|
January 15, 2014 - Last week, the House of Representatives passed a data breach notification bill that would require the federal healthcare exchange to notify consumers if their personally identifiable information is exposed in an unauthorized data breach. A similar bill has been proposed in the Senate. But both the Obama administration and top Democrats in both houses of congress had come out in opposition to the bills. Given the abysmal data security (which we've already written about) on the healthcare exchange, one has to wonder how anyone could oppose this legislation and keep a straight face?
The House version of the bill passed by a wide margin when it came up for a vote last week. 67 Democrats joined Republican efforts to pass the legislation. But 122 Democrats voted against it.
The Senate version of the bill has not come up for a vote and, since the President has come out in opposition to the legislation, there is a good chance that Senate Majority Leader Harry Reid will not allow a vote on the issue. That's unfortunate; especially because the reasons being given by the White House for its opposition are astoundingly bad.
The Obama administration released a statement that read, "The administration opposes House passage of H.R. 3811 because it would create unrealistic and costly paperwork requirements that do not improve the safety or security of personally-identifiable information in the Health Insurance Marketplaces." The statement went on to say, "Unlike existing requirements, H.R. 3811 requires expensive and unnecessary notification for the compromise of publicly-available information, even if there is no reasonable risk that information could be used to cause harm." In other words, if your information is breached, it would simply be too expensive to tell you.
The hypocrisy of this position is nearly unfathomable. All of the state-run healthcare exchanges are required to notify users if their data is breached. The same holds true for any data breaches that occur on insurance company websites. If it isn't too expensive to require it of them then how is it possible that making an identical requirement for the federal exchange would break the bank?
Based on prior congressional testimony, we believe that it is quite possible that the federal exchange has already been breached (see the link above). And it is clear based on that testimony, even though HHS and the administration have denied it, that the exchange has been the target of hackers.
The only conclusion that we can draw from this is that the exchange is in much worse technical shape than the administration wants to make public. And that should frighten anyone who is thinking about using it to sign up for health care coverage.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|
Identity Theft 
