Republicans this week plan to put yet another criticism of the Affordable Care Act front-and-center on the House floor. It is another political weapon, but if treated seriously, this one could lead to useful reform.
Republicans have claimed that HealthCare.gov and the systems behind it may not be secure enough to keep Americans’ personally identifying data safe. They’ve selectively released evidence collected through their oversight efforts to make it seem as though the site has major vulnerabilities. In response, Democrats presented selective evidence of their own.
The Department of Health and Human Services, meanwhile, reported that “no person or group has maliciously accessed personally identifiable information from the site.” The agency also said the site is fully compliant with federal security standards.
That’s presumably true, but those standards could use some upgrading. HealthCare.gov no doubt has some vulnerabilities, as do many other sites. Data breaches of well-protected systems containing sensitive information indicate that HealthCare.gov would hardly be unique in this regard.
The House Republicans’ bill would require the government to notify victims of any illegal security breach in the ACA’s systems within two business days. If that makes sense for HealthCare.gov, though, why not require the same of other sensitive federal systems, too?
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.