Jessica M. Karmasek Aug. 14, 2013, 7:00pm

CHARLESTON, W.Va. (Legal Newsline) -- West Virginia Attorney General Patrick Morrisey and 12 other state attorneys general say they are concerned about consumers' private information being protected under new health insurance exchanges, set to go into effect in the fall.

Joining Morrisey in a letter to U.S. Department of Health and Human Services Secretary Kathleen Sebelius are the attorneys general of Alabama, Florida, Georgia, Kansas, Louisiana, Michigan, Montana, Nebraska, North Dakota, Oklahoma, South Carolina and Texas.

In their eight-page letter, the 13 attorneys general call the privacy protections -- written into HHS's rules governing programs that assist consumers with enrolling in the new exchanges created as part of the Patient Protection and Affordable Care Act -- "woefully inadequate."

They say people collecting information will be placed in positions of trust and will have access to a wide variety of personal information from consumers.

The attorneys general argue that HHS must implement "on-the-ground plans" to secure consumer information, follow up on complaints and work with law enforcement to prosecute bad counselors.

"It is not enough to simply adopt vague policies against fraud," Morrisey said in a statement Wednesday. "There are significant holes in the rules HHS has implemented already. We are very concerned about the risk of identity theft if those holes aren't addressed immediately or if the implementation of health care exchanges isn't delayed to allow for better regulations, more training for consumer outreach programs and better fraud prevention.

"In the rush to push forward, the Administration is leaving consumers in West Virginia and the rest of the country behind."

The health care law provides funding for groups, such as "navigators," to help consumers enroll in health insurance plans.

As part of that process, these navigators and other assistance personnel will have significant access to consumers' private and personal data.

However, the attorneys general contend the federal agency's rules fail to ensure that the navigators will be adequately trained to safeguard data provided by consumers.

Nor do the rules make clear who is responsible if an identity theft occurs, they argue.

Even more concerning, they say, is that HHS currently does not require criminal background checks or fingerprint checks of potential navigator employees, and does not list any prior criminal acts as being a disqualifier for someone seeking to work with consumers.

"These vague 'standards' could open up a Pandora's box of privacy and security issues for consumers, states and even the federal government," Morrisey said.

"It seems inevitable that personnel will be inadequately screened and trained, and they will be more prone to misappropriate private data -- whether intentionally or unintentionally. This is a disaster waiting to happen."

In their letter, the attorneys general raise eight areas of concern and ask Sebelius a series of specific questions about steps the agency will take to ensure citizens are protected.

The attorneys general asked the agency to respond to their questions by Aug. 28.

From Legal Newsline: Reach Jessica Karmasek by email at

More News