WASHINGTON — Several dozen Democrats joined a unified Republican caucus this morning in passing a bill to protect the security of consumers on Obamacare exchanges — legislation the White House vociferously opposes.
The Health Exchange Security and Transparency Act of 2014, introduced by Rep. Joe Pitts (R-Pa.), would require the Department of Health and Human Services “to notify individuals, within two business days, of a breach of any security system maintained by a federal or state exchange that is known to have resulted in personally identifiable information being stolen or unlawfully accessed.”
Republicans noted the red flags raised about security vulnerabilities even before the Oct. 1 healthcare.gov launch — concerns that only mounted with the website’s technologically rocky debut.
The bill passed easily, 291-122. Sixty-seven Democrats crossed over to vote with the GOP.
“Americans have the right to know if the president’s health care law has put their personal information at risk, and today’s bipartisan vote reflects that concern,” said House Speaker John Boehner (R-Ohio). “It shouldn’t take an act of Congress for the White House to provide that information, but the lack of transparency surrounding the security of the ObamaCare website has proven that’s the case.”
“The House took an important step to help Americans protect themselves in the event of a security breach, and we will continue our oversight of the president’s healthcare law,” Boehner added. “The Senate ought to bring up this bill and pass it immediately.”
Senate Majority Leader Harry Reid (D-Nev.) hasn’t indicated whether he’ll bring the bill to the floor. It would likely draw the support of at least a handful of Democrats who criticized the Obama administration as unprepared for the healthcare exchange launch. Additionally, a “no” vote on such a simply worded consumer protection clause would reflect poorly among much of the electorate.
But President Obama, while stopping short of using the word “veto,” made clear in a lengthy statement of administration policy from the Office of Management and Budget that the White House opposes the legislation.
“The Federal Government has already put in place an effective and efficient system for securing personally‑identifiable information in the Health Insurance Marketplaces and providing consumers notification if their personally-identifiable information has been compromised. When consumers fill out their online Marketplace applications, they can trust that the information that they are providing is protected by stringent security standards,” read the statement. “The components of the HealthCare.gov website that are now operational comply with Federal security standards. Security testing is conducted on an ongoing basis using industry best practices designed to appropriately safeguard consumers’ personal information.”
“The Administration opposes House passage of H.R. 3811 because it would create unrealistic and costly paperwork requirements that do not improve the safety or security of personally-identifiable information in the Health Insurance Marketplaces. For example, the indiscriminate reporting requirement in H.R. 3811 may seriously impede the law enforcement investigation of a breach. Unlike existing requirements, H.R. 3811 requires expensive and unnecessary notification for the compromise of publicly-available information, even if there is no reasonable risk that information could be used to cause harm,” the administration reaction continued.
“…H.R. 3811 would impose an administratively burdensome reporting requirement that is less effective than existing industry standards and those already in place for Federal Agencies that possess such information. As such, the Administration opposes its passage.”
Today in the White House briefing room, press secretary Jay Carney didn’t respond directly to a question about so many Democrats joining with Republicans for a veto-proof majority on the bill.
“The bottom line here is, when consumers fill out their online market place applications they can trust that the information that they are providing is protected by stringent security standards, and no person or group has maliciously accessed personally identifiable information from the site. Security testing is conducted on an ongoing basis using industry best practices to safeguard appropriately consumer’s personal information and the security of the system is also monitored by sensors and other tools to deter and prevent any unauthorized access,” Carney said.
“…I think that the focus here ought to be on, you know, delivering in a responsible way, which is what is happening, the benefits of the Affordable Care Act to the American people who so demonstrably desire those benefits and the opportunities and options available to them through the marketplaces.”
Pitts said the fact that a third of Democrats sided with his bill says everything.
“Protecting data in Obamacare exchanges is a no-brainer. The legislation simply requires that the government promptly alerts individuals if personal information is stolen,” he said.
“While there has been no malicious breach, data has been improperly handled and accidentally disclosed. With the messy rollout of Healthcare.gov, there is great risk that the website could be hacked. Identity theft is devastating to individuals and families. In the event of theft, we have to make sure that people are protected.”
House Oversight and Government Reform Committee Chairman Darrell Issa (R-Calif.) disputed the White House’s assertion that customers should feel safe as can be on the website.
“The truth is that actual interviews and depositions taken of the highest-ranking people that helped develop the website, both public and private, show there was no end-to-end testing. It did not meet the spirit of any definition of a secure website,” Issa said.
“The fact is what we need is a law that makes it clear that they should do the right thing, not say they will do the right thing and they have always done the right thing, because in the case of HealthCare.gov, they launched a site that was neither functionally ready, nor had it been security tested and it had known failures that were not mitigated prior to the launch,” he added.
Rep. Scott Rigell (R-Va.) stressed that opponents still believe Obamacare “is unworkable and unaffordable.”
“But as long as Americans are suffering through it, we need to make sure their information is protected,” he said. “Everyone deserves to have peace of mind and assurance that their personal information is secure.”
“This administration has continuously lied to the American people and has been anything but transparent,” said Rep. Steve King (R-Iowa). “Americans’ personal information is at risk while enrolling in a website to purchase a mandated healthcare package they do not want. The least this administration can do is notify these individuals in a timely manner so steps can be taken to avoid further damage to their personal identities.”