MNsure Officials Try to Calm Security Concerns

Updated: 09/24/2013 6:07 PM By: Scott Theisen

Photo: MGN Online
Photo: MGN Online

State officials overseeing the October launch of Minnesota's online health insurance exchange tried to allay concerns Tuesday that it could put sensitive data, including customers' Social Security numbers, at risk.
Lawmakers on a panel that oversees MNsure questioned whether a recent security breach involving personal information of about 1,500 insurance agents showed that the new agency is not yet prepared to handle personal data of the thousands of people expected to shop for insurance through its website. "A lot of people are unsure about MNsure," said state Rep. Joe Hoppe, R-Chaska, who voted against the bill that created Minnesota's exchange.
But Chris Buse, the state's chief information security officer, described MNsure's data privacy measures as "state of the art."
"I believe this system, and the security model we have in place is the best in state government today," Buse said.
The MNsure website opens for enrollment on Oct. 1, with coverage taking affect as early as Jan. 1. It is Minnesota's primary consumer vehicle for delivering federal health insurance changes designed to lower the number of uninsured people around the country. By 2016, about 1.3 million Minnesotans are expected to use the online marketplace to obtain their insurance.
The recent security breach left MNsure officials on the defensive about security measures. Earlier this month, a MNsure employee with authorized access to information about insurance agents including Social Security numbers and addresses, inadvertently emailed it to an agent in Burnsville. MNsure officials said they responded to the error in less than 30 minutes, and that the employee in question is no longer working for the agency.
Minnesota Management and Budget told The Associated Press on Tuesday that the worker had been terminated from state employment. MNsure's leaders had declined to reveal whether the individual was terminated or transferred to another agency. The employee, a broker-coordinator, had started work with MNsure on Aug. 13 at a salary of about $62,000, and was terminated last Friday.
April Todd-Malmlov, the executive director of MNsure, stressed that none of the information released belonged to insurance consumers or was related to the MNsure enrollment process. She said MNsure employees, private contractors who will help people enroll in MNsure, and county employees who may work with some of the agency's data are all in the process of being trained on security procedures.
Brian Beutner, the chairman of MNsure's board of directors, said the agency's leaders have learned from both the security flap and other recent controversies as they get ready for regular operations.
"The way to succeed is to fail fast," Beutner said. "And the corollary to that is to fix things fast."
Todd-Malmlov and Buse both said they're confident that security measures now in place are sufficient for the Oct. 1 launch. But, Todd-Malmlov said, "We will not be going live if there is some smoking gun or risk to security."

(Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)