[Congressional Record Volume 160, Number 5 (Thursday, January 9, 2014)]
[House]
[Pages H124-H127]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
HEALTH EXCHANGE SECURITY AND TRANSPARENCY ACT
The SPEAKER pro tempore. Under the Speaker's announced policy of
January 3, 2013, the Chair recognizes the gentlewoman from Missouri
(Mrs. Wagner) for 30 minutes.
General Leave
Mrs. WAGNER. Mr. Speaker, I ask unanimous consent that all Members
may have 5 legislative days in which to revise and extend their remarks
and include extraneous materials on the subject of my Special Order.
The SPEAKER pro tempore. Is there objection to the request of the
gentlewoman from Missouri?
There was no objection.
Mrs. WAGNER. Mr. Speaker, I rise today in support of the Health
Exchange Security and Transparency Act, a bill that forces the Federal
Government to notify individuals if their personal information has been
stolen or unlawfully accessed through an ObamaCare exchange.
Since the disastrous rollout of ObamaCare on October 1, we have heard
story after story, Mr. Speaker, of security threats and privacy
concerns with the troubled ObamaCare insurance exchanges, from the
chief information officer at CMS claiming that ``there is also no
confidence that personable identifiable information will be
protected,'' to an administrator at CMS saying that the ObamaCare Web
site ``exposed a level of uncertainty that can be deemed as high
risk,'' to a computer security expert calling the ObamaCare Web site
``a hacker's dream.''
It is clear that the ObamaCare exchanges were never ready to be
launched, and it is unconscionable that this administration would
expose millions of Americans' personal information to cyber threats and
identity theft.
To make matters worse, there are laws already implemented that
require private companies to notify innocent victims of these security
breaches. But President Obama didn't think it was necessary to live by
the same rules as the private sector and decided to push his failed
agenda despite senior government officials warning him that his Web
site was not safe for the American people.
Every day, Mr. Speaker, I hear from far too many hardworking families
in Missouri's Second District who have seen their premiums skyrocket,
wages decreased, insurance coverage canceled of late, and hours cut
back at work. These families are already suffering from the harsh
realities of ObamaCare. To make matters worse, they have no idea
whether their personal information has been stolen or not.
Just recently, Mary Ann Schaeffer wrote to me from Kirkwood,
Missouri, about how worried she is that her most intimate information
could be stolen from the ObamaCare exchanges. And I quote from Mary Ann
Schaeffer of Kirkwood, Missouri: ``I am concerned about the security of
my sensitive medical records in a big government database.'' Mary Ann
is just one of the many people I hear from in the St. Louis region that
are worried about the devastating consequences of ObamaCare.
The only way to truly protect the American people from ObamaCare is
by replacing it with free market-based solutions that expand access
without destroying our economy, putting the Federal Government between
you and your doctor, and lowering the quality of our care. The Federal
Government, Mr. Speaker, should, at the very least, be required to
report any security breaches on the ObamaCare Web site to those
innocent victims who, through no fault of their own, trusted a
government that deceived them.
Since President Obama decided to delay the implementation of
ObamaCare for unions and businesses for an entire year, don't you think
the least he could do is tell hardworking Americans if their personal
information has been stolen or breached?
Mr. Speaker, the simple truth is: ObamaCare is wrong for the American
people, it is wrong for hardworking Missourians, and it is wrong for
the people of Missouri's Second Congressional District, and it needs to
be replaced immediately before any more of its harmful provisions are
implemented.
I urge my colleagues to vote ``yes,'' a resounding ``yes,'' on this
commonsense measure.
I would now, Mr. Speaker, yield to my good friend, the gentlelady
from Tennessee, Representative Diane Black, who has not only spent
countless hours championing the Health Exchange Security and
Transparency Act, but who has tirelessly worked to improve our Nation's
health care as a small business woman and a nurse in Tennessee and now
as a Member of Congress.
[[Page H125]]
Mrs. BLACK. I thank the gentlelady from Missouri, my friend and my
colleague.
Mr. Speaker, I rise today in support of the Health Exchange Security
and Transparency Act, which would provide basic protections on the
healthcare.gov Web site to help Americans protect themselves from fraud
and abuse. Unfortunately, we live in a time where cyber threats are
rampant, and we must do what we can to make sure that Americans are
protected from these threats.
John Fund at National Review recently wrote this:
Christmas shoppers were stunned to learn that computer
hackers had made off with the names and other personal
information of some 40 million Target customers.
But at least Target informed its customers of the security
breach, as it is required by law. Healthcare.gov faces no
such requirement--it need never notify customers that their
personal information has been hacked or possibly compromised.
What makes this even worse is that the Department of Health and Human
Services was asked to include notification provisions in the final
rules for ObamaCare and they declined. Because of this decision on the
part of HHS, millions of Americans' names, addresses, phone numbers,
dates of birth, email addresses, and even Social Security numbers are
at risk; and if they are breached by the government, they would never
have to tell them.
Consider that as Americans who seek health care insurance sign onto
the Federal exchange, they are inserting their personal information
into a Web site that has never had a full end-to-end security test. In
fact, CMS's Chief Information Security Officer, Theresa Fryer, stated
in a draft memo that the Federal exchange ``does not reasonably meet
security requirements'' and that ``there is no confidence that personal
identifiable information will be protected.''
Even worse, experts at the credit agency Experian recently warned
that the ``health care industry by far will be the most susceptible to
publicly disclosed and widely scrutinized data breaches in 2014.''
So Experian says that it is the health care that stands the greatest
risk. This prediction was based in part on reports of security risks
posed by the healthcare.gov Web site since the health care law's
infrastructure was put together too quickly and haphazardly.
Mr. Speaker, this Web site was never ready to go on October 1. The
very least we can do is to require that the Federal Government notify
someone if their personal information has been hacked. That way, at the
very least, they have a chance to fend off identity theft and cyber
attacks and hopefully avoid another nightmare scenario like the one we
saw that happened to Target shoppers.
I urge my colleagues in the House to support this bill and for our
colleagues in the Senate to swiftly send it to the President's desk.
{time} 1845
Mrs. WAGNER. I thank the gentlelady from Tennessee, Representative
Diane Black, for her supreme leadership in this area. This is her bill.
This is her piece of legislation. It has been something she has worked
on tirelessly for years and has seen its exposure in both the private
sector and now, unfortunately, at the Federal Government level. So I
thank her for her leadership.
Mr. Speaker, I would like to yield to my good friend, Representative
Richard Hudson. I thank him very much. He is a freshman Member and a
dear friend and colleague, a leader in our freshman class. I thank him,
not only for his work on the Homeland Security and Agriculture
Committees, but also for the work that he has done in dealing with
health care on the Education and the Workforce Committee.
It is now my pleasure to yield to the gentleman from North Carolina,
Mr. Richard Hudson.
Mr. HUDSON. I thank the gentlelady.
Mr. Speaker, I will tell you that my colleague from Missouri has been
a true leader in Congress.
It is a real honor to serve with you, and I thank you for your
leadership, particularly on this important issue.
ObamaCare is an absolute disaster. We have seen disastrous impacts
back home in North Carolina with the loss of jobs. I talk to folks
every day when I go home. I go home every weekend. I travel the
district. I talk to businesses, and folks tell me that they have never
sat on more capital. The reason they are doing that is that they don't
know what the costs of health care are going to be. So we have got
businesses out there that could be expanding, that could be hiring
people, but because of this health care law--because of the uncertainty
created by it, because of the rising costs--we have got businesspeople
who are not hiring. That is why we are not seeing job growth like we
ought to see. That is why this is the flattest, longest recession we
have seen in our country's history.
This awful health care law is also destroying the greatest health
care system in the world. We are seeing premiums increase. I get
letters and emails every day from my constituents who tell me their
premiums have gone up. I talked to a woman the other day who is working
three jobs. Her husband is working part-time because he can't find
full-time work, but she is working three jobs just so she can pay for
health care. That was before the premium increase.
Mr. Speaker, we have seen so many folks who have had their plans
canceled. It has been said that the lie of the century is that, if you
like your health care, you can keep it. People are seeing their health
care plans canceled, and it is going to get worse because, when
businesses have to start looking at whether they can afford to keep
folks on their health care or not--whether the math adds up for them,
whether they can afford to do that given all the new, excessive
mandates--we are going to see more people lose their insurance. It is
an absolute disaster.
I am committed to doing everything I can to repeal this law and
replace it because, at the end of the day, this is about people, and in
this country--the greatest country in the history of the world--we can
do better than this. We can offer health care that is the world's best
quality health care at a price that people can afford, and we can put
people in charge of their health care decisions, not bureaucrats in
Washington like this awful law does, so I am committed to repealing
this law.
In the meantime, I urge my colleagues to support the bill that is
coming to the floor tomorrow, a bill that deals with one of the
disastrous aspects of this law that I haven't mentioned yet, and that
is the risk to millions of Americans that their personal information
can be divulged--can be stolen--because of the lack of security on the
ObamaCare Web site. This is a horrendous problem. Million of Americans
are at risk, and there is no accountability. So what we are asking for
is to put that accountability in place, that if people's personal
information is lost, those folks have to be notified.
The Federal Government thinks that businesses should live by that
standard. The Federal Government says that States that have set up
their exchanges should live by that standard. I say that the Federal
Government ought to live by the same standard. If that personal
information is compromised, then the individual should be notified, and
the government should take responsibility and rectify the situation.
This is simple, commonsense legislation that I hope my colleagues on
both sides of the aisle, I hope our colleagues in the other body, and I
hope our President will support. We owe it to the American people to do
the right thing--to make sure their information is secure. If something
happens, God forbid, we must do the right thing and notify those
individuals. We rectify the situation. We take responsibility for it.
So I urge my colleagues to support this legislation. It is the right
thing to do by the American people. I urge them to vote ``yes''
tomorrow.
Mrs. WAGNER. I thank the gentleman from North Carolina,
Representative Richard Hudson, for his leadership in this area and for
giving voice to not just the Health Exchange Security and Transparency
Act but to the jobs issue. Certainly, what ObamaCare has done is create
nothing but a part-time workforce. This is about access to care. It is
about cost. It is about millions of Americans who have lost their
coverage. It is about the deception of the American people. It is about
a government bureaucracy--a Federal bureaucracy--telling the American
people what is in their best interest.
You, the American people--your constituents, Congressman Hudson--know
[[Page H126]]
what is in their best interests when it comes to their health care and
their most intimate details, whether it has to do with their personal
medical records and information or whether it has to do with their
costs, their coverage, their premiums, their copays. There is so much
that must be repealed and replaced in this law. At the very least, what
the Federal Government can do is to protect the integrity of their most
private and personal information.
I thank the gentleman from North Carolina.
It is now my great privilege to yield to my good friend,
Representative James Lankford from Oklahoma. He is our leader and our
chairman on the Republican Policy Committee, and he is a friend and a
colleague at the leadership table. I thank him most especially for the
work that he does on the Oversight and Government Reform Committee,
which is, Mr. Speaker, monitoring the implementation of healthcare.gov
and of the Affordable Care Act.
I am now pleased to yield to the gentleman from Oklahoma, Mr. James
Lankford.
Mr. LANKFORD. I thank the gentlelady.
Mr. Speaker, thank you for your oversight of this evening. The
gentlelady and I do not agree at all on football, she being from
Missouri and my being an Oklahoma State fan, but we do agree on this.
This is a critical area, and it gets to the basic element of what we do
as a Nation and what a government is supposed to do.
A government is designed to protect and to serve the people. The
people don't serve the government. The government serves the people.
The government is set to allow people to be able to live their lives as
they choose. Then along comes the Affordable Care Act, where the
government looks down at the people, literally, and says, ``I am going
to make better decisions for you. Instead of your choosing your doctor,
instead of your choosing your hospital, instead of your choosing your
insurance, I am going to pick a group of insurance policies and
hospitals and doctors I like as the government, and you get to pick
from my list.'' It removes those choices from individuals to then set
up a Web site and say, ``You are required to go on this Web site and
enter your information on this Web site.''
Now, Mr. Speaker, I don't know how you handle shopping online, but
when I shop online, I am careful of what Web sites I go to. I want to
make sure there are security protocols and there is some backing to
that so I am not entering information onto some site where I don't know
how the security is handled. But this one is different. On this one,
the power of the Federal Government is coming down on an individual to
say, ``I don't care what you think about the security of this site.
Enter your information there, and not only enter your information
there, enter your children's information there.''
Chief Information Security Officer Teresa Fryer, she is the one who
was set to be able to sign off on the security protocols for the Web
site when it was to be launched, but in September, she refused to sign
off and to put her name onto the exchanges and the data hub and say
that it was ready to go and that the security was there. In fact, her
statement was that there was a high risk of security and that there had
been no end-to-end testing of this site, and she refused to sign off on
the security. This is the chief information security officer who was
assigned to oversee that for the government. Instead, it was pushed up
to Marilyn Tavenner, the Director of CMS, to have to make the signoff
because the person under her refused to do it.
Should Americans be concerned in entering their information?
Absolutely, they should be concerned in entering their information
because there is still no certification that this is fully tested,
fully approved and that there are not serious vulnerabilities.
In the first week that the site was launched, the Federal Government
brought in what is called a ``white hacker,'' someone who is going to
come in and test the system, try to hack into the system. Were they
successful? Absolutely, they were successful. They found multiple
vulnerabilities in the site, itself, and then reported it back to CMS.
There are a lot of security vulnerabilities there.
Is this an issue? Yes, but as ironic as all that is, a government
that is set up to serve the people is actually trying to protect itself
and not report when there is a problem.
You see, when Target had 40 million credit cards stolen in a very
rare incident for a retailer like that--my family's being one of
those--we were all notified. We were told, ``You are at risk. Here is
what has occurred, so go change your credit card. Go protect your
identity,'' because Target has the responsibility to protect us and to
be able to let us know you have got a risk.
The Federal Government right now is saying, ``If someone breaks into
our system, we have the responsibility to protect the Federal
Government and not to let anyone know,'' instead of protecting the
individual. That is government on its head. Government is designed to
serve and protect the people, not to have them say, ``I can't tell you
that information because it will look bad for the Federal Government.''
No.
This bill does a basic thing. It says the people are more important
than the program that the government has set up--the people are--and
that if their information has been stolen, if there has been a
compromise to that information, they should be informed of that so that
they can take the steps that are necessary to make sure they and their
children who they have entered on their site have their information
protected in the days ahead.
This is the right thing to do. This is not some blanket partisan
issue. We would want this in every aspect of every Web site that the
Federal Government has, whether that be IRS information, whether that
be ObamaCare information, whether that be information on an EPA
computer. If it is compromised, that citizen should know so steps can
be taken to be able to protect himself. It is a reasonable protection
for the American people. That is why I think this is a reasonable thing
to be able to do. Quite frankly, we believe that the Affordable Care
Act will be completely repealed and that the American people will have
the ability to choose for themselves again rather than have the Federal
Government say we are going to make choices for you. Until that day
comes, it is a reasonable thing to at least begin with this.
With that, I thank the gentlelady from Missouri. Again, I can't root
for your football team, but I can stand with you on this issue.
Mrs. WAGNER. I appreciate the comments of the gentleman from
Oklahoma, who is a good friend and leader.
We won't debate the outcome of the Cotton Bowl here in the well of
the floor today--that will stand on its own merit--but I do appreciate
his leadership on this very important health care issue. I appreciate
his leadership on the Republican Policy Committee for our party and the
work that he does tirelessly to communicate those in a way that is
about serving the people, which is, at the end of the day, why we are
here.
Government should be here to serve the people, and we have not put
the proper protections in place. What is good enough for the private
sector and the States ought to be more than good enough for the Federal
Government. Certainly, the American people are worthy of these kinds of
protections.
While I will say over and over again that ObamaCare is wrong for the
American people--that it is wrong for hardworking Missourians and that
it is certainly wrong for the people of the Second District--and that
it needs to be replaced immediately before any more harmful provisions
are implemented, at the very least, what the government can do is
require that we report any security breaches on the ObamaCare Web site
to these innocent victims who, through no fault of their own, trusted a
government that has once again potentially deceived them.
So, Mr. Speaker, I urge my colleagues again to vote ``yes'' on this
commonsense measure. Tomorrow, let's all stand for the American people
and in service to them rather than as a government that is not telling
them what is best for them but is truly serving their interests and
serving their needs. Please, stand and vote ``yes'' on the Health
Exchange Security and Transparency Act.
Mr. Speaker, with that, I yield back the balance of my time.
[[Page H127]]
____________________