Published from the Springfield Business Journal
The Affordable Care Act has expanded access of coverage to millions of Americans.
Most of the market reforms of the ACA took effect Jan. 1. Individuals and families purchasing insurance now have access to guaranteed coverage regardless of their pre-existing conditions, and premiums cannot vary based on medical history or gender. However, one of the biggest concerns of consumers enrolling in the exchanges is fraud. In the wake of massive data breaches, such as Target, are records safe on this new Internet-based health insurance system?
Subsidies are available to consumers to help with the cost of coverage, and health insurance exchanges have been developed to help the consumer locate the best plan to fit their needs.
The state-based exchanges use tax information to verify identity and the amount of subsidy the consumer is eligible to receive. Eligible taxpayers who purchase health insurance through an exchange can request a refundable tax credit to help pay their premium. The ACA authorized the Internal Revenue Service to disclose a limited amount of information about exchange applicants. The IRS also has implemented a series of precautions to safeguard the information provided to protect the confidentiality of applicants and their federal tax information.
The IRS sent about 23 million tax information reports during the first open enrollment period, October 2013 through March, and some 13 million of those reports went to the U.S. Department of Health and Human Services, while the rest went to the state-based exchanges.
The Treasury Inspector General for Tax Administration – the watchdog agency keeping tabs on the IRS – recently published guidance about the inefficiencies they found of ACA exchanges, along with some recommendations. The agency only reviewed the IRS systems and not HealthCare.gov or the HHS state-based exchange systems. The IRS systems supporting data transfers among the exchanges and federal agencies to enroll applicants generally function adequately. What could go wrong?
IRS efforts to prevent a breach of personal tax information will never be perfect. The behavior of system users and operators may intentionally or unintentionally bypass or subvert security controls designed to protect systems and data. Strict adherence to security procedures is generally rare, and systems change along with the environment that they are being administered. HHS guidance prohibits the display and disclosure of federal tax information during the application processing, and this significantly reduces the exposure of the consumer to having their information viewed during the enrollment process.
Administration officials say they remain confident HealthCare.gov is a secure method for enrolling.
“When consumers fill out the online application, they can trust that the information that they’ve provided is protected by stringent security standards and that the technology underlying the application process has been tested and is secure,” Medicare Administrator Marilyn Tavenner assured the Senate’s Health Committee last fall during open enrollment.
Fraud remains a concern. Consumers can potentially be directed to websites that are almost identical to state or federal exchange sites. In this day and age of being short on time and inundated by social media, email and other digital content, it is easy to mistake an email that leads to a fraudulent site. Scammers will go after whatever personal information they can get their hands on. People tend to choose the same security questions and answers, and scammers will then use that information to access their email and potentially worse.
On Aug. 25, federal employees noticed a breach. Hackers had placed malicious software onto a HealthCare.gov test server that intended to affect multiple websites. These cyber-attacks use botnets with malware to send traffic from multiple computers to a particular website so it will shut it down and interrupt service.
Cybersecurity professionals have warned us for quite some time that hackers are eager to gain access to information stored and communicated on the exchange sites. Oversight is in place but it may only be a matter of time before information is accessed from cyberattacks.
The ACA is basically an online event. The consumer only has a few options in order to process their enrollments and apply for subsidies. You can enroll online, call in and enroll over the phone, or meet with an agent or navigator to help you enroll into a plan.
Regardless of how you enroll into an exchange, the information you provide is being transmitted and stored on servers. Clever hackers and scammers will always try to breach those systems, and we can only hope those systems meet the security needs to store our information.
John Osborn is owner and partner with Osborn & Associates. He can be reached at email@example.com.