Follow us:

HealthCare Checkup

The Seattle Times health-care team tracks the local impact of the Affordable Care Act.

April 29, 2014 at 2:45 PM

Healthplanfinder site fixes potential password problem

The folks who run the Washington Healthplanfinder online exchange heard about several consumers who said that when they needed a new password from the website, the password was emailed to them in plain text — making it relatively easy to viewed by anyone intercepting the e-mail.  They were concerned about the security of that practice.

I checked with Curt Kwak, chief information officer of the Washington Health Benefits Exchange, which operates the site, regarding their password policies.

Kwak acknowledged that that was, indeed, the practice. “We do realize that sending passwords over email is not a good practice, but our system design has been reviewed by CMS [Centers for Medicare and Medicaid Services] and fully tested and validated by two independent QA [quality assurance],” Kwak said. “Plus, please note the comprehensive nature of our login process that mitigates much of the risk.”

Specifically, Kwak notes that although the password was emailed to the user, the user’s ID was not included in the email. “The password alone is not enough for a user to log in,” Kwak said. “They need to go through a number of steps to login.”

Still, the exchange has in the past week changed the procedure. According to Kwak, now it is only a temporary password that is emailed to the user, and the user is forced to change the password upon login.

Comments

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


Advertising
The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited seattletimes.com access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Activate Subscriber Account ►