If you bought health insurance during the Affordable Care Act open enrollment, congratulations. Your major health care needs, known and unknown, should be covered without risk of financial ruin. You may feel you are set until the next open enrollment. But you might actually have more work to do to make sure you are truly protected.
One participant in our research on consumer behavior in health care purchasing thought his health insurance process was complete when he switched plans in preparation for his relocation from Pennsylvania to Maine. Before the open enrollment deadline, this 35-year old technology professional went onto healthcare.gov to cancel his plan. But cancelling was not as simple as he had expected. He logged back in two weeks later to turn off his automatic bill payment, only to find his January premium payment—for a health plan he had cancelled two weeks prior—was already in process.
After repeated calls to the plan and a circuitous run-around from sales people, representatives and supervisors, our study participant was assured he would get his money back within two or three business days. He eventually got his money back two weeks later, but he was billed again in January. At $383 per month, he was not happy that the health plan had deducted premiums from his account long after he had cancelled his coverage. Without his vigilance and willingness to spend hours on the phone with his former health plan’s customer service, he may not have noticed or been able to recoup his money.
He is not alone. Yelp reviews for this PA plan suggest high dissatisfaction with premium billing errors, access to the portal, and unresponsive customer service. The insurer seems not to have learned the lessons exposed last January, when Blue Cross Blue Shield of Minnesota collected premiums on 3,500 individual and small business plans customers had cancelled during 2017 open enrollment. The insurer issued refunds for premiums and overdraft expenses, along with effusive apologies. Similarly, the North Carolina Department of Insurance levied a record fine ($3.6 million) against Blue Cross Blue Shield of North Carolina for chronic enrollment and billing errors in 2016. The negotiated settlement resulted from consumer outrage and a state agency willing to intervene.
How forgivable are health plan errors like this? Top health insurer financial performance has been strong, and on average, results have improved steadily for plans participating in the ACA. Surely they have the resources and capabilities to accurately manage billing and customer accounts.
Nearly nine million people signed up for health care coverage on the exchange during the 2017 open enrollment window, more than four million of them in the last week. If this year’s open enrollment period was anything like the last year’s, more than half the people on healthcare.gov switched plans. Were they all at risk for double payment in January? How many of the 400,000 people who left the exchange plans altogether in 2018 were still charged?
Once our study participant settled into his new health plan in Maine, he identified a different concern. His new health plan stored his password in plain text, without the standard form of password protection known as salting and hashing. This serious security protocol violation exposes user information to increased risk for hacking. As a technology expert, our participant recognized the cyber-threat. He called, tweeted at, and emailed his new health plan but has received no response. The majority of hacking-related data breaches last year involved stolen and/or weak passwords. Health care organizations are particularly vulnerable to attack. Nearly a quarter of all data breaches occur in the health care industry, with 1,500 incidents affecting 155 million Americans over six years.
Given these known vulnerabilities, how could HHS fail to require marketplace plans to implement simple security features like encrypted passwords? Could the banking and health plan information of millions of healthcare.gov users be vulnerable? Depending on your health plan choice, your private health information could be stolen, so too could money straight out of your bank account.
Is healthcare.gov too underfunded and understaffed to intervene? Trump’s acts to undermine healthcare.gov with scarce resources and a condensed open enrollment period are putting Americans’ health care and financial information at increased risk.
With limited federal oversight of plans’ payment policies, who is protecting consumers? States have stepped in and will need to continue doing so, but their remedies typically penalize plans for problems so bad that they generate massive public outcries. Insurers need to self-police themselves and take proactive steps to preserve and build consumer trust. With the individual mandate gone, insurers who want to maintain and grow enrollment will need to become more responsive to consumer needs. Minimally, they should hold themselves to the consumer protection standards common to every other industry. They could start with billing and technical systems that put patients first. In the meantime, consumers should check their bank statements, prepare to advocate for themselves if needed, and regularly change their account passwords.
Someone needs to start paying closer attention. For now, that may have to be consumers themselves.
Deborah Gordon is a Senior Fellow at the Mossavar-Rahmani Center for Business and Government at the Harvard Kennedy School.
Anna Ford is a Research Assistant at the Mossavar-Rahmani Center for Business and Government at the Harvard Kennedy School.