Georgia’s Sam Olens and attorneys general in 12 other states say the federal government is not doing enough to protect the medical and financial information of people who will apply for health insurance on government exchanges set to open Oct. 1.
In a letter to U.S. Health and Human Services Secretary Kathleen Sebelius, they said the navigators being hired under the Affordable Care Act to help guide consumers through the insurance application process will have access to important personal information but may not be adequately trained to protect it. They also questioned whether the people being hired as navigators will be properly screened to weed out criminals, including identity thieves.
An HHS official Thursday called the safeguards “robust” but would not address specific concerns raised by the attorneys general in their letter. Navigators do face civil penalties of up to $25,000 per violation of privacy and security standards.
Other observers, downplaying the security concerns, said the attorneys general should have spoken up earlier about the rules governing navigators and privacy if they had complaints. All 13 of the officials are Republicans, and most of their states have not taken an active role in preparing for the Affordable Care Act.
Nonetheless, Olens said, “this is not a political statement” but is about “protecting people’s privacy.”
Some privacy advocates said the potential for identity theft is real and even inevitable.
The letter was sent Wednesday, on the eve of Thursday’s announcement by Sebelius of the organizations that will receive funding to hire navigators.
The letter says training requirements consist of vague principles and provide “little concrete guidance.” It also said criminal background and fingerprint checks are not required. (Rules that Georgia has adopted do call for prints and background checks). Thousands of navigators will have to be hired and trained in only about six weeks, compounding the problem, they added.
“Personnel working for various groups and agencies to help consumers sign up for health insurance will have considerable access to consumers’ personal information,” Olens said in a statement, “yet the HHS rules do not provide clear privacy protections. This raises serious questions about the security of highly confidential information of potentially thousands of Georgians.”
Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, a nonprofit consumer education and advocacy organization, said, “There are real concerns here. When you’re dealing with this many people and this many organizations, with so much information going back and forth on so many devices like laptops and tablets, it’s almost impossible to lock down that information to where you have 100 percent security.”
Lee Tien, senior staff attorney for the Electronic Frontier Foundation, said states could help the situation by implementing their own tougher requirements. More than a dozen states have added their own rules for navigators.
Georgia lawmakers last spring passed legislation that said navigators must complete at least 35 hours of training, be licensed, take continuing education courses, and renew their licenses each year. The state insurance department also requires that navigators be finger printed and undergo background checks.
Olens said the tougher state laws should not be preempted by federal regulations.
An HHS official said Thursday that federal officials are looking at states’ additional requirements to make sure they don’t conflict with federal requirements.
About the Author
