As plans move forward in more than two dozen states for the launching of the Affordable Care Act (Obamacare) health insurance exchanges, new concerns have emerged in yet another state—this time California—about consumer privacy and the security of personal data.
But a sampling of the Idaho legislators who voted in favor of an exchange for the Gem State remain confident that Idahoans won’t face security threats.
In September of 2012 Utah’s state-based insurance exchange was hacked, suggesting what was presumed to be a technological failure. Last week California’s state insurance commissioner raised concerns of a different sort about his state’s insurance exchange personnel. In his view, the procedures for hiring “enrollment counselors” for the state’s insurance exchange are inadequate.
“We can have a real disaster on our hands,” said commissioner Dave Jones. He explained that, while counselors will handle very sensitive and confidential data from consumers, the procedures put in place to screen and monitor the counselors are insufficient. He believes that privacy violations and identity theft problems could escalate in his state.
“It sounds to me like California has a hiring problem,” Rep. Wendy Horman, R-Idaho Falls, told IdahoReporter.com. “I have confidence that Idahoans will do things right. Hopefully there will be minimum job skills requirements for exchange workers, including integrity. It appears to me that we are doing everything we can to make our system secure.”
According to statistics from the Federal Trade Commission, Idahoans filed 905 complaints about identity theft in 2012, more than a 37 percent increase from the previous year. Most of the complaints were filed in Boise, Coeur d’Alene and Idaho Falls.
Jones also said that the California exchange does not have a plan for investigating complaints that might arise once the counselors start work. He said that consumers who might fall prey to bogus health care products, identity theft and other abuses will have a hard time seeking justice if unscrupulous counselors obtain their Social Security number, bank accounts, health records or other private information.
“Privacy should be top on every consumer’s mind,” Rep. Luke Malek, R-Coeur d’Alene, told IdahoReporter.com after hearing the news from California. “The fact that we have an Idaho specific exchange means that we will have accountability at the local level, rather than through an ethereal federal bureaucracy.”
Sen. Todd Lakey, R-Nampa, concurs with Malek. “Anyone who works at the insurance exchange needs to understand the importance of the secure and confidential information they receive and the consequences of violating that security.”
Concerns about privacy and personal data for Idaho’s insurance exchange emerged in the Legislature earlier this year when the creation of an insurance exchange was being debated. Amid the backdrop of Utah’s insurance exchange hacking, language was included in the Idaho bill that created the exchange stipulating that the board of directors for the Idaho state insurance exchange “shall certify to the director and the governor that all personal information collected on Idaho exchange participants is secure.”
The legislation doesn’t specify what “certify” means within its own context, nor does it define what it means for personal information about private citizens to be “secure.”
“Secure means preventing the ability of any unauthorized individual(s) or agent(s), by electronic hacking or any other illegal means, from accessing any of the personal information,” explained Jon Hanian, press secretary to Gov. Butch Otter on March 13. “That includes such things as name, address and taxpayer ID number.”
As for “certification,” Hanian noted at the time that “it means that all precautions and security measures are in place to safeguard that data attested to by the state and the federal government to ensure that that information is and remains secure.”
Malek told IdahoReporter.com that the ways in which data is to be secured in the Idaho insurance exchange is not a matter that is to be addressed by elected legislators.
“Ensuring that this happens is the job of the board (the exchange board of directors) and staff. How they accomplish that requirement is a more technical question that I am not qualified to answer as a politician. We were very clear that while we wanted accountability for individual care through the law we enacted, we didn’t want a state-run bureaucracy. In other words, we will ensure that the law is upheld, but we won’t let politicians run amok micromanaging issues outside our expertise as the system is created on a short timeframe to meet citizen privacy concerns,” Malek stated.
Similarly, Lakey told IdahoReporter.com that “perhaps those on the exchange board can give you more information on how security will be certified.”
Rep. Kelley Packer, R-McCammon, a member of the exchange board of directors, notes that “we are required, not only by our state statute, but also by federal regulations, to ensure that all information meets privacy and security requirements. And, those measures will be certified by ongoing reviews and audits.”
Packer added that the Idaho insurance exchange will not be hiring enrollment counselors as California is doing. “We are focused on using our current agent and broker pool to assist those using the exchange,” she said, noting that “these individuals currently work in this capacity, assisting consumers to find the right insurance product for their needs, and they are certified and regulated through the Department of Insurance.”