On Saturday, the Affordable Care Act's health exchanges will begin a three-month open-enrollment period for 2015. The flurry of information that will be sent and received to enroll provides criminals with an open season for added opportunities to steal data and trick consumers and businesses into sharing their personal information.

ACA exchanges will provide new lists of insurance-plan choices and premiums by state as well as new consumer information. Because just about everyone puts a great deal of importance on health insurance, there's a tendency to be ready to give information and do whatever seems necessary and official to acquire and maintain health insurance. ID-theft criminals know this and create phone and online scams to take advantage.

An increasingly common scam is when an ID-theft criminal claims to be with the federal government or a health exchange and makes a phone call to consumers to inform them that they have been "selected to receive insurance cards through the new Affordable Care Act."

However, before you can receive your card, the caller needs to collect personal information such as your bank-account number, credit-card number, Social Security number or other personal information — all of which increases your risk for identity theft if you unwittingly share this information.

Medical-related identity theft has proved to be a rich target. It accounted for 43 percent of all ID thefts reported in the United States in 2013, according to a recent survey by the Identity Theft Resource Center.

Unfortunately, ID-theft criminals and scammers are just one part of the identity-theft and data-breach risk equation. The new online health-insurance exchanges, which opened about a year ago, are another risk factor to our personal health and medical information.

Currently, 14 states and Washington, D.C., have implemented their own exchanges, while the federal government has opened the healthcare.gov exchange for more than 30 other states.

The big question is: Can these exchanges responsibly safeguard your personal data? All the evidence to date points to "no" — our information is not adequately safeguarded.

Almost every week we hear news about big banks, retailers, insurance companies, credit bureaus and government agencies, including the Internal Revenue Service — all with significant financial and information-technology resources — experiencing data breaches. So, what leads the health-insurance exchanges to believe they are safe from a future data-breach event?

Efforts to reduce the health-exchange ID-theft threat are ongoing, as evidenced by 13 state attorneys general sending a letter in August to the U.S. Department of Health and Human Services expressing concerns about the lack of background screening and fingerprinting requirements for health-exchange navigators and individuals that assist the navigators.

Navigators are typically unregistered individuals and organizations trained to help consumers, small businesses and their employees to help decide on the appropriate health insurance. As a result, they have access to personal information.

If navigators are not registered with each state and do not go through a criminal background check and fingerprinting, the potential for ID theft will increase with each bad hire.

Mark's most important: Do your best during Affordable Health Care's open-enrollment period to keep the door closed to scammers hunting and tricking to get your personal information.


Mark Pribish is vice president and ID-theft practice leader at Merchants Information Solutions Inc., a national ID-theft and background-screening provider based in Phoenix. Reach him at This email address is being protected from spambots. You need JavaScript enabled to view it.

This article was originally published on AZcentral.com and republished with the author's permission.


ITRC Sponsors and Supporters 





Go to top


Need identity theft information on the go?

Download our ID Theft Help Mobile app.