Enrollment platforms for the Affordable Care Act have been suspended due to claims of foreign access to consumer data
Concerns that U.S. consumers’ personal data might be accessed from India led regulators to suddenly block two major private sector enrollment websites from the Affordable Care Act marketplace in August.
Recent legal filings reveal more details about the suspensions, as the two companies seek to regain access before the ACA open enrollment period begins on November 1.
The Centers for Medicare & Medicaid Services (CMS) sent a letter on September 2 stating that the suspension was due to a “serious lapse in security” that could have allowed overseas access to marketplace data, including personal consumer information.
The letter, which is part of the court filings, also mentioned that regulators plan to audit the companies due to “reasonable suspicion” that they might be involved in unauthorized sign-ups or policy changes for Obamacare coverage.
It remains uncertain whether these legal issues will be resolved before the upcoming enrollment period. Currently, the concerns are still allegations, and neither the legal challenges nor the audit has reached a resolution.
Despite efforts to address fraudulent ACA enrollments by rogue insurance agents seeking commissions, the issue persists, with over 200,000 consumer complaints filed in the first half of 2024. This problem has also become politically charged, with GOP lawmakers attributing part of the blame to the expanded Obamacare premium subsidies supported by President Biden.
Biden has highlighted record-breaking ACA enrollment as a key achievement of his administration. Regulators are working to combat deceptive enrollment practices without hindering legitimate sign-ups. Recently, they have revoked access for at least 200 agents to the federal ACA marketplace and, as of July, implemented new requirements for brokers to participate in three-way calls with clients and the healthcare.gov help center before finalizing changes. The CMS letter now adds another dimension, as it is the first time this year the agency has specifically called out a company, “the Speridian Companies,” for allegedly directing employees and agents to make unauthorized changes to enrollees’ coverage and enroll consumers without their consent.
Speridian Global Holdings, based in California, owns the suspended companies, including Benefitalign and TrueCoverage, which operates as the Inshura enrollment site. Speridian has a data center in India.
Benefitalign, one of the suspended sites, managed at least 1.2 million ACA applications during the last open enrollment period, making it one of the largest private enrollment sites integrated with healthcare.gov.
The companies, which deny any wrongdoing, have filed a complaint against CMS in the U.S. District Court for the District of Columbia, seeking a restraining order. They argue that CMS’s suspension is arbitrary and violates their rights. They have also criticized the CMS letter, claiming it offers inadequate evidence and relies on vague concerns and suspicions.
The suspensions, which began on August 8, prevent the companies from participating in the upcoming open enrollment period. This impacts not only the companies but also the brokers and millions of consumers who rely on these websites. While CMS’s concerns remain unresolved, the audit continues.
Despite the suspensions, brokers can still use other approved websites to enroll clients, and consumers can access federal or state ACA websites directly or seek help from associated call centers.