Skip to primary navigation Skip to content
Learn More About the CHIPS and Science Act
report a concern
November 19, 2013

Committee Holds Hearing on Healthcare.gov Security

(Washington, DC) – Today, the House Committee on Science, Space, and Technology held a hearing on security and privacy issues related to healthcare.gov.  The healthcare.gov portal is the public’s interface with Health Insurance Marketplaces established under the Affordable Care Act (ACA). It was developed and is operated by the Centers for Medicare and Medicaid Services (CMS), part of the Department of Health and Human Services (HHS).  Signing up has been slow, time consuming, and frustrating to many in the initial phase. 

Ranking Member Eddie Bernice Johnson (D-TX) said in her opening statement, “In light of the startup problems that have been reported with the Healthcare.gov website—problems that need to get fixed as quickly as possible—some Americans may be concerned about the security of their personal information on the website.  I can understand such concerns, because anytime any of us go on the internet, we are vulnerable to those who would attack public and private databases to get access to our information… However, I want everyone to keep the issues of security in perspective, and I hope that none of us will use this hearing to engage in fear-mongering in an effort to destroy participation in the ACA.  That would be irresponsible and, frankly, cruel.  The Americans who most need the ACA to work are those that are among the most vulnerable members of our society.”

Democratic Members of the Committee pushed back against misinformation that has been circulated regarding healthcare.gov.  A key issue that was continually misrepresented at the hearing was the question of whether the healthcare.gov website will contain individual medical records.  It will not.  Democratic Members also pointed out that healthcare.gov is not a database.  In addition, many of the security issues that have emerged have been quickly corrected.  One Majority witness had implied during his testimony that he had been able to obtain the user names, emails and passwords of 100,000 users on www.healthcare.gov.  In fact the information he obtained was from a different website and he eventually acknowledged this under questioning from Democratic Members.  The hearing seemed intent on over-exaggerating and misinforming the public.   

Rep. Mark Takano (D-CA) said, “There have already been over 40 hearings this year on the Affordable Care Act by House Committees. 15 of those since open enrollment began on October 1; and now we can add the Science Committee to that list. While there certainly have been issues with the rollout of the websites, stories of how the Affordable Care Act is already helping millions of people are drowned out by the scare tactics used by my colleagues on the other side of the aisle. The Republican playbook for undermining the ACA is filled with examples of how to scare constituents away from Obamacare. It’s in the American people’s best interest to encourage participation in the exchanges to help bring down premiums for everyone. But to my colleagues, it seems, it’s not about the American people winning, it’s about them winning. This hearing is just another attempt to undermine the President’s signature law and follow their playbook.”

Ms. Johnson added, “The reality is that Healthcare.gov is subject to the same attacks as every other website and every other internet-accessible data base.  Every Member of this Committee knows that computer vulnerabilities are exploited every day at companies and government offices across the world, leading to the compromise of a wide range of personally sensitive information…One might conclude that the only way to avoid being vulnerable to such attacks is to not be connected to the internet at all.  However, in the 21st century that is not a reasonable option for most government agencies, businesses or individuals.  So, I think we have to be realistic about the ability of any internet-connected database to be completely invulnerable to being compromised.”

She continued, “Healthcare.gov will not have patient or healthcare case information about anyone.  Healthcare.gov will have the name, date of birth, social security number and address of participants, but that information is also potentially available through every insurance company, bank, credit card company and government agency that anyone deals with.”