Today, House lawmakers overwhelmingly passed a proposal designed to address potential security breaches on the HealthCare.gov Website. The measure would require the Obama administration to notify Americans within 48 hours if their identity is compromised via the Obamacare website.
It is already the law that private companies publicly disclose security breaches. As John Fund noted at National Review, last month, “state laws also require many of the 14 state-run insurance exchanges to disclose such information, but no such law exists for the federally run exchange, which 36 states rely upon.”
But when asked about this issue in a meeting on March 27, 2012, HHS responded: “We do not plan to include the specific notification procedures in the final rule. Consistent with this approach, we do not include specific policies for investigation of data breaches in this final rule.”
Today’s vote was meant to address this double standard, although the media has been spinning it as a Republican political ploy designed “to keep political attention focused on concerns with the ongoing rollout of the new federal health-care law.”
The vote Friday was 291-122 with 67 Democrats joining Republicans to back the measure, but the administration opposes the bill, which reportedly stands no chance in the Democratic-led Senate.
Democrats argued that there had been no security breaches at the health care website and accused Republicans of trying to scare Americans from signing up for coverage at healthcare.gov with misinformation.
“They are trying to put fear into the public,” said Rep. Frank Pallone, D-N.J. According to Rep. Diane DeGette, D-Colo., “the legislation as a “solution in search of a problem.”
But as the AP notes, there was at least one breach last year.
A North Carolina man tried to log on to the website and got a South Carolina man’s personal information. The administration had to scramble to make a software fix.
Rep. Darrell Issa took to the House floor, this morning, to voice his support for the security bill, making the point that HealthCare.gov did not meet any definition of a secure website.