[Congressional Record Volume 160, Number 10 (Thursday, January 16, 2014)]
[Extensions of Remarks]
[Page E99]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




         HEALTH EXCHANGE SECURITY AND TRANSPARENCY ACT OF 2014

                                 ______
                                 

                               speech of

                         HON. CHRIS VAN HOLLEN

                              of maryland

                    in the house of representatives

                        Friday, January 10, 2014

  Mr. VAN HOLLEN. Mr. Speaker, I rise today in opposition to H.R. 3811. 
I feel strongly that the public and private sector should establish 
clear rules to protect Americans' personally identifiable information 
and an obligation to notify them promptly of any security or privacy 
breaches. The bill establishes a 48 hour notification requirement for 
any breaches of personally identifiable information from the Affordable 
Care Act Marketplaces. I would like to see an even shorter notice 
period, perhaps within 24 hours. However, whatever standard we use 
should apply to other government information systems. Moreover, we 
should take a comprehensive approach that also considers standards to 
protect consumers from involuntary disclosures of sensitive information 
from systems in the private sector. For example, private health 
insurance companies, which store large amounts personal health 
information, should also be subject to privacy and notification 
requirements. The recent incidents such as the massive data breaches at 
Target and Neiman Marcus illustrate the need for standards to be 
applied across the internet.
  This bill's failure to protect consumers from the wide array of 
potential security lapses reveals it for what it is--simply another 
politically motivated attack on the Affordable Care Act. The obvious 
goal is to scare people away from using the internet-based Marketplaces 
to sign up for coverage under the Affordable Care Act. The truth is 
there have been no successful attacks on the site, it is continually 
being monitored, and stringent protocols exist should a breach occur. 
Moreover, because the Affordable Care Act prohibits insurance companies 
from discriminating against individuals with pre-existing health 
conditions, the website does not collect or store detailed health 
personal health information. This hastily drafted legislation also 
contains other flaws. Specifically, it lacks important exceptions for 
law enforcement requirements, which could threaten ongoing 
investigations.
  Mr. Speaker, today's bill is not a policy solution; it's a scare 
tactic. There is no doubt that we must strengthen security features of 
all systems that contain American's personally identifiable 
information. I urge my Republican colleagues to work with Democrats on 
crafting serious, workable legislation to ensure the security of 
sensitive information on the internet.

                          ____________________