Healthcare Technology Featured Article

August 07, 2013

Security Concerns Arise Over Affordable Care Act


There are many concerns about the implementation of the new U.S. national healthcare program, the Affordable Care Act (ACA), with the latest being that the government is possibly months behind schedule in testing data security.

The data security relates to state exchanges in which consumers can buy health insurance. They were supposed to open by Oct. 1. Yet, because of delays, the exchanges may see a later opening or have security flaws in place, Reuters warns.

The shortfalls are cause for concern. “They’ve removed their margin for error,” Deven McGraw, director of the health privacy project at the Center for Democracy & Technology, told Reuters. “There is huge pressure to get [the exchanges] up and running on time, but if there is a security incident they are done. It would be a complete disaster from a PR viewpoint.”

One possible scenario is hackers can get into the system to steal consumers’ Social Security numbers. Criminals could also steal identities.

A Department of Health and Human Services inspector general’s report claimed the Centers for Medicare & Medicaid Services (CMS) — which is assigned to run ACA — had said May 13 was the deadline for a plan to test the security system. The test was supposed to have taken place between June 3 and 7.  The test is now supposed to be done between August 5 and 16, news reports said.

“CMS is working with very tight deadlines,” the inspector general’s report warns, Reuters said. “Several critical tasks remain to be completed in a short period of time.”

Certifying ACA’s IT system will now likely take place on Sept. 30. That is just a day before enrollment for ACA starts.

But a CMS spokesman says the health exchanges will open on time. “We are on schedule and will be ready for the marketplaces to open on Oct. 1,” the statement said, news reports said. “This study was conducted in May, and we have made significant progress in the three months since then. CMS has extensive experience building and operating information technology systems that handle sensitive data.  This experience comes from many years administering the Medicare, Medicaid and CHIP programs.”

Information given to the marketplaces will be confirmed by the Internal Revenue Service and other federal agencies, such as Homeland Security, the Social Security Administration, the Veterans Health Administration, the Department of Defense, the Office of Personnel Management, the Peace Corps, and Health and Human Services Department.

The system, including a federal data hub, is supposed to have security controls, risk assessments of vulnerabilities and possible data breaches, and an assessment by an independent organization that security controls are in place.

If adequate security is not in place – it could lead to extended legal action to block ACA. Federal laws and regulations demand adequate security be in place for exchanges to open.

“Effective security controls are necessary to protect the confidentiality, integrity, and availability of a system and its information,” the inspector general’s report said, according to The Washington Post.

Already, political pressure also could lead to cutting corners, news reports warn. “The Obama administration is so determined to get ACA up and running on time that they are likely to ignore the legal requirements to adequately review these privacy safeguards,” according to a report from Forbes.




Edited by Alisen Downey
Get stories like this delivered straight to your inbox. [Free eNews Subscription]




SHARE THIS ARTICLE



FREE eNewsletter

Click here to receive your targeted Healthcare Technology Community eNewsletter.
[Subscribe Now]