Removing Barriers to Access From Remote Identity Proofing
Some states are adding unnecessary complexity to Medicaid and SNAP (formerly food stamps) online systems, blocking people from applying, reporting changes, and completing renewals through online portals. One way they do that is by requiring people to verify their identity through a process called Remote Identity Proofing (RIDP) before applying or transacting other business. RIDP is not required to determine eligibility for Medicaid, premium tax credits, or other safety net programs. It’s a federally required security step for certain types of online interfaces, but many states unnecessarily require clients to complete the process even when their online systems do not have features that trigger an RIDP requirement. This paper provides background on RIDP, explains when it’s required, and makes recommendations on how states can preserve the security of online interfaces without the barrier of RIDP.
States should review their online systems and modify or remove their RIDP process to make their systems easier to access, especially when RIDP isn’t the only or necessarily the best way to ensure the security and confidentiality of client information. If states continue to require RIDP, they should consider ways to remove the barriers it poses. Among other steps, they could let applicants bypass RIDP during an application and reserve verification for later in the process or allow trained community partners to help with identity verification.
What Is Remote Identity Proofing?
RIDP is a process for confirming the identity of an online user, usually before providing access to confidential information like a credit report. Typically in RIDP, people are asked a series of individually tailored questions based on data from credit bureaus and other sources generated automatically by the online system. These questions would likely only be answered correctly by the individual applying for benefits or reporting changes. For example, the individual might be asked to select the name of their mortgage lender or the range of monthly mortgage payment. (See Figure 1.)
There are several different services that can be used. The Department of Health and Human Services (HHS) contracts with the credit reporting agency Experian to carry out RIDP for the Federally Facilitated Marketplace on HealthCare.gov. HHS also makes the Experian RIDP service available to states through the federal data services hub, which states use to access data sources including the Social Security Administration (SSA) and Department of Homeland Security.
While the RIDP process may work for some, it presents a significant access barrier for many clients. The process may be difficult for people to complete if they don’t know the answer to the questions and aren’t able to easily access their records to find the required information, such as the amount of a loan payment. The questions may also be asked in a complicated way or reference the parent company of an employer or lender, making it difficult to correctly answer. Adding this process to an online application that already may take over an hour to complete decreases the chance that someone will have the time and ability to successfully apply for benefits.
Further, many clients can’t even attempt the RIDP process. The service can’t generate questions for many clients with a limited credit history, blocking them from applying or renewing online. Young people, non-citizens applying on behalf of citizen children, and those who do not regularly use banking services are most likely to have insufficient credit history to use the RIDP process. Clients who fail or are unable to complete RIDP may also incorrectly believe they’re ineligible for the benefits altogether.
When Is RIDP Required?
RIDP is not an eligibility requirement for Medicaid, premium tax credits, or other safety net programs. RIDP is a way to ensure that online applicants are who they say they are in order to protect consumers from unauthorized access to their personal information held by trusted sources like the Social Security Administration (SSA) and the Department of Homeland Security.
RIDP is a required security step only when online interfaces provide interactive access to confidential information in real time in order to compare data provided by an individual to personal data held by these agencies. Put simply, it is required when the system provides feedback to the individual containing information from secure data sources.
RIDP is necessary even if the interface doesn’t show the actual data from the agency to the applicant because the applicant may learn that there are inconsistencies between what they entered and the agencies’ data or may infer that the information they entered was verified. For example, when an applicant enters a Social Security number (SSN) on HealthCare.gov, the system compares that number and other identifying information with the SSA system. If there is an inconsistency, the applicant has a limited number of attempts to re-enter the SSN, allowing them to infer that there was an inconsistency. If an applicant re-enters their SSN and they are allowed to continue, they may infer that the SSN was confirmed.
But many state agencies require RIDP in situations where it is not required.
State Online Systems
At least 11 states require RIDP as part of their online application process for Medicaid, and some states require it to log into online case management accounts. In many of these states, RIDP is not necessary because the system does not give direct feedback to the client based on confidential information from federal data sources.
Most online Medicaid applications are digitized versions of paper applications, in which there is a one-way flow of information from the applicant to the state eligibility system. While many applications have some built-in logic and are dynamic (i.e., only asking questions for the programs the applicant is applying for), most do not interact in real time with the federal data services hub or other data sources. The application collects the information from the client and only after submission compares the information to federal and state data sources. The information from the data sources may be visible to an eligibility worker but is not presented back to the applicant. For these applications, RIDP isn’t necessary.
Some Medicaid applications automatically determine eligibility when an application is submitted and quickly provide the results to the applicant. This process, known as real-time eligibility, may provide the eligibility determination immediately after submission or within about 24 hours. Although the system may have checked the applicant information against various state and federal data sources to make that determination, RIDP is still not required unless the system shows the specific information on which eligibility was based, such as the actual income returned from SSA. If it just shows a client that they are eligible or ineligible, as most systems do, RIDP is not necessary.
States with state-based marketplaces often have a combined application for Medicaid and marketplace subsidies. In some cases, these systems do directly interact with the hub and provide interactive feedback to the applicant, much like the Federally Facilitated Marketplace, in which case RIDP is required. But for those that function as one-way information gathering, RIDP is not necessary.
The Department of Agriculture’s Food and Nutrition Service, which oversees SNAP, has stringent requirements for applications and mandates that states accept applications with just a name, address, and signature. Because RIDP requires collection of additional information in order to apply, it cannot be required for an online SNAP application — whether SNAP only or combined with other programs. States must make sure clients have a pathway to apply for SNAP that does not require RIDP.
Case Management Access
Some states require clients to complete RIDP in order to set up online case management functions that allow clients to view notices, report changes, and complete renewals. Here, there is two-way communication between the client and the state, since the client can view their case information. But unless the portal provides access to specific data obtained from federal data sources (such as SSA), the explicit RIDP service via the hub is not required. Displaying general information such as countable income, which reflects data from multiple sources, does not trigger the RIDP requirement because the data aren’t identifiable as coming from a particular source.
RIDP isn’t the only or necessarily the best way to ensure the security and confidentiality of client information. States should strive to create systems that do not result in barriers to access by requiring RIDP. For many states, RIDP is unnecessary for online applications or case management functions. These states should remove the RIDP requirement and implement less restrictive security approaches that still protect personal health information but do not present unnecessary obstacles. If the online system is designed in such a way that RIDP is required, states should consider changes to make RIDP unnecessary by not providing applicants with direct feedback from confidential data sources.
For online case management portals that allow clients to view confidential information and make changes to their case, states can establish security procedures to verify that clients are only accessing their own information and making changes on their own cases without requiring RIDP. These procedures might include requiring personal information like name, date of birth, and SSN to set up access, similar to methods the state uses when clients call and ask questions about their case or report changes over the phone. States may also require clients to enter a case number, client ID, or electronic benefits card (EBT) number. When possible, states should give clients options to select a secure authentication process that works for them. (See Figure 2.)
If agencies continue to require RIDP, they should consider the following strategies to minimize the barriers for clients:
- Allow clients to bypass RIDP and still submit an application. The system can avoid providing an applicant who has not completed RIDP real-time feedback on their entries and the agency can verify identity through another means later in the process if required.
- Move RIDP to the end. Implement RIDP at the end of an application so clients who struggle with the process aren’t deterred from applying.
- Allow community partners to help. Trained community partners that assist people in applying for benefits can verify client identity by certifying that they have viewed an appropriate document, such as a driver’s license.
- Use additional data sets. Supplement Experian data with local info (e.g., Department of Motor Vehicles) to generate additional questions for clients with limited credit history.
- Provide alternatives. Allow clients to verify their identity in person, such as by visiting a local office.
Integrated Benefits Initiative: Creating a More Human-Centered Safety Net
This paper is part of an ongoing series presenting lessons from the Integrated Benefits Initiative, which uses human-centered design and modern technology to improve access to SNAP, Medicaid, and other safety net programs. Through small-scale pilots around the country, Code for America, Nava PBC, and the Center on Budget and Policy Priorities are partnering to bring best-in-class design, technical, product, and policy expertise to show how states can build human-centered services fit for the digital age. This series provides practical guidance to state officials and others on creating and sustaining user-centered services in the social safety net.
 Genevieve Gaudet is a Design Lead with Nava Public Benefit Corporation.
 Terri Shaw and Shelby Gonzales, “Remote Identity Proofing: Impacts on Access to Health Insurance,” Center on Budget and Policy Priorities, January 7, 2016, https://www.cbpp.org/research/health/remote-identity-proofing-impacts-on-access-to-health-insurance.
 In light of recent data breaches, the Government Accountability Office recommends discontinuing knowledge-based identity verification. However, the HHS Centers for Medicare & Medicaid Services has no plans to change its current processes. See Government Accountability Office, “Data Protection: Federal Agencies Need to Strengthen Online Identity Verification Processes,” May 2019, https://www.gao.gov/assets/700/699195.pdf.
 For more information on the length of time it takes to complete an online application, see Code for America, “Bringing Social Safety Net Benefits Online,” August 2019, https://www.codeforamerica.org/features/bringing-social-safety-net-benefits-online/.
 Shaw and Gonzales, op. cit.
 Centers for Medicare & Medicaid Services, “Guidance Regarding Identity Proofing for the Marketplace, Medicaid, and CHIP, and the Disclosure of Certain Data Obtained through the Data Services Hub,” June 11, 2013, https://hbex.coveredca.com/regulations/PDFs/CMS%20FAQ%20-%20Guidance%20Regarding%20Identity%20Proofing.pdf.
 Code for America, op. cit.
 The Food and Nutrition Service has, however, recently created an Identity Authentication Option. An applicant’s identity must be verified before any SNAP benefits are issued, and states can give applicants the option to use the RIDP process to verify identity. However, RIDP must be an option, not a requirement, and clients must be allowed to verify identity in a different way, such as through another electronic data source or with paper documentation. See Food and Nutrition Service, U.S. Department of Agriculture, “Identity Authentication Pilot Projects — Conversion to State Option,” August 21, 2019, https://fns-prod.azureedge.net/sites/default/files/media/file/Identity_Authentication_State_Option.pdf.