|
December 9, 2013 - While there have already been a number of data breaches associated with the new state and federal healthcare exchanges, to the best of our knowledge none of those breaches has been intentional. That is, none of them with the exception of the most recent breach which occurred in California. Covered California - the state run exchange for Obamacare - unilaterally decided to release contact information to insurance agents for people who registered on the website but who didn't ask to be contacted. The breach involves tens of thousands of Californian's who were simply shopping for insurance.
|
|
|
|
|
|
 |
Officials with the state exchange announced that they began a pilot program last week to provide insurance agents with the names, addresses, phone numbers and email addresses of consumers who registered with the website but who have not signed up for an insurance plan. The purpose of the program, according to the state exchange, is to "help" consumers who might otherwise fine themselves without coverage as of January 1st. But the state's version of "helping" people is actually a huge violation of the public trust. Simply put, anyone who registers on the California State healthcare exchange may find any information they provide being used for marketing purposes. It is highly unlikely that most registrants anticipated this level of privacy invasion at the time they registered.
In order for consumers to get plan information through the state's website, they must first register. This makes it impossible for anyone to shop anonymously on the site.
Since the site's launch, there have been numerous news reports covering issues with the plans offered. These plans are often significantly more expensive than those which consumers are being forced to replace. Additionally, insurers participating in the healthcare exchange have reportedly reduced the size of their provider networks and eliminated many doctors and hospitals from the plans provided. Given these facts, it isn't surprising that many of those shopping on the website simply abandon their applications and decide to look elsewhere for insurance.
The state's response appears to be that anyone who registered but didn't purchase a plan was simply being foolish and doesn't know how to act in their own best interest. In order to remedy that situation, California has elected to create a massive data breach… but only to "help" people.
After reading the website's privacy policy, it isn't clear that the state's actions violate the policy. That's because the policy is so riddled with loopholes that it is largely meaningless.
This particular data breach will likely be more of an annoyance to consumers than something which will lead to fraud. Even in cases where the exchange possesses more complete consumer information, such as SSNs, that information is not being released. Even so, anyone who registered on the site without purchasing is likely to receive unsolicited phone calls, junk mail and spam as a result of the state's actions.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|
Privacy Issues 
