Health Exchange Websites Not Prone to Hackers; but Then, Supposedly Secure Sites Have Been Hacked in the Past

Article excerpt

Byline: Carole Fader

Times-Union readers want to know:

I've heard that when you sign up for health care on the federal exchange, your personal information isn't protected. Is that true?

It is certainly true that the website, healthcare.gov, has experienced numerous slowdowns and other problemsasince it opened on Oct. 1. Other state marketplaces have experienced similar issues with registrations, speed and a bug-filled live chat.

When Rep. Tom Cotton, R-Ark., who hasn't been shy about criticizing the health care law, was interviewed on MSNBC, he said the websites are likely to be hacked: "They realize that the websites aren't ready, that there's no privacy protections, that there's likely to be data breaches."

PolitiFact.com, the Pulitzer Prize-winning fact-finding website run by The Tampa Bay Times, looked into the allegations and found no evidence that Cotton's claim was true.

As users navigate healthcare.gov, they are directed to their appropriate state websites. Once you apply for health insurance, you do have to submit personal information, including your Social Security number and last year's income.

The health care law stipulates thataall the information must be related to determining if the applicant can receive a subsidy to lower the price of the insurance. The site sends the information through a data hub, so that the Internal Revenue Service, the Department of Homeland Security and the Social Security Administration can verify customers' identities and confirm eligibility, according to the Centers for Medicare and Medicaid Services, which oversees the online marketplaces.

The information isn't stored at this data hub, PolitiFact.com found. The Affordable Care Act contains numerous federal privacy regulations that keep the system's information center from amassing consumer data that would be prone to hackers' eyes.

And all the exchanges, whether state-run or run by the feds,afollow basic security protocols that have been in place at government sites for a long time.

Scott Borg, CEO of the U.S. Cyber Consequences unit, a nonprofit institute that researches the economic consequences of possible cyber attacks, told PolitiFact. …