MNsure will check security until last minute
By Don Davis, Forum News Service
ST. PAUL — Supporters and opponents of Minnesota’s health insurance marketplace disagree whether it will be able to launch as planned next Tuesday, but whoever is right, it will be close.
Many of those involved in the federally mandated MNsure health insurance sales program have not been trained with less than a week to go.
“We learned today from MNsure officials that brokers, counties and navigators have yet to be fully trained in MNsure security policies a week before launch,” Sen. Michelle Benson, R-Ham Lake, said after a Tuesday legislative committee meeting. “MNsure was also unable to commit at this point if private information used in initial enrollment will be protected for thousands of Minnesotans.”MNsure Executive Director April Todd-Mamlov said there is only a slim chance the website that forms the foundation of her project will not be ready.“We are assessing that on a day-to-day basis to make sure we are ready to go on Oct. 1,” Todd-Mamlov said, and if a security problem is discovered at the last minute the website debut could be delayed. “We will not be going live if there is a smoking gun or a risk to security.”
Benson and Todd-Mamlov made their comments during and after a sometimes-confrontational meeting of a state House-Senate committee established to provide MNsure oversight. Questions and debate dominating the meeting centered on a data breach that occurred Sept. 12 when a MNsure employee mistakenly emailed a list of insurance brokers and private information about them to a Burnsville insurance agent.
The person no longer works for MNsure.
Sen. Tony Lourey, DFL-Kerrick, said he is happy MNsure responded to the improper email within half an hour of when it went out. He called it a “robust response” that lasted several days, including sending state computer experts to examine the computer that received the email to make sure it was erased and not forwarded.
Thousands of insurance agents and brokers, county employees and state workers continue to undergo training in the final days before Tuesday’s MNsure start. Part of that training involves how to guard private data.
Todd-Mamlov said the “data incident,” as she called it, was due to a human error. She said there now are protections in place that require all private data to be encrypted and would not allow an unencrypted file to be emailed, as happened Sept. 12.
“We know there is anxiety out there,” Todd-Mamlov said.