Health insurance agents who fraudulently enroll consumers in Affordable Care Act health plans could be subject to criminal charges — and civil penalties of $10,000 to $200,000 — under legislation introduced Wednesday by Sen. Ron Wyden (D-Ore.), chairman of the powerful Senate Finance Committee.

Wyden first promised the bill in May, when he called on federal regulators to do more to combat sketchy Obamacare enrollment schemes. Often, consumers who are targeted don’t know they’ve been enrolled or that their coverage has been switched to a new plan until they lose access to preferred doctors, learn they have different deductibles, or find they owe taxes for ACA insurance premium subsidies.

The schemes exploit the federal health insurance enrollment system, which requires only minimal proof of identity — a name, birth date, and state — for a broker to create or access an account. The lure is monthly commissions paid by insurance companies — amounts that are only about $25 per person but can add up when multiplied across transactions.

“It is critical for these bad actors to be held criminally responsible and implement common sense consumer protections so working families can confidently purchase quality, affordable health insurance that works for them through honest brokers,” Wyden said in a statement.

The Centers for Medicare & Medicaid Services said July 19 that more than 200,000 people have complained about unauthorized Obamacare enrollment or plan switches this year.

KFF Health News began reporting on Affordable Care Act enrollment schemes this spring.

CMS’ directive last week also detailed new rules aimed at thwarting the problem by blocking agents from making changes to consumers’ coverage unless they are already “associated” with that policyholder’s account, or take other steps to verify that they have consumers’ permission.

Wyden’s proposal, co-sponsored by Democratic Sens. Sherrod Brown of Ohio, Tammy Duckworth of Illinois, Patty Murray of Washington, Brian Schatz of Hawaii, and Chris Van Hollen of Maryland, would call on federal regulators to begin verifying that consumers have granted consent to brokers for ACA enrollment or plan switches, and to notify consumers whenever a change is made to their accounts or coverage.

The civil penalties would range from at least $10,000, in cases of straightforward negligence, to as much as $200,000 for agents who “knowingly and willfully” submit fraudulent information.

Wyden’s bill faces a seemingly impossible climb, landing in a very polarized Senate during an election year.

But next year, the ACA will be in the spotlight as Congress must decide whether to extend beyond 2025 enhanced subsidies that help people purchase coverage. Increased subsidies were instituted under the Biden administration at the height of the pandemic and are considered a key factor behind recent record ACA enrollment.

Some Republican lawmakers have demanded investigations of ACA enrollment-switching schemes, which they allege may be part of a larger problem of brokers or consumers misstating their incomes to garner insurance subsidies. Obamacare supporters say the complaint is a partisan effort to stop the enhanced subsidies from becoming permanent.

Sen. Chuck Grassley (R-Iowa) sent a letter July 8 to CMS questioning how federal regulators verify incomes for those who get subsidies and what enforcement efforts are underway related to potential ACA subsidy fraud.

Wyden’s office said his proposal is supported by some insurers and agent groups, including AHIP, the trade association for insurance companies; individual insurers like Centene Corp.; and several disease-specific patient advocacy groups, including the Leukemia & Lymphoma Society, the American Cancer Society Cancer Action Network, and the National Multiple Sclerosis Society.

Health Agents for America, a group that has sought solutions to the issue, supports criminal charges for agents found to be falsely enrolling or switching consumers but stopped short of endorsing Wyden’s bill. Ronnell Nolan, its president and CEO, said her organization would like to see more effort “to hold CMS responsible” for allowing what she views as security loopholes in private sector enrollment websites, and in enforcement actions against bad actors.

“The bottom line is to stop fraud and help the consumer,” she said.

In a July 19 letter to Wyden’s office, CMS Administrator Chiquita Brooks-LaSure outlined steps the agency has taken to increase “oversight of agents and brokers to protect consumers” — including suspending 200 agents in recent weeks from enrolling clients in Obamacare plans.

“The numbers being addressed are very low,” said Nolan, who suspects it isn’t just individual rogue agents seeking commissions by changing ACA enrollments, but a larger effort using automation to rapidly enroll or switch consumer policies.

Nolan and other agents say federal regulators should simply require private Obamacare enrollment sites to add layers of security before agents can access consumer accounts.

Eighteen states and the District of Columbia run their own ACA marketplaces and require additional security measures, including two-factor authentication, before consumer accounts can be accessed. Two-factor authentication, a common internet security feature, requires people to enter a code — usually sent to their phones — before accessing accounts at banks, social media platforms, and many other services.

The state-run enrollment sites report far fewer problems than the federal marketplace, Nolan and others say. If CMS simply added two-factor authentication to healthcare.gov, Nolan said, “all these other shenanigans would not happen.”

This article was produced by KFF Health News, a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF — the independent source for health policy research, polling, and journalism.