A data wake-up call for South Carolina
As the federal government prepares to implement the Affordable Health Care Act, South Carolina Attorney General Alan Wilson has joined with 12 fellow attorneys general to ask Health & Human Services Secretary Kathleen Sebelius important questions about data privacy. These are questions South Carolinians should ask on their own, too.
In order to find out if you are eligible for the Affordable Health Care Act, the federal government needs to ask: How old are you? Where were you born? Are you a legal resident? Have you served in the military?
Where will they go to get this information? The Social Security Administration, the Department of Homeland Security and the Veterans Administration, respectively.
Then they will combine all of this data into the “Hub,” a one-stop destination where all your data will be compiled as your profile. Reports are not clear whether the “Hub” is going to be a database or an interface. Regardless, it will contain all your biographical information extracted from federal agencies and state agencies, and put into one place. It is a hacker’s dream: one-stop-shopping for all of the details of your personal life.
Who will review this data? “Navigators,” as they are referred to in the new legislation. They are employees hired to determine your eligibility by peeking at the most private and sensitive details of your life.
Attorney General Wilson asks in the joint letter, how will Navigators be trained, what is the plan to reduce the risk of identity theft, and how will the staff be screened to ensure we have highly skilled people with the utmost integrity looking at our private lives? The attorneys general raise valid concerns that need to be addressed. This unprecedented aggregation of personal information is taking place at a time when data breaches are escalating, and amidst wide acknowledgment that healthcare data breaches are a growing concern.
According to a report by the Identity Theft Resource Center, 34.1 percent of all data breaches have been tied to health care.
What makes this more alarming is the recent report from the HHS inspector general’s office.
After reviewing draft documents and interviewing the project team, the overall tasks on the schedule were being completed later than anticipated. As the report cites, “... several critical tasks remain to be completed in a short period of time, such as the final independent testing of the Hub’s security controls, remediating security vulnerabilities identified during testing, and obtaining the security authorization decision for the Hub before opening the exchanges.”
It is not uncommon for large- scale implementations to have dates slide. However, in this case, security testing for the “Hub” is so behind schedule, system testing results might only be available for review as late as one day before the exchanges will open.
For consumers, this is a wake-up call. Take steps now to protect your data. Be vigilant about what you post on social media. Identity thieves can follow the information you post like digital bread crumbs leading back to your house. Contact your local legislator and let them know you aren’t comfortable with a database/interface that creates a one-stop-shop for cyber hackers. Use one email address only for your health insurance company.
Ask your doctor what happens with your data, not medical history per se, but your address, phone number, etc. Be on guard.
Today, as we live in an era where companies and government are rushing headlong into major Big Data projects with the attitude of “Big Data or Bust,” we find a hidden meaning.
A Detroit police department and their uniform vendor recently used “small data” to keep a record of orders for uniform vests. When the department head wanted to alert everyone to come in to pick up their vests, an email went out along with some very private and personal data, the bra sizes and weight of the female offices. If we still bungle the “small data,” what could go wrong when we all move to Big Data?
Theresa Payton was White House Chief Information Officer from 2006-08, administering information technology for President George W. Bush and 3,000 staff members. She is a founder of Charlotte-based Fortalice, LLC, a security, risk, and fraud consulting company.