House Advances GOP-Backed ACA Data Security Bill
On Friday, the House voted to approve the first of two Republican-sponsored bills that focus on consumer data security and privacy on the Affordable Care Act's federal health insurance exchange website, The Hill's "Floor Action" reports (Kasperowicz , "Floor Action," The Hill, 1/9).
In a 291-122 vote, lawmakers approved a bill (HR 3811), sponsored by Rep. Joe Pitts (R-Pa.), would require the Obama administration to notify consumers within two business days if their personal information stored on HealthCare.gov is compromised (Cassata, AP/ABC News, 1/10).
The second bill (HR 3362), which is not expected to be brought up for a vote until next week, would require HHS to issue reports on website traffic and enrollment data for HealthCare.gov and the department's ongoing efforts to address the site's functionality issues (Kasperowicz , "Floor Action," The Hill, 1/9).
Under HR 3362, sponsored by Rep. Lee Terry (R-Neb.), HHS would be required to provide:
- A weekly state-by-state breakdown of the number of unique visitors to the website;
- Data on the number of newly created accounts;
- Latest enrollment figures; and
- The level of coverage selected.
Specifically, the data would need to include the zip codes of new enrollees. Demographic data on enrollees and payment data would not be required.
In addition, the bill would mandate that HHS release weekly reports on efforts to repair HealthCare.gov. HHS also would be required to submit the reports to Congress every Monday until the end of March 2015 (California Healthline, 1/6).
According to the Washington Post's "Post Politics," the votes on the two bills are part of a GOP House leadership strategy to keep the public's attention on the rocky rollout of HealthCare.gov, because the focus has now begun to shift towards other broad domestic issues such as income equality.
On Thursday, House Speaker John Boehner (R-Ohio) said that while Republicans are "concerned with those having a difficult time trying to find a job," the GOP will continue advancing legislation that would address concerns with the ACA's implementation efforts (O’Keefe/Eilperin, "Post Politics," Washington Post, 1/10).
White House Opposes Bills, Stops Short of Veto Threat
Meanwhile on Thursday, the White House issued two Statements of Administrative Policy expressing opposition to HR 3811 and HR 3362, noting that they would both generate costly paperwork requirements, "Floor Action Blog" reports (Kasperowicz , "Floor Action," The Hill, 1/9).
In a statement opposing HR 3811, the White House said the bill would create "unrealistic and costly" paperwork requirements that could "seriously impede the law enforcement investigation of a breach." The White House added that the federal government already has "an effective and efficient system" for protecting data stored in the insurance marketplaces and notifying consumers if their data are compromised.
In a statement opposing HR 3362, the White House noted that the measure could add millions of dollars in costs to states and the government by mandating reports on a weekly basis for data that already are being reported each month (Ethridge, CQ Roll Call, 1/9). The statement added that federal officials already are working to address security issues with HealthCare.gov.
According to "Floor Action," the statements did not include a presidential veto threat (Kasperowicz , "Floor Action," The Hill, 1/9).
House Dems Respond to Issa's Security Claims
The memo -- from Rep. Elijah Cummings (D-Md.), ranking member on the House Oversight and Government Reform Committee, and Henry Waxman (D-Calif.), ranking member on the House Energy and Commerce Committee -- came in response to a letter that was sent Wednesday to HHS Secretary Kathleen Sebelius (Easley, "Healthwatch," The Hill, 1/9).
In his letter to Sebelius, Oversight and Government Reform Committee Chair Darrell Issa (R-Calif.) alleged that Sebelius provided false and misleading testimony during congressional hearings last year over the security of HealthCare.gov, despite evidence from a federal contractor and a CMS official that they were aware of data security risks relating to the site (Howell, Washington Times, 1/8).
According to "Post Politics," Cummings and Waxman argue that House GOP leaders have exaggerated the security vulnerability of HealthCare.gov, in part because consumers are required to provide limited personal information when applying for coverage ("Post Politics," Washington Post, 1/10).
In their joint memo, Cummings and Waxman added, "Contrary to claims by Republican leaders, the website does not collect or store any detailed personal medical or health information." They added that HHS already has safety controls in place and noted that "there have been no successful breaches of the HealthCare.gov website to date" ("Healthwatch," The Hill, 1/9).This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.