Health Exchange Security and Transparency Actby Representative Diane Black
Posted on 2014-01-09
BLACK. I thank the gentlelady from Missouri, my friend and my
Mr. Speaker, I rise today in support of the Health Exchange Security and Transparency Act, which would provide basic protections on the healthcare.gov Web site to help Americans protect themselves from fraud and abuse. Unfortunately, we live in a time where cyber threats are rampant, and we must do what we can to make sure that Americans are protected from these threats.
John Fund at National Review recently wrote this: Christmas shoppers were stunned to learn that computer hackers had made off with the names and other personal information of some 40 million Target customers.
But at least Target informed its customers of the security breach, as it is required by law. Healthcare.gov faces no such requirement--it need never notify customers that their personal information has been hacked or possibly compromised.
What makes this even worse is that the Department of Health and Human Services was asked to include notification provisions in the final rules for ObamaCare and they declined. Because of this decision on the part of HHS, millions of Americans' names, addresses, phone numbers, dates of birth, email addresses, and even Social Security numbers are at risk; and if they are breached by the government, they would never have to tell them.
Consider that as Americans who seek health care insurance sign onto the Federal exchange, they are inserting their personal information into a Web site that has never had a full end-to-end security test. In fact, CMS's Chief Information Security Officer, Theresa Fryer, stated in a draft memo that the Federal exchange ``does not reasonably meet security requirements'' and that ``there is no confidence that personal identifiable information will be protected.'' Even worse, experts at the credit agency Experian recently warned that the ``health care industry by far will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014.'' So Experian says that it is the health care that stands the greatest risk. This prediction was based in part on reports of security risks posed by the healthcare.gov Web site since the health care law's infrastructure was put together too quickly and haphazardly.
Mr. Speaker, this Web site was never ready to go on October 1. The very least we can do is to require that the Federal Government notify someone if their personal information has been hacked. That way, at the very least, they have a chance to fend off identity theft and cyber attacks and hopefully avoid another nightmare scenario like the one we saw that happened to Target shoppers.
I urge my colleagues in the House to support this bill and for our colleagues in the Senate to swiftly send it to the President's desk.