Scam artists — the only criminals we refer to as artists — are quite clever at taking advantage of whatever is capturing public interest. Obamacare is no exception, particularly as data is collected during the October 1 launch of the initial open enrollment period.
The biggest potential problem related to the Affordable Care Act relates to health insurance exchanges: state-based programs that will provide information about health insurance options and determine eligibility for various premium tax credits or cost-sharing deductions. The government has hired different organizations to run so-called Navigator programs for people seeking to enroll. To obtain and verify information needed for enrollment, navigators will have access to a Federal Data Services Hub that connects seven different government agencies: the IRS, Health and Human Services, Department of Justice, Homeland Security, Veterans Affairs, Department of Defense, and the Social Security Administration.
This data hub is necessary to verify eligibility for the law’s many subsidies and tax credits. But it will be the largest database of personal information every gathered by the federal government — a tempting target to identity thieves within U.S. borders and around the world. Information such as names, Social Security numbers, birth dates and employment information could end up in criminal hands and lead to the most massive wave of identity theft in history.
And right now the system is not secure.
The final testing of the Federal Data Services Hub security system has been pushed back repeatedly. Final testing is currently scheduled for September 30, just one day before the start date of the health insurance exchanges. In August, the Office of the Inspector General decried delays in the final testing of the security system. A spring 2013 study by the General Accountability Office had sounded a similar alarm.
Recently, 13 state attorneys general sent a letter to Health and Human Services Secretary Kathleen Sebelius indicating concern over the security of the information in the health insurance exchanges.
Their worry is legitimate.
Many organizations operating the Navigator programs are well established and security conscious. But there are many others — the Ohio Association of Foodbanks and the Ponca Tribe of Nebraska, for example — that may not have the security necessary to protect personal information. Making matters worse, the Department of Health and Human Services has cut back on requirements for hiring navigators. Since neither background checks nor fingerprinting is required, identity thieves will undoubtedly seek employment as navigators.
We are only as safe from identity theft as the weakest repository for our personal information. In recent years, hundreds of thousands of people have become victims of identity theft because of data breaches at companies and governmental agencies. Inadequate security of the Federal Data Services Hub poses a threat to millions of people that cannot be overestimated.
Can the federal government create a secure database? My advice is to wait and see (if you can). Give time for insurance exchanges to improve the security system. As an overall rule to proactively protect yourself from identity theft, you can put a credit freeze on your credit report. (Learn how with the Consumers Union guide.) This provides protection even if someone were to obtain your Social Security number or other personal information about you.
Steven J.J. Weisman is senior lecturer in law, taxation and financial planning at Bentley.