Obamacare: New Privacy Regs Revealed
HHS Regulations for Affordable Care Act ExchangesUnder a new final rule setting standards for the Obamacare health insurance exchanges, those who provide consumers with insurance enrollment assistance and then improperly use or disclose personally identifiable information or submit false or fraudulent information can face civil monetary penalties.
See Also: AI in Cybersecurity: The Promise and Reality
The rule, Patient Protection and Affordable Care Act; Exchange and Insurance Market Standards for 2015 and Beyond, is from the Department of Health and Human Services' Center for Medicare and Medicaid Services. Made available for viewing on the Federal Register inspection desk on May 19, the rule is slated to be published in the Federal Register on May 27 and go into effect on July 28.
Within the 436-page rule are provisions that give HHS authority to impose civil monetary penalties "on navigators, non-navigator assistance personnel, certified application counselors, and certified application counselor organizations in the federally facilitated exchange who violate certain exchange standards applicable to them."
The navigators and others named in rule are individuals and entities that are approved to assist consumers with enrolling for health plans on federal facilitated insurance exchanges operating under the Affordable Care Act.
The new rule "will ensure that consumers interacting with the exchange receive high-quality assistance and robust consumer protections," the regulation states. The rule's provisions that allow HHS to impose penalties on those consumer-assistance entities and individuals for providing false or fraudulent information to the exchange, and for improper use or disclosure of information, aim to ensure privacy and security of consumers' information.
The provisions state that "any person who knowingly or willfully uses or discloses information as specified ... may be subject to a civil money penalty for each use or disclosure ... of not more than $25,000 per use or disclosure."
The rule also notes: "These penalties may be imposed in addition to any other penalties that may be prescribed by law.
Deterrent Effect
Some experts say the threat of monetary penalties for fraudulent acts and improper disclosure or use of consumer information can act as a deterrents to such behavior and helps to address public concern that consumer data is at risk.
"This is a good way of effectively protecting consumer information from possible negative behavior," says Lisa Swirsky, senior policy analyst at Consumers Union, a consumer advocacy.
"The rule does a good job of balancing," Swirsky says. The navigators and others who assist consumers in enrolling for health coverage on the exchanges are not discouraged from helping those individuals, while, at the same time, they're discouraged from improperly handling consumer information, she says.
Curt Kwak, CIO of Washington state's health insurance exchange, notes: "Additional accountability and responsibility can help improve security and improve the privacy of personal data."