The countdown is on and the make-or-break technology backbone of the government's health insurance exchange is shrouded in questions about security and privacy. One health insurance vendor calls the scenario "a nightmare."
Don't let me give you the impression that technology doesn't have its down side.
It's too complicated. It takes too long to implement. Too often, training is an afterthought. The workforce usually isn't ready for sudden changes. Make the technology too constricting, and clever users will find a way around it, or they'll simply ignore it and go about their business in spite of carefully thought out laws and guidelines.
Recently, I talked with Morgan Hege, who runs an online insurance agency known as HealthInsurancePlus. I asked him how his business is going given the opening up of the health insurance exchanges this fall. He didn't mince words.
"It's a nightmare, because we're waiting on the government, and that's never a good thing," Hege told me.
In the crush of last week's news cycle, reassurances by the Centers for Medicare & Medicaid Services that the individual health information exchange will open on time on Oct. 1, 2013, were drowned out by other stories.
After some digging, I was able to find a YouTube recording of the July 17 House Committee on Oversight & Government Reform hearing on "Evaluating Privacy, Security, and Fraud Concerns", where this reassurance was given. As of Monday, fewer than 300 people had viewed even part of the three-hour YouTube video. [It may be viewed here: Part I and Part II.]
It's a fascinating but painful glimpse into the inner workings and politics of Obamacare's individual health insurance mandate. Whether it also represents a level of FUD (fear, uncertainty and doubt) being generated purely for the political purpose of undermining the Patient Protection and Affordable Care Act, is a tougher call.
Part of the answer is that certain anti-PPACA interests may be playing upon the fears of the segment of the American public that does not understand computer systems, or the methods of protecting personally identifiable information. This sector of the population is instead inundated by fears of "big brother" and the many reported privacy breaches already present in our society.
In California, Hege used to be able to quote prospects a rate on health insurance simply by asking for their age. No more. As of Oct. 1, potential members must also provide his Web site with their social security number, income information, tax filing status, and more.
"The idea is we're going to ping the IRS with that information to then get a number back as to what their rebate is, based off of if they're eligible for a rebate first," Hege says. The amount of the rebate will be based off of what their tax filing status was last year.
The rebate could disappear, however, if the applicant ends up earning more money than projected in the current tax year. A job promotion "could push them out to where they don't have the rebate any longer, and then when they file their taxes at the end of the year, and they're expecting a return, they won't get a [rebate] anymore."
Few people are aware of this aspect of Obamacare, and fewer still are aware that a massive information technology integration effort is underway across the systems of the Internal Revenue Service, the Department of Health and Human Services, and the Department of Homeland Security, to make the back end of this system work as the PPACA intended.
This IT effort dwarfs many previous governmental and non-governmental interoperability efforts, yet the PPACA states must be up and running by Oct. 1, 2013, when state-run and federal-run health insurance exchanges open for business, initially primarily through healthcare.gov.
As yet, private health insurance providers such as HealthInsurancePlus are, for now, locked out of the development process. Somehow, just 70 days from now, it will all be different. Exchanges are planning bronze, silver, and gold plans, but won't be able to reveal final rates until October, Hege says.
Even more confusingly, employers with groups of 50 or more employees don't have to offer insurance to those employees until January 1, 2015. That deadline was extended, in part because of employer concerns about the complexity of the data reporting requirement.
"It is unlikely to be perfect out of the gate," says Rep. Jackie Speier (D-CA), in what was the understatement of last Wednesday's hearing.
The make-or-break technology of health insurance exchange has to be CMS's Federal Services Data Hub, which was never actually formally described in PPACA. Instead, the Hub arose out of PPACA's language requiring the exchange of information between IRS (for income verification, filing status, number of dependents), DHS (for citizenship verification), and HHS, which will compute rebates due Americans on their health insurance premiums, and communicate that information back to the IRS.
Got that?
Well, talk that kind of talk about aggregating that much information about any one American, and you are going to run into every sort of privacy concern you can imagine, even in this day of Facebook and generally acknowledged big-data surveillance by the NSA, credit bureaus, and the like.
It's easy to imagine that IRS/CMS/DHS/HHS information sitting in a single, massive database somewhere in the federal government's computers. Yet, that's not how the system is architected, say federal officials.
Instead, the Data Hub acts more like a giant router, whisking queries between computer systems to minimize the copying and aggregation of personally-identifiable information (PII) and the potential for its abuse.
At Wednesday's hearing, a number of members of Congress did not seem reassured by these safeguards, and raised a host of other questions that seem to require some fancy footwork to be answered by Oct. 1.
For instance, if an employer offers an employee health insurance through its own plan, how are the state and federal exchanges able to know if an employee has refused that offer of insurance?
CMS Administrator Marilyn Tavenner made no friends at the hearing by not having a good answer for that question. Instead she suggested that HHS will work with Equifax, the consumer credit reporting agency, which is being considered to verify, for the federal government, such employer offers to employees through a process yet to be defined.
Congressman Pat Meehan (R-PA) noted that one-third of privacy breaches originate with employees; in effect, they're inside jobs. Then he noted that the state of California plans on hiring 22,000 "navigators" to assist consumers purchasing health insurance. "I fear our government is about to embark on an overwhelming task," Meehan warned.
Tavenner and other officials from the IRS, the General Accounting Office, and CMS kept their cool even when the Republican questioning came to resemble, in Speier's words, a "witch hunt." During too many opportunities, a substantive discussion was put on hold while members of Congress revisited the IRS' recent misadventures in non-healthcare related areas.
Still, I didn't come away with much confidence that the system will work as intended on day one. You don't just stand up a Data Hub of this size and scope with millions of fields of tax data securely flowing back and forth between two massive federal agencies who've never done such a thing before, without problems.
Then add the fact that 15 states will be operating their own health insurance exchanges and exchanging such information with the IRS, HHS and DHS, all simultaneously with expected response times of 5 to 8 seconds, and there are bound to be errors, and probably data breaches.
Hege and many House Republicans point out with alarm the law's requirement for employees to report changes in their income within 30 days, to allow appropriate adjustments in health insurance refunds from the IRS. Federal officials note that those requirements will be relaxed, that such adjustments could be rectified finally at tax time without penalty. Fraud concerns, though not brushed aside, were mostly left to be addressed another day. It just adds to the formidable complexity of what we all acknowledge was a formidably complex law.
Obamacare will have many do-or-die moments, and October 1 is surely one of them. Sequestration continues to sap budgets at IRS and HHS. If the health insurance exchange system gets up and going on Oct. 1, from a system integration and agency coordination point of view, it will surely be something of a miracle.
Scott Mace is the former senior technology editor for HealthLeaders Media. He is now the senior editor, custom content at H3.Group.