Jessica M. Karmasek Sep. 5, 2013, 3:30pm

CHARLESTON, W.Va. (Legal Newsline) -- West Virginia Attorney General Patrick Morrisey said Wednesday he is disappointed by the U.S. Department of Health and Human Services' lack of response to a letter he and 12 other state attorneys general sent last month.

Morrisey, along with the attorneys general of Alabama, Florida, Georgia, Kansas, Louisiana, Michigan, Montana, Nebraska, North Dakota, Oklahoma, South Carolina and Texas, told DHHS Secretary Kathleen Sebelius they are concerned about consumers' private information being protected under new health insurance exchanges, set to go into effect in the fall.

In their eight-page letter, the 13 attorneys general raised eight areas of concern and asked Sebelius a series of specific questions about steps the agency will take to ensure citizens are protected.

The attorneys general called the current privacy protections -- written into DHHS' rules governing programs that assist consumers with enrolling in the new exchanges created as part of the Patient Protection and Affordable Care Act -- "woefully inadequate."

They argue people collecting information will be placed in positions of trust and will have access to a wide variety of personal information from consumers.

The attorneys general argue that DHHS must implement "on-the-ground plans" to secure consumer information, follow up on complaints and work with law enforcement to prosecute bad counselors.

"It is unfortunate that neither Secretary Kathleen Sebelius nor anyone else in the department responded to direct and important questions and concerns raised by one-quarter of the states' attorneys general," Morrisey said in a statement Wednesday.

"However, we are taking additional steps."

On Aug. 21, the attorneys general sent a Freedom of Information Act request to DHHS seeking information related to the concerns raised in their letter, sent Aug. 14.

Their original letter requested a response from DHHS by Aug. 28.

"We are very concerned about the risk of identity theft if holes in the policy aren't addressed immediately or if the implementation of health care exchanges isn't delayed to allow for better regulations, more training for consumer outreach programs and better fraud prevention," Morrisey said.

"We had sincerely hoped for a response from the department to at least let us know that they were working to address our concerns."

The health care law provides funding for groups, such as "navigators," to help consumers enroll in health insurance plans.

As part of that process, these navigators and other assistance personnel will have significant access to consumers' private and personal data.

However, the attorneys general contend the federal agency's rules fail to ensure that the navigators will be adequately trained to safeguard data provided by consumers.

Nor do the rules make clear who is responsible if an identity theft occurs, they argue.

Even more concerning, they contend, is that DHHS currently does not require criminal background checks or fingerprint checks of potential navigator employees, and does not list any prior criminal acts as being a disqualifier for someone seeking to work with consumers.

"One area of comfort for me is that local groups that have been selected to help consumers enroll in health insurance plans announced that they will be doing background checks on their employees. But much more information is needed from the federal government so that states know how best to 'gap-fill' with supplemental actions that protect our consumers and prevent identity theft," Morrisey said.

"The clock is ticking; failing to release such basic information less than one month before open enrollment begins is grossly irresponsible."

From Legal Newsline: Reach Jessica Karmasek by email at

More News