There are plenty of ways to enroll in Obamacare, but all paths converge through the federal Data Services Hub — Uncle Sam’s most expensive civilian technology project.

The Centers for Medicare and Medicaid Services (part of the Department of Health and Human Services), which has exclusive control of the federal Data Services Hub technology infrastructure, is abundantly clear, “all consumers must have their eligibility verified through the Data Services Hub — regardless of which path they use to enroll.”

To the credit of CMS, the HealthCare.gov marketplace, which was built by 55 government contractors and now serviced by dozens more, is, “one of the most complex pieces of software ever created for the federal government. It communicates in real time with at least 112 different computer systems across the country.”

Essentially, the federal Data Services Hub is a cloud-based routing tool that helps state and federal Health Insurance Marketplaces provide accurate and timely eligibility determinations. The Data Services Hub verifies data with, “information contained in already existing, secure and trusted Federal and state databases.” CMS has committed to spending $1 billion dollars over eight years to build and run this technology infrastructure.

There is good reason to protect consumer information traveling through the federal Data Services Hub during open enrollment and contract payments. When a individual provides information to their state’s health insurance exchange, their personal information is checked against databases at the Internal Revenue Service (IRS), Social Security Administration (SSA), Department of Homeland Security (DHS), Department of Veterans Affairs (VA), Department of Defense (DoD), Peace Corps, and Office of Personnel Management (OPM).

CMS has also contracted with private companies to supply personal data to the federal Data Services Hub. For example, Equifax Workforce Solutions, a wholly owned subsidiary of the credit bureau Equifax, Inc., has a 5 year, $329.4 million contract with CMS, to provide your personal income data and employer-sponsored health insurance status. Equifax provides, “information [about individuals] that is more current than what is available on federal income tax returns.”

Furthermore, service-level contracts stipulate that Equifax must also provide income information “in real time,” usually within a second of receiving a query from the federal government. The Fair Credit Reporting Act provides every individual with the right to a free copy of their credit report from EWS, and all other nationwide specialty credit reporting agencies. Annual disclosure requests can be made to EWS online, by fax (1–877–879–8182), by mail (TALX Corporation, Attn: Employment Data Report, 1845 Borman Ct., Suite 337, St. Louis, Missouri, 63146), or by calling the toll-free telephone number at 1–866–604–6570. (See, 15 U.S.C. § 1681j(a)(1)(A); 16 CFR § 610.3 — “Free Annual File Disclosures”.)

The personally identifiable information stored natively in the federal Data Services Hub includes, the applicant’s “first name, last name, middle initial, mailing address or permanent residential address (if different from the mailing address), date of birth, Social Security Number (if the applicant has one), taxpayer status, gender, ethnicity, residency, email address, and telephone number…information pertaining to (1) his or her citizenship or immigration status; (2) enrollment in Federally funded minimum essential health coverage; (3) incarceration status; (4) Indian status; (5) enrollment in employer-sponsored coverage; (6) requests for and accompanying documentation to justify receipt of individual responsibility exemptions, including membership in a certain type of recognized religious sect or health care sharing ministry; (7) employer information; (8) status as a veteran; (9) limited health status information (pregnancy status, blindness, disability status); and (10) household income, including tax return information from the IRS, income information from the Social Security Administration, and financial information from other third party sources.”

Of course, “the hub has several levels of protection to mitigate security risks. It employs a continuous monitoring model to rapidly identify and take action against irregular behavior and unauthorized system changes that could indicate a potential incident. If a security problem occurs, an incident response capability will be activated to track, investigate, and report incidents to appropriate law enforcement authorities.” In the opinion of CMS, “the Hub and its associated systems have been built with state-of-the art business processes based on federal and industry standards.”

Protection of personal data is mission critical. The federal Data Services Hub is the single-most important component of Obamacare, without which advance premium tax credits, cost-sharing reductions, and direct payments to insurers would not be possible. Its impossible for an insurance company or online health insurance portal to fully enroll an applicant in a subsidized health insurance plan without passing the customer off to the Data Services Hub.

The HealthCare.gov insurance marketplace is one of the most complex pieces of software ever created for the federal government. And complexity is costly:

• $196 million to CGI Federal Group Inc. for developing the front-end elements of HealthCare.gov;
• $85 million to Quality Software Services Inc. (QSSI), a wholly-owned subsidiary of Optum Inc., a unit of UnitedHealth Group (UNH), for building and operating the federal Data Services Hub;
• $55.4 million to Terremark Federal Group, a wholly-owned subsidiary of Verizon Communications Inc. (VZ), for cloud computing services to host the federal Data Services Hub data center through 2013;
• $31.6 million to National Government Services Inc., a unit of WellPoint (WLP), for a consumer call center to supplement HealthCare.gov;
• $30 million (of a potential 5 year, $1.2 billion contract) to Serco Inc., the American unit of Serco Group plc (SRP), for digitizing paper applications, documentation, and correspondence from individuals, employers, and employees;
• $38 million to Booz Allen Hamilton for IT integration and support services on the federally facilitated exchanges;
• $2 million (of a 5 year, $329.4 million contract) to Equifax Workforce Solutions, a wholly-owned subsidiary of the credit reporting agency Equifax, Inc. (EFX), for providing the federal Data Services Hub with information about an applicant’s income and whether the applicant has employer-sponsored coverage and how much she pays for it;
• $78 million to Experian Decision Analytics, a wholly-owned subsidiary of the credit reporting agency Experian plc (EXPN), for applicant identity verification and log-in services on HealthCare.gov;
• $38 million to Hewlett-Packard Enterprise Services, a unit of Hewlett-Packard Corp. (HP), for cloud computing services to host the federal Data Services Hub data center in 2014 and beyond.

These figures don’t include the costs of the infamous “tech surge” in 2013 to fix HealthCare.gov by deploying corporate computer engineering and usability mercenaries from Google Inc., Red Hat, Inc., and Oracle Inc. to the Obamacare war room. President Obama acknowledged the implosion of Healthcare.gov, “we are getting it fixed, but it would have been better to do it on the front end, rather than the back end.”

At a press conference in 2013, the President’s frustration was evident when he said brusquely, “I’m accused of a lot of things, but I don’t think I’m stupid enough to go around saying, ‘This is going to be like shopping on Amazon or Travelocity’ a week before the Web site opens if I thought that it wasn’t going to work.”

The major Data Services Hub outage occurred on Sunday, October 27, 2013, when it’s host, Verizon’s Terremark experienced a connectivity issue in it’s data centers that caused it to shut down operations for approximately 24 hours. As a result of the Data Services Hub network failure, Obamacare enrollment in all 50 states was completely halted for a day. As opposed to the much-publicized failures of HealthCare.gov, however, the federal Data Services Hub has been operating reliably with few interruptions.

Meanwhile, insurers, private companies, venture capitalists, and even some states are desperately searching for ways to bypass the federal Data Services Hub infrastructure so they can enroll applicants directly in qualified health insurance plans. But, there will be no Amazon.com or Kayak.com of shopping for affordable health insurance because CMS is not opening access to the federal Data Services Hub.

Thus, it remains impossible for an insurance company or online health insurance portal to fully enroll an applicant in a subsidized health insurance plan without passing the customer off to the federal Data Services Hub. Mail a paper application, contact a call center, receive in-person help, apply through a Small Business Exchange (SBE), submit your information online — there are plenty of ways to enroll in Obamacare, but all paths converge through the federal Data Services hub.

Stay Updated:

Related Stories:

Joel Winston, Esq. is a New York-based attorney specializing in consumer protection law and commercial litigation. He also provides data privacy and regulatory compliance counsel to technology entrepreneurs and early-stage ventures. Joel is a former deputy attorney general for the State of New Jersey and previously served the Department of Justice, Office of the U.S. Trustee, in Manhattan.