During the last several weeks, officials in multiple states including Alabama, Florida, Georgia, Kansas, Louisiana, Michigan, Montana, Nebraska, North Dakota, Oklahoma, South Carolina, Texas, and West Virginia have expressed concerns regarding data privacy risks presented by programs that assist consumers with enrollment in health insurance via the Health Insurance Exchanges established pursuant to the Affordable Care Act. On August 14, 2013, an alliance of Attorneys General from these states (the “Alliance”) sent a letter (“the Letter”) to the Secretary of the U.S. Department of Health and Human Services (“HHS”) stating that HHS “has failed to adequately protect the privacy of those who will use the assistance programs connected with the new health insurance exchanges.” On August 20, 2013, Florida Governor Rick Scott verbally echoed these concerns. HHS thereafter responded.
In the Letter, the Alliance notes that while navigators will have robust access to consumers’ personal information, the Final Rule relating to the Standards for Navigators and Non-Navigator Assistance Personnel (“Final Rule”) does not provide sufficiently clear standards regarding how such individuals will be trained on the importance of protecting consumers’ privacy. The Letter also states that the Final Rule does not require uniform criminal background or fingerprint checks for personnel who collect consumers’ information to assist with insurance enrollment. Inadequate background checks coupled with insufficient training could result in hiring “unscrupulous counselors” with “easy means to commit identity theft on consumers,” the Letter argues. After articulating its concerns, the Alliance requests a response from HHS by August 28, 2013 that addresses specific questions related to screening personnel, guidance to program personnel, monitoring personnel, notifying consumers of privacy rights, liability, fraud prevention and remedies, penalties, and supplemental state regulation.
Soon after the Letter was sent, Gov. Scott expressed his concerns regarding how personal information disclosed to navigators would be used, framing the issue as one related to both consumer protection and identity theft. HHS Spokeswoman Joanne Peters responded to Gov. Scott’s comments by explaining that the navigator program has precedent, since the government has assisted individuals with enrollment in the Medicare and Medicaid programs for years. Additionally, she clarified that once navigators assist individuals with completing on-line insurance applications, the navigators will no longer have access to the applications or the personal information contained therein.
The numerous constituents who are interested in the navigator program, including, purchasers, suppliers, and others, will be interested to see if HHS responds to the Letter itself and also how HHS continues to address data privacy concerns generally.