Theresa Payton, Charlotte, N.C., Published August 24 2013
Letter: A ‘big data’ wake-up call for NDAs the federal government prepares to implement the Affordable Health Care Act, North Dakota Attorney General Wayne Stenehjem recently wrote a joint letter with 12 fellow attorneys general asking Health and Human Services Secretary Kathleen Sebelius important questions about data privacy. These are questions I urge North Dakotans to ask on their own, too.
In order to find out if you are eligible for the AHCA, the federal government needs to ask: How old are you? Where were you born? Are you a legal resident? Have you served in the military? Where will they go to get this information? The Social Security Administration, the Department of Homeland Security and the Veterans Administration, respectively. They will combine all of this data into the Hub, a one-stop destination where all your data will be compiled as your profile. Reports are not clear if the Hub is going to be a database or an interface. Regardless, it will contain all your biographical information extracted from seven federal agencies and state agencies and put into one place. It is a hacker’s dream: one-stop-shopping for all of the details of your personal life.
Who will be reviewing this data? Navigators, as they are referred to in the new legislation. They are employees hired to determine your eligibility by peeking at the most private and sensitive details of your life. Stenehjem asks in the joint letter: How will navigators be trained, what is the plan to reduce the risk of identity theft, and how will the staff be screened to ensure we have highly skilled people with the upmost integrity looking at our private lives. The attorneys general raise valid concerns that need to be addressed.
What makes this more alarming is the recent report from the Inspector General’s Office. After reviewing draft documents and interviewing the project team, the overall tasks on the schedule were being completed later than anticipated. As the report cites, “... several critical tasks remain to be completed in a short period of time, such as the final independent testing of the Hub’s security controls, remediating security vulnerabilities identified during testing, and obtaining the security authorization decision for the Hub before opening the exchanges.”
It is not uncommon for large-scale implementations to have dates slide. However, in this case, security testing for the Hub is so behind schedule, system testing results might only be available for review as late as one day before the exchanges will open.
As a consumer, this is your wake-up call. Take steps now to protect your data. Be vigilant about what you post on social media. Identity thieves can follow the information you post like digital bread crumbs leading back to your house. Use one email address only for your health insurance company. Ask your doctor what happens with your data, not medical history per se but your address, phone number, etc. Be on guard.
As we live in an era where companies and government are rushing headlong into major big data projects with the attitude of “big data or bust,” we find a hidden meaning. A Detroit police department and a uniform vendor recently used “small data” to keep a record of orders for uniform vests. When the department head wanted to alert everyone to come in to pick up their vests, an email went out along with private and personal data, including bra sizes and weight of female officers. If we still bungle the “small data,” what could go wrong when we all move to big data? Plenty.
Payton is former White House chief information officer, CEO of Fortalice LLC, and author of “Protecting Your Internet Identity: Are You Naked Online?”