As more than 2 million people enroll in health plans through HealthCare.gov, congressional Republicans have a new strategy to chip away at Obamacare: put the focus on the website's security vulnerabilities.
As reported Jan 2. by the left-leaning Talking Points Memo website, House Majority Leader Eric Cantor, R-Va., intends to file a bill early in 2014 that aims to "strengthen security requirements as well as require prompt notification in the event of a breach involving personal information," according to a memo provided to TPM.
[See also: What happened to Healthcare.gov?.]
"It is my intent to schedule legislation on this topic when we return next week," wrote Cantor. "If a breach occurs, it shouldn't be up to some bureaucrat to decide when or even whether to inform an individual that their personal information has been accessed."
As it stands, law currently allows the Obama administration to decide whether "a risk of harm exists" as a result of data breaches, and leaves it up the federal officials whether individuals need to be notified, TPM's Sahil Kapur points out.
That's less stringent, of course, than the breach notification requirements put upon healthcare organizations under HIPAA and HITECH.
While HealthCare.gov does not inquire about prospective enrollees' medical histories, signing up for coverage via HealthCare.gov does require applicants to enter their names, addresses, phone numbers, dates of birth, income and family size. Social Security numbers and email addresses are optional.
"American families have enough to worry about as we enter the new year without having to wonder if they can trust the government to inform them when their personal information – entered into a government mandated website – has been compromised," wrote Cantor in the memo to his House colleagues.
To make his point, Cantor pointed to four investigations by GOP-led committees that he said underscored the potential for breaches in the online exchanges.
[See also: Security for the HIPAA omnibus ruling.]
In late December, Teresa Fryer, chief information security officer at the Centers for Medicare & Medicaid Services, testified before the House Oversight Committee that there had been "two high findings" of risk in tests run on the federal website, according to ABC News.
Thanks to that "vulnerability in the system," she said, the module of the website at risk was "currently shut down."
The exact nature of the issue was redacted, to prevent further compromising security, a committee member told the network.
According to ABC, Fryer assured the committee that "several layers of security" are in place and that there have been "no successful breaches" of HealthCare.gov.
