House Minority Leader Nancy Pelosi of California meets with reporters on Capitol Hill in Washington, Jan. 9, 2014. The top Democrat in the Republican-controlled House focused on the Affordable Care Act and the fight to pass immigration reform. (J. Scott Applewhite / AP)
Washington— The GOP-led U.S. House passed legislation to require consumers be alerted of cyber attacks on the federal healthcare.gov website that gained the support of more than a third of House Democrats.
The legislation was approved Friday in a 291-122 vote with all Republicans supporting it and 67 Democrats joining them. The effort signaled a more refined attack on Obamacare in Republicans’ first week back in 2014 that keeps website problems front and center but moves beyond the unsuccessful repeal attempts of 2013.
All of Michigan Republicans supported the measure that would mandate that users be notified within two days of a security breach of the healthcare website. U.S. Rep. Gary Peters of Bloomfield Township was the only one of five Michigan Democrats to join the GOP.
“Security is a serious issue for whether you’re the federal government or a private company doing business over the web,” said Peters, a candidate for U.S. Senate. “Measures have to be put in place for all entities to protect consumers and their identities.”
Michigan’s four other Democrats opposed the measure. Many Democrats criticized the measure as the latest unwarranted political assault to undermine the Affordable Care Act, commonly referred to as Obamacare.
“There has not been a serious security breach — there’s has not been any security breach,” said U.S. Rep. Dan Kildee, D-Flint Township. “There’s no reason to believe that the Republican motivation is anything other than to scare people.”
But U.S. Rep. Mike Rogers, R-Howell, argues the security of the healthcare.gov is so poor it needs to be shut down immediately for an end-to-end test. While the legislation Friday won’t fix the security problems, Rogers said it will force the Obama administration to be transparent in events of hacking or identity theft.
Michigan is among 36 states that uses healthcare.gov to electronically enroll in health care plans. Since its launch Oct. 1, the site was dogged for at least two months by glitches and shutdowns that hampered enrollment in the president’s signature health care law. Through a series of tech fixes, the Obama administration reported Dec. 1 it met its goal of repairing the site, but the Republicans aren’t convinced it’s safe for users.
“It would not even rise to the minimum industry standard,” Rogers, chairman of House Intelligence Committee, said of the website’s security. “There’s been no end-to-end test even today. … I am not bashful about saying how unsafe that is.”
A spokesman for the Obama administration said security testing is conducted regularly on the healthcare.gov and consumers’ personal information is safe.
“The privacy and security of consumers’ personal information are a top priority for us,” said Aaron Albright, spokesman for the Centers for Medicare and Medicaid Services, which runs the site. “When consumers fill out their online marketplace applications, they can trust that the information that they are providing is protected by stringent security standards.”
Albright added: “To date, there have been no successful security attacks on healthcare.gov and no person or group has maliciously accessed personally identifiable information from the site.”
U.S. Rep. Fred Upton, R-St. Joseph, has led hearings on the security and functionality of the website as chairman of the Energy and Commerce Committee. Based on this testimony, Upton said the Obama administration has “failed to deliver” on the security and transparency Americans’ deserve.
“Americans have the right to know in the event that their sensitive personal information provided to an exchange is compromised,” Upton said Friday. “ … Why wouldn’t we want the public to know and be alerted right away?”
Peters wished the two-page legislation had gone further. He proposed an amendment to require the Obama administration to follow up with individuals within 15 days of a breach on steps taken to correct the problem. The GOP leadership, however, didn’t allow Peters amendment or others to come to a vote.
“I was disappointed I wasn’t able to offer that,” said Peters, who added the follow-through provision would add more substance to the legislation.
U.S. Rep. Kerry Bentivolio, R-Milford, introduced his own legislation Dec. 3 to require all future federal websites be certified as secure before launching. About the current healthcare.gov website, Bentivolio said under his legislation the Obama administration “would probably have to shut it down.”
House Majority Leader Eric Cantor cited Bentivolio’s work last week in announcing his intention to highlight healthcare.gov security during first week back from recess.
“My bill was the catalyst for the conversation on the safety and security of federal websites,” said Bentivolio, who continues to push his legislation.
Friday’s legislation isn’t expected to move past the House to the Democratic-led Senate since the Obama administration opposes the bill.
But GOP House members intend to continue to apply pressure on specific areas of the health care law instead of attempting to repeal it, a move that culminated in a 16-day government shutdown in the fall. When the House returns next week, it will take up another bill to require the administration to submit detailed weekly reports on website activity, including specific names of people responsible for fixing problems and contact information for all health care navigators and certified agents nationwide.
The Obama administration said it opposes that bill because it would “add extraneous, costly, and unprecedented reporting requirements on states and the federal government.”