With one week to go before the launch of Minnesota’s new health insurance exchange, state officials headed to the Legislature Tuesday to assure skeptical lawmakers that the system is good to go.
But creating a new government agency and a complex computer network in less than a year hasn’t been easy. MNsure has been plagued by glitches and missteps since it was signed into law this spring, raising alarms at the Capitol about its data security practices and decision making.
“A lot of people are unsure about MNsure,” said Rep. Joe Hoppe, R-Chaska, during Tuesday’s hastily organized meeting of the Legislature’s MNsure Oversight Committee.
Earlier this month, an agency employee accidentally emailed the social security numbers of some 1,500 insurance agents to another broker. The breach didn’t involve the database that consumers will use to shop for their health coverage, but it did raise questions at the Capitol about MNsure’s ability to safeguard personal data.
Despite the data security breach and questions about MNsure’s grant process, agency officials told the committee that they have already fielded thousands of calls about enrollment and are on schedule. If they spot a “smoking gun” that warns of serious problems with the system, they said, they would delay the start of the six-month enrollment period.
“Let’s not judge ourselves on the first 100 yards of the marathon,” said MNsure Board Chair Brian Beutner. “MNsure will be open on Oct. 1, delivering the lowest rates in the nation with choices for every Minnesotan for better, more affordable health care insurance.”
The agency is still scrambling to get ready for the launch. None of the insurance brokers or navigators who are supposed to guide the consumers through the online marketplace have completed their training, although many are set to finish up next week.
Republican lawmakers had pointed questions about MNsure's early errors, and so did legislative auditor Jim Nobles, who is conducting a review of the system in the wake of the data breach. MNsure will dip into its own budget to offer credit monitoring to the brokers affected by the data breach, and the offending email was quickly deleted by the recipient. The employee responsible no longer works for MNsure.
Chris Buse, Minnesota’s chief information security officer, said the MNsure marketplace will have “state of the art” data privacy protection. The complex system has to link customers not just to private insurance companies, but to state and federal computer networks as well.
Hoppe and other Republican lawmakers weren’t reassured.
“People are nervous about this. People are nervous about their data…The system is only as tough, only as secure as the people who are using the data,” he said. “We are not leaving the people of the state of Minnesota with a very good feeling about how this is going to work.”
But Senate Health and Human Services Committee Chairman Tony Lourey, DFL-Kerrick, said he was reassured by MNsure’s rapid response to the problems it has encountered so far.
“I am very sorry that this occurred,” said Lourey, who sponsored the Senate version of the legislation that created the MNsure system. “But I am also very glad to see the robust response that happened in a short time afterward – 28 minutes after the initial email took place, the machinery was in place to make sure this was put in a box and treated appropriately. And the machinery is still ongoing today.”