Information Security: The Other ACA Issue
Well, here we are just about one month into the launch of the healthcare.gov website. Unfortunately, since Arizona doesn’t have a state exchange, you’ll need to use healthcare.gov if you want to use an exchange to shop and purchase healthcare insurance. I don’t know about you, but I haven’t even tried to use it for fear of wasting time. But, I remain cautiously optimistic that the bugs will get fixed, and all who need to will be able to get on, shop and purchase in time to meet the deadlines.
There certainly is no shortage of pundits and hacks posting, commenting and spouting off about the ACA website debacle and my intention here is not to re-hash or add any more fuel to fire. What I am more concerned about, and want to make sure my Arizona-based small business clients are aware of, is the potential risks to the security of information that will be contained in the healthcare.gov database. While we may get frustrated with login and navigation issues, potential security risks associated with the site could have more far-reaching and devastating consequences.
The healthcare.gov website is slated to be the largest database of Americans with highly personal and sensitive information. With a database of this size and importance, it will be the target of hackers, scammers, unfriendly governments and others who are looking to prosper or bring malice by gaining access to this sensitive information.
What could be at risk
Unfortunately, it appears that the site is vulnerable to breaches of security. Scouring the internet, you can find reports of code bloat, a lack of security, and best practices such as user verification and easily available comment code. Here is a good synopsis of potential security issues. Additionally, a Computerworld review of publicly available information has found that two of the contractors involved in developing the ACA exchanges have had fairly serious data security issues in the past.
Steps you can take to secure your information
My goal in bringing this to your attention is to point out the importance of implementing user-based security measures when you do begin to use healthcare.gov. As healthcare consumers and small business owners, we have a lot to lose if our information gets into the wrong hands. Just as I hope you have implemented security measures to protect your financial information, it is now just as critical to implement security measures related to your healthcare information including strong passwords, regularly changing passwords, keeping passwords secure, and making sure you log in to healthcare.gov from a secure server. Take the time to make sure all of your sensitive information is secure. It is well worth the effort.