For their first Obamacare act of 2014, House Republicans intend to vote on legislation aimed at cracking down on potential security breaches of personal information online.
In a new memo to GOP members that was provided to TPM, Majority Leader Eric Cantor (R-VA) outlined his plan to bring up a bill designed “to strengthen security requirements as well as require prompt notification in the event of a breach involving personal information.”
“It is my intent to schedule legislation on this topic when we return next week,” he wrote, adding that it will draw from legislation offered by Reps. Diane Black (R-TN), Kerry Bentivolio (R-MI) and Gus Bilirakis (R-FL). “If a breach occurs, it shouldn’t be up to some bureaucrat to decide when or even whether to inform an individual that their personal information has been accessed.”
Cantor pointed to four investigations by Republican-led House committees that detailed the potential for online data breaches in the Obamacare exchanges. His memo came soon after the law’s major coverage benefits via the exchanges and Medicaid expansion took effect on Jan. 1.
Current law lets the Obama administration decide whether whether “a risk of harm exists” as a result of data breaches “and if individuals need to be notified.”
To verify eligibility, the online Obamacare application asks prospective enrollees for information such as their names, addresses, phone numbers, date of birth, income and family size. Email addresses and Social Security numbers are optional. It does not inquire about their medical histories.
“American families have enough to worry about as we enter the new year without having to wonder if they can trust the government to inform them when their personal information — entered into a government mandated website — has been compromised,” Cantor wrote in the memo.
A spokesman for House Minority Leader Nancy Pelosi (D-CA) dismissed Cantor’s proposal as more “partisan and ideological games” over Obamacare.
“It is clear that the New Year has brought no change in heart for House Republicans,” said the spokesman, Drew Hammill. “They continue to remain intent on undermining or repealing the Affordable Care Act at every turn, and that effort even extends to scaring their constituents from obtaining health coverage.”
Late Update: Jan. 3, 2014, 2 p.m. EST
The Center for Medicare and Medicaid Service, which administers Obamacare, responded Friday to Cantor’s assertions, saying there have been “no successful security attacks” on HealthCare.gov and that the website is security-tested on a regular basis.
“The privacy and security of consumers’ personal information are a top priority for us. When consumers fill out their online Marketplace applications, they can trust that the information that they are providing is protected by stringent security standards. To date, there have been no successful security attacks on Healthcare.gov and no person or group has maliciously accessed personally identifiable information from the site,” said CMS spokesman Aaron Albright. “Security testing is conducted on an ongoing basis using industry best practices to appropriately safeguard consumers’ personal information. The security of the system is also monitored by sensors and other tools to deter and prevent any unauthorized access. The components of the HealthCare.gov website that are operational have been determined to be compliant with the Federal Information Security Management Act (FISMA), based on standards promulgated by the National Institutes of Standards and Technology (NIST) and promulgated through the Office of Management and Budget (OMB).”
