Guest Column: Healthcare.gov lacks security and transparency

By Congressman Joe Pitts

Shortly before Christmas, during the midst of the busy shopping season, hackers stole 40 million credit card numbers from Target. The same hack yielded 70 million records for customers’ phone numbers, e-mail addresses, and home addresses. High-end department store chain Neiman Marcus got hit by a similar attack. Some of their customers reported fraudulent charges on their cards.

Identity theft is a huge and growing problem. According to the Department of Justice, more than 16 million Americans were hit with identity theft in 2012. Financial losses totaled more than $24 billion in that year.

The vast majority of victims find out that their identity has been compromised because a financial institution has informed them. If a consumer doesn’t get informed promptly, the damage can be significant. Half of people who took more than six months to get their identity theft cleared up reported facing severe emotional distress.

Perhaps the worst part of identity theft is that the victim usually wasn’t doing anything risky. In 2014, almost everyone uses a debt or credit card at the cash register.

This year, Americans are for the first time required by law to have health insurance. To meet the requirements of Obamacare, that has to be a government-approved plan. Whether you sign up for a plan through a navigator, or on the phone, or by paper, the application is entered onto the website. Tens of millions of Americans, even if they didn’t buy a plan, submitted personal information to Healthcare.gov and other state sites.

Most people know what a disaster Healthcare.gov has been. Most users couldn’t get through their application without it crashing until the beginning of December. According to testimony given in Congress in the last week, parts of the website hidden from consumers are still being worked on. The government recently chose not to renew the contract of the lead website designer, CGI Federal.

In some of the states, their own website projects have been even more of a disaster. Oregon’s site has never been functional and all applications are being processed on paper by hand. Massachusetts also hired CGI Federal to construct their website and is now thinking about suing the company. Maryland has faced a host of problems and the site is now an issue in the Democratic primary for governor with accusations being traded between the candidates. The executive director of Minnesota’s site resigned after it was discovered that she went on a tropical vacation as the website was down for repairs.

With all these problems, there are tremendous concerns that the sites lack proper security controls. Shortly before the website went live, one federal official refused to sign the security statement believing that there was a great risk of endangering personal information.

Even systems thought to be secure face new and exotic attacks. A relatively new system full of glitches and sloppy fixes is even more at risk. At the beginning of the year, I introduced legislation to require the government to alert individuals if their personal information has been stolen or inadvertently disclosed. Whenever there is a breach, the Department of Health and Human Services would have two business days to alert consumers.

This bill passed the House with overwhelming support from both Republicans and Democrats. With 291 yes votes, the bill had a veto-proof majority.

The House followed this up the next week by passing a bill introduced by my colleague Rep. Lee Terry (R-NE) that would require the government to give weekly reports of basic information about the website. This would include information on problems and glitches facing website users. This bill also passed with 33 Democrats supporting it.

Despite promises, the Obama administration has been anything by transparent, especially when it comes to Obamacare. In the more than three months that the website has been up, they have only provided basic data three times. That is unacceptable considering how easy it would be to provide it to Congress and the public more regularly.

The American people have a right to know what is going on with Healthcare.gov and other exchange websites. Security and transparency have to be priorities when personal information is being stored in government databases.

###

US Rep. Joe Pitts is a Republican who represents Pennsylvania's 16th Congressional District, which includes parts of Berks, Chester and Lancaster counties.