Florida Chief Financial Officer Jimmy Patronis blames the Affordable Care Act, also known as “Obamacare”, for facilitating fraud in the Sunshine State. Patronis sent a letter late yesterday evening to U.S. Sen. Bernie Sanders (I-VT) and Representative Brett Guthrie (R-KY), who serve as chairs of committees overseeing the U.S. Center for Medicaid and Medicare Services (CMS). In the letter, Patronis stated that the Affordable Health Care Act (ACA, or “Obamacare”) Marketplace is allowing fraud to occur against Floridians.
“The lack of security measures for the Affordable Care Act (ACA) Marketplace is impacting Floridians. Policyholders are getting plans they didn’t want, or ask for,” Patronis said. “Thanks to the weak security measures of the Marketplace, Floridians are being signed up for health policies in different states, then getting penalized by the IRS because they made too much to qualify for plans. This fraud can only occur through a Marketplace that’s got more holes in it than a cheap slice of Swiss cheese. As my Consumer Services Division is fielding these complaints, we’re working with our Criminal Investigations Division to go after these fraudsters. Until the Marketplace gets its act together, however, the dam is wide open, and this crime is flooding into our communities. We need Congress to force CMS to act with urgency in getting this problem taken care of.”
You can read a full copy of the letter, below.
Senator Bernie Sanders and Representative Brett Guthrie
Washington, D.C. 20515
Dear Senator Sanders and Representative Guthrie:
I am writing to you in my capacity as Chief Financial Officer for the State of Florida and agency head for the Florida Department of Financial Services (DFS). DFS is the primary agency tasked with investigating insurance fraud and licensing insurance agents in the state of Florida.
My agency is receiving an increase in consumer complaints related to Affordable Care Act (ACA) fraud. My office has opened over 900 investigations into unauthorized registration of consumers into ACA plans and instances where Florida consumers are switched from one ACA plan to another without their authorization, all so a bad actor can collect a commission. Consumers should never be surprised by their health coverage. While most businesses that offer online registration require two-factor authentication (2FA) to ensure consumers know what they are being signed up for, Centers for Medicaid and Medicare Services (CMS) does not. How is signing up for the “Uber” app a more secure process than obtaining healthcare through the federal government?
Unauthorized plan switching and policy creation cause consumers to incur tax penalties as the Internal Revenue Service (IRS) seeks to recoup Advanced Premium Tax Credits (APTC) that were granted based on fraudulently entered information. Unauthorized coverage changes are also creating surprise denials of coverage, and unexpected out of pocket expenses, when Florida consumers attempt to get care from a provider which may have been covered under an ACA plan they previously registered for, but are disallowed under an unauthorized, new coverage arrangement.
While our office is currently working with the Centers for Medicaid and Medicare Services to terminate insurance agent licenses of individuals, our enforcement efforts are met with ever-increasing consumer complaints, which were up 95% in 2023. (We have already received more complaints in 2024 than we did in all of 2023.) I have a lot of faith in our ability to punish licensed agents who take advantage of consumers, but enforcement after the fact provides little comfort to ACA consumers who continue to be at risk of experiencing unauthorized coverage changes. Moreover, none of this after-the-fact enforcement activity would be necessary if Congress required CMS to adopt basic security protocols that would prevent consumers from being unwittingly registered for health coverage in the first place.
CMS should implement two-factor authorization (2FA) to ensure unauthorized coverage changes do not catch consumers by surprise.
The federal ACA Marketplace website lacks basic security protocols to prevent unauthorized plan enrollment and switching—all a bad actor needs to switch a consumer and poach commissions is a name, state of residence, and date of birth.
CMS should immediately begin requiring 2FA for all changes to ACA accounts. A simple text or email message could save thousands of consumers from the IRS coverage denials. This is to say nothing of the millions of dollars in tax credits the federal government is currently spending on phony ACA enrollments. Two-factor authentication is a standard security protocol that could be easily implemented to prevent this problem from occurring. An ounce of prevention is worth a pound of cure, which is why Congress should require CMS to receive 2FA for all new ACA plan enrollees and plan changes.
It’s far easier to prevent fraud from occurring in the first place than it is to ask state regulators to chase down these bad actors after the fact and force consumers to wait for open enrollment to get their old coverage back.
My request to congress is straightforward—force CMS to implement 2FA as a required component of ACA plan enrollment. Not only is this the right move to protect consumers, but it will save the federal government untold sums of dollars on fraudulent ACA enrollments. Further, Congress needs to prevent third-party websites, like HealthSherpa, from implementing workarounds that allow individuals other than licensed and appointed insurance agents to collect payment for enrolling consumers in ACA plans.
I look forward to working with your office on this important issue and I am ready to share any data as you see fit. Thank you for all you do for this great country.
Respectfully,
Jimmy Patronis
Chief Financial Officer
State of Florida