GOP Plans HealthCare.gov Security Bill

Eric Cantor Pushing for a Vote in the House

By , January 3, 2014.
Eric Cantor
Eric Cantor

When members of the U.S. House return from their holiday recess, they will consider legislation aimed at bolstering the security of the federal HealthCare.gov website and systems for Obamacare.

See Also: Mobile Deposit Capture: Balancing Fraud Prevention and Customer Convenience

House Majority Leader Eric Cantor, R-Va., sent a memo to House Republicans on Jan. 2 aimed at rallying them to pass legislation to address the security of Healthcare.gov site, particularly data breach notification.

"To date, the administration has downplayed the risk of a data breach, perhaps in part because their primary goal is signing people up for insurance through the exchange," wrote Cantor in the memo, which was provided to Information Security Media Group.

"Regardless, if there is a breach, Americans shouldn't have to wonder whether or not they will receive prompt notification so that they may act to protect their personal identity and finances," Cantor says. "It is my intent to schedule legislation on this topic when we return next week," he wrote in the Jan. 2 memo.

The focus on the security of Healthcare.gov is just one part of Cantor's larger call for "greater transparency" overall from the Obama administration for the Affordable Care Act, including "disclosure of reliable and complete enrollment data."

Tapping Other Proposals

A schedule for consideration of the new Cantor legislation, as well as the bill's specific provisions and sponsors, were still being worked out on Jan. 3, sources told Information Security Media Group. The legislation will draw from other Healthcare.gov security-related legislation that was introduced late last year by three other House Republicans - Diane Black of Tennesee, Kerry Bentivolio of Michigan and Gus Bilirakis of Florida.

A spokesman for Bilirakus says key provisions of his proposal include requirements for the Department of Health and Human Services to notify affected individuals and Congress when a data breach occurs. Black's legislation also focuses on breach notification for individuals whose information is exposed.

A provision in Bentivolio's legislation that says a federal agency "may not deploy or make available to the public a new website involving personally identifiable information until the date on which a certification is submitted to Congress that the website is fully functional and secure."

Democratic Response

In response to Cantor's memo, Drew Hammill, a spokesman for House Democratic Leader Nancy Pelosi, issued a statement saying, "It is clear that the new year has brought no change in heart for House Republicans. They continue to remain intent on undermining or repealing the Affordable Care Act at every turn, and that effort even extends to scaring their constituents from obtaining health coverage."

Officials at the Centers for Medicare and Medicaid Services, which oversees Healthcare.gov, said in a statement that so far, there have been no successful security attacks or malicious data breaches involving the website. CMS did not respond to Information Security Media Group's request for additional comment.

Cantor's plans for Obamacare-related security legislation, as well as the proposals by the other GOP representatives, came after a series of congressional hearings probing the problems with the HealthCare.gov launch (see: IT Experts Answer Obamacare Questions).

In addition to the many technical woes that initially affected the accessibility and functionality of HealthCare.gov, members of Congress and others criticized the lack of an end-to-end security analysis and test before its Oct. 1 launch.

Viability of Proposal

Even if a Healthcare.gov security bill gets approved by the House, it's far from certain whether the legislation would advance any further in the Senate, where Democrats are in the majority.

"Any new GOP legislation attempting to regulate the health insurance exchanges has no chance of passing the Senate unless it is narrowing limited to tactical consumer protections that can attract bipartisan support," says Kev Coleman, who tracks government activity as head of research and data at HealthPocket Inc., a technology and research firm that ranks health plans.

"My preference would be to approach security improvements from means other than the legislative process," he says. "Legislation is only as effective as the processes that implement and enforce it. The best way to improve security - public confidence - of Healthcare.gov is through transparency."

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Hackers Breach Canadian ISP Rogers

Canadian Internet service provider Rogers Communications has confirmed that information about the...

Latest Tweets and Mentions

ARTICLE Hackers Breach Canadian ISP Rogers

Canadian Internet service provider Rogers Communications has confirmed that information about the...

The ISMG Network