Washington, D.C. – Congressman Diane Black (R-TN-06), a member of the House Ways and Means Committee, released the below statement on reports that Healthcare.gov is quietly sharing customers’ personal data with outside websites. As one cyber security consultant explained, this “could be another potential point of failure” when it comes to protecting consumers’ sensitive information. The Associated Press reported that, when asked about its policy of sharing information with outside vendors, “The [Obama] administration did not explain how it ensures that its privacy and security policies are being followed.”
“It is a sad irony that, in the same week President Obama called for Congress to address ‘cyber-attacks, combat identity theft, and protect our children’s information,’ we learned that his prized healthcare law is sharing Americans’ personal information with outside vendors – likely without users’ knowledge or consent. Americans should be able to expect the highest standards of privacy and confidentiality when accessing health care, and this latest report is further proof that Healthcare.gov fails to meet that benchmark,” said Congressman Diane Black.
Congressman Black added, “To make matters worse, if this information sharing was to result in a data breach – the federal government would be under no obligation to notify affected users. Last year, a bipartisan, veto-proof majority in the House of Representatives acted to address this with the passage of the Health Exchange Security and Transparency Actbut, in typical fashion, Senate Democrats failed to take up the bill and President Obama threatened a veto if the measure arrived at his desk. My colleagues and I on the House Ways and Means Committee will continue working to shed light on the inherent security flaws in this website and to ensure stronger protections for Americans’ most personal information.”
A January 20th Associated Press report found that, “When you apply for coverage on Healthcare.gov, dozens of data companies may be able to tell that you are on the site.” The same report indicated that “certain personal details – including age, income, and whether you smoke – were being passed along likely without your knowledge to advertising and web analytics sites” which one security consultant claimed “could erode . . . confidentiality when dealing with medical data and medical information.”
Under current law, the federal government is under no obligation to inform Americans if their personal information is compromised on the healthcare law exchanges. On January 10, 2014 the House passed the Health Exchange Security and Transparency Act by a vote of 291 – 122. The legislation, which encompassed key provisions of a separate bill that Rep. Black authored, would have required the Obama Administration to notify affected users within two business days if their personal information was compromised on the Healthcare.gov exchanges.