Blog

When people apply for insurance through their states’ exchanges, the exchanges will communicate with the federal data hub to verify their identity and citizenship status.

The data hub will also identify whether people are eligible for tax credits to help cover the cost of their premiums, which requires it to verify income as well as whether applicants have access to health insurance through their employers.

Republicans have raised questions about the risks of processing so much information in one place, but CMS said the centralized approach makes the hub safer.

“Risk increases when the number of connections to a data source increase – which is why CMS has designed the Hub to prevent such liabilities,” the agency said. “The Hub provides one highly secured connection to trusted federal and state databases instead of requiring each agency to set up what could have amounted to hundreds of independently established connections.”

CMS’s defense of the data hub comes ahead of the second congressional hearing about the data hub’s security. The House Homeland Security Committee is slated to discuss the computer system Wednesday afternoon.

“As with all systems, the responsibility to safeguard information is an ongoing process, and HHS and CMS will remain vigilant throughout operations to anticipate and protect against evolving data security concerns,” CMS said in its fact sheet.

US Health Agency Inspector General Chastised for Failing to Review:

Insurance Marketplace Website Security (September 11 & 16, 2013) In a congressional hearing last week, legislators and the former commissioner of the Social Security Administration took the US Department of Health and Human Services (HHS) inspector general (IG) to task for not testing the system’s vulnerability to attacks. The IG said the office would not review security plans for the online health insurance marketplace that is scheduled to launch on October 1. The system is being designed to communicate with multiple state and federal agencies that maintain the data necessary to process insurance exchange applications. The Centers for Medicare and Medicaid Services (CMS) issued a fact sheet prior to the hearing that said the data hub will have strong security measures in place and that it will not store any personally identifiable information.