TRENDING:

Health Insurance Exchange Deadline Nears

Expert: Security Risk Analysis Must Get Done Marianne Kolbasuk McGee (HealthInfoSec) • August 19, 2013     8 Minutes   
As new state health insurance exchanges gear up for open enrollment Oct. 1, privacy expert Chris Rasmussen asks whether regulators will miss the deadline for a risk analysis of a key data services hub.

The deadlines for Department of Health and Human Services security risk assessments have been pushed back from August to mid-September, and the chief agency sign-off on the analysis is not due until Sept. 30, the day before the state insurance exchanges open for business.

"So that crunch for the sign-off for the security of the [federal] data hub has me a little concerned, but I think the agency will be working around the clock to get it done," says Rasmussen, a policy analyst for the Health Privacy Project of the Center for Democracy & Technology.

Under the Affordable Care Act, individuals and small businesses, starting Oct. 1, are supposed to be able to purchase private health insurance from these new online state insurance exchanges. These web-based marketplaces will collect data from consumers on the front end via a web portal and exchange data from other systems, including those of federal agencies, on the back end.

The federal data services hub is a key component for the state insurance exchanges because it will route data from the various federal agencies, such as the Internal Revenue Service, to these online insurance marketplaces during consumer eligibility and enrollment processes.

But contrary to rumors that the federal hub is a large database for the government to amass individuals' personal health information, "the data hub will not collect consumer data," Rasmussen clarifies in an interview with Information Security Media Group.

"The data hub is like a traffic circle - cars come into the circle from one street, and leave from another. They're not parking there," he says.

In the interview, Rasmussen describes:

  • How consumer data will flow on the state insurance exchanges;
  • How consumer data will be protected during the health insurance eligibility and enrollment processes;
  • Steps consumers can take to protect their personal data while enrolling on the insurance exchanges.

Rasmussen is a policy analyst at the Center for Democracy & Technology, a Washington-based, not-for-profit civil liberties organization. Previously, Rasmussen worked with the Department of Veterans Affairs' Veterans Health Administration where he researched health data access and use policies from a privacy and security perspective across the agency and developed a common health data access policy.

Previous
Can DHS Be Trusted to Protect Gov't IT?
Next
Facing the Advanced Threat



Around the Network

Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.