Florida Republican Gov. Rick Scott sent a letter to congressional leaders on Monday expressing concern about the security of individuals’ private information under Obamacare as Republican leaders have repeatedly highlighted the law’s security flaws in recent weeks.
Scott’s letter, which he sent to Speaker of the House John Boehner (R., Ohio) and Senate Majority Leader Harry Reid (D., Nev.), focused on the security of the “navigator” system currently being set up in the states.
States and the federal government under Obamacare can hire “navigators” to help people sign up for health insurance through the new exchanges. By helping people sign up for insurance, the navigators will have access to their personal information, such as their social security numbers.
“Though details about what ‘navigators’ will do to collect personal information and run it through the federal data hub remain inconclusive at best, we know the data hub itself will use Americans’ ‘income, citizenship, immigration status, access to minimum essential coverage,’ as well as information at ‘the Social Security Administration, the Internal Revenue Service, the Department of Homeland Security, the Department of Veterans Affairs, Medicare, TRICARE, the Peace Corps, and the Office of Personnel Management’ to determine eligibility for the federal exchange,” Scott wrote, citing a federal fact sheet on Obamacare’s security.
“The ‘navigators’ are moving quickly in Florida to collect personal information and sign Floridians up on the federal exchange,” Scott continued. “Some ‘navigators’ have even publicly stated their desire to set up offices in state health facilities, where we have a direct obligation to ensure Floridians’ privacy is protected.”
Scott asked Reid and Boehner to review the security measures that are currently in place.
“Floridians should not have to exchange their privacy for insurance,” Scott wrote.
Rep. Diane Black (R., Tenn.), a vocal critic of Obamacare’s security shortcomings, released a statement Tuesday saying the navigators’ access presents “staggering opportunities for fraud and abuse.”
“With as little as 20 hours of training and no federal requirement for background checks, these individuals will gain access to Americans’ most sensitive personal information,” Black said.
Black gave the weekly Republican address this Saturday to spotlight her bill that would prevent the Obama administration from subsidizing people’s health insurance without verifying their eligibility for the financial support. The House passed Black’s bill last week.
Obamacare initially required the administration to verify the eligibility of everybody who receives a subsidy, but the administration delayed the verification requirements in early July.
The delay “opens the door a mile wide to fraud and abuse,” Black said in the weekly address. “According to one independent estimate, some 250 billion dollars in bad payments could be doled out over the next decade.”
Black joined two other congressmen in August to call for a delay of the law’s individual mandate so the administration can complete the security measures for parts of the law, including the navigators and the “data hub,” which will transmit information from various federal agencies to the exchanges.
“We still have no certainty that we have security,” Rep. James Lankford (R., Okla.) said at the time. A big concern for the congressmen was that security testing of the data hub would not be completed until Sept. 30, the day before the exchanges were planned to open.
The administration has since announced that it has completed security testing, although Republicans have continued to raise concerns about law’s security and oversight.
Rep. Patrick Meehan (R., Pa.), chairman of the House Homeland Security Committee’s Cybersecurity and Infrastructure Protection subcommittee, argued at a recent hearing that the data hub is a prime target for a cyber attack.
Experts at the hearing noted that the administration has not been transparently implementing the law, and that the inspector general for the Department of Health and Human Services (HHS) has not been overseeing the law with sufficient rigor.
HHS did not immediately return a request for comment on the security questions raised, although the administration has repeatedly defended the law’s implementation and argued that all of its parts will be ready on time. For example, officials have said that the data hub itself will not store any information, although other parts of the law’s infrastructure will store information.