House Passes 2nd HealthCare.gov Bill

Committees Grills HHS on Security Issues

By , January 16, 2014.
Rep. Lee Terry
Rep. Lee Terry

The House of Representatives on Jan. 16 approved a bill that would amend the Affordable Care Act to require more transparency in the operation of health insurance exchanges facilitated by the federally operated HealthCare.gov site.

See Also: Advances in Application Security: Run-time Application Self Protection

Among the security-related provisions of the Exchange Information Disclosure Act, sponsored by Rep. Lee Terry, R-Neb., is for Congress to receive weekly reports on technical problems with the HealthCare.gov site, including those related to consumer privacy and data security.

The bill passed the GOP-led House 259 to 154, with 33 Democrats supporting the legislation.

The passage of the bill comes less than a week after the House approved legislation that would require the Department of Health and Human Services to notify individuals within two days of discovering breaches involving personal information on federally facilitated and state-operated Obamacare health insurance exchanges.

That bill, the Health Exchange Security and Transparency Act of 2014, sponsored by Rep. Joe Pitts, R-Pa., passed the House 291 to 122, with 67 Democrats voting in favor (see Obamacare Breach Bill Passes House).

The White House opposed passage of the breach bill, "because it would create unrealistic and costly paperwork requirements that do not improve the safety or security of personally identifiable information in the health insurance marketplaces."

The White House did not issue a statement on the Terry-sponsored bill.

The office of Senate Majority Leader Harry Reid, D-Nev., did not reply to an inquiry about whether the Senate will consider either bill.

House Hearings

The passage of the Terry-sponsored bill came minutes after the House Committee on Oversight and Government Reform adjourned a hearing where members questioned IT and information security officials from the HHS and its Centers for Medicare and Medicaid Services about data security and security testing of the HealthCare.gov systems and site, especially in the weeks leading up to the troubled Oct. 1 launch. That hearing was one of two focused on the security of HealthCare.gov held by House committees on Jan. 16. The other hearing was conducted by the House Science, Space and Technology Committee.

CMS is responsible for the HealthCare.gov site, which facilitates the health insurance exchanges for 36 states that chose not to run their own online insurance marketplaces under the Affordable Care Act.

Since October, there have been several Congressional committee hearings focused on the technical problems of HealthCare.gov, including questioning of HHS and CMS leaders about whether the site's security testing at the time of its launch was insufficient (see: Experts Answer Obamacare Questions).

At the Jan. 16 House Science, Space and Technology Committee hearing, David Kennedy, founder of computer security consulting firm TrustedSec LLC, told members, "HealthCare.gov is not secure today," according to Reuters. Prior to the hearing, Kennedy told Reuters the government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after HealthCare.gov went live on Oct. 1. The vulnerabilities mean that hackers could steal personal information, modify data, attack the personal computers of website users and damage the infrastructure of the site, Kennedy contends.

However, HHS CISO Kevin Charest, in his written testimony for the Jan. 16 House Committee on Oversight and Government Reform, said, "to date, there have been no successful security attacks on HealthCare.gov, and no person or group has maliciously accessed personally-identifiable information from the site."

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE CA Supreme Court Declines Breach Cases

The California Supreme Court has declined to hear appeals in two healthcare data breach lawsuits in...

Latest Tweets and Mentions

ARTICLE CA Supreme Court Declines Breach Cases

The California Supreme Court has declined to hear appeals in two healthcare data breach lawsuits in...

The ISMG Network