"I don't want to say it will be better privacy-wise, but it can't be any worse," says my colleague Eduard Goodman, chief privacy officer of Identity Theft 911. "At least with a government program you will have some accountability."
That said, there is absolutely no room for trial and error when dealing with information so vital to our health and valuable to those who would steal and exploit it for their personal gain.
Lack of Proper Screening and Training
The federal government spent $67 million to hire "navigators" to help people enroll in Obamacare. As Health and Human Services Secretary Kathleen Sebelius told USA Today, navigators are needed to help consumers traverse the complicated world of private insurance, and dispel myths about the new program.
Many in the public and private sectors have expressed concern that navigators will have access to extremely sensitive personal information, including Social Security numbers, without proper screening, training and oversight required to prevent data loss or theft.
In a letter sent to the HHS Secretary less than one month ago, 13 attorneys general warned, "As it now stands, it is inevitable that HHS's vague 'standards' will result in improperly screened or inadequately trained personnel."
The administration counters that strong privacy measures exist already. The final rule implementing the program requires navigator agencies to be pre-screened and closely monitored. It argues that navigators will receive up to 30 hours of initial training that includes preparation on privacy and security; will be tested before starting work; will not have access to applicants' online accounts; and their work will be monitored by CMS.
The back and forth has continued, but the concerns expressed by congressional critics aren't entirely unfounded. No matter how much training and oversight they receive, navigators will have access to lots information about lots of Americans, and it is not unlikely that some may steal that data for their own profit.
We can do better. As the ID Theft Resource Center points out, all navigator applicants should undergo criminal background and fingerprint checks. Georgia, Utah and Nevada enacted tougher requirements on navigator certification and licensure. As long as such efforts don't devolve into obstructionism, states have broad power to protect Americans from fraud and, as the administration points out, should use that power.
Inevitably, some identity thieves will try to pose as navigators to scam consumers into handing over private information. Reports of scams have already surfaced. If you receive a call from anyone claiming to be a navigator, ask for their contact information, independently confirm their authenticity and then return the call. Search the CMS Center for Consumer Information & Insurance Oversight to locate those organizations in your state that are serving as navigators.
The Affordable Care Act represents a huge step forward in our drive to give all Americans access to health care. Unfortunately, if we fail to properly secure health information and protect patient privacy, the door will be open to identity thieves, hackers and scam artists thereby creating an environment of distrust and insecurity which will ultimately jeopardize the health of the program.
Adam Levin is chairman and cofounder of Credit.com and Identity Theft 911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.