September 26, 2013
This is #12 in a series of Access to Care Reports. (See also postings by Mitchell Law Office)
Information security issues for the new Health Exchanges may affect access to health insurance, by helping shape how individuals view the Exchanges—and decide to shop in the insurance marketplaces that are being established.
If the public comes to view the Exchanges as “not safe” in terms of personal information, then there may be a reluctance to participate in implementation of the Affordable Care Act (ACA).
The “security branding” of the Exchanges will depend on how well protections are explained to the public—and how many announcements are made in the media regarding compromised security.
The applications for health insurance coverage under the ACA require information that includes name, address, Social Security number, family relationships, employer relationships, annual income, and alternative insurance coverage available.
Online applications may be compromised through the computers used to submit an application; Exchange computers; computers located at the Data Hub “switchboard”; or computers at federal agencies. Hacking and deception may both be used to gain access to personal information.
Information may also be compromised by any careless or willfully-negligent handling of information anywhere in the computer network. For this reason, access to all facilities is likely to be tightly controlled.
Many individuals feel uncertain about how they will be affected by the ACA and hesitant as to whether they want to participate. Any information security concerns may weigh heavily on decisions as to whether to become involved.
ACA security issues have been a much-discussed topic in Congress. As a result, the Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) has examined the situation and presented testimony to the House Committee on Homeland Security. Indications are that appropriate procedures are being followed, but time constraints are of major concern.
Security will also be affected by the sharing of information with employers, insurance companies and providers. The wide dissemination of personal materials will present more opportunities for data “leakage”.
The security precautions taken by all health care organizations under existing statutes will now be expanded to include information associated with the Exchanges.
Individual perceptions of any information security risks associated with the ACA will affect willingness to participate in the marketplace processes, and thus access to care. This may be a particular problem for individuals who approach the Exchanges with a distrust of required disclosures of personal information. Others may recognize the risks as “typical” of computer-based activities and be less sensitive about such disclosures.
For some, there may be a “newness factor” with obtaining health insurance at all, and concern over any associated disclosure of personal materials. Security concerns may increase the reluctance of individuals to participate.
If security breaches occur, attorneys may find themselves becoming involved to protect the interests of a variety of clients, including individual applicants, employers, insurance companies, and providers.
Previous installments of “Access to Care Reports” address the various ways in which access to care issues are affecting legal practices: