Over White House objections, the House has overwhelmingly approved a bill requiring notification any time hackers steal someone’s personal information from one of the health care exchanges created under the Affordable Care Act, often known as Obamacare.
The measure is now awaiting action in the Senate health committee after winning House passage by a 291-122 margin late last week. It would require the Health and Human Services Department to let individuals know within two business days following discovery of a computer breach that has led to the theft of personally identifiable information from one of the exchanges.
The bill was prompted by reports of shaky computer security on both Healthcare.gov, the web portal for the federal exchange, as well as state exchanges, Rep. Joe Pitts, R-Pa., the lead sponsor, said during the debate before the House vote. The bill is a “reasonable step” in light of those concerns, Pitts said.
But Democrats charged that the measure was aimed at scaring consumers away from signing up for health insurance through the exchanges. In an official statement before the vote, the White House said that the operating pieces of HealthCare.gov now comply with federal security standards and undergo regular testing. The bill’s notification requirements could impede law enforcement investigations of hacking attacks, the White House said, adding that the legislation would also create “costly and unrealistic” paperwork requirements.