House Passes 2nd Bill

Committees Grills HHS on Security Issues

By , January 16, 2014.
Rep. Lee Terry
Rep. Lee Terry

The House of Representatives on Jan. 16 approved a bill that would amend the Affordable Care Act to require more transparency in the operation of health insurance exchanges facilitated by the federally operated site.

See Also: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs

Among the security-related provisions of the Exchange Information Disclosure Act, sponsored by Rep. Lee Terry, R-Neb., is for Congress to receive weekly reports on technical problems with the site, including those related to consumer privacy and data security.

The bill passed the GOP-led House 259 to 154, with 33 Democrats supporting the legislation.

The passage of the bill comes less than a week after the House approved legislation that would require the Department of Health and Human Services to notify individuals within two days of discovering breaches involving personal information on federally facilitated and state-operated Obamacare health insurance exchanges.

That bill, the Health Exchange Security and Transparency Act of 2014, sponsored by Rep. Joe Pitts, R-Pa., passed the House 291 to 122, with 67 Democrats voting in favor (see Obamacare Breach Bill Passes House).

The White House opposed passage of the breach bill, "because it would create unrealistic and costly paperwork requirements that do not improve the safety or security of personally identifiable information in the health insurance marketplaces."

The White House did not issue a statement on the Terry-sponsored bill.

The office of Senate Majority Leader Harry Reid, D-Nev., did not reply to an inquiry about whether the Senate will consider either bill.

House Hearings

The passage of the Terry-sponsored bill came minutes after the House Committee on Oversight and Government Reform adjourned a hearing where members questioned IT and information security officials from the HHS and its Centers for Medicare and Medicaid Services about data security and security testing of the systems and site, especially in the weeks leading up to the troubled Oct. 1 launch. That hearing was one of two focused on the security of held by House committees on Jan. 16. The other hearing was conducted by the House Science, Space and Technology Committee.

CMS is responsible for the site, which facilitates the health insurance exchanges for 36 states that chose not to run their own online insurance marketplaces under the Affordable Care Act.

Since October, there have been several Congressional committee hearings focused on the technical problems of, including questioning of HHS and CMS leaders about whether the site's security testing at the time of its launch was insufficient (see: Experts Answer Obamacare Questions).

At the Jan. 16 House Science, Space and Technology Committee hearing, David Kennedy, founder of computer security consulting firm TrustedSec LLC, told members, " is not secure today," according to Reuters. Prior to the hearing, Kennedy told Reuters the government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after went live on Oct. 1. The vulnerabilities mean that hackers could steal personal information, modify data, attack the personal computers of website users and damage the infrastructure of the site, Kennedy contends.

However, HHS CISO Kevin Charest, in his written testimony for the Jan. 16 House Committee on Oversight and Government Reform, said, "to date, there have been no successful security attacks on, and no person or group has maliciously accessed personally-identifiable information from the site."

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Former HHS CyberSec Chief Faces Prison

A former acting director of cybersecurity at the Department of Health and Human Services has been...

Latest Tweets and Mentions

ARTICLE Former HHS CyberSec Chief Faces Prison

A former acting director of cybersecurity at the Department of Health and Human Services has been...

The ISMG Network