[Congressional Record (Bound Edition), Volume 160 (2014), Part 1]
[House]
[Pages 343-346]
[From the U.S. Government Publishing Office, www.gpo.gov]




             HEALTH EXCHANGE SECURITY AND TRANSPARENCY ACT

  The SPEAKER pro tempore. Under the Speaker's announced policy of 
January 3, 2013, the Chair recognizes the gentlewoman from Missouri 
(Mrs. Wagner) for 30 minutes.


                             General Leave

  Mrs. WAGNER. Mr. Speaker, I ask unanimous consent that all Members 
may have 5 legislative days in which to revise and extend their remarks 
and include extraneous materials on the subject of my Special Order.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentlewoman from Missouri?
  There was no objection.
  Mrs. WAGNER. Mr. Speaker, I rise today in support of the Health 
Exchange Security and Transparency Act, a bill that forces the Federal 
Government to notify individuals if their personal information has been 
stolen or unlawfully accessed through an ObamaCare exchange.
  Since the disastrous rollout of ObamaCare on October 1, we have heard 
story after story, Mr. Speaker, of security threats and privacy 
concerns with the troubled ObamaCare insurance exchanges, from the 
chief information officer at CMS claiming that ``there is also no 
confidence that personable identifiable information will be 
protected,'' to an administrator at CMS saying that the ObamaCare Web 
site ``exposed a level of uncertainty that can be deemed as high 
risk,'' to a computer security expert calling the ObamaCare Web site 
``a hacker's dream.''
  It is clear that the ObamaCare exchanges were never ready to be 
launched, and it is unconscionable that this administration would 
expose millions of Americans' personal information to cyber threats and 
identity theft.
  To make matters worse, there are laws already implemented that 
require private companies to notify innocent victims of these security 
breaches. But President Obama didn't think it was necessary to live by 
the same rules as the private sector and decided to push his failed 
agenda despite senior government officials warning him that his Web 
site was not safe for the American people.
  Every day, Mr. Speaker, I hear from far too many hardworking families 
in Missouri's Second District who have seen their premiums skyrocket, 
wages decreased, insurance coverage canceled of late, and hours cut 
back at work. These families are already suffering from the harsh 
realities of ObamaCare. To make matters worse, they have no idea 
whether their personal information has been stolen or not.
  Just recently, Mary Ann Schaeffer wrote to me from Kirkwood, 
Missouri, about how worried she is that her most intimate information 
could be stolen from the ObamaCare exchanges. And I quote from Mary Ann 
Schaeffer of Kirkwood, Missouri: ``I am concerned about the security of 
my sensitive medical records in a big government database.'' Mary Ann 
is just one of the many people I hear from in the St. Louis region that 
are worried about the devastating consequences of ObamaCare.
  The only way to truly protect the American people from ObamaCare is 
by replacing it with free market-based solutions that expand access 
without destroying our economy, putting the Federal Government between 
you and your doctor, and lowering the quality of our care. The Federal 
Government, Mr. Speaker, should, at the very least, be required to 
report any security breaches on the ObamaCare Web site to those 
innocent victims who, through no fault of their own, trusted a 
government that deceived them.
  Since President Obama decided to delay the implementation of 
ObamaCare for unions and businesses for an entire year, don't you think 
the least he could do is tell hardworking Americans if their personal 
information has been stolen or breached?
  Mr. Speaker, the simple truth is: ObamaCare is wrong for the American 
people, it is wrong for hardworking Missourians, and it is wrong for 
the people of Missouri's Second Congressional District, and it needs to 
be replaced immediately before any more of its harmful provisions are 
implemented.
  I urge my colleagues to vote ``yes,'' a resounding ``yes,'' on this 
commonsense measure.
  I would now, Mr. Speaker, yield to my good friend, the gentlelady 
from Tennessee, Representative Diane Black, who has not only spent 
countless hours championing the Health Exchange Security and 
Transparency Act, but who has tirelessly worked to improve our Nation's 
health care as a small business woman and a nurse in Tennessee and now 
as a Member of Congress.
  Mrs. BLACK. I thank the gentlelady from Missouri, my friend and my 
colleague.
  Mr. Speaker, I rise today in support of the Health Exchange Security 
and Transparency Act, which would provide basic protections on the 
healthcare.gov Web site to help Americans protect themselves from fraud 
and abuse. Unfortunately, we live in a time where

[[Page 344]]

cyber threats are rampant, and we must do what we can to make sure that 
Americans are protected from these threats.
  John Fund at National Review recently wrote this:

       Christmas shoppers were stunned to learn that computer 
     hackers had made off with the names and other personal 
     information of some 40 million Target customers.
       But at least Target informed its customers of the security 
     breach, as it is required by law. Healthcare.gov faces no 
     such requirement--it need never notify customers that their 
     personal information has been hacked or possibly compromised.

  What makes this even worse is that the Department of Health and Human 
Services was asked to include notification provisions in the final 
rules for ObamaCare and they declined. Because of this decision on the 
part of HHS, millions of Americans' names, addresses, phone numbers, 
dates of birth, email addresses, and even Social Security numbers are 
at risk; and if they are breached by the government, they would never 
have to tell them.
  Consider that as Americans who seek health care insurance sign onto 
the Federal exchange, they are inserting their personal information 
into a Web site that has never had a full end-to-end security test. In 
fact, CMS's Chief Information Security Officer, Theresa Fryer, stated 
in a draft memo that the Federal exchange ``does not reasonably meet 
security requirements'' and that ``there is no confidence that personal 
identifiable information will be protected.''
  Even worse, experts at the credit agency Experian recently warned 
that the ``health care industry by far will be the most susceptible to 
publicly disclosed and widely scrutinized data breaches in 2014.''
  So Experian says that it is the health care that stands the greatest 
risk. This prediction was based in part on reports of security risks 
posed by the healthcare.gov Web site since the health care law's 
infrastructure was put together too quickly and haphazardly.
  Mr. Speaker, this Web site was never ready to go on October 1. The 
very least we can do is to require that the Federal Government notify 
someone if their personal information has been hacked. That way, at the 
very least, they have a chance to fend off identity theft and cyber 
attacks and hopefully avoid another nightmare scenario like the one we 
saw that happened to Target shoppers.
  I urge my colleagues in the House to support this bill and for our 
colleagues in the Senate to swiftly send it to the President's desk.

                              {time}  1845

  Mrs. WAGNER. I thank the gentlelady from Tennessee, Representative 
Diane Black, for her supreme leadership in this area. This is her bill. 
This is her piece of legislation. It has been something she has worked 
on tirelessly for years and has seen its exposure in both the private 
sector and now, unfortunately, at the Federal Government level. So I 
thank her for her leadership.
  Mr. Speaker, I would like to yield to my good friend, Representative 
Richard Hudson. I thank him very much. He is a freshman Member and a 
dear friend and colleague, a leader in our freshman class. I thank him, 
not only for his work on the Homeland Security and Agriculture 
Committees, but also for the work that he has done in dealing with 
health care on the Education and the Workforce Committee.
  It is now my pleasure to yield to the gentleman from North Carolina, 
Mr. Richard Hudson.
  Mr. HUDSON. I thank the gentlelady.
  Mr. Speaker, I will tell you that my colleague from Missouri has been 
a true leader in Congress.
  It is a real honor to serve with you, and I thank you for your 
leadership, particularly on this important issue.
  ObamaCare is an absolute disaster. We have seen disastrous impacts 
back home in North Carolina with the loss of jobs. I talk to folks 
every day when I go home. I go home every weekend. I travel the 
district. I talk to businesses, and folks tell me that they have never 
sat on more capital. The reason they are doing that is that they don't 
know what the costs of health care are going to be. So we have got 
businesses out there that could be expanding, that could be hiring 
people, but because of this health care law--because of the uncertainty 
created by it, because of the rising costs--we have got businesspeople 
who are not hiring. That is why we are not seeing job growth like we 
ought to see. That is why this is the flattest, longest recession we 
have seen in our country's history.
  This awful health care law is also destroying the greatest health 
care system in the world. We are seeing premiums increase. I get 
letters and emails every day from my constituents who tell me their 
premiums have gone up. I talked to a woman the other day who is working 
three jobs. Her husband is working part-time because he can't find 
full-time work, but she is working three jobs just so she can pay for 
health care. That was before the premium increase.
  Mr. Speaker, we have seen so many folks who have had their plans 
canceled. It has been said that the lie of the century is that, if you 
like your health care, you can keep it. People are seeing their health 
care plans canceled, and it is going to get worse because, when 
businesses have to start looking at whether they can afford to keep 
folks on their health care or not--whether the math adds up for them, 
whether they can afford to do that given all the new, excessive 
mandates--we are going to see more people lose their insurance. It is 
an absolute disaster.
  I am committed to doing everything I can to repeal this law and 
replace it because, at the end of the day, this is about people, and in 
this country--the greatest country in the history of the world--we can 
do better than this. We can offer health care that is the world's best 
quality health care at a price that people can afford, and we can put 
people in charge of their health care decisions, not bureaucrats in 
Washington like this awful law does, so I am committed to repealing 
this law.
  In the meantime, I urge my colleagues to support the bill that is 
coming to the floor tomorrow, a bill that deals with one of the 
disastrous aspects of this law that I haven't mentioned yet, and that 
is the risk to millions of Americans that their personal information 
can be divulged--can be stolen--because of the lack of security on the 
ObamaCare Web site. This is a horrendous problem. Million of Americans 
are at risk, and there is no accountability. So what we are asking for 
is to put that accountability in place, that if people's personal 
information is lost, those folks have to be notified.
  The Federal Government thinks that businesses should live by that 
standard. The Federal Government says that States that have set up 
their exchanges should live by that standard. I say that the Federal 
Government ought to live by the same standard. If that personal 
information is compromised, then the individual should be notified, and 
the government should take responsibility and rectify the situation.
  This is simple, commonsense legislation that I hope my colleagues on 
both sides of the aisle, I hope our colleagues in the other body, and I 
hope our President will support. We owe it to the American people to do 
the right thing--to make sure their information is secure. If something 
happens, God forbid, we must do the right thing and notify those 
individuals. We rectify the situation. We take responsibility for it.
  So I urge my colleagues to support this legislation. It is the right 
thing to do by the American people. I urge them to vote ``yes'' 
tomorrow.
  Mrs. WAGNER. I thank the gentleman from North Carolina, 
Representative Richard Hudson, for his leadership in this area and for 
giving voice to not just the Health Exchange Security and Transparency 
Act but to the jobs issue. Certainly, what ObamaCare has done is create 
nothing but a part-time workforce. This is about access to care. It is 
about cost. It is about millions of Americans who have lost their 
coverage. It is about the deception of the American people. It is about 
a government bureaucracy--a Federal bureaucracy--telling the American 
people what is in their best interest.

[[Page 345]]

  You, the American people--your constituents, Congressman Hudson--know 
what is in their best interests when it comes to their health care and 
their most intimate details, whether it has to do with their personal 
medical records and information or whether it has to do with their 
costs, their coverage, their premiums, their copays. There is so much 
that must be repealed and replaced in this law. At the very least, what 
the Federal Government can do is to protect the integrity of their most 
private and personal information.
  I thank the gentleman from North Carolina.
  It is now my great privilege to yield to my good friend, 
Representative James Lankford from Oklahoma. He is our leader and our 
chairman on the Republican Policy Committee, and he is a friend and a 
colleague at the leadership table. I thank him most especially for the 
work that he does on the Oversight and Government Reform Committee, 
which is, Mr. Speaker, monitoring the implementation of healthcare.gov 
and of the Affordable Care Act.
  I am now pleased to yield to the gentleman from Oklahoma, Mr. James 
Lankford.
  Mr. LANKFORD. I thank the gentlelady.
  Mr. Speaker, thank you for your oversight of this evening. The 
gentlelady and I do not agree at all on football, she being from 
Missouri and my being an Oklahoma State fan, but we do agree on this. 
This is a critical area, and it gets to the basic element of what we do 
as a Nation and what a government is supposed to do.
  A government is designed to protect and to serve the people. The 
people don't serve the government. The government serves the people. 
The government is set to allow people to be able to live their lives as 
they choose. Then along comes the Affordable Care Act, where the 
government looks down at the people, literally, and says, ``I am going 
to make better decisions for you. Instead of your choosing your doctor, 
instead of your choosing your hospital, instead of your choosing your 
insurance, I am going to pick a group of insurance policies and 
hospitals and doctors I like as the government, and you get to pick 
from my list.'' It removes those choices from individuals to then set 
up a Web site and say, ``You are required to go on this Web site and 
enter your information on this Web site.''
  Now, Mr. Speaker, I don't know how you handle shopping online, but 
when I shop online, I am careful of what Web sites I go to. I want to 
make sure there are security protocols and there is some backing to 
that so I am not entering information onto some site where I don't know 
how the security is handled. But this one is different. On this one, 
the power of the Federal Government is coming down on an individual to 
say, ``I don't care what you think about the security of this site. 
Enter your information there, and not only enter your information 
there, enter your children's information there.''
  Chief Information Security Officer Teresa Fryer, she is the one who 
was set to be able to sign off on the security protocols for the Web 
site when it was to be launched, but in September, she refused to sign 
off and to put her name onto the exchanges and the data hub and say 
that it was ready to go and that the security was there. In fact, her 
statement was that there was a high risk of security and that there had 
been no end-to-end testing of this site, and she refused to sign off on 
the security. This is the chief information security officer who was 
assigned to oversee that for the government. Instead, it was pushed up 
to Marilyn Tavenner, the Director of CMS, to have to make the signoff 
because the person under her refused to do it.
  Should Americans be concerned in entering their information? 
Absolutely, they should be concerned in entering their information 
because there is still no certification that this is fully tested, 
fully approved and that there are not serious vulnerabilities.
  In the first week that the site was launched, the Federal Government 
brought in what is called a ``white hacker,'' someone who is going to 
come in and test the system, try to hack into the system. Were they 
successful? Absolutely, they were successful. They found multiple 
vulnerabilities in the site, itself, and then reported it back to CMS. 
There are a lot of security vulnerabilities there.
  Is this an issue? Yes, but as ironic as all that is, a government 
that is set up to serve the people is actually trying to protect itself 
and not report when there is a problem.
  You see, when Target had 40 million credit cards stolen in a very 
rare incident for a retailer like that--my family's being one of 
those--we were all notified. We were told, ``You are at risk. Here is 
what has occurred, so go change your credit card. Go protect your 
identity,'' because Target has the responsibility to protect us and to 
be able to let us know you have got a risk.
  The Federal Government right now is saying, ``If someone breaks into 
our system, we have the responsibility to protect the Federal 
Government and not to let anyone know,'' instead of protecting the 
individual. That is government on its head. Government is designed to 
serve and protect the people, not to have them say, ``I can't tell you 
that information because it will look bad for the Federal Government.'' 
No.
  This bill does a basic thing. It says the people are more important 
than the program that the government has set up--the people are--and 
that if their information has been stolen, if there has been a 
compromise to that information, they should be informed of that so that 
they can take the steps that are necessary to make sure they and their 
children who they have entered on their site have their information 
protected in the days ahead.
  This is the right thing to do. This is not some blanket partisan 
issue. We would want this in every aspect of every Web site that the 
Federal Government has, whether that be IRS information, whether that 
be ObamaCare information, whether that be information on an EPA 
computer. If it is compromised, that citizen should know so steps can 
be taken to be able to protect himself. It is a reasonable protection 
for the American people. That is why I think this is a reasonable thing 
to be able to do. Quite frankly, we believe that the Affordable Care 
Act will be completely repealed and that the American people will have 
the ability to choose for themselves again rather than have the Federal 
Government say we are going to make choices for you. Until that day 
comes, it is a reasonable thing to at least begin with this.
  With that, I thank the gentlelady from Missouri. Again, I can't root 
for your football team, but I can stand with you on this issue.
  Mrs. WAGNER. I appreciate the comments of the gentleman from 
Oklahoma, who is a good friend and leader.
  We won't debate the outcome of the Cotton Bowl here in the well of 
the floor today--that will stand on its own merit--but I do appreciate 
his leadership on this very important health care issue. I appreciate 
his leadership on the Republican Policy Committee for our party and the 
work that he does tirelessly to communicate those in a way that is 
about serving the people, which is, at the end of the day, why we are 
here.
  Government should be here to serve the people, and we have not put 
the proper protections in place. What is good enough for the private 
sector and the States ought to be more than good enough for the Federal 
Government. Certainly, the American people are worthy of these kinds of 
protections.
  While I will say over and over again that ObamaCare is wrong for the 
American people--that it is wrong for hardworking Missourians and that 
it is certainly wrong for the people of the Second District--and that 
it needs to be replaced immediately before any more harmful provisions 
are implemented, at the very least, what the government can do is 
require that we report any security breaches on the ObamaCare Web site 
to these innocent victims who, through no fault of their own, trusted a 
government that has once again potentially deceived them.
  So, Mr. Speaker, I urge my colleagues again to vote ``yes'' on this 
commonsense measure. Tomorrow, let's all stand for the American people

[[Page 346]]

and in service to them rather than as a government that is not telling 
them what is best for them but is truly serving their interests and 
serving their needs. Please, stand and vote ``yes'' on the Health 
Exchange Security and Transparency Act.
  Mr. Speaker, with that, I yield back the balance of my time.

                          ____________________