Data Security Fears Persist for Health Insurance Exchanges
InfoPoll | 10-22-13

Confidence in Data Security on Health Insurance Exchanges Remains Low

A graphic of a man holding a sheet of paper that says 'Data Security' while window shopping for health plans

Two separate nationwide surveys from mid-September and mid-October demonstrate that public distrust of data security on the new health insurance exchanges remains high. HealthPocket asked adults across the nation "Are you confident personal information requested within Obamacare insurance marketplaces will be safe from hacking and other misuse?" Survey participants had the option of answering "Yes," "No," and "I wasn't aware personal info was required." The mid-September distribution of the survey found that 57% of survey respondents did not trust data security on the exchanges. By mid- October, that number edged up to 59%. The percentage of respondents who are confident in data security on the exchanges remained relatively unchanged, dipping slightly from 20% in September to 19% in October.

People living in rural areas expressed the highest level of distrust in exchange data security with 73% answering "no" in October when questioned if they were confident personal information requested within Obamacare insurance marketplaces will be safe from hacking. In September, only 60% of people living in rural areas answered "no" to the same question.

As documented in the analysis of the initial September data security survey, the new health insurance exchanges raise the topic of data security because they collect confidential information from the consumers using the web site.

In order to calculate the subsidy–adjusted premiums for the insurance plans and determine their out-of-pocket costs, these marketplaces (also known as "exchanges") will require personal information from health insurance shoppers. The personal information will include social security number, income, date of birth, home address, and whether the individual has any physical, mental, or emotional health conditions that limit activities of daily life...Not only will multiple software systems store and transmit this data but thousands of exchange-related personnel (such as call center staff and third parties such as "navigators" and "web-based entities") will have access to portions of the information when facilitating enrollments or determining subsidy eligibility.1

To date, the only known data breach of confidential personal information occurred with respect to the Minnesota’s state health insurance exchange.2 The breach was related to procedural error as oppose to a technical system compromise. No data breaches have been documented for the federal health insurance exchange,

Part of the consistently high worries about data security may be the result of web site problems associated with the launch of the state and federal health insurance exchanges. While there have been considerable improvements in the incidence of technical glitches encountered on the federal exchange, they remain sufficiently persistent that the Department of Health and Human Services announced on Sunday, October 20, that they are "bringing in some of the best and brightest from both inside and outside government to scrub in with the team and help improve We're also putting in place tools and processes to aggressively monitor and identify parts of where individuals are encountering errors or having difficulty using the site, so we can prioritize and fix them. We are also defining new test processes to prevent new issues from cropping up..."3

The persistence of data security concerns for the exchanges raises the question of whether these concerns will negatively affect insurance enrollment. Diminished enrollment numbers have the potential to negatively influence the composition of insurance risk pools by enrolling a disproportionate amount of the sickest people who are most motivated to get health insurance. Such risk pool compositions could then inflate insurance premiums in 2015.

At six months, the Affordable Care Act’s first open enrollment period provides sufficient time for the government to counter public fears about data security and promote enrollment. Given the potential consequences of leaving data security concerns unaddressed, the government should have ample motivation to convince the public that the exchanges will keep their personal information safe from hacking and other data breaches.


Analysis is based on the results of two separate nationwide surveys with identical questions and identical answer options. The first survey was conducted from September 16th through September 19th 2013 and the second survey was conducted from October 14, 2013 to October 16, 2013. Adults across the United States were asked, "Are you confident personal information requested within Obamacare insurance marketplaces will be safe from hacking and other misuse?" Survey respondents had the option of selecting one of the following answers: "Yes," "No," and "I wasn't aware personal info was required." Answers were displayed in a fixed order ("Yes," "No," "I wasn't aware personal info was required"). The two surveys were displayed within a network of over 100 different news web sites and other content sites. 938 adults from across the nation participated in the first survey. 966 adults from the nation participated in the second survey. Demographic inferencing and methodology to acquire survey respondents who approximate national statistics on age, gender, income, and region was performed by Google-administered technology. Race, education, and health insurance status were not examined. Margin of error across the first survey was estimated at +3.5/-3.6. Margin of error across the second survey was estimated at +3.5/-3.6.


This survey analysis was completed by Kev Coleman, Head of Research & Data at Correspondence regarding this study can be directed to Mr. Coleman at

Feedback and questions are welcome but, given the volume of email, personal responses may not be feasible.


  1 Kev Coleman."High Public Concern Over Privacy and Hacking on Obamacare Exchanges." (September 25, 2013). /healthcare-research/surveys/obamacare-health-insurance-exchange-privacy-data-security/
 2 Jackie Crosby. "Errant e-mail creates security breach at MNsure." StarTribune [Minneapolis]. September 13, 2013. Last accessed September 21, 2013.
3 U.S. Department of Health & Human Services. "Doing Better: Making Improvements to " (October 20, 2013). Last accessed October 21, 2013.


Kev Coleman provides information on insurance products. If you choose to obtain a quote or apply for an insurance plan, you may be transferred to a partner website to complete your request. Always review the privacy and terms of use of the partner website. is a free information source. We receive our data from government, non-profit and private sources, and you should confirm key provisions of your coverage with your selected health plan. Our website is not a health insurance agency and not affiliated with and does not represent or endorse any health plan. While on our site, if you click on a plan or link, you may be directed to one of our partners who offers health insurance products. HealthPocket, Inc. is part of the Benefytt Technologies, Inc. family of companies.