Attorney General Sam Olens announced today that he and 12 other state attorneys general have sent a letter to the U.S. Department of Health and Human Services (HHS) expressing grave concerns that consumers’ private information is left unprotected under the new health insurance exchanges that are set to go into effect this fall.

The letter to Secretary Kathleen Sebelius says privacy protection measures written into HHS’s rules governing programs that assist consumers with enrolling in the new health care exchanges are woefully inadequate. The exchanges were created as part of the Affordable Care Act.

“Personnel working for various groups and agencies to help consumers sign up for health insurance will have considerable access to consumers’ personal information, yet the HHS rules do not provide clear privacy protections,” Olens said. “This raises serious questions about the security of highly confidential information of potentially thousands of Georgians.”

The ACA provides funding for groups, such as navigators, to help consumers enroll in health insurance plans. As part of that process, these navigators and other assistance personnel will have significant access to consumers’ private and personal data. However, the letter states that the federal rules fail to ensure that navigators will be adequately trained to safeguard data provided by consumers. Nor do the rules make clear who is responsible if an identity theft occurs.

HHS rules promise that training will be ‘extensive,’ but officials with the agency have already cut back on the required hours of training from 30 to 20 online hours because there isn’t enough time for adequate training before the health insurance exchanges open.

Moreover, the proposed consumer safeguards are woefully substandard and come up short when compared to other privacy protections at the state and federal level. For example, the guidelines governing navigators are less demanding than federal privacy requirements applicable to federal census workers.

Even more concerning for the attorneys general is that HHS currently does not require criminal background checks or fingerprint checks of potential navigator hires and does not list any prior criminal acts as being a disqualifier for someone seeking to work with consumers and their private information.

“We are now discovering that Obamacare will not only harm consumers’ pocketbooks, but it will also put them at serious risk of identity theft and fraud,” said Olens. “HHS must implement an on-the-ground plan to secure consumer information, follow up on complaints and work with law enforcement to prosecute bad counselors. Otherwise this is a disaster waiting to happen for Georgia consumers.”

In their letter, the attorneys general raise eight areas of concern and ask HHS a series of questions about steps the agency will take to ensure citizens are protected. The attorneys general ask HHS to respond to their questions by August 28, 2013.

The letter is attached.

Related Files