Obamacare: New Privacy Regs Revealed

HHS Regulations for Affordable Care Act Exchanges
Obamacare: New Privacy Regs Revealed

Under a new final rule setting standards for the Obamacare health insurance exchanges, those who provide consumers with insurance enrollment assistance and then improperly use or disclose personally identifiable information or submit false or fraudulent information can face civil monetary penalties.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The rule, Patient Protection and Affordable Care Act; Exchange and Insurance Market Standards for 2015 and Beyond, is from the Department of Health and Human Services' Center for Medicare and Medicaid Services. Made available for viewing on the Federal Register inspection desk on May 19, the rule is slated to be published in the Federal Register on May 27 and go into effect on July 28.

Within the 436-page rule are provisions that give HHS authority to impose civil monetary penalties "on navigators, non-navigator assistance personnel, certified application counselors, and certified application counselor organizations in the federally facilitated exchange who violate certain exchange standards applicable to them."

The navigators and others named in rule are individuals and entities that are approved to assist consumers with enrolling for health plans on federal facilitated insurance exchanges operating under the Affordable Care Act.

The new rule "will ensure that consumers interacting with the exchange receive high-quality assistance and robust consumer protections," the regulation states. The rule's provisions that allow HHS to impose penalties on those consumer-assistance entities and individuals for providing false or fraudulent information to the exchange, and for improper use or disclosure of information, aim to ensure privacy and security of consumers' information.

The provisions state that "any person who knowingly or willfully uses or discloses information as specified ... may be subject to a civil money penalty for each use or disclosure ... of not more than $25,000 per use or disclosure."

The rule also notes: "These penalties may be imposed in addition to any other penalties that may be prescribed by law.

Deterrent Effect

Some experts say the threat of monetary penalties for fraudulent acts and improper disclosure or use of consumer information can act as a deterrents to such behavior and helps to address public concern that consumer data is at risk.

"This is a good way of effectively protecting consumer information from possible negative behavior," says Lisa Swirsky, senior policy analyst at Consumers Union, a consumer advocacy.

"The rule does a good job of balancing," Swirsky says. The navigators and others who assist consumers in enrolling for health coverage on the exchanges are not discouraged from helping those individuals, while, at the same time, they're discouraged from improperly handling consumer information, she says.

Curt Kwak, CIO of Washington state's health insurance exchange, notes: "Additional accountability and responsibility can help improve security and improve the privacy of personal data."

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.