It defies common sense that there is no federal law or requirement that Americans be notified of any breaches of their personal information in Obamacare — even though laws mandate the private sector alert customers and users in these situations.
We’d like to know how federal bureaucrats would feel if a hacker retrieved their Social Security numbers, dates of birth and other vital information and used it to exploit them. We guarantee you they would take quick action.
Current federal policy doesn’t come close to cutting it. An agency within the Department of Health and Human Services decides whether a breach poses a risk of harm to citizens and whether they should be notified. Fortunately, some Republican lawmakers recognize notification should not be optional — that Americans have a right to know, period.
Fixing this flaw — one of many — in Obamacare is especially important considering the major breach that recently occurred at Target, as House Republican Leader Eric Cantor has noted.
A former Social Security Administration chief has called Healthcare.gov “a hacker’s dream,” computer experts have repeatedly voiced security concerns and several state attorneys general have pleaded with HHS to take corrective action. And legitimate questions have been raised about the qualifications of Obamacare “navigators” who help Americans sign up for the health insurance program.
Congress has a chance to fix this glaring oversight starting today when the House considers legislation that would require the government notify people within two days. The bill, sponsored by Energy and Commerce Health Subcommittee Chairman Joseph Pitts of Pennsylvania, is based on legislation previously filed by U.S. Rep. Gus Bilirakis, R-Palm Harbor.
Bilirakis’ bill would require quicker notification — an hour — which is the exact standard that HHS requires for its contractors and Obamacare’s state exchanges. That would be superior; the earlier notification, the better chance to take faster protective action.
But whether it’s one hour or no later than two days, people need to know when their personal information is stolen or breached — their finances could be at stake. Congress must address this security gap immediately.