To the Editor:
American consumers are increasingly shopping online and expect their personal and financial data to be reasonably protected from hackers and indentity thieves.
When security breaches occur, like that of the data of now 70 million Target shoppers, customers must be notified immediately in order to avert indentity theft. That is the law.
As a result of the president’s health care law, many Americans are forced to shop through the government-run exchanges, and the personal information passing through Healthcare.gov is now one of the largest collections ever assembled. Health consumers must input birth dates and social security numbers, as well as income and other financial information.
I have been seriously concerned about the government’s website security ever since we in the House Science, Space and Technology Committee hosted several online security experts who testified to the website’s risks. David Kennedy, a so-called “white hat hacker,” testified that there are “clear indicators that even basic security was not built into the Healthcare.gov website.”
My colleagues and I wrote to President Obama in December 2013 detailing the risks and expressing our concerns.
But because the administration has not acted to address these concerns on behalf of American consumers and has only paid lip service to the threats of identity theft, I voted for the Health Exchange Security and Transparency Act (HR 3811), which requires HHS to notify individuals of any breach on the exchanges within two business days.
I agreed with the administration’s official statement that “all Americans deserve to know if [personally-identifiable information] has been improperly exposed.” Too bad they then listed hollow reasons why the president opposed the bill.
The administration can’t have it both ways. They enforce federal laws that require companies like Target to notify their consumers when personal data is compromised. But they refuse to have the president’s Healthcare.gov website held to the same standard.
Their excuse? Reporting Healthcare.gov security breaches is “administratively burdensome” and would create “costly paperwork requirements.”
It’s disturbing the administration would so blatantly shirk its responsibility to American health consumers and blame paperwork. Tell that to the small businesses crushed by Obamacare’s reporting requirements. Tell that to health care recipients whose identities are stolen down the road because not even basic security was built in.
It’s bad enough to force Americans to buy health insurance. It’s even worse to endanger their online identity.
The president and Senate must do better for American consumers.
Illinois’ 14th District