US. Rep. Grothman: Grothman introduces bill to strengthen identity protections for federal health care enrollees

(Washington, D.C.) – Congressman Glenn Grothman (WI-06) introduced the Marketplace Fraud Accountability (MFA) Act, legislation requiring the Centers for Medicare & Medicaid Services (CMS) to implement multifactor authentication for enrollees in federal health care programs governed by the Patient Protection and Affordable Care Act to better protect Americans’ personal information and reduce fraud. 

“Fraudsters are constantly looking for ways to exploit weak security systems, and the federal government shouldn’t make it easy for them,” said Grothman. “Multifactor authentication has become a standard security measure for everything from banking to email to fast food apps because it works. There’s no reason Americans should have stronger protections for their bank accounts than for their health care accounts. This is a commonsense anti-fraud measure that will make it harder for bad actors to manipulate federal health care account and exploit taxpayer-funded programs. By strengthening these basic security protections, we can better protect enrollees and save taxpayer funds by reducing fraud and improper payments. At the same time, this bill ensures individuals without reliable broadband or cellular service can continue accessing their health care accounts through alternative verification methods.”

“Congressman Grothman has stepped forward as a true champion for both consumers and the professional agent community,” said B. Ronnell Nolan, President and CEO of Health Agents for America (HAFA). “The Marketplace Fraud Accountability Act is about protecting Americans from fraud, preserving consumer choice, and ensuring licensed agents can continue serving their clients with integrity and accountability. This legislation is long overdue.”

Background Information

Multifactor authentication is a widely used security measure that verifies a user’s identity through two or more authentication factors, such as a password, security token, or biometric identifier. While Americans routinely use these protections for banking, email, and other online services, CMS does not currently require multifactor authentication for Affordable Care Act enrollees. 

Watchdog organizations have raised concerns that the lack of basic identity protections leaves enrollees vulnerable to fraud, unauthorized account changes, and identity theft. According to the Paragon Institute, fraud and improper enrollment resulting from these vulnerabilities is conservatively estimated to cost taxpayers between $15 billion and $26 billion. Several state-based health care exchanges, including DC Health Link, already require multifactor authentication. 

The Marketplace Fraud Accountability Act would require CMS to implement multifactor authentication for Affordable Care Act enrollees within one year of enactment. The legislation also directs the Secretary of Health and Human Services to provide alternative authentication methods on a case-by-case basis for individuals who lack reliable broadband or cellular service, ensuring they are not prevented from accessing their health care accounts.