The Committee on Homeland Security held a hearing on Thursday titled “Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov?” Department of Homeland Security (DHS) officials, as well as members of the private sector who work in information technology, were invited to discuss some of the security issues with Healthcare.gov.
The U.S. House of Representatives has been holding a series of hearings on Capitol Hill this past week to probe deeper into the problems with Healthcare.gov. The Committee on Homeland Security held a hearing on Thursday titled “Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov?” Department of Homeland Security (DHS) officials, as well as members of the private sector who work in information technology, were invited to discuss some of the security issues with Healthcare.gov.
In his opening remarks, ranking member Rep. Bennie G. Thompson (D-MS) pointed out that “DHS does not have an ongoing role with the security” of the Healthcare.gov system.
“Some of my colleagues have indicated that DHS should assure the safety and security of the personal information placed on Healthcare.gov,” said Thompson. “While this is an interesting proposition, there is no law requiring that DHS play such a role.”
While Health and Human Services (HHS) is the agency that developed and maintains the health insurance site, DHS has two main responsibilities toward the Web portal. First DHS has been tasked with making sure all government entities comply with FISMA – the Federal Information Security Management Act, implemented in 2002. That law says that agencywide security programs must be established, documented, and maintained for all information and information systems critical to U.S. government operations. “It is my understanding that DHS has a very small role in assuring the privacy and security of a website established by another agency,” Thompson added.
In addition, DHS also has an obligation to verify that those signing up for insurance on Healthcare.gov are legal U.S. residents or citizens, or otherwise legally in the country, if the Social Security Administration is unable to confirm their status.
Invited to testify at the hearing was Soraya Correa of U.S. Citizenship and Immigration services, who is responsible for overseeing verification programs at the DHS agency. In her testimony, she pointed out that so far, the automated verification for those signing up for insurance through Healthcare.gov has been successful.
Luke Chung, president of FMS, Inc. , a database solutions service provider, was also invited to testify. Chung, who specializes in Web database development, gained notoriety after he wrote a blog post titled “Healthcare.gov is a Technical Disaster ,” which went viral. The post described his experience with the federal exchange site in its first days of being launched and the many flaws he came across. He suggested an accountability office should be setup to deal with government-related cyber issues in the future. “The need for a bi‐partisan Technology Accountability Office to investigate and regulate technology at the Federal level is urgent and immediate; not only to stem the hemorrhage of taxpayer dollars but to ensure the security and viability of the essential systems millions of Americans depend on,” he said.