A data breach in Minnesota has added fuel to Gov. Rick Scott's latest crusade against the Affordable Care Act: privacy concerns. Now, he's asking U.S. Senate Majority Leader Harry Reid and House Speaker John Boehner to address the questions raised about whether patient information will be protected when they are assisted by enrollment advisors or use web-based programs to sign up for coverage.
Before you read Scott's letter, here's some background about the incident in Minnesota: An employee working for the state's health exchange incorrectly emailed the social security numbers and other identifying information for about 2,400 insurance agents to a man applying to becoming a "navigator."
A MNsure employee accidentally sent an e-mail file to an Apple Valley insurance broker’s office on Thursday that contained Social Security numbers, names, business addresses and other identifying information on more than 2,400 insurance agents.
An official at MNsure, the state’s new online health insurance exchange, acknowledged it had mishandled private data. A MNsure security manager called the broker, Jim Koester, and walked him and his assistant through a process of deleting the file from their computer hard drives.
Koester said he willingly complied, but was unnerved.
In expressing concern about "navigators" last month, Scott said he worried they would become privy to private information as they helped Floridians sign up for coverage. The director of a non-profit organization responsible for hiring these enrollment advisors tried to allay those fears last week, saying "navigators" won't need to collect patients' personal information in order to do their job.
Now, Scott is using the Minnesota incident to pivot on his argument. He's still worried the 'navigators' will be privy to patient personal information, but now he's expressing the same concerns about the health exchanges themselves.
Of course, similar advisors have been helping Floridians sign up for Medicare, Medicaid and a separate program for children for years. These programs also have web-based enrollment, operating similar to how the exchanges are expected to when they start signing up patients on Oct. 1. So far, however, Scott hasn't verbalized any privacy issues about those more popular and established health care programs.
Here is Scott's full letter to Boehner and Reid:
On Thursday, September 12, 2013, an individual applying to be a 'navigator' in Minnesota mistakenly received 2,400 Americans' Social Security numbers when a federal insurance exchange employee accidentally sent him an email. Reports say the information contained, "page after page of names, business addresses, license numbers and Social Security numbers." ("Errant E-mail Creates Security Breach at MNsure," Star Tribune (Minnesota), 9/13/13)
As you know, the federal insurance exchanges are set to open in October in Florida and all across the country for individuals to access insurance in order to avoid paying a penalty under the President’s new healthcare law. While Florida and many other states fought against this law and its penalties all the way to the U.S. Supreme Court, we ultimately lost our battle and the legislation is now the law of the land.
Even though our chance to stop the President's healthcare law at the state level has passed, we are becoming increasingly concerned about how the implementation of the law will affect Floridians.
In fact, Florida has been identified as “ground zero” for the administration’s efforts to get people into the federal insurance exchange. This characterization has been underscored by multiple visits to our state by U.S. Secretary of Health and Human Services Kathleen Sebelius asking people to use the federal exchange.
As the push for "navigators" to sign up Floridians on the federal health insurance exchange becomes more frenzied, the need to safeguard the personal information Floridians submit to the “navigators,” and its use in a "federal data hub," is taking on paramount importance.
As the Minnesota man who mistakenly received the private information of thousands of Americans said last week, "What if this had fallen into the wrong hands? It's scary." (Star Tribune (Minnesota), 9/13/13)
Though details about what "navigators" will do to collect personal information and run it through the federal data hub remain inconclusive at best, we know the data hub itself will use Americans' "income, citizenship, immigration status, access to minimum essential coverage," as well as information at "the Social Security Administration, the Internal Revenue Service, the Department of Homeland Security, The Department of Veterans Affairs, Medicare, TRICARE, the Peace Corps, and the Office of Personnel Management” to determine eligibility for the federal exchange. ("Fact Sheet: Security of the Marketplace Data Services Hub," 9/11/13, Centers for Medicare and Medicaid Services.)
The "navigators" are moving quickly in Florida to collect personal information and sign Floridians up on the federal exchange. Some "navigators" have even publicly stated their desire to set up offices in state health facilities, where we have a direct obligation to ensure Floridians' privacy is protected.
Mounting pressure to enroll Floridians in the federal exchange must make us pause to carefully review what protections are in place to safeguard the personal information of hundreds of thousands of Floridians - and millions of Americans - who are expected to use the federal exchange to escape the penalty under the President’s new healthcare law.
I respectfully request you take immediate action by whatever means available to thoroughly review what privacy rules and safeguards are in place to protect Americans’ personal information, both when they consult with "navigators" and when their information is entered into the federal data hub.
Protocols, processes and security testing should be carefully detailed and publicly disclosed. Floridians should not have to exchange their privacy for insurance. Thank you for your attention to this matter of critical – and growing – importance to Floridians.