Health Exchange Security and Transparency Actby Senator James Lankford
Posted on 2014-01-09
LANKFORD. I thank the gentlelady.
Mr. Speaker, thank you for your oversight of this evening. The gentlelady and I do not agree at all on football, she being from Missouri and my being an Oklahoma State fan, but we do agree on this. This is a critical area, and it gets to the basic element of what we do as a Nation and what a government is supposed to do.
A government is designed to protect and to serve the people. The people don't serve the government. The government serves the people. The government is set to allow people to be able to live their lives as they choose. Then along comes the Affordable Care Act, where the government looks down at the people, literally, and says, ``I am going to make better decisions for you. Instead of your choosing your doctor, instead of your choosing your hospital, instead of your choosing your insurance, I am going to pick a group of insurance policies and hospitals and doctors I like as the government, and you get to pick from my list.'' It removes those choices from individuals to then set up a Web site and say, ``You are required to go on this Web site and enter your information on this Web site.'' Now, Mr. Speaker, I don't know how you handle shopping online, but when I shop online, I am careful of what Web sites I go to. I want to make sure there are security protocols and there is some backing to that so I am not entering information onto some site where I don't know how the security is handled. But this one is different. On this one, the power of the Federal Government is coming down on an individual to say, ``I don't care what you think about the security of this site. Enter your information there, and not only enter your information there, enter your children's information there.'' Chief Information Security Officer Teresa Fryer, she is the one who was set to be able to sign off on the security protocols for the Web site when it was to be launched, but in September, she refused to sign off and to put her name onto the exchanges and the data hub and say that it was ready to go and that the security was there. In fact, her statement was that there was a high risk of security and that there had been no end-to-end testing of this site, and she refused to sign off on the security. This is the chief information security officer who was assigned to oversee that for the government. Instead, it was pushed up to Marilyn Tavenner, the Director of CMS, to have to make the signoff because the person under her refused to do it.
Should Americans be concerned in entering their information? Absolutely, they should be concerned in entering their information because there is still no certification that this is fully tested, fully approved and that there are not serious vulnerabilities.
In the first week that the site was launched, the Federal Government brought in what is called a ``white hacker,'' someone who is going to come in and test the system, try to hack into the system. Were they successful? Absolutely, they were successful. They found multiple vulnerabilities in the site, itself, and then reported it back to CMS. There are a lot of security vulnerabilities there.
Is this an issue? Yes, but as ironic as all that is, a government that is set up to serve the people is actually trying to protect itself and not report when there is a problem.
You see, when Target had 40 million credit cards stolen in a very rare incident for a retailer like that--my family's being one of those--we were all notified. We were told, ``You are at risk. Here is what has occurred, so go change your credit card. Go protect your identity,'' because Target has the responsibility to protect us and to be able to let us know you have got a risk.
The Federal Government right now is saying, ``If someone breaks into our system, we have the responsibility to protect the Federal Government and not to let anyone know,'' instead of protecting the individual. That is government on its head. Government is designed to serve and protect the people, not to have them say, ``I can't tell you that information because it will look bad for the Federal Government.'' No.
This bill does a basic thing. It says the people are more important than the program that the government has set up--the people are--and that if their information has been stolen, if there has been a compromise to that information, they should be informed of that so that they can take the steps that are necessary to make sure they and their children who they have entered on their site have their information protected in the days ahead.
This is the right thing to do. This is not some blanket partisan issue. We would want this in every aspect of every Web site that the Federal Government has, whether that be IRS information, whether that be ObamaCare information, whether that be information on an EPA computer. If it is compromised, that citizen should know so steps can be taken to be able to protect himself. It is a reasonable protection for the American people. That is why I think this is a reasonable thing to be able to do. Quite frankly, we believe that the Affordable Care Act will be completely repealed and that the American people will have the ability to choose for themselves again rather than have the Federal Government say we are going to make choices for you. Until that day comes, it is a reasonable thing to at least begin with this.
With that, I thank the gentlelady from Missouri. Again, I can't root for your football team, but I can stand with you on this issue.