House passes ACA data security legislation

The House of Representatives on Friday passed a bill to bolster security for HealthCare.gov, requiring the government to alert users of data breaches involving their personal information entered into the site within two days of any incident.

The bill, H.R. 3811, passed by a vote of 291-122; it aims to protect patients entering their personal data into the exchanges when signing up for healthcare, according to its sponsors.

Rep. Joe Pitts (R-Pa.) said this week that the legislation is necessary because of a clear "lack of proper security measures and thorough testing" of HealthCare.gov before it was launched, referring to the government memorandum signed off on by Centers for Medicare & Medicaid Services Administrator Marilyn Tavenner which showed that she allowed HealthCare.gov to launch without final security testing, revealed in October.

During the vote, Republican members of Congress harped on the importance of the bill, while Democratic representatives dubbed it "merely a scare tactic to keep people from getting healthcare."

"What this bill does is preventative medicine. Do we want to wait until the horse is out of the barn?" Rep. Fred Upton (R-Mich.) asked.

Rep. Marsha Blackburn (R-Tenn.) said the bill "does what the administration has failed to do" and should be considered "standard practice." 

Meanwhile, Rep. Frank Pallone (D-N.J.) said he understands the purpose of the bill, but called it "unnecessary."

"[The Republicans] keep repeating the same thing. There have been no breaches," Pallone said. "The federal government has already put in place a system to let users know about issues."

Yesterday, Rep. Patrick Meehan (R-Pa.) and Rep. Diane Black (R-Tenn.) sent a letter to Tavenner requesting information on why the security of HealthCare.gov was not more thoroughly vetted before launching.

"Now that HealthCare.gov is open for business, it is imperative that Congress be provided the information necessary to understand how the federal exchange was certified and what protections are in place to protect Americans using the system," the letter stated. "What process has been implemented to monitor the ongoing effectiveness of security controls and the progress of actions taken to correct vulnerabilities?"

In October, HHS Secretary Kathleen Sebelius said at a Congressional hearing that the site had a temporary "authority to operate" certificate for the Oct. 1 launch, and that the agency would issue a permanent certificate once security concerns were alleviated and full testing had been completed.

At that same hearing, Sebelius harped on the security of the data hub--the controversial centerpiece of the insurance exchange website--saying users' information was safe.

Suggested Articles

Ochsner Health System is partnering with Color to launch a population health pilot program to integrate genetic information into preventive care.

Health IT company Cerner announced a definitive agreement to acquire IT consulting and engineering firm AbleVets as a wholly owned subsidiary.

Tech giant Google has tapped former Obama administration healthcare official Karen DeSalvo as its first chief health officer.