Insurance Exchanges: Work in Progress

Efforts to Iron Out Technical Issues Continue
Insurance Exchanges: Work in Progress

The Department of Health and Human Services and some states are continuing to iron out technology issues to improve consumer access to online health insurance exchange websites that went live under Obamacare on Oct. 1.

See Also: Live Webinar | Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level

The state health insurance exchanges are online marketplaces where consumers and small businesses can enroll in health plans. Sixteen states are operating their own exchanges, while 34 states are either partnering with the federal government or are having the federal government run their exchanges. HealthCare.gov is the federal website behind dozens of federally facilitated insurance exchanges (see: Federal Data Hub Passes Security Testing).

HHS' Centers for Medicare and Medicaid Services, which oversees HealthCare.gov, says work on the health insurance exchange system during overnight hours has "significantly cut down on time people wait before accessing the website." The overnight work includes:

  • Adding more server capacity to enable the system to carry bigger loads;
  • Moving the system from "virtual machine technology to powerful dedicated hardware" to relieve components of the system that became overstressed; and
  • Various software changes "to make the system more efficient and enable it to handle higher volumes."

As of Oct. 11, CMS reports that:

  • HealthCare.gov had attracted 8.6 million unique visitors;
  • The system's call center had received 560,000 calls; and
  • The site had received 225,000 requests for online chats.

Other Problems

Some experts say there's another critical issue that's contributing to user access problems and that is a potential privacy concern.

"One of the things that is likely slowing HealthCare.gov down is that even before consumers can view plans, their identity must be verified," says Christopher Rasmussen, policy analyst at the Health Privacy Project at the Center for Democracy & Technology, a consumer advocacy group. "This is an important step in the enrollment process, but it doesn't need to happen at the front door. It's sort of like having the sales associate at Nordstrom's ask for your credit card and ID when you walk in the door instead of asking for it when you approach the sales counter."

Additionally, although the federal website says it's "optional," the site asks users to input their Social Security numbers upfront when they visit the marketplace, Rasmussen adds. "I strongly disagree with this. They shouldn't be asking for this, even if it does say 'optional,' until the customer is ready to make a purchase."

Security expert Mac McMillan, CEO of the consulting firm CynergisTek, says there are additional worries.

"There are several issues out there that are troubling, from the wrong information being provided to individuals, troubles with the system for identifying those trying to sign up, to allegations that the program and the websites are running on less than optimally written code," he says. "The latter is just an open invitation for would-be hackers."

State Exchanges

In the meantime, improvements also continue to be made at some state-operated exchanges that had initially experienced technical problems.

"We believe we have ironed out most of the user access issues, but we continue to fine-tune our platform to improve user experiences," says Curt Kwak, CIO at the Washington state health insurance exchange. In the first days of the Washington Health Benefit Exchange launch, the site had to be brought down for several hours while technicians addressed server and other problems. The exchange's call center has been assisting with enrollments, he notes.

Kwak says technical adjustments still being made include:

  • Continuing to pull real-time metrics to improve performance assessment and pinpoint needed adjustments to configurations and settings;
  • Prioritizing and managing any consumer-impacting defects for quick fixes, to help improve the user experience;
  • Using the exchange team's growing knowledge base to identify trends to help improve not only the system, but internal processes;
  • Continuing to strengthen the state's exchange partnership with federal and state agencies, such as CMS and the state Medicaid program, which provide data to support eligibility verification processes.

In addition to that technical-related work, data privacy and security continues to be a focus at the exchange, says Kwak.

"As safeguarding the information of our customers is a top priority, we continue to exercise best [security] practices and also incorporate continual improvement methodologies to ... protect all confidential data that traverses the exchange," he says.

As of Oct. 8, the Washington state exchange had accommodated more than 9,400 health plan enrollments, with an additional 10,000 applications completed, with payments pending, Kwak says.

Trends in Connecticut

Meanwhile, the Connecticut health insurance exchange, Access Health CT, continues to work on performance improvements, says CIO James Wadleigh.

"Over the last week, we have transitioned from start-up mode to operating mode and dealing with the challenges of a new operating organization," he says. "Our senior leadership team meets daily to work through process improvements, discuss any customer needs as well as strategize the next day's priorities."

Wadleigh says Connecticut's exchange is seeing a transition from customer "window shopping" to actual enrollment in health plans. As of Oct. 10, some 2,600 state residents had enrolled in a plan through the exchange.

Some of the early problems with consumers using Connecticut's site seemed to be rooted with issues at the federal hub that routes data from the IRS and other agencies that's used during the eligibility process, such as to determine whether an individual qualifies for a federal subsidy, he says.

HHS has made adjustments in the hub, including some related to proving the identity of consumers and handling Social Security data transactions, Wadleigh says. The adjustments completed at the request of the Connecticut exchange are benefiting consumers nationwide, he says.

As for ongoing technical tweaks on the Connecticut exchange, "adjustments that we are making are mainly with daily maintenance of our infrastructure as well as improvements to our plan management screens," Wadleigh says.

Other systems adjustments being made relate to how information about insurance plans are displayed on the Connecticut exchange, he says.

"As the [insurance] carriers loaded their rate and plan data information ... Connecticut is finding there hasn't been a clean transfer of all the data, and we are needing to modify our screens to make sure they accurately display what the carriers wanted," he says. "This is a very manual, labor-intensive process and [is] taking us some time."

So when it comes to consumers protecting their data on these sites - and avoiding phony sites pretending to be insurance exchanges - what lessons can be learned?

"Number one, do not respond to any unsolicited e-mails appearing to be from a health insurance exchange site or the government," warns McMillan. "Just like your bank, they will never contact you unsolicited through e-mail and start asking you to provide anything sensitive or personal."


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.