OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

The Tennessean - Healthcare.gov Woes Show Hypocrisy on Cybersecurity

Op-Ed

Date: Feb. 5, 2015
Issues: Technology and Communication Civil Liberties and Civil Rights Health Insurance

By Rep. Diane Black

President Obama wants to be known as the 21st-century president who is tough on cybercrime and savvy about new privacy concerns in the digital age.

To that end, he urged Congress in his State of the Union address to pass legislation that will "meet the evolving threat of cyberattacks, combat identity theft and protect our children's information."

In February 2012, he even went so far as to propose a "Consumer Privacy Bill of Rights" outlining a series of standards that Americans should be able to expect when it comes to online privacy and data security.

While these goals are certainly laudable, they apparently do not apply to his signature health care law.

Today, if your personal information is compromised on the Healthcare.gov insurance exchanges, the federal government is under no obligation to inform you -- despite similar laws being in place in the private sector and for most state-based exchanges.

The Obama administration's unwillingness to play by the same rules as everyone else is troublesome on its own, but even more so when you consider Healthcare.gov's abysmal track record over the past year.

In July, the web portal was successfully hacked. Authorities maintain that no personal information was stolen. Then, in September 2014, a Government Accountability Office (GAO) report was released warning that "increased and unnecessary risks remain of unauthorized access, disclosure or modification of the information collected and maintained by Healthcare.gov."

More than four months later, the GAO website reports that the office's six specific recommendations to improve Healthcare.gov security have still not been fully resolved.

Most recently, the Obama administration was discovered to have shared users' personal information -- including age, income, ZIP code and smoking and pregnancy status -- with numerous third-party vendors, all without applicants' knowledge or consent. Once caught with their hands in the cookie jar, the administration quietly scaled back this practice, but many unanswered questions remain.

For this reason, I led a letter to the Department of Health and Human Services and the Centers for Medicare and Medicaid Services demanding answers on Healthcare.gov's privacy and security standards. The letter also seeks information on what data was collected by the website, how long it was stored and in what way it was secured.

I look forward to the administration's response, but I also know that we cannot afford to wait for this lame-duck White House to finally start policing itself.

That is why I introduced the Federal Exchange Data Breach Notification Act of 2015. This legislation would bring basic diligence to the Obamacare exchanges by requiring the administration to notify users if their information is breached when using Healthcare.gov.

It defies all logic that this requirement is not already law. If President Obama is the cybersecurity hawk he says he is, he will work with members of both parties to pass this right-to-know legislation so that Americans aren't left holding the bag for the next Obamacare malfunction.


Source
arrow_upward