Research & Commentary: Privacy and Fraud Risks in Obamacare

Published October 30, 2013

Implementation of the Patient Protection and Affordable Care Act, commonly known as Obamacare, has been far from smooth. An important problem beginning to draw more attention with the activation of the exchange Web sites is the potential for fraud, abuse, and breaches of privacy.

A single computer system, the Department of Health and Human Services (HHS) central data hub, connects the various state health insurance exchanges with federal government agencies such as the Treasury Department and Internal Revenue Service, and with other state agencies, to verify enrollees’ eligibility. If the hub were compromised, it would provide fertile ground for identity thieves. As recently as September 2013, one month before the program’s launch, legislators and the heads of several government agencies voiced their concerns about the security of the hub and the personal data moving through it

These risks are not isolated to the federal hub alone; each state health insurance exchange also has the potential for massive data leaks. One such leak occurred just last month, well before Obamacare was set to begin. The leak occurred when an employee of MNsure, Minnesota’s Obamacare exchange, accidently sent an unencrypted file to the incorrect recipient, releasing the Social Security numbers, names, addresses, and other personal data of more than 2,400 people. 

The second main privacy and fraud risk highlighted by critics is the use of “navigators,” representatives empowered to solicit applicants and work with them in the exchanges and to enter their personal information. These navigators have drawn controversy because they were not required by federal guidelines to pass a background check and the training period for each representative handling personal data amounted to only 20 hours. 

Many of the major technological problems the exchanges are now facing arose from the rush to implement the system by its October 1 deadline. Several information technology experts engaged by The Wall Street Journal to examine the Web site and determine why it was having so many problems found the system had been hastily constructed and was built on a sloppy software foundation. In an interview with Fox Business News, John McAfee of McAfee, Inc. said the online components of Obamacare could cause “the loss of income for the millions of Americans who are going to lose their identities.”

These technical problems have led several states to refrain from offering full online enrollment through their exchanges. According to the National Center for Policy Analysis, at least six states, including Colorado and Oregon, will not offer full enrollment online because the federal hub that helps the state exchanges determine eligibility is not working properly.

The Obamacare exchanges and the computer systems implementing them were hastily constructed and are deeply flawed. They place the personal information of millions of Americans at risk. State legislatures responsible for the state exchanges should pay attention to these problems and make sure they are addressed before they affect their constituents.

The following documents provide additional information about the Obamacare information technology problems.

How Obamacare Threatens Privacy in America
Chris Jacobs of The Heritage Foundation discusses several serious privacy concerns arising from the implementation of Obamacare. Jacobs criticizes the Obama administration’s failure to secure Americans’ financial and health data in its efforts to open insurance exchanges by the deadline of October 1. “These recent developments should provide further impetus for Congress to defund the entire law before the exchanges are able to undermine personal privacy,” Jacobs writes.

ObamaCare’s Technology Mess
The National Center for Policy Analysis summarizes a Wall Street Journal article by Scott Gottlieb and Michael Astrue arguing information technology is Obamacare’s Achilles’ heel. Gottlieb and Astrue note faulty IT in the exchange systems will expose Americans to lost data, failure of attempts to enroll online, and the risk of fraud. 

Risks of Fraud and Misinformation with ObamaCare Outreach Campaign: How Navigator and Assister Program Mismanagement Endangers Consumers–how-navigator-and-assister-program-mismanagement-endangers-consumers
This report from the  U.S. House Committee on Oversight and Government Reform examines testimony from officials responsible for implementing Obamacare and questions the security of the navigator program. It concludes, among other things, that “the main concern for consumers is the heightened risk of identity theft and financial loss from a poorly managed outreach campaign.” 

Why States Should Not Expand Medicaid
Grace-Marie Turner and Avik Roy give 12 reasons why states should not expand Medicaid and should instead demand from Washington greater control over spending to better fit coverage expansion with their states’ needs, resources, and budgets. One of these key concerns is the increased potential for fraud and waste. 

IT Poses Stumbling Block for ACA Implementation
Bruce Edward Walker examines the effects of information technology on the implementation of Obamacare. Walker cites several contacts in the medical industry who are skeptical about the creation of a nationwide data hub, questioning whether it is desirable or even feasible.

Obamacare’s Privacy Nightmare
Writing in National Review, Sean Riley and Ed Walton argue the state health insurance exchanges for Obamacare were launched before they were ready. Riley and Walton argue it would be prudent, regardless of whether one supports the Affordable Care Act at all, for enrollment to be halted until HHS can implement proven safeguards to protect consumer privacy. 

Implementing the Patient Protection and Affordable Care Act
In this Heartland Institute Policy Brief, Dan Pilla examines the ever-growing role of the IRS in citizens’ lives and the day-to-day affairs of every business in the nation as the PPACA gives it control over the most important and personal elements of everyday life. 

The Obamacare Disaster
This Heartland Institute study by Peter Ferrara is a comprehensive review of the Affordable Care Act and an early appraisal of its likely effects. “Obamacare,” Ferrara writes, “is a disaster. Rather than liberate the American health care system from bureaucracy and waste, it blankets it with more of both, suffocating innovation and destroying freedom. The result is a system that is inconsistent with the freedom, prosperity, high living standards, and traditions of the American people.” 

The Alarming Trend of Cybersecurity Breaches and Failures in the U.S. Government
In two publications, Paul Rosenzweig of The Heritage Foundation examines a growing trend of cybersecurity breaches in the U.S. government. Rosenzweig argues national cybersecurity should be a cooperative effort between the private sector and government, with each contributing in its own way. Onerous regulations are not the solution to the ever-expanding reality of cyber threats. 

Obamacare Marketplace: Personal Data Can Be Used For ‘Law Enforcement and Audit Activities’
Jeryl Bier of the Weekly Standard discusses a component of the Obamacare exchanges that many applicants may not be aware of: Maryland’s exchange law allows the state to “share information provided in your application with the appropriate authorities for law enforcement and audit activities.”  

Nothing in this Research & Commentary is intended to influence the passage of legislation, and it does not necessarily represent the views of The Heartland Institute. For further information on this and other topics, visit The Heartland Institute’s Web site at, and PolicyBot, Heartland’s free online research database, at 

If you have any questions about this issue or The Heartland Institute, contact Heartland Institute Senior Policy Analyst Matthew Glans at 312/377-4000 or [email protected].