fill the position, employers hiring workers under the H-2B or other visa programs need to ensure that they are not inappropriately discriminating against U.S. citizens, permanent residents or other work-eligible individuals already in the U.S. in their recruitment and hiring practices when taking advantage of the H-2B program to hire workers.

In addition to the anti-discrimination provisions of the INA, hiring practices that discriminate in favor of hiring workers over other qualified applicants based on the respective citizenship, national origin, race or other protected status of the respective applicants or workers also can expose a business to liability under various other laws. In addition to suits brought by the Justice Department, prohibited discrimination by an employer under these other employment discrimination laws may expose a business to liability to actions brought by private litigants, the Equal Employment Opportunity Commission (EEOC), Office of Federal Contract Compliance (OFCCP) or other agencies, or both.

Omnibus Express Suit Highlights Risks Of H-2B Visa Hiring Need Based On Illegal Discrimination

The Justice Department complaint charges that Omnibus Express failed to fulfill this obligation.  It claims that Omnibus Express violated the INA by actively discouraging or failing to consider the applications of many qualified U.S. citizens and other protected individuals between September 2012 to February 2013 while at the same time petitioning the U.S. Department of Labor (DOL) and U.S. Citizenship and Immigration Services (USCIS) for permission to hire up to 50 foreign workers on H-2B visas.    The Justice Department alleges that Omnibus Express violated the INA by hiring 42 H-2B workers during this period based on its representation to the DOL and USCIS that there were not enough qualified workers in the United States to fill the 50 bus driver positions when in fact, its practices illegally discriminated against work-eligible U.S. citizens, lawful permanent residents and other INA-protected individuals who could have filled the positions.

The Justice Department asks the court to redress these alleged violations of the INA by ordering Omnibus Express to pay back pay for injured parties and civil penalties prohibiting future discrimination by Omnibus Express, and ordering other injunctive relief.

INA Discrimination Prosecution Part Of Obama Administration’s Emphasis on Enforcing Discrimination Laws

Businesses also should keep in mind that the Justice Department’s prosecution of Omnibus Express for alleged illegal citizenship discrimination also is part of the Obama Administration’s larger agenda prioritizing the expansion of non-discrimination safeguards for protected classes and the enforcement of these non-discrimination laws.

Since Mr. Obama took office, the Administration has sought regulatory and statutory changes that expand the federal employment and other anti-discrimination for a broad range of groups. The Administration also continues to proactively seek to expand the individuals protected by these and other Federal anti-discrimination laws even as the Departments of Justice, Labor, Health & Human Services, Education, Housing & Urban Development and other federal agencies have expanded their investigation, prosecution and public outreach of these laws.

In light of these developments, businesses should recognize that this proactive anti-discrimination agenda makes it wise for private businesses and state and local government agencies to take greater care to prevent and position their organizations to defend against potential discrimination and retaliation claims under the INA and a broad range of other employment and other anti-discrimination laws.

While this activist agenda in the anti-discrimination law area merits tighter compliance and risk management for all organizations, government contractors or subcontractors particularly face heightened risk as a result of recent expansions to the reach and requirements of nondiscrimination requirements.

Act To Mitigate Citizenship, National Origin & Other Employment Discrimination Exposures

Accordingly, while the Omnibus Express particularly highlights the importance for businesses subject to U.S. law to use care before hiring foreign workers on H-2B or other special visas to ensure that they can demonstration the need for foreign workers does not stem from recruitment and hiring practices that illegally discriminate against applicants already in and eligible to work in the U.S. who would be qualified to fill those positions.

Furthermore, businesses should use care not to underestimate their exposure to liability from charges of illegal discrimination in violation of the INA or other federal employment discrimination laws.  Prohibited discrimination against workers based on citizenship, national origin or other prohibited grounds exposes employers to private lawsuits by workers seeking damages, attorneys’ fees and costs, and other remedies.  In addition to these private exposures, the suit against Omnibus Express shows that the readiness of the Justice Department to enforce the INA so that work-authorized individuals have equal access to employment in the United States free from prohibited discrimination based on citizenship.

Jocelyn Samuels, Acting Assistant Attorney General for the Justice Department’s Civil Rights Division affirmed this commitment in the announcement of the Justice Department suit against Omnibus Express, stating “We are committed to enforcing the INA so that work-authorized individuals have equal access to employment in the United States.”

Accordingly, all businesses should make the tightened risk management of their INA anti-discrimination risks part of a broader emphasis on the prevention and management of their organization’s discrimination exposures generally.

As part of these risk management efforts, organizations should:

  • Review and update their understanding of current anti-discrimination rules under the INA and other laws;
  • Evaluate the adequacy of and tighten existing practices and documentation to mitigate exposures with discrimination and other laws;
  • Update and tighten management controls, investigation and other procedures to promote compliance with anti-discrimination policies and identify and mitigate exposures arising in the course of operations;
  • Conduct well-documented periodic training on these and other anti-discrimination compliance and risk management practices; and take other actions to monitor and enforce compliance by staff, contractors and others with whom they do business.

For Help With Compliance & Risk Management and Defense

If you need help in auditing or assessing, updating or defending your organization’s compliance, risk manage or other  internal controls practices or actions, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469)767-8872.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 25 years of work helping private and governmental organizations and their management; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; schools and other governmental agencies and others design, administer and defend innovative compliance, risk management, workforce, compensation, employee benefit, privacy, procurement and other management policies and practices. Her experience includes extensive work helping employers implement, audit, manage and defend against employment and other anti-discrimination and anti-retaliation, union-management relations, wage and hour, and other labor and employment laws, other regulatory requirements, procurement, conflict of interest, discrimination management, privacy and data security, internal investigation and discipline and other workforce and internal controls policies, procedures and actions.  The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee, a member of the editorial advisory board, a past National Consultants Board Member and Region IV Chair for SHRM, past Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on workforce and risk management, reengineering, investigations, human resources and workforce, employee benefits, compensation, internal controls and risk management, federal sentencing guideline and other enforcement resolution actions, and related matters.  She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications.

You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.  For information about engaging Ms. Stamer for representation, training or other assistance, contact Ms. Stamer directly at (469) 767-8872.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer including:


©2013 Cynthia Marcotte Stamer, P.C.  Nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved