Audit cites lax security at beleaguered Maryland health insurance exchange

An audit of the Maryland health insurance exchange found, among the exchange's many problems, inadequate data security and control.

Carried out by the state Office of Legislative Audits, the review covered information for the Maryland Health Benefit Exchange (MHBE) between June 1, 2011, and July 23, 2014.

It found that personally identifiable information was not properly safeguarded, the MHBE network was not effectively secured, administrative access was excessive and not controlled, and assurance was lacking that critical data on contractor servers was secured.

Maryland's exchange crashed when it launched in 2013 and suffered ongoing technical problems, including a glitch that left up to 5,000 people thinking they were fully enrolled even though they weren't.

After spending $209 million, it cut ties with the initial contractor in February 2014, but decided to leave equipment containing enrollment data from the original exchange system at a data center owned by the contractor's parent company pending resolution of litigation.

A replacement exchange system was implemented in November 2014. The audit criticizes MHBE for failing to ensure personally identifiable information and federal tax information was secured while still with the original vendor or on the replacement system, and that user access to the replacement exchange system network, application files and servers was properly restricted.

Noridian Healthcare Services agreed to repay $45 million to settle claims that it mishandled its duties in setting up the original exchange.

Amid ongoing problems, state lawmakers considered switching to the federal exchange, but ultimately decided to switch to Connecticut's successful technology platform.

Meanwhile, the Department of Health and Human Services' Office of the Inspector General has slammed the federal government for storing the personal information of millions of insurance marketplace customers in a massive data warehouse with basic security flaws.

To learn more:
- read the audit report (.pdf)

Free Webinar

Take Control of Your Escalating Claim Costs through a Comprehensive Pre-payment Hospital Bill Review Solution

Today managing high dollar claim spend is more important than ever for Health Plans, TPAs, Employers, and Reinsurers, and can pose significant financial risks. How can these costs be managed without being a constant financial drain on your company resources? Our combination of the right people and the right technology provides an approach that ensures claims are paid right, the first time. Register Now!

Suggested Articles

A three-way deal between UpHealth, Cloudbreak, and a blank check company has created a new public digital health company valued at $1.35 billion.

By being proactive and using predictive models that target the most at-risk populations, payers can identify members who need help and intervene.

On the heels of its partnership with Cerner, Well Health scored a major funding round and announced that a Haven executive has joined its team.