Kaiser Health News has a roundup of media coverage on the GOP’s intention to propose legislation requiring more security controls for HealthCare.gov. If you’re a supporter of Obamacare, you’ll likely see this as a move to undercut it. But even if you’re a supporter of Obamacare, is there any merit to the proposal?
This may all be political gamesmanship as usual, but wouldn’t requiring breach notification to individuals in the event of a breach actually be a good thing?
And if Congress is willing to require enhanced security controls and breach notification for a site that doesn’t collect a heck of lot of personal information, how about requiring it for sites that do collect a lot of sensitive personal information?
Will we actually get a federal breach notification law out of this or will this be limited to healthcare.gov if it passes? I suspect we should keep a close eye on the bill to see if it’s something that might serve a broader purpose. From Cantor’s statement, the Target data breach is also factoring into this. As Katherine Gasztonyi writes:
In the wake of the recent Target Corp. credit card data breach, Congress is once again turning its attention to data breach legislation. In a memorandum to Republican lawmakers on January 2, House Majority Leader Eric Cantor (R-Va.) stated that he intends to schedule legislation on security and breach notification requirements for federally facilitated healthcare exchanges when Congress resumes session next week. Democratic leaders characterized the news as yet another effort by Republican lawmakers to undermine the Affordable Care Act rather than a serious effort to deal with data security issues.
In his message to Congressional colleagues, Cantor discussed Target’s recent data breach, commenting that “millions of Americans learned [of Target’s data breach] from the press…” rather than from Target itself and stressing that “Americans shouldn’t have to wonder whether or not they will receive prompt notification” of a breach. Cantor went on to note that, while the Target breach “ha[d] received well-deserved attention”, another recent less-publicized report by Experian deserved scrutiny as well. The Experian report in question cautioned that, rather than the financial services industry, “[t]he healthcare industry, by far, will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014.”
Read more on Inside Privacy.