Myth: Your private information is safe in the hands of Obamacare employees

Rick Moran
The state insurance exchanges created as a result of Obamacare aren't even up and running yet and there's already been a breach in the privacy firewall.

In Minnesota, an Obamacare "navigator" accidentally sent out an email with the social security numbers, names, addresses, and other personal information of insurance brokers.

Ooops!

With Obamacare's massive Patient Data Hub poised to open soon, a sloppy mistake by an Obamacare employee hasn't exactly inspired confidence that Americans' private information will be closely guarded by Obamacare's powers-that-be.  As the Minneapolis Star Tribune reports (and Andrew Johnson highlights at NRO), an Obamacare exchange employee in Minnesota accidentally sent out an email containing 2,400 Americans' Social Security numbers.  

The Star Tribune writes:

"A MNsure employee accidentally sent an e-mail file to an Apple Valley insurance broker's office on Thursday that contained Social Security numbers, names, business addresses and other identifying information on more than 2,400 insurance agents.

"An official at MNsure, the state's new online health insurance exchange, acknowledged it had mishandled private data. A MNsure security manager called the broker, Jim Koester, and walked him and his assistant through a process of deleting the file from their computer hard drives.

"Koester said he willingly complied, but was unnerved.

"'The more I thought about it, the more troubled I was,' he said. 'What if this had fallen into the wrong hands? It's scary. If this is happening now, how can clients of MNsure be confident their data is safe?'"

The Star Tribune continues:

"Users of the exchange will need to provide sensitive information, including Social Security numbers, that will be sent to a federal hub to verify such things as citizenship and household income....

"All states and the federal government, which also is setting up exchanges for some states, are scurrying to get the complex system running in less than three weeks.

[...]

"Koester, the agent, had been working with MNsure staff because he was having trouble registering for classes to get trained as a certified 'navigator' to help people sign up for coverage.

"Koester said there had been some back-and-forth with a MNsure staffer when he received an e-mail and attachment that took him by surprise: page after page of names, business addresses, license numbers and Social Security numbers.

..."'[T]he gorilla in the room is that they sent me something that's not even encrypted. It's unsecured, on an Excel spreadsheet - which is using outdated technology to transfer that information in the first place.'

"'They've got to realize they have a huge problem.'"

Obamacare management at HHS do not see a "huge problem." They see security issues in the context of a PR campaign. A local professor who testified before Congress about IT issues is quoted as saying, "'The people who believe in this are so driven that there's a subcontext of "Just let us do our job and get as many people signed up as possible, and we'll pick up the debris later,"' said Steve Parente, a University of Minnesota finance professor who specializes in health IT issues.

Parente is right. What are we going to do, arrest them? They don't care about your privacy because there is no incentive for them to do their utmost to secure your personal information.

Meanwhile, the data czar at HHS is expected to receive a final security report on September 20 that will tell us whether the exchanges can operate safely in a secure environment. You and I both know that even if there was massive potential for security breaches - and there very well may be - there isn't a chance in hell that any federal government employee is going to recomend a delay at this time.

Ready or not - and they're probably not - Obamacare will be open for business on October 1.


The state insurance exchanges created as a result of Obamacare aren't even up and running yet and there's already been a breach in the privacy firewall.

In Minnesota, an Obamacare "navigator" accidentally sent out an email with the social security numbers, names, addresses, and other personal information of insurance brokers.

Ooops!

With Obamacare's massive Patient Data Hub poised to open soon, a sloppy mistake by an Obamacare employee hasn't exactly inspired confidence that Americans' private information will be closely guarded by Obamacare's powers-that-be.  As the Minneapolis Star Tribune reports (and Andrew Johnson highlights at NRO), an Obamacare exchange employee in Minnesota accidentally sent out an email containing 2,400 Americans' Social Security numbers.  

The Star Tribune writes:

"A MNsure employee accidentally sent an e-mail file to an Apple Valley insurance broker's office on Thursday that contained Social Security numbers, names, business addresses and other identifying information on more than 2,400 insurance agents.

"An official at MNsure, the state's new online health insurance exchange, acknowledged it had mishandled private data. A MNsure security manager called the broker, Jim Koester, and walked him and his assistant through a process of deleting the file from their computer hard drives.

"Koester said he willingly complied, but was unnerved.

"'The more I thought about it, the more troubled I was,' he said. 'What if this had fallen into the wrong hands? It's scary. If this is happening now, how can clients of MNsure be confident their data is safe?'"

The Star Tribune continues:

"Users of the exchange will need to provide sensitive information, including Social Security numbers, that will be sent to a federal hub to verify such things as citizenship and household income....

"All states and the federal government, which also is setting up exchanges for some states, are scurrying to get the complex system running in less than three weeks.

[...]

"Koester, the agent, had been working with MNsure staff because he was having trouble registering for classes to get trained as a certified 'navigator' to help people sign up for coverage.

"Koester said there had been some back-and-forth with a MNsure staffer when he received an e-mail and attachment that took him by surprise: page after page of names, business addresses, license numbers and Social Security numbers.

..."'[T]he gorilla in the room is that they sent me something that's not even encrypted. It's unsecured, on an Excel spreadsheet - which is using outdated technology to transfer that information in the first place.'

"'They've got to realize they have a huge problem.'"

Obamacare management at HHS do not see a "huge problem." They see security issues in the context of a PR campaign. A local professor who testified before Congress about IT issues is quoted as saying, "'The people who believe in this are so driven that there's a subcontext of "Just let us do our job and get as many people signed up as possible, and we'll pick up the debris later,"' said Steve Parente, a University of Minnesota finance professor who specializes in health IT issues.

Parente is right. What are we going to do, arrest them? They don't care about your privacy because there is no incentive for them to do their utmost to secure your personal information.

Meanwhile, the data czar at HHS is expected to receive a final security report on September 20 that will tell us whether the exchanges can operate safely in a secure environment. You and I both know that even if there was massive potential for security breaches - and there very well may be - there isn't a chance in hell that any federal government employee is going to recomend a delay at this time.

Ready or not - and they're probably not - Obamacare will be open for business on October 1.