This column in USA Today highlights a potential concern of the impending federally-facilitated exchanges under health reform.  Specifically, because the exchanges have to determine eligibility for advanced payments of tax credits, the IRS and the Department of Homeland Security have to share information with the Department of Health and Human Services.  As a result, there is a significant amount of sensitive data that needs to be secure.

The authors of the column express concern that the government can effectively and efficiently secure the data in the fairly compressed timeframe by which the federally-facilitated exchange has to be created and operational.  It seems like a valid concern, especially given that so many states have opted not to set up state exchanges and the current pressure on federal budgets.

Health plan sponsors are aware of the sometimes stringent privacy and security requirements imposed by HIPAA.  One would hope that the government would impose standards at least as rigorous as the HIPAA standards, if not more so, to protect the sensitivity of the information.

Why should plan sponsors be concerned about potential data security issues with public health insurance exchanges?  To the extent employers are considering dropping coverage and sending employees to the exchanges (or their employees receive subsidized coverage through any exchange), they should be aware of the potential risks that create the prospect for significant employee distractions and concomitant reductions in productivity.  Additionally, as employers have to share data regarding their health coverage with the IRS, employers will need to be able to articulate to employees that they have taken all reasonable measures to ensure data security compliance to avoid claims from employees that any data breaches are a result of the employer’s breach of fiduciary duty.