Reuters recently reported that security testing for Obamacare is months behind schedule. And MichaelAstrue, former HHS general counsel and Social Security commissioner, has warned in THE WEEKLY STANDARD that "unless delayed and fixed" the Obamacare exchanges will "inflict on the public the most widespread violation of the Privacy Act in our history."
Today, Senate minority leader Mitch McConnell sent a letter to a top official at the Centers for Medicare and Medicaid Services asking for the exchanges to be delayed until the government can guarantee that the privacy of Americans will be protected.
"While I believe we ought to repeal this law and replace it with commonsense reforms that lower cost, Americans ought to be assured, at an absolute minimum, that their personal and financial data will be safe from data thieves," writes McConnell. "I am asking you to delay opening the exchanges until the Inspector General can guarantee the security of the exchanges."
You can read the entire letter here:
Ms. Marilyn Tavenner
Centers for Medicare and Medicaid Services
7500 Security Boulevard
Baltimore, Maryland 21244-1849
Dear Administrator Tavenner:
I write to express my deep concern about reports that the Centers for Medicare and Medicaid Services (CMS) has missed multiple deadlines for assuring the security of the Federal Services Data Hub. Americans should not be forced to enter into exchanges when CMS is so ill-prepared to guarantee the protection of personal data and taxpayer resources from hackers and cyber criminals who would use this sensitive data for personal gain.
As you know, I oppose Obamacare and support its full repeal. Yet in recent months, even some of the Administration’s closest allies have raised alarms about the potential implementation “train wreck” to come. While I believe we ought to repeal this law and replace it with commonsense reforms that lower cost, Americans ought to be assured, at an absolute minimum, that their personal and financial data will be safe from data thieves.
HHS’ recent track record does not inspire much confidence. Last week, the Office of the Inspector General reported that the CMS has missed multiple deadlines for testing, reporting, and remediating data security risks in the Federal Data Services Hub. In fact, HHS does not expect a final Security Control Assessment (SCA) report from an independent testing organization until 10 days before the Hub is scheduled to begin operations, hardly enough time to fix any problems that may be identified. Furthermore, the current schedule calls for CMS’s Chief Information Officer (CIO) to certify the Security Authorization Decision on , the day before exchanges open.
Adding to these concerns are reports that CMS has signed a $1.2 billion contract with a company to receive, sort, and evaluate applications for financial assistance in the exchanges that include personal, sensitive data. According to published reports, this particular company “has little experience with the Department of Health Human Services or the insurance marketplaces, known as exchanges, where individuals and small businesses are supposed to be able to shop for insurance.” And just last year, it was disclosed that more than 120,000 enrollees in the federal Thrift Savings Plan had their personal information, including Social Security numbers, stolen from your contractor’s computers in 2011.
- Given the compressed timeframe between the conclusion of system testing and the scheduled opening of the exchanges, I am asking you to delay opening the exchanges until the Inspector General can guarantee the security of the exchanges.
- I request that you assure the public that your Chief Information Officer will not be pressured to certify the system’s readiness by signing the Security Decision Authorization until it is secure.
- Considering their recent history, can you guarantee that your contractor will protect taxpayer information in the exchange more carefully than it protected the data of federal employees in the Thrift Savings Plan?
While I have grave concerns about this law under any circumstance, Americans should not be forced into the exchanges, and certainly not without these assurances. If you rush to go forward without adequate safeguards in place, any theft of personal information from constituents will be the result of your rush to implement a law to meet the agency’s political needs and not the operational needs of the people it is supposed to serve.
Thank you in advance for your attention in this matter. I look forward to your reply.