Several in Congress demand action on HealthCare.gov data sharing

U.S. Reps. Patrick Meehan (R-PA) and Diane Black (R-TN), along with other legislators, sent a letter on Tuesday to Health and Human Services (HHS) Secretary Sylvia Mathews Burwell and Centers for Medicare and Medicaid Services (CMS) Administrator Marilyn Tavenner, criticizing the Obama administration’s policy of sharing consumers’ private data through the website HealthCare.gov.

The Associated Press reported last week that several outside companies were given access to consumers’ personal data, including age, income, geographic location and even private health information, such as smoking and pregnancy status, through HealthCare.gov.

In the wake of that report, Black released a response, identifying “inherent security flaws” in the HealthCare.gov website and urging Congress to advance legislation that would require data-breach notification to protect the personal information of those who use federal health care websites.

To that end, Meehan and Black also announced the reintroduction of the Federal Exchange Data Breach Notification Act of 2015, which would require the government to notify consumers when their personal information is in any way breached on HealthCare.gov or on a related exchange.

“It is unacceptable that security and privacy failures keep happening with HealthCare.gov,” Meehan said. “No American should have to fear their data will be exploited or compromised through HealthCare.gov. The data on the exchanges are among families’ most private, and the information should not be shared without a user’s consent. The legislation we have introduced today will ensure that the feds live up to their obligation to disclose data breaches on the federal exchange and come clean with consumers.”

“I have warned for over a year now of security and privacy concerns under Healthcare.gov,” Black said. “Sadly, from the website’s hacking last summer, to these latest revelations of data-sharing without users’ knowledge or consent, the Obama administration continues to show that our concerns are well-founded and that Americans’ personal information on this site remains at risk. That is why my letter to the administration demands answers on HealthCare.gov’s privacy and security standards, and seeks information on what data was collected by HealthCare.gov, how long it was stored and in what way it was secured.”

Late last week, the Obama administration acknowledged the concerns, announcing it would “scale back” the practice of data sharing on the website. But no specifics were given regarding what data will continue to be shared, or their plans for the information that was already harvested.