It's the biggest change in health care in nearly half a century, and perhaps unsurprisingly it's already become a tool for scammers. Though open enrollment under the Affordable Care Act (aka Obamacare) doesn't begin until Oct. 1, scam artists – masquerading as government representatives -- have tricked a number of consumers into coughing up personal information over the phone. That's just the opening shot. Once millions of consumers begin providing unprecedented amounts of personal data to various health exchanges through countless state and federal networks, the real assault will begin.
Hackers of all stripes are licking their chops in anticipation of a treasure trove of high value information ripe for the picking. The burning question: Are the data conduits secure? And what's at stake if your information is stolen? Best case: your financial well-being, if new accounts are opened in your name. Worst case: your life, if medical treatment is obtained in your name and your medical files are co-mingled -- leading to incorrect diagnosis and treatment. (If you're worried that someone has fraudulently opened accounts in your name, you should request copies of your medical records and look for errors. You can also use a free tool like Credit.com's Credit Report Card to monitor your credit for unexplained changes – which could stem from unpaid bills for fraudulently obtained healthcare. If something doesn't seem right, you can dig deeper and get your three credit reports for free once a year.)
The politics of the Affordable Care Act are irrelevant. The issue for me is privacy and data security and whether you're for Obamacare or against it, there are two ways the program's rollout could put your personal information at risk:
A Potentially Insecure Data Collection Process
When it comes to keeping our information safe, the government appears to be playing a dangerous game of chicken.
An August report from the Inspector General revealed that the chief information officer for the Centers for Medicare & Medicaid Services, or CMS, (which will run the data hub responsible for verifying applicants' personally identifying information with various federal agencies including the IRS and the Social Security Administration), won't sign off on data security until Sept. 30, one day before health insurance marketplaces are scheduled to open. That seems too close for comfort to me.
The Inspector General reported that such a tight deadline means the information chief "may not have a full assessment of system risks and security controls needed" to collect our data safely. Bottom line: The marketplaces are going live whether the data they gather is protected or not.
Optimists can take some comfort in the fact that, as CMS administrator Marilyn Tavener told Congress in July, the data hubs—the focus of much partisan huffing and puffing—are simply conduits. They are not databases, and will not retain any personal information.
Frankly, it's not as though the institutions currently gathering our data do a bang-up job protecting privacy, either.
"I don't want to say it will be better privacy-wise, but it can't be any worse," says my colleague Eduard Goodman, chief privacy officer of Identity Theft 911. "At least with a government program you will have some accountability."