Health Exchange Security and Transparency Act of 2014by Representative Chris Van Hollen
Posted on 2014-01-10
in the house of representatives
Friday, January 10, 2014
Mr. VAN HOLLEN. Mr. Speaker, I rise today in opposition to H.R. 3811.
I feel strongly that the public and private sector should establish
clear rules to protect Americans' personally identifiable information
and an obligation to notify them promptly of any security or privacy
breaches. The bill establishes a 48 hour notification requirement for
any breaches of personally identifiable information from the Affordable
Care Act Marketplaces. I would like to see an even shorter notice
period, perhaps within 24 hours. However, whatever standard we use
should apply to other government information systems. Moreover, we
should take a comprehensive approach that also considers standards to
protect consumers from involuntary disclosures of sensitive information
from systems in the private sector. For example, private health
insurance companies, which store large amounts personal health
information, should also be subject to privacy and notification
requirements. The recent incidents such as the massive data breaches at
Target and Neiman Marcus illustrate the need for standards to be
applied across the internet.
This bill's failure to protect consumers from the wide array of potential security lapses reveals it for what it is--simply another politically motivated attack on the Affordable Care Act. The obvious goal is to scare people away from using the internet-based Marketplaces to sign up for coverage under the Affordable Care Act. The truth is there have been no successful attacks on the site, it is continually being monitored, and stringent protocols exist should a breach occur. Moreover, because the Affordable Care Act prohibits insurance companies from discriminating against individuals with pre-existing health conditions, the website does not collect or store detailed health personal health information. This hastily drafted legislation also contains other flaws. Specifically, it lacks important exceptions for law enforcement requirements, which could threaten ongoing investigations.
Mr. Speaker, today's bill is not a policy solution; it's a scare tactic. There is no doubt that we must strengthen security features of all systems that contain American's personally identifiable information. I urge my Republican colleagues to work with Democrats on crafting serious, workable legislation to ensure the security of sensitive information on the internet.