Republicans have vowed to maintain their investigative scrutiny over the Obamacare implementation, even as the information technology problems on the federal and state insurance exchanges have greatly lessened and HHS announced 2.1 million enrollments as of Dec. 29—about two-thirds of what the administration had projected by the end of 2013. Republicans hope they can use the healthcare reform issue as a springboard to capturing control of the Senate in the November elections, while Democrats are expressing growing confidence that the issue will work in their favor as more Americans benefit from the law's insurance expansion. But much depends on how the rollout goes and whether new problems crop up.
Cantor highlighted the recent unrelated data breach at retail giant Target a few weeks ago, when millions of Americans learned that hackers could have gained access to their personal financial information. Cantor also cited a report from credit report bureau Experian that said the healthcare industry will be the most susceptible to data breaches in 2014.
CMS spokesman Aaron Albright said in a written statement that no security breaches have occurred on HealthCare.gov, and that security testing is conducted on an ongoing basis using best industry practices. “To date, there have been no successful security attacks on HealthCare.gov, and no person or group has maliciously accessed personally identifiable information from the site,” Albright said.
Four House committees have examined the risk of data breaches in the exchanges in congressional hearings, or, in the case of the House Oversight and Government Reform Committee, through the release of a transcript of an interview with the CMS' chief information security officer.
According to Cantor, the Obama administration has downplayed the role of data breaches. He cited the CMS' Exchange Program Integrity Rule in August, which said the agency will determine whether a risk of harm exists and if consumers should be made aware of it.
“If a breach occurs, it shouldn't be up to some bureaucrat to decide when or even whether to inform an individual that their personal information has been accessed,” Cantor wrote. “Several of our colleagues, including Diane Black, Kerry Bentivolio and Gus Biliraki,s have introduced legislation to strengthen security requirements as well as require prompt notification in the event of a breach involving personal information.”