Report Questions Security As HHS Invites Consumers To Set Up Personal Accounts To Prepare For Exchange Enrollment Period


Report Highlights Concerns About Security Of Sensitive Personal Information Americans Will Share With HHS Exchange Portal AS HHS Invites Consumers To Set Up Personal Accounts

The reported finding that the Department of Health & Human Services (HHS) has yet to complete the necessary security arrangements and testing for the web-portal Incomplete security arrangements and testing necessary to ensure the security of personal health and other information shared by consumers on the health insurance exchange Hub that Obamacare charged the HHS Centers for Medicare & Medicaid Services (CMS)  with creating under Obama Care raises concerns about whether these security issues might undermine the security of the sensitive personal information that a consumer might share now or in the future when exploring or enrolling in health coverage options offered through the health insurance exchange.

On Monday, August 5, 2013, HHS sought to beef up interest and anticipation among Americans for the new health insurance exchange option by inviting consumers to prepare for the upcoming enrollment period scheduled to begin October 1, 2013 by creating their personal accounts on HHS’ Healthcare.gov website now.

HHS began encouraging Americans to the HHS website “healthcare.gov” to open a personal account, the first step to buying coverage through one of the health insurance exchanges that HHS is creating under the Patient Protection & Affordable Care Act reforms.  See Consumers Can Take First Step To Enrolling In New Insurance Options Today.  HHS is encouraging Americans to prepare for enrollment today by setting up their personal account on the HHS Website, Healthcare.gov.  A HHS Twitter Tweet yesterday announced , “Today you can be 1 step closer to getting health ins. by creating your Marketplace account:.” The Healthcare.gov website main page now invites Americans to “[a]nswer a few questions to get some personalized info here.”

Unfortunately, HHS kicked off this campaign on the same day that the HHS’s Office of Inspector General (OIG) released a report titled Observations Noted During The OIG Review Of CMS’s Implementation Of The Health Insurance Exchange—Data Services Hub (Report) that raises questions about the adequacy of the current security of the data portal and whether HHS will complete the arrangements and testing to verify it appropriately safeguards the security of the sensitive personal information that consumers will share there when the enrollment period begins and thereafter.

Data shared by Americans as part of the process of exploring and enrolling in coverage through the health insurance exchanges will be collected and shared through a data security Hub that will host and transmit that data.  The OIG Report raises clear concerns about the existing security arrangements that CMS has implemented to protect that data, as well as questions about whether CMS will complete the necessary arrangements to secure and protect that sensitive data before enrollment begins October 1.

The findings reported by OIG in the Report raise significant questions about whether Americans should accept the HHS invitation to establish their personal accounts now in anticipation of the October 1, 2013 beginning of the  enrollment period for applying for coverage through the health insurance exchanges that would take effect on January 1, 2014.

The Report makes clear that OIG found reason for concern about the Hub security currently and whether these issues will be adequately addressed by the time the enrollment period begins on October 1, 2013.

OIG reports many critical tasks required to implement and test necessary security controls are unfinished.  It states “[S]everal critical tasks remain to be completed in a short period of time, such as the final independent testing of the Hub’s security controls, remediating security vulnerabilities identified during testing, and obtaining the security authorization decision for the Hub before opening the exchanges. CMS’s current schedule is to complete all of its tasks by October 1, 2013, in time for the expected initial open enrollment period.”

While acknowledging that CMS has affirmed its commitment to complete and implement the necessary security arrangements before enrollment begins on October 1, 2013, the OIG Report also notes that CMS already has missed several critical target dates in its efforts to implement the required security measures.

The Report additionally states: “CMS is working with very tight deadlines to ensure that security measures for the Hub are assessed, tested, and implemented by the expected initial open enrollment date of October 1, 2013. If there are additional delays in completing the security assessment and testing, the CMS CIO may have limited information on the security risks and controls when granting the security authorization of the Hub.” (emphasis added).

The security concerns highlighted in the Report should raise questions about the adequacy of the security of information that an individual might enter on the Healthcare.gov portal in response to the invitation of HHS extended beginning yesterday. 

The importance of the security concerns raised in the reports becomes evident when one considers that consumers establishing their personal accounts must “Choose  your user name and password; Create security questions to add an extra layer of protecting your information.”   While many may be temped to discount the significance of the security concerns because the information that HHS currently asks individuals to share when they create their personal accounts appears relatively harmless, it merits noting that the creation of the login and security password that will be used to control access to the personal account of registrants are among those initial elements. To the extent security deficiencies compromise the security of this information, these security deficiencies could undermine the security of the personal accounts and all of the information they contain.

The Report does not make clear whether the security issues identified in the Report could compromise logon and password security of the personal accounts established by consumers now or in the future. However, it bears noting that securing the logon and passwords used to access electronic resources containing sensitive personal health care information and establishing other appropriate safeguards to protect the security of personal health information is one of the key responsibilities that  the Health Insurance Portability & Accountability Act (HIPAA) Security Rules require health plans, health care providers, health care clearinghouses and their business associates to protect and secure.  Failure to implement and administer appropriate safeguards for logons and passwords could compromise all the sensitive data in the personal account now or in the future.   Until questions about the security issues and their implications on the logon, password and other information associated with personal accounts are established,  Americans concerned about the security of their personal information may want to hold off entering data in response to the HHS’s invitation.  Additionally, Americans concerned about these and other security issues also may want to share their feedback with HHS and members of Congress.

Are you concerned about whether health care reform preparations are on track or have other health care policy concerns. Tell us what you think by responding to our poll. 

Join the discussion about health care reform and share your input by joining Project COPE: Coalition for Patient Empowerment here.

About Project COPE: The Coalition On Patient Empowerment & Its  Coalition on Responsible Health Policy

Sharing and promoting the use of practical practices, tools, information and ideas that patients and their families, health care providers, employers, health plans, communities and policymakers can share and offer to help patients, their families and others in their care communities to understand and work together to better help the patients, their family and their professional and private care community plan for and manage these  needs is the purpose of Project COPE, The Coalition on Patient Empowerment & It’s Affiliate, the Coalition on Responsible Health Policy.

The best opportunity to improve access to quality, affordable health care for all Americans is for every American, and every employer, insurer, and community organization to seize the opportunity to be good Samaritans.  The government, health care providers, insurers and community organizations can help by providing education and resources to make understanding and dealing with the realities of illness, disability or aging easier for a patient and their family, the affected employers and others. At the end of the day, however, caring for people requires the human touch.  Americans can best improve health care by not waiting for someone else to step up:  Step up and help bridge the gap when you or your organization can. Speak up to help communicate and facilitate when you can.  Building health care neighborhoods filled with good neighbors throughout the community is the key.

The outcome of this latest health care reform push is only a small part of a continuing process.  Whether or not the Affordable Care Act makes financing care better or worse, the same challenges exist.  The real meaning of the enacted reforms will be determined largely by the shaping and implementation of regulations and enforcement actions which generally are conducted outside the public eye.  Americans individually and collectively clearly should monitor and continue to provide input through this critical time to help shape constructive rather than obstructive policy. Regardless of how the policy ultimately evolves, however, Americans, American businesses, and American communities still will need to roll up their sleeves and work to deal with the realities of dealing with ill, aging and disabled people and their families.  While the reimbursement and coverage map will change and new government mandates will confine providers, payers and patients, the practical needs and challenges of patients and families will be the same and confusion about the new configuration will create new challenges as patients, providers and payers work through the changes.

We also encourage you and others to help develop real meaningful improvements by joining Project COPE: Coalition for Patient Empowerment here by sharing ideas, tools and other solutions and other resources. The Coalition For Responsible Health Care Policy provides a resource that concerned Americans can use to share, monitor and discuss the Health Care Reform law and other health care, insurance and related laws, regulations, policies and practices and options for promoting access to quality, affordable healthcare through the design, administration and enforcement of these regulations.

Other Helpful Resources & Other Information

We hope that this information is useful to you.   If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available here .  You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,”  using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.

Recent examples of these publications include:

For important information about this communication click here.

©2013 Cynthia Marcotte Stamer.  Nonexclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: