Andrew Langer was pretty sure his daughter was on the wrong website when she tried to apply for new credentials to access Tricare, the military health program, from her home near Fort Eustis, Virginia.
As part of the online validation process for the Defense Department's
MHS Genesis electronic health records system, Langer's daughter was
told she would need to furnish the last eight digits of a credit card
and undergo a "soft" credit check to gain access.
Sensing something amiss, she called her parents.
Read Next: Navy Reservist Who Was at Jan. 6 Riot Gets 3 Years on Gun Charges
"I'm normally so patient with my daughter but, quite honestly, I got
very impatient because I thought this was phishing. ... I was like, 'Get
off there. This is not right -- you don't need a credit card,'" Langer
Turns out, she did, as does anyone who must enroll in MHS Genesis or
wants a new DoD credential, known as a DS Logon, to access the military pay system or their medical records.
It appears that the new requirement went into effect DoD and Veterans
Affairs-wide within the past five months. For some, like Langer, it is
an unwelcome change.
"It's a very simple yet privacy-invading way of trying to do identity
verification," Langer said during an interview with Military.com.
"Career civil servants tend to make these decisions without any sort of
regard to the greater public policy implications -- the privacy issues,
the disparate impact on folks who are struggling -- the idea that
someone in their health care may know they have credit issues or are
The DoD Self-Service Logon, or DS Logon, is a digital credential used
by military personnel and beneficiaries to access pay records, health
services and other DoD administrative applications.
Once reserved for DoD beneficiaries only, the credential is now the
standard for veterans, allowing them to check on the status of their Department of Veterans Affairs disability claims, health benefits applications, and other VA-related services.
According to Navy Cmdr.
Nicole Schwegman, a DoD spokeswoman, users who apply for a DS Logon
remotely must have their identity authenticated. The soft credit check
is one way to verify the user, she said.
"The [Remote Identity Proofing] service is provided by a 3rdparty
vendor and uses a variety of techniques to verify an individual's
identity which involves data obtained through a soft credit check,"
Schwegman said in an email to Military.com. "These 'soft credit checks'
do not impact a person's credit score."
She added that DS Logon has performed soft credit checks on
individuals for more than eight years, although she admitted that
neither she nor any of the military personnel in her office were aware
of the requirement until asked about it by Military.com.
Users may just be noticing the new requirement as the Defense
Department adopts the new Oracle Cerner MHS Genesis electronic health
record system department-wide. When patients apply to access the new
program, they are asked to provide a photo of their driver's license or
another approved identification card and a credit card or a loan
document to verify their ID.
Schwegman said that those who object to the credit check can use a
Common Access Card to obtain a DS Logon or, if they don't have a CAC,
can go to a DoD ID card facility and get their identity verified in
"Use of the remote identity proofing service is not a requirement for
DS Logon issuance, but for some it is the most convenient option
available," Schwegman said.
Langer, who is chairman of the Institute for Regulatory Analysis and
Engagement, a nonprofit organization focused on the federal regulations
and the administrative state, doesn't think that DoD beneficiaries
should trade privacy for convenience.
He has written to the Defense Health Agency and reached out to two
members of Congress to get answers on the new requirement, trying to
find out who made the decision, why, and whether the DoD went through
the proper regulatory process to enact it.
"I find no reference to it anywhere," Langer said. "I've gone down
the rabbit hole trying to figure out who is responsible. … My suspicion
is that the justification they will lay out is because they are trying
to do this across platforms for DoD dependents, VA, DoD employees. I
guess they are trying to standardize it. It still doesn't justify why."
– Patricia Kime can be reached at Patricia.Kime@Military.com.
Related: VA Delays Electronic Records System Rollout Due to Reliability Issues Following Crashes
Disclaimer: The opinions expressed within this article are the views of the writer and do not necessarily reflect the views and opinions of FRA.