House passes ACA data security legislation

The House of Representatives on Friday passed a bill to bolster security for, requiring the government to alert users of data breaches involving their personal information entered into the site within two days of any incident.

The bill, H.R. 3811, passed by a vote of 291-122; it aims to protect patients entering their personal data into the exchanges when signing up for healthcare, according to its sponsors.

Rep. Joe Pitts (R-Pa.) said this week that the legislation is necessary because of a clear "lack of proper security measures and thorough testing" of before it was launched, referring to the government memorandum signed off on by Centers for Medicare & Medicaid Services Administrator Marilyn Tavenner which showed that she allowed to launch without final security testing, revealed in October.

During the vote, Republican members of Congress harped on the importance of the bill, while Democratic representatives dubbed it "merely a scare tactic to keep people from getting healthcare."

"What this bill does is preventative medicine. Do we want to wait until the horse is out of the barn?" Rep. Fred Upton (R-Mich.) asked.

Rep. Marsha Blackburn (R-Tenn.) said the bill "does what the administration has failed to do" and should be considered "standard practice." 

Meanwhile, Rep. Frank Pallone (D-N.J.) said he understands the purpose of the bill, but called it "unnecessary."

"[The Republicans] keep repeating the same thing. There have been no breaches," Pallone said. "The federal government has already put in place a system to let users know about issues."

Yesterday, Rep. Patrick Meehan (R-Pa.) and Rep. Diane Black (R-Tenn.) sent a letter to Tavenner requesting information on why the security of was not more thoroughly vetted before launching.

"Now that is open for business, it is imperative that Congress be provided the information necessary to understand how the federal exchange was certified and what protections are in place to protect Americans using the system," the letter stated. "What process has been implemented to monitor the ongoing effectiveness of security controls and the progress of actions taken to correct vulnerabilities?"

In October, HHS Secretary Kathleen Sebelius said at a Congressional hearing that the site had a temporary "authority to operate" certificate for the Oct. 1 launch, and that the agency would issue a permanent certificate once security concerns were alleviated and full testing had been completed.

At that same hearing, Sebelius harped on the security of the data hub--the controversial centerpiece of the insurance exchange website--saying users' information was safe.

Suggested Articles

Premera Blue Cross will pay $6.9 million to HHS over a data breach six years ago that exposed 10 million people's health information.

United Airlines is working with health company Color and GoHealth Urgent Care to roll out the first COVID-19 testing program for air travelers.

The potential long-term impacts of COVID-19 on how Medicare Advantage's star ratings are calculated remain unclear, experts say.