Healthcare.Gov's Hidden Problem
NEW YORK ( MainStreet) The hidden problem at Healthcare.gov, the Obama Administration's health care marketplace, has little to do with the Web site.
It's the old problem of identity.
Before being given any prices, users have to prove who they are. This is done so that subsidies can be calculated, as with this sample calculator at the Kaiser Foundation.
But the result is you can easily get lost in a Kafkaesque maze, as happened to my daughter when I tried to help her sign up for coverage she turns 26 in February.
Pete Palmer, now chief security officer for MedAllies, a health care automation consultant, said identity is a huge problem for all of e-commerce. He has been working with a succession of groups, most recently the Kantara Initiative , on a "trust framework" aimed at simplifying the problem.
Based on the importance of getting identity right and the risk in getting it wrong, The National Institute of Standards and Technology (NIST) considers Healthcare.gov the equivalent of what Kantara calls a "Level 3" site. This is consistent with the rules under the Health Insurance Portability and Accounting Act (HIPAA), which has made you sign-off on any data you give to your doctor.
Level 3 requires that a government-issued ID, like a passport or state-issued driver's license, be shown and validated before a human being to prove identity.
That can't really be done online.
One way to get around this is by asking an applicant questions only they can answer. You'll see these "security questions" deployed by many banks, questions like where were you born, what was the name of your first pet and what your favorite car might be.
"That has to happen in real time, it has to match what is seen by the government," said Palmer. "Then there are a second set of questions that only the applicant should be able to answer."
In our case, my efforts to help my daughter sign up caused us to get some of those answers wrong. The only way forward, we were told by phone, was to actually mail a copy of her license and birth certificate, proving her identity but creating grave risks if the letter were lost.
Joni Brennan, executive director of the Kantara Initiative, which works on private trust and identity frameworks, said many problems can be avoided by using a Security Assertion Markup Language , a standard format for handling authentication and authorization between identity providers, like a state license authority and a service provider like Healthcare.gov.
"The problems could have been avoided," she said. "This component of strongly proving identity before going through the door was a policy decision, and the technology made that happen. They wanted people to understand that they would be eligible for subsidies."