New Obamacare privacy threats loom large

In this Dec. 11, 2013 file photo, Rosemary Cabelo uses a computer at a public library to access the Affordable Health Care Act website, in San Antonio. (AP Photo/Eric Gay, File)
In this Dec. 11, 2013 file photo, Rosemary Cabelo uses a computer at a public library to access the Affordable Health Care Act website, in San Antonio. (AP Photo/Eric Gay, File)

DC Examiner In September 2013, President Obama spoke to a crowd at Prince George’s Community College in Maryland about the upcoming launch of Obamacare’s first enrollment season, saying that “Like any big product launch, there’s going to be some glitches as this thing unfolds.”

As it turns out, a Washington bureaucrat’s “glitch” is the average American’s privacy nightmare. Let’s recap:

Last fall, we learned that, the web portal for Obamacare’s federal exchanges, was successfully hacked. Making the situation even more disturbing was the fact that the federal government did not notice the cyberattack until weeks after it occurred.

Later the same month, the nonpartisan Government Accountability Office warned of security weaknesses in the website that posed “significant risks of unauthorized access, use … and disruption.” The agency made six specific recommendations to address these concerns. Nearly a year later, the status of each action item is still listed as “open” — meaning GAO has yet to confirm that the Obama administration has acted on its recommendations.

Then, earlier this year came the news that was quietly sharing users’ personal data with outside websites — a process that, as one cyber security consultant explained, “could be another potential point of failure” when it comes to protecting consumers’ sensitive information.

While the bungled roll-out of inched along, the Obama administration was also building the federal data services hub to help implement the law. The Wall Street Journal dubbed it “the largest personal information database the government has ever attempted.”

Prior to launch, my colleagues and I repeatedly warned of privacy concerns under the data hub, only to be told by the administration that this hub would not store personally identifiable information — instead it would be used to pass information between the appropriate agencies to verify an Obamacare applicant’s eligibility status. That same promise appears on the Centers for Medicare and Medicaid Services’ website today.

The Obama Administration’s response to our warnings was, in essence, “Just trust us.” And many did. Then, last week, the other shoe finally dropped.

While Obamacare’s data hub may not be storing your personal information, new reports show that the law’s little-known Multidimensional Insurance Data Analytics System (MIDAS) is doing so — indefinitely.

The Associated Press describes MIDAS as a “vast data warehouse” that stores Obamacare applicants’ Social Security numbers, addresses, employment status and financial accounts, among other details. Worse, the administration reportedly launched MIDAS without a complete privacy assessment. If the system sounds unfamiliar to you, that’s because the Obama administration ignored any mention of it in the privacy policy.

It’s no secret that I have long advocated for the full repeal of Obamacare, but until that happens, I believe legislation is needed to safeguard Americans’ data security from the prying eyes of Big Brother Obama.

This is, after all, the same administration that failed to immediately thwart political targeting at the IRS and that recently oversaw the breach of four million federal employees’ personal records. This president’s track record on protecting Americans’ privacy is abysmal, and it is past time for Congress to step in and inject basic accountability into this law.

For all these reasons and more, I authored the Federal Exchange Data Breach Notification Act of 2015. This right-to-know legislation would require the federal government to promptly inform you if your personal information was compromised on the federal healthcare exchanges. It’s truly that simple — yet as of this date, there is no federal law to that effect.

Keeping Americans’ most sensitive information from landing in the wrong hands is not a matter of party politics, it’s just common sense and good governance. It is wholly unacceptable that, today, if you were a victim of a cybersecurity failure, the federal government would be under no obligation to tell you.

Whether you want to scrap Obamacare altogether, as I do, or aim to “improve” it, as some Democrats have suggested, my bill offers a reasonable solution that both parties should embrace in the meantime to protect the American people from an unintended consequence of this law.

We cannot wait for the next cybersecurity breach to act. Congress must pass the Federal Exchange Data Breach Notification Act without delay.

Diane Black represents Tennessee’s 6th Congressional District in the U.S. House of Representatives. Thinking of submitting an op-ed to the Washington Examiner? Be sure to read ourguidelines on submissions.