The Blog

McConnell: Don't Open Obamacare Exchanges If Privacy Isn't Protected

1:48 PM, Aug 12, 2013 • By JOHN MCCORMACK
Widget tooltip
Single Page Print Larger Text Smaller Text Alerts

Reuters recently reported that security testing for Obamacare is months behind schedule. And Michael Astrue, former HHS general counsel and Social Security commissioner, has warned in THE WEEKLY STANDARD that "unless delayed and fixed" the Obamacare exchanges will "inflict on the public the most widespread violation of the Privacy Act in our history."

Today, Senate minority leader Mitch McConnell sent a letter to a top official at the Centers for Medicare and Medicaid Services asking for the exchanges to be delayed until the government can guarantee that the privacy of Americans will be protected. 

"While I believe we ought to repeal this law and replace it with commonsense  reforms that lower cost, Americans ought to be assured, at an absolute minimum, that their personal and financial data will be safe from data thieves," writes McConnell. "I am asking you to delay opening the exchanges until the Inspector General can guarantee the security of the exchanges."

 You can read the entire letter here:

August 12, 2013

 

Ms. Marilyn Tavenner 

Administrator

Centers for Medicare and Medicaid Services

7500 Security Boulevard

Baltimore, Maryland 21244-1849

 

Dear Administrator Tavenner:

 

I write to express my deep concern about reports that the Centers for Medicare and Medicaid Services (CMS) has missed multiple deadlines for assuring the security of the Federal Services Data Hub.  Americans should not be forced to enter into exchanges when CMS is so ill-prepared to guarantee the protection of personal data and taxpayer resources from hackers and cyber criminals who would use this sensitive data for personal gain.   

 

As you know, I oppose Obamacare and support its full repeal.  Yet in recent months, even some of the Administration’s closest allies have raised alarms about the potential implementation “train wreck” to come.  While I believe we ought to repeal this law and replace it with commonsense  reforms that lower cost, Americans ought to be assured, at an absolute minimum, that their personal and financial data will be safe from data thieves.

 

HHS’ recent track record does not inspire much confidence.  Last week, the Office of the Inspector General reported that the CMS has missed multiple deadlines for testing, reporting, and remediating data security risks in the Federal Data Services Hub.  In fact, HHS does not expect a final Security Control Assessment (SCA) report from an independent testing organization until 10 days before the Hub is scheduled to begin operations, hardly enough time to fix any problems that may be identified.  Furthermore, the current schedule calls for CMS’s Chief Information Officer (CIO) to certify the Security Authorization Decision on September 30, 2013, the day before exchanges open.  

 

Adding to these concerns are reports that CMS has signed a $1.2 billion contract with a company to receive, sort, and evaluate applications for financial assistance in the exchanges that include personal, sensitive data.  According to published reports, this particular company “has little experience with the Department of Health Human Services or the insurance marketplaces, known as exchanges, where individuals and small businesses are supposed to be able to shop for insurance.”  And just last year, it was disclosed that more than 120,000 enrollees in the federal Thrift Savings Plan had their personal information, including Social Security numbers, stolen from your contractor’s computers in 2011. 

 

  1.  Given the compressed timeframe between the conclusion of system testing and the scheduled opening of the exchanges, I am asking you to delay opening the exchanges until the Inspector General can guarantee the security of the exchanges.

 

Recent Blog Posts

The Weekly Standard Archives

Browse 18 Years of the Weekly Standard

Old covers