The attorneys general also claim that consumer safeguard guidelines as written in the law “provide significantly less protection to consumers with respect to navigators than with respect to insurance agents and brokers.”
Agents and brokers, whose roles are potentially threatened by the exchanges and the navigators, have pushed for state legislation around the country requiring licensing and additional training of navigators.
HHS is aware of the security concerns. During a conference call with reporters today, Chiquita Brooks-LaSure, deputy director of policy and regulation at CMS' Center for Consumer Information and Insurance Oversight, said that the amount of required training is sufficient, and there would be additional training done “as needed.” She also said appropriate security safeguards are in place and that training of navigators will help protect consumers' personal data.
“We are absolutely focused on privacy and security at the department and at the CMS level, (they) are working on a variety of systems” to enhance privacy and security.
In addition, HHS announced today that it is awarding $67 million to 105 navigator grant applicants in states with federally facilitated and state partnership exchanges, including the 13 states the attorneys general represent. The amount was originally slated to be only $54 million. Brooks-LaSure said that the additional $13 million came from transferring funds from the Patient Protection and Affordable Care Act's Prevention and Public Health Fund.
Earlier this month, HHS' Office of Inspector General said in a report that security testing of the federal data hub, the computer system that will connect with state exchanges to determine exchange eligibility and make subsidy determinations, is behind schedule. In a letter earlier this week, Sen. Orrin Hatch (R-Utah) asked the Government Accountability Office for information on the "security and privacy of the data being exchanged" between the hub and the exchanges.
Christopher Rasmussen, a policy analyst with the Center for Democracy & Technology's Health Privacy Project, said the attorneys general raise some legitimate concerns.
Navigators need to be educated “to ensure they have adequate privacy and security training,” Rasmussen said. “While training can't stop someone who is determined to commit a crime, it does help so they don't do so unwittingly.”
Rasmussen added that federal regulations provide additional safeguards once a navigator is on the job. He noted that if there is a security incident involving a navigator or assister and someone witnesses it, the matter must be reported to the CMS immediately.