Sophos, the renowned security firm, recently reported in its survey of data encryption: “The Sophos survey of IT decision makers in six countries reveals that there are some misconceptions about encryption, and some disconnects between what companies say they are concerned about – and what they’re doing about it.”

The article does not talk about misconceptions, but should!  Probably the biggest misconception is that your data is safe from hackers when you adopt an encryption technology.

In further analysis of the Sophos survey for Healthcare firms, Sara Heath writes:

Those organizations that do not encrypt their data – and even some that do – are seeing some gaps in data protection. Nearly one-quarter of customer information and customer financial information falls through the encryption cracks, leaving it liable to a data breach.

This is especially alarming when put into the context of the healthcare industry. Because patients are the customers in the healthcare industry, it is important that all of their PHI be fully protected via encryption to keep that valuable information from falling into malicious hands.

While encryption is great and everybody seems to be advocating it, does it really thwart a determined hacker?

Malicious hackers routinely steal information from private databases. It is a widespread fallacy that by encrypting the data in these databases, data will be safe. Regulators, compliance authorities and industry standards insist on encrypting sensitive information such as SSNs, credit card numbers, and health information.

However, unless the encryption is one-way – once encrypted, the data can no longer be recovered – encrypted data used by database-backed websites is usually as insecure as unencrypted data.

The encrypted data, to be usable, is obviously decrypted by some applications and processes within the system or on the network. Those applications and processes need to access the sensitive data, usually quite frequently, and have access to the decryption keys. The decryption keys are made available to these applications either by trusting their user-id, or their process filename, the computer’s IP address, or a similar factor.

To understand why data encryption might provide a false sense of comfort, let us make some rather formidable assumptions against our adversary, the hacker.

Let us assume that:
(a) the application logs are encrypted
(b) the application is encrypting its “heap” memory
(c) the application is enforcing data privacy in its interfaces to other components
(d) the decryption keys are stored in an ultra-secure (digital) vault

These assumptions are very hard to implement correctly. But let’s assume that they are true.

The fact that a hacker is able to access data, even if in encrypted form, in a database clearly indicates that the hacker has breached the various security perimeters and gained unauthorized access to an internal system. In normal course, the hacker should have not been able to access the raw database at all. Once the hacker is inside the network and has been able to access the database, it is a fair assumption that the hacker is able to assume the identity of the application or the web-server itself. In fact, once inside a system, it is not that hard for a hacker to just try and become the superuser of that system and then masquerade as a specific user.

Once that happens, all bets are off. If the hacker’s access to the database cannot be distinguished from the application’s access, encryption does not help at all. Once a hacker is inside your network and is able to access your encrypted data, it is usually only a matter of time before he figures out how to access the required keys, and then to decrypt the data.

Bruce Schneier, the famous crypto-expert, highlighted this way back in a blog article from 2010:

Let’s take a concrete example: credit card databases associated with websites. Those databases are not encrypted because it doesn’t make any sense. The whole point of storing credit card numbers on a website is so it’s accessible — so each time I buy something, I don’t have to type it in again. The website needs to dynamically query the database and retrieve the numbers, millions of times a day. If the database were encrypted, the website would need the key. But if the key were on the same network as the data, what would be the point of encrypting it? Access to the website equals access to the database in either case. Security is achieved by good access control on the website and database, not by encrypting the data.

We re-iterate the last sentence: Security is achieved by good access control on the website and database, not by encrypting the data.

To be sure, encryption is useful for carrying around sensitive information. But for data “at rest”, mere encryption offers but an illusion of safety.

As the third open enrollment period comes to a close, I’m reflecting back on the 2016 season and what did and did not work well for brokers.

One component of the enrollment process that really stood apart for me was the ability to seamlessly connect to (FFM) for quick and easy subsidy qualifications and enrollments.  Web Broker Entities refer to this process as the “Double Redirect” and is required by CMS for enrolling individuals online, regardless if they choose to self-service or leverage a broker’s assistance. As a licensed broker employed by hCentive that works on Federal and State Exchanges regularly, I can’t stress enough the importance of having online broker benefits tools that are CMS compliant. If your online enrollment platform provider is not CMS compliant, you’re putting your book of business at risk with sudden changes in the way clients enroll, or worse, not being able to conduct business.

Brokers are required to participate in annual training with CMS if they wish to sell on During your training and/or certification process CMS clearly states there are two ways for a broker to enroll an individual:

  1. a broker may assist a client directly while they log into with their individual account, or
  2. by logging into as a broker, using a Web Broker Entity’s (WBE) direct enrollment process.
    [WBE Process]: When working with a client using a WBE, an agent or broker is securely redirected from the QHP issuer’s or Web Broker’s website to  Once the broker is on they can complete the eligibility application with the consumer, using the agent or broker’s user ID. After the application is completed on, the agent returns to complete the enrollment on the Web Broker Entity’s site.

See: Resources for Agents and Brokers in the Health Insurance Marketplace

Reflecting on the above, is number one or number two consistent with what you, the broker, have been doing during the last few months of OEP? Or did you have to modify the way you were helping your clients due to a change in the way your current technology platform was working? If number one and/or number two above follows your process, then your technology partner has been conscious of their product design and eliminated any compliance risk for you and your clients.

For more information on working with a technology partner that offers brokers a CMS compliant platform to manage group and individual business, end-to-end management of quoting, enrollment, and administration and more.

These days everyone looks to technology, particularly apps, for consumer information and purchasing. Considering this and the exploding technology space for HR and benefits enrollment technology, I’m asking—can technology replace the role of the health insurance broker in assisting individuals and employer groups with their insurance purchasing decisions? In an Employee Benefits News article Ray Mara, SVP of Group Products at Guardian says “Employers rely on their benefit brokers not only to advise them on plan offerings and design, but increasingly on the service administration of those programs.” Keeping this in mind, let’s do a quick review on the value of using a broker to make insurance and benefit purchasing decisions:

  • Tailored Recommendations – Brokers work with their clients to make specific recommendations tailored to meet the client’s needs. For an individual client, they will discuss budget, goals, ACA requirements (potential subsidies available), and any specific family needs. For an employer client, they will review the organizational culture, approach to benefits, budget, compliance requirements, etc. Coupled with their industry knowledge they are well positioned to make a best-fit recommendation.
  • Market Intelligence – A broker understands their geographic market and the insurance carrier offerings. They can sit with their clients (or instruct them online) on comparing carriers, coverage details, and costs. They can easily point out the differences, identify problematic or beneficial areas, and help their clients analyze these differences, leading to stronger recommendations.
  • Relevancy – A broker with an existing client relationship has the ability to periodically review plan designs and cost to ensure their recommendations remain relevant to their clients’ situation.
  • Client Advocate – When a broker has relationships with their clients, they become a natural advocate for when issues may arise with insurance companies.
  • Enrollment Support – Additionally, for employer clients, the broker can take an active role in communicating benefits to employees and supporting the employees during Open Enrollment or throughout the year.

Considering the above, do we actually believe it’s possible for technology to replace the broker relationship? I think not.

Health insurance plans, and other insurance-related products are complex and it is ever increasingly important to make the right choices. Sure, decision support tools can be built into technology platforms to assist with filtering a multitude of plans for a consumer to choose. However, the personal relationship with a broker and their knowledge of carrier products and the marketplace cannot be replaced.

Ideally we’d like to see technology products that promote a partnership with brokers. In a technology-supported partnership, the broker and their clients benefit from the efficiencies of an online insurance marketplace and enrollment system. Imagine having the expertise of a seasoned insurance broker aligned with a single technology platform that allows brokers and their clients to view plans, make choices, enroll, and review on an on-going basis. Brokers are here to stay and the technology to support them, and their clients, will continue to grow as an important part of the consumer purchasing process.

Relevancy, value addition, and guidance – these are keywords being used in the evolving broker market at existing broker businesses. The role of brokers is changing due to the onset of a benefits marketplace approach in individual as well as employer business. At hCentive, we have been at the helm of the change rocking the broker market, and we have been participating in discussions with our broker clients, and this is what we have arrived at.

Die Out or Mutate, but Decide Soon

Out of our roundtable discussion at our past hCentive xChange Customer Conference, this was the prime sentiment echoing across our participating broker clients – brokers are in a dire need to evolve with the market or face extinction. With the new benefits marketplace exchange strategy making inroads, the traditional role of brokers is losing its charm and brokers need to evolve with the role to present better value to customers.
To compound the challenge, brokers need to adapt to the market’s speed, and that means adjusting with market change velocity. Die out or mutate, but take a quick decision to stay competitive in the market.

Right Engagement is Key to Retention

On the engagement front, brokers have made strong headway, but almost all our clients agreed that things could be improved here. Currently, the majority of a broker’s focus is on engagement, but only a few brokers are doing things right. The focus needs to move away from regular, low-value stuff, such as sending birthday cards, to high-value engagement, such as guiding customers with knowledge about their insurance health plans and shopping over marketplaces. Brokers need to realign their automated engagement touch points to present value to their audience.
At the same time, brokers need to strategize their automated touch points in a way that they are not the default authority whenever their clients have questions or issues. The strategy needs to be a combination of self-service and engagement during enrollment and renewal processes.

Leverage Knowledge and Exchange Familiarity

With exchanges and carriers, brokers have an advantage that is unprecedented – their knowledge base and exchange familiarity. From this standpoint, brokers will have a continued, renewed role to play, given that they sustain their knowledge and deliver it through all their engagement channels.
In this task, exchange familiarity will give them another advantage, and all of this will ultimately come together for their benefits marketplace strategy.

Rely on Multiple Product Lines for Continued Payout

With exchanges running the show, brokers cannot distinguish against their competition through offerings or price. The exchanges have taken over that role, and brokers need to up their game for continued payout from the market. Combining their knowledge vantage point with multiple product lines, brokers can arrive at a solid strategy that lets them establish new value in the evolved market without sacrificing too much of their commission. In short, if you want to continue being competitive in the market, you need to rely on multiple product channels and use your vantage point for lasting growth in the market.

In the first part of this post, we explored the planning level gaps that ultimately led to the collapse of Vermont’s proposed health system. However, more than any of these planning level issues, the financials were always the pain point of the Vermont administration. Back when the administration was playing with the idea of having a single payer system, they only had the vague idea that the huge $2 billion cost will be covered by an increase in taxes and other connected funding. However, when they actually sat down to make the calculations, the plan worked out to be a failure. Compounding that with the resistance shown by hospitals, insurers and employers, the single payer system was doomed. Let’s take a look at the top financial issues, which broke Vermont administration’s resolve.

1. The administration went ahead without discerning the inflow of money: When the plan for the single payer system was underway, the administration had one thing clear – they were looking at a huge expense, because they were covering more people than Obamacare and were giving better health benefits, both of which were going to cost them a whole lot of money. However, at the beginning, the administration was confident of moving ahead without being fully sure about where the money will come from when they need it. The uncertainty behind cost of this single payer system became an important point of contention in the Vermont elections as well, but fortunately, Peter Shumlin, the long standing proponent of the single payer system, won the election and continued his term. This inconceivable oversight on finances was one of the prime reasons behind the failure of the plan.

2. Vermont needed a 160 percent tax increase to meet the financial liability of the single payer system: According to available estimates, the Vermont administration expects to collect $1.7 billion in tax revenue. For Green Mountain Care, the name given to Vermont’s single payer system, the state needs to raise an additional $2.6 billion in taxes, which comes out to be roughly 151 percent. Similarly by 2019, the state expects to collect about $1.8 billion in taxes, but needs to raise $2.9 billion through taxes for the single payer system. That’s 160 percent of sheer tax increase. Naturally, for each of the ideas suggested for raising this money, the administration witnessed a strong pushback from the segment, subduing the administration into accepting their terms. For instance, when the small businesses were informed of the 11.5 percent payroll tax, they pushed back, ultimately having the administration provide them a grace period for organizations with up to 100 workers, thereby losing $500 million in funding. Another reason for financial failure was that the state tried to replicate a manner of federal subsidies in its system, and for financing those subsidies, put incessant pressure through payroll and tax revenues.

3. Even with all this, a single payer system was out of Vermont’s reach: The federal government spends the most on health insurance, through Medicare, Military Healthcare, subsidized employer sponsored health insurance, and a large chunk of Medicaid sponsorship. Vermont’s plan to replace all of that was too big for the state’s capability, even with that small a population. The only way to make Vermont’s plan work was through waivers on Medicaid, Medicare, and Obamacare. Further, a primary advantage of having a single payer system is reduced paperwork for hospitals and insurers because of a single insurer to reconcile with. However, with the option of buying private health insurance from New Hampshire, the advantage of having a single system is not much to talk about. Further, Vermont has only 3 insurers, BCBS, Cigna, and MVP, and having a single system won’t make much difference in administrative cost savings anyway.

Although this failure of a state-based single payer system is a major setback in having a nationwide single payer system, it does make a few things clear about Obamacare. The failed effort highlights what Obamacare has done right in the last year and a half, including the cost balancing and smart maneuvering of the tricky healthcare domain. At this point, Obamacare is working. Even if a single payer system is not in the American future for at least the next half decade, I think we can make do with all that Obamacare is doing right.

After nearly four years of pouring heart and soul intensive effort trying to establish into an ambitious plan that would setup a statewide single payer health system in Vermont, Governor Peter Shumlin recently announced that the plan to implement the system by 2017 would be abandoned. the scrapping of Vermont’s plan to implement the system by 2017. The Governor cited that the change would bring huge economic pressure on the state, and the disruption could be too much for small businesses and working families.

Although this single payer system plan was limited to Vermont, it holds a clear implication for the entire country, that single payer system will not be feasible for the country in the near future, and that Obamacare is still the best way to balance the nation’s imbalanced healthcare system and rising healthcare spending. So, what was the reason for the early demise of the plan that had so many hopes riding on it? Let’s find out.

1. Vermont tried to give the residents too much, too soon: Under the single payer plan, Vermont wanted to provide the best of benefits to its residents. Under the current Obamacare system, that translates into the Platinum coverage health plans, where insurance companies bear as much as 90 percent of the insurance liability while the consumer covers the remaining 10 percent through copays and deductibles. However, the total liability in Vermont’s private plan came out to be roughly 94 percent, which was higher than the best, and most expensive, , costliest Obamacare health plans. Naturally, this was too much for the administration to handle, as it was driving the costs up for everyone. Vermont tried to play with the liability by reducing it to 80 percent, but was ultimately unable to settle with the drop in benefits under this reduced liability plan. Between too high cost and too low benefits, Vermont ultimately decided to drop the whole idea.

2. The idea was bottlenecked by hospitals and insurers: Under this new private plan, Vermont wanted to give better benefits at lowest possible costs, which meant elevating taxes and lowering reimbursements to doctors, hospitals and insurers. Had this come to pass, doctors and hospitals would have had to accept privately insured patients at Medicare reimbursement rates. For the entire privately insured population of Vermont, this cut would have meant 16 percent reduction in reimbursements. Naturally, the hospitals and insurers aligned against the single payer system, leading to a collapse of the system. Considering the expensive healthcare industry of America, any such attempt to enforce single payer system is bound to see resistance from these powerful elements of the healthcare industry. Insurers do not want to lose all their business because the government is taking over healthcare, a phenomenon that is going to precipitate whenever a nationwide stab at single payer system is taken.

3. Some other cost savings failed to materialize: A primary source of income for Vermont’s single payer system were was the distributed cost savings they expected to nurture over the course of time. However, almost all of their planned attempts failed spectacularly. For instance, Vermont expected to gather a $267 million under the Obamacare waiver for setting up a competent healthcare system in the state, but after revisions, they managed to project a funding of only $106 million from the center. That’s a whole $161 million short. Another shortfall was on the Medicare funding they expected to receive. Vermont expected about $637 million in funding over Medicare, but the final number was only $487 million. The state also expected reduced tax revenues over the 2017 timeframe, of the order of $75 million. So, $161m, $150m, and $75m, making a total of $386 million, were snatched away from Vermont through mere projections. Considering the total liability of $2 billion, this was a roughly 20 percent loss even before the plan was put into motion.

The above aspects only deal with the planning end of Vermont’s attempt at single payer health system. There still is the subject of finance, which ultimately proved to be the final nail in the coffin of the Vermont single payer health system. In the next part of this post, we will explore the financial challenges that ultimately cemented the disintegration of Vermont’s attempts. Stay tuned!

Since its enactment in 2010, the Affordable Care Act has come a long way in pursuit of its primary goal of a fully insured America. When the ACA was rolled out, it aimed to provide affordable health insurance to 32 million people by 2019. To realize that goal, the administration worked on a variety of initiatives, such as the setup of state and federal marketplaces that helped customers to shop for health insurance in a consumer centric marketplace format. The expansion of Medicaid was proposed to assist the momentum built by the ACA, and the health insurance industry was realigned to cut costs and suit the workings of the law.

In the last 5 years, ACA has had some hits and some misses in its journey. Today, we take a look at the top ten hits and misses in its 5-year journey.

1)  The Obama administration established the federally facilitated marketplace (aka that helped states without their own exchange offer subsidized health insurance to their citizens. For states that established their own state exchange, the Obama administration offered monetary support through grants that helped states pay for the exchanges. Although these exchanges struggled in the first 3 months, they delivered a solid enrollment figures when the first open enrollment ended in March 2014.

2)  As per the first enrollment, the administration was able to enroll 8 million even after suffering major setbacks in the first three months of enrollment. The majority of these enrollments were done over the phone or by paper apps.

3)  As many as 87 percent of the enrollees were able to control their health insurance costs through the exchange provided subsidies. These subsidies worked to minimize the cost of health insurance for people up to 400 percent of the federal poverty level, thus helping families cover for their health insurance. With removing the pre-existing condition, the ACA opened doors to people who had trouble finding insurance.

4)  By the end of the second open enrollment period in February 2015, the Obama administration managed to enroll 11 million people through the exchanges. Although a large chunk of these enrollments were people who had enrolled last year, deeper penetration of the law in the market was prevalent.

5)  It is expected that about 85 percent of the new enrollees will be eligible for the health insurance subsidies. Owing to the subsidies and the interest of healthy individuals in the law, the premium rise in the year 2015 was marginal.

6)  However, it seems that there will still be around 30 million uninsured Americans by 2019. If healthy individuals start dropping their health insurance, this number might go up, thus destabilizing the market and opening it for more challenges in terms of insurance pool balance.

7)  The ACA was built with concept of parallel expansion on Medicaid to cover some sections of the public. Since some states chose to not expand Medicaid, about 5 million people are stuck in a coverage gap, which prevents them from getting subsidies to cover their insurance costs from the exchanges nor are they eligible for Medicaid.

8)  Although health insurers are working with the law to provide affordable coverage, they have resorted to alternate measures to keep their profit margins. A lot of health plans have narrowed their networks and connected with low cost hospitals and physicians.

9)  Due to subsidies is such that people are choosing mid-tier silver plans, which ultimately cost a little higher but offer better cost assistance to consumers. However, the Silver plans expose the consumers to 30 percent of their healthcare costs, while 70 percent is covered by their plan, but most of these people cannot afford that remaining cost, and ultimately risk dropping their coverage and incurring significant medical debt.

10)  The shortage of primary care physicians is another challenge. The country is short of about 45,000 physicians, and most of the existing ones are no longer accepting new patients.

By now, it is very clear that the health insurance marketplaces have had some glitches. To add to the confusion, health payers have started issuing cancellation letters to thousands of Americans whose insurance policies do not comply with the Affordable Care Act, and will expire at the end of the year. This additional issue on the already stumbling website is making matters worse for the Obama administration.

As the ‘tech surge’ for fixing goes into full steam, Obama administration has another plan up its sleeve – to allow consumers to stay on their existing plans and get them renewed, even if they don’t fully comply with the Obamacare mandates. These plans can stay active for an additional, giving Obama stalwarts enough room to fix the broken parts fully and get the exchange live without any hassles.

Read more

Nearly a month and a half after the health insurance marketplace rollout, the federal exchange is still reeling. The underperforming, broken site is making life tough for the Obama administration. However, the site is starting to make progress, and the government is committed to delivering an error-free, smooth experience to Americans.

However, in the midst of this chaos and its impact on various demographics, there is a particular group that stands ignored – the self-employed. Among a delayed employee mandate, individual insurance talks, and Medicaid expansion discussion, no one is really paying attention to this major chunk of the national population. Here, we discuss the seven questions, and their answers, which will help self-employed sail through the tumultuous times of Obamacare rollout.

Read more

As we go through the fifth week of the Obamacare rollout, not much has changed in the health insurance marketplace sphere. Although has not substantially improved, minor improvements have trickled in. Enrollments are picking up, but the numbers are still nothing to boast about, especially when compared to the projected numbers given before the marketplaces went live. So, what are the challenges being faced by the administration and healthcare industry, and what are the action points for the government to iron out these challenges? Let’s find out.

Read more