Identity Theft

January 9, 2014

Dear Friend,  

I wanted to let you know in advance about a piece of legislation the House will vote on this Friday.  

The Health Exchange Security and Transparency Act is a bill that would require the Department of Health and Human Services (HHS) to notify individuals within two business days of any security breach of the health insurance exchanges, created under the health care law, that endangers personal data or information.

News reports and congressional inquiries regarding the security of the website have shown that not enough attention was paid to online security and the threat of identity theft while building and testing the federally-run health insurance exchange. For example, Congress has learned that HHS did not perform a full “Security Control Assessment” before the website went live in October. The website was so behind in being constructed that officials ran out of time to perform the full security assessment. In addition, the consumer data company Experian has predicted increased information security breaches in the health care sector in 2014, particularly because was put together too quickly and haphazardly.  

As someone who has signed up for health insurance through one of the exchanges, this does not provide much comfort at all. Identify theft is no joking matter, and it’s a threat that should be taken seriously.  

That’s exactly why I have raised concerns about the security of the personal information that is required when signing up through the exchanges. Passing the Health Exchange Security and Transparency Act is one helpful step toward ensuring people do not fall victim to this type of financially destructive crime.  
Kay Granger
Member of Congress