Suspicions that U.S. consumers鈥 personal information could be accessed from India led regulators to abruptly bar two large private sector enrollment websites from accessing the Affordable Care Act marketplace in August.
New details about the suspensions come in legal filings made late Friday stemming from an effort by the two to regain access to the Obamacare marketplace before the upcoming ACA open enrollment period, which starts Nov. 1.
The Centers for Medicare & Medicaid Services wrote in a Sept. 2 letter to the companies that they were suspended after the agency identified 鈥渁 serious lapse in the security posture鈥 that could have led to marketplace data, including consumers鈥 personal information, being accessed from overseas.
The letter, included in the court filings, also noted that regulators will audit the two companies because they have 鈥渞easonable suspicion鈥 that they are players in a separate problem: signing people up for Obamacare coverage 鈥 or changing their policies 鈥 without the consumers鈥 permission.
Whether those legal issues will be resolved before the upcoming enrollment period is an open question. Currently, the concerns raised about the companies remain allegations, with none of the legal challenges or the audit close to a ruling or conclusion.
Still, the larger issue of fraudulent ACA enrollment by rogue insurance agents seeking commissions will continue to pose a headache for regulators, with more than 200,000 complaints filed by consumers in the first six months of 2024. And it has become a political problem for the Biden administration. GOP lawmakers blamed the schemes partly on Biden-backed expanded Obamacare premium subsidies.
President Joe Biden has claimed record-breaking enrollment under the ACA as one of his administration鈥檚 major accomplishments, and regulators are looking to thwart deceptive enrollment schemes without slowing legitimate sign-ups. In recent weeks they鈥檝e removed at least 200 agents鈥 access to the federal ACA marketplace, and in July began requiring, in many circumstances, that brokers participate in three-way calls with their clients and the healthcare.gov help center before changes can be finalized.
The CMS letter now adds another layer. It is the first time this year the agency has called out a company over questionable enrollments, saying it suspects 鈥渢he Speridian Companies鈥 might have 鈥渄irected its employees and other agents to change Marketplace enrollees鈥 coverage and enroll insured and uninsured consumers without the enrollees鈥 consent.鈥
California-based Speridian Global Holdings owns the companies in question, which include enrollment platform Benefitalign and TrueCoverage, doing business as the Inshura enrollment site. It has a data center in India.
The now-suspended Benefitalign site handled at least 1.2 million applications for ACA coverage during the last open enrollment period, according to court documents, which would rank it among the largest of the private enrollment sites allowed to integrate with healthcare.gov, the federal marketplace.
Previously, CMS had said publicly only that it suspended the websites for 鈥anomalous activity.鈥
The suspended companies deny any wrongdoing related to enrollment schemes. Spokesperson Catherine Riedel declined comment beyond their court filings.
In late August they filed a complaint against CMS over the suspensions in U.S. District Court for the District of Columbia, seeking a restraining order. They on Sept. 6, calling CMS鈥 suspension action 鈥渓awless.鈥
On Aug. 8, CMS suspended the two websites from accessing healthcare.gov information.
It did so, according to the Sept. 2 letter, over concerns that some consumer information 鈥渋s processed and/or stored鈥 in India, citing 鈥渟uspicions鈥 that the data is 鈥渂eing accessed from outside of the United States.鈥
That鈥檚 a problem, the letter says, because marketplace data must stay in the U.S. to 鈥渆liminate the possibility that foreign powers might obtain access.鈥 Additionally, websites approved by CMS to integrate with the federal marketplace cannot transmit data outside of the U.S. or allow access from outside the country, under the terms of agreements such companies sign to get CMS approval to operate.
CMS did not spell out what consumer information might have been included, but ACA applications can contain information including a person鈥檚 name, date of birth, address, and detailed household income information.
Speridian companies were suspended, then reinstated, from the marketplace in prior years over other concerns, including problems with false Social Security Numbers submitted with some TrueCoverage ACA applications in 2018, and for a 2023 effort by Benefitalign to access the federal marketplace鈥檚 鈥渟oftware testing environment鈥 from India, according to the CMS letter.
In seeking a restraining order against CMS, the companies argue that the agency鈥檚 action to suspend them now is arbitrary and capricious and violates its own regulations as well as the due process clause of the Constitution.
The filing calls the Sept. 2 CMS letter explaining the reasons for the suspensions 鈥渁 post hoc justification鈥 that includes a litany of 鈥溾榗oncerns,鈥 suspicions,鈥 鈥榓llegations.鈥欌 The filing also asserts 鈥渢hese intimations of violations are made without evidence of any actual violation.鈥
The court documents say the suspensions will prevent the companies from participating in the upcoming open enrollment period, harming them and 鈥渢he thousands of brokers鈥 and 鈥渕illions of consumers who count on brokers鈥 using those websites to sign up for ACA coverage.
The suspension remains in place, the CMS letter says, partly because its concerns have not been allayed by information provided by the companies, but also while the audit is conducted.
CMS has 鈥渞easonable suspicion, based on credible evidence it has considered,鈥 that the companies were involved in enrolling consumers or changing their coverage without specific permission, the letter stated, noting that such allegations are included in a civil lawsuit filed by private sector lawyers in U.S. District Court for the Southern District of Florida.
The firms have previously said the allegations in the civil lawsuit are without merit.
Brokers who have used the suspended websites in the past have other options to enroll clients, including several other websites currently approved to integrate with the federal Obamacare marketplace. Consumers can also go directly to the federal or state ACA websites and enroll themselves or get assistance from call centers associated with those marketplaces.
