Obamacare’s Privacy Nightmare
The bungled opening of the exchanges should worry consumers.


Tuesday marked the first day of open enrollment for the health-insurance exchanges set up by the Affordable Care Act. It didn’t go very well: Would-be health-insurance consumers in at least 47 states encountered technical problems. These so-called glitches, however, mask a much more serious concern for consumers: protecting sensitive data. The lack of sufficient security surrounding the exchanges should give potential enrollees pause.

In August, a coalition of attorneys general from 13 states wrote Health and Human Services secretary Kathleen Sebelius to express concerns over consumer privacy and oversight of “navigators,” counselors charged with assisting consumers enrolling in the exchanges. Specifically, the attorneys general asked what policies were in place to screen and monitor program personnel, prevent fraud and remedy cases of it, and regulate the navigators at the state level. But chief among their concerns was whether sufficient safeguards were in place to prevent security breaches.

In September, the concerns of the attorneys proved prescient. An employee of Minnesota’s health exchange accidentally sent 2,400 Social Security numbers, complete with names and addresses, to an insurance broker applying to become a navigator. Not only was the information mishandled, it was sent in an unencrypted and unsecured spreadsheet, suggesting additional lapses in security.

HHS has yet to respond to the August letter.

Concerns are not limited to the 13 attorneys general who wrote to Secretary Sebelius. In California, state insurance commissioner Dave Jones — an early supporter of the ACA — expressed worry that the 21,000 personnel providing customer support for the exchanges lacked proper oversight and could “obtain information that will allow them to build the trust they have with the individual they’re working with and potentially sell them all manner of bogus products, steal their identity, [and] gain access to certain assets they might have.”

Commissioner Jones is not alone in his unease. A report from the House Oversight Committee found that top HHS officials are similarly worried about the potential for identity theft. HHS officials expressed concern that individuals may pose as navigators to defraud consumers — because there is no way for consumers to verify who is certified — or that certified navigators themselves may misappropriate sensitive data due to lack of oversight, training, and safety protocols. Navigators are required to undergo as little as five hours of training before handling sensitive data, and are not subject to background checks.

In the coming months, millions of consumers will interact with the ACA for the first time via exchanges, renewing the nation’s focus on the sweeping health-reform law and shedding full light on the myriad of privacy and personnel concerns.

Despite acknowledged risks to consumers, the one-year delay to the ACA’s employer mandate and small-business exchanges, and the administration’s having already missed  half the law’s deadlines, it’s now clear that the White House was intent on debuting exchanges whether or not they were ready. It would be prudent, regardless of whether one supports the Affordable Care Act at all, for enrollment to be halted until HHS can implement proven safeguards to protect consumer privacy. As things stand: Buyer beware.

— Sean Riley is the director of the American Legislative Exchange Council’s Task Force on Health and Human Services. Ed Walton is a legislative analyst at the American Legislative Exchange Council.

Obamacare Exchange Glitches
The official launch of Obamacare's health insurance exchanges on October 1 turned into a glitch-ridden affair, causing a scramble for tech support and media spin by backers of the law. Here’s a look at what users encountered. Pictured, the main page at the federal site.
Further embarrassing administration officials were several on-air crashes as newscasters tried to demonstrate the online exchanges. Pictured, MSNBC reporter Mara Schiavocampo stumbled during sign-up, then waited on hold on a support line for 35 minutes before giving up. was beset with a number of issues, from general access problems to database breakdowns that frustrated attempts to set up accounts and peruse rate information.
More broken screens at
Confirming fears about security of personal information, screens meant to establish security questions on user accounts to verify identity were not providing valid question and answer options.
Those who braved the online tech support were met with long wait times. Whether the delays were caused by simultaneous traffic or deeper software problems remains unclear.
Federal officials reported that 2.8 million visitors access the federal site, with some 81,000 contacting call centers and 60,000 requesting live support chats. Pictured, live-chat window at
Administration officials tweeted apologies for the technical issues early on Tuesday, but users reported continuing problems throughout the day.
Those states that set up their own exchanges also experienced a range of launch-day glitches. Pictured, problems at Colorado's exchange prompted this note from administrators.
Database error code seen at the Colorado exchange.
Apology message at the Kentucky exchange.
Error screen at New York's exchange site. Another user tweeted: “Logged onto the New York State healthcare exchange, got this: ‘Error 500: java.lang.NullPointerException’ (@marykissel)
“Cover Oregon, the insurance exchange, won’t be ready to process enrollment on schedule tomorrow. (@jjcooper)
“#ObamaCare exchanges open today and #WA State’s website isn’t even working. Precursor to the complications to come. (@cathymomorris)
The mobile site for California’s exchange was not allowing user access.
Updated: Oct. 01, 2013