WASHINGTON - Friday, five Democratic U.S. House members that are being challenged in their home districts joined all of Illinois Republican Congress members by voting to strengthen Healthcare.gov website's security.
Democrats Tammy Duckworth (08), Bill Foster (11) Brad Schneider (10), Bill Enyart (12) and Dan Lipinski (03) voted to require the Secretary of Health and Human Services to notify an individual within two business days after discovery of any breach of security of the Healthcare.gov system.
Illinois U.S. Reps Rodney Davis (13-IL) and Adam Kinzinger (16-IL) signed on to co-sponsor Congressman Joe Pitts' Health Exchange Security and Transparency Act of 2014.
"What if Target hadn't notified its customers of the hacking of its system?" Pitts asked his House colleagues.
Sixty-seven Democrats supported the effort maintained by an American Health Benefit Exchange established under the Patient Protection and Affordable Care Act. The two-page legislation requires the feds to notify persons if their account has been hacked and private information obtained.
Pitts and his Republican colleagues argued the following points on the U.S. House floor:
Americans Deserve To Know When Obamacare Has Put Their Personal Information At Risk
- The Health Exchange Security and Transparency Act requires HHS to notify individuals if their personal information has been stolen or unlawfully accessed through an Obamacare exchange. This notification must occur no later than two business days after discovery by the Secretary.
- While the administration claims it will notify individuals in case of a breach, this notification should be required by law if an individual’s personally identifiable information is compromised.
- Congressional oversight has uncovered facts that raise serious concerns regarding the security of the law’s exchanges.
- We have learned that the Department of Health and Human Services did not perform a full Security Control Assessment before the website went live on October 1st. Why? Because you cannot test something that is not complete, and the health exchanges are still not fully built.
- Failure to conduct adequate end-to-end security testing also led officials to write CMS Administrator Tavenner, “From a security perspective, the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk…”
- CMS’s Chief Information Security Officer, Teresa Fryer, stated in a draft memo that the federal exchange “does not reasonably meet ... security requirements” and that “there is also no confidence that Personal Identifiable Information (PII) will be protected.”
- Experts at Experian recently wrote that the “healthcare industry, by far, will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014.” This prediction was based in part on reports of security risks posed by the HealthCare.gov website and the health insurance exchanges established by various states since the health care law’s infrastructure was “put together too quickly and haphazardly.”
- These facts, on top of the fact that the administration has repeatedly misrepresented the functionality and readiness of the health law, raise serious questions regarding the security of personal information on HealthCare.gov.
- See more at: http://energycommerce.house.gov/fact-sheet/health-exchange-security-and-transparency-act#sthash.BZY8rYvQ.dpuf