Sen. Mike Johanns |
Imagine if you had to hand over your most sensitive information to an organization with a track record of shoddy management, rushed quality control and porous security. This organization is going to share your sensitive material using experimental methods that have yielded a flurry of mistakes, and only the organization will decide if a data breach is important enough to alert you.
Millions of Americans who are being forced to sign up for health insurance on the Obamacare exchanges don’t have to imagine such a scenario. For them, it is very real.Obamacare’s rollout has been fraught with problems since day one. Corners were cut. Important system security and stability tests were ignored. Unfinished portions of the system couldn’t even be tested before the website went live.
Something must be done to plug the many holes in this website and fortify it against hacking and breaches, especially given the sensitive nature of the information it houses, such as Social Security Numbers.
So last week, I introduced the Health Exchange Security and Transparency Act, which would require the Department of Health and Human Services (HHS) to notify individuals whose personal information has been unlawfully accessed within two days of the breach’s discovery. The House passed a similar bill Friday, and I hope the Senate Majority Leader will allow consideration of this legislation in a timely manner.
The onslaught of technical snafus on the exchanges left many Americans concerned about whether they would even be able to enroll in the federally-mandated program. But these problems may only be the beginning.
Internal documents at the Department of Health and Human Services (HHS) warned of serious security concerns before the launch of HealthCare.gov, which requires individuals’ Social Security Number, contact information and other sensitive material. The Center for Medicare and Medicaid Services (CMS)—a branch of HHS tasked with creating the online exchanges—acknowledged that the website didn’t meet important security standards. A memo drafted a week before the website launched stated that the exchange “does not reasonably meet the CMS security requirements,” and “there is also no confidence that Personal Identifiable Information (PII) will be protected.” Yet, despite this information, the Administration charged ahead.
All of this puts millions of Americans at risk for security breaches. Unfortunately, the Administration continues to shrug off much of the concern, even saying it will notify individuals that their information has been compromised only if CMS determines that a risk of harm exists. This is simply not good enough for millions of Americans who were required to submit this sensitive information to a flawed and susceptible website.
I believe the best solution is to repeal the law, but until that happens, the government must be honest about the security problems and take strides to protect the millions of Americans who are being forced to put sensitive data on a vulnerable network.
No comments:
Post a Comment