Healthcare.Gov's Hidden Problem

NEW YORK (MainStreet) — The hidden problem at, the Obama Administration's health care marketplace, has little to do with the Web site.

It's the old problem of identity.

Before being given any prices, users have to prove who they are. This is done so that subsidies can be calculated, as with this sample calculator at the Kaiser Foundation.

But the result is you can easily get lost in a Kafkaesque maze, as happened to my daughter when I tried to help her sign up for coverage – she turns 26 in February.

Pete Palmer, now chief security officer for MedAllies, a health care automation consultant, said identity is a huge problem for all of e-commerce. He has been working with a succession of groups, most recently the Kantara Initiative, on a "trust framework" aimed at simplifying the problem.

Based on the importance of getting identity right and the risk in getting it wrong, The National Institute of Standards and Technology (NIST) considers the equivalent of what Kantara calls a "Level 3" site. This is consistent with the rules under the Health Insurance Portability and Accounting Act (HIPAA), which has made you sign-off on any data you give to your doctor.

Level 3 requires that a government-issued ID, like a passport or state-issued driver's license, be shown and validated before a human being to prove identity.

That can't really be done online.

One way to get around this is by asking an applicant questions only they can answer. You'll see these "security questions" deployed by many banks, questions like where were you born, what was the name of your first pet and what your favorite car might be.

"That has to happen in real time, it has to match what is seen by the government," said Palmer. "Then there are a second set of questions that only the applicant should be able to answer."