Another week, another security scandal. The latest iteration come to us courtesy of the General Accounting Office:

" [sic], President Barack Obama's health insurance exchange, has security and privacy protection vulnerabilities ... despite steps taken by [CMS] for security and privacy protection, weaknesses remain in the processes used for managing information security and privacy."

No kidding.

But here's something that seems to be under the radar, and which I think may prove to be another major problem for those of us who continue to sell health insurance:

Yesterday, a very nice gentleman called, referred to me by another agent, looking for help and advice on purchasing health insurance. His COBRA plan is due to expire soon, and he needed help figuring out what to do. As is typical in these interactions, I took some basic information (age, tobacco use, etc) and asked about his current plan. Eventually, we got to the part about subsidies; like so many people, he really had no idea what that was all about.

So we discussed how the program works, the criteria for qualifying, that kind of thing. And then I explained to him that, if he qualified for a subsidy, and wanted to take advantage of it (not necessarily a no-brainer), then he would eventually find himself interacting with the government's website, and potentially exposing his personal, financial and medical information to hackers.

Which got me to thinking: if I assist a client in enrolling through the site, and their information is hacked, am I culpable? After all, I was the one that sent them there, and perhaps helped them complete the necessary steps. But for my efforts, said client may never have visited the site, let alone participated in the information-gathering process, and thus not become hacker-bait.

Kind of a scary thought, no?