The House of Representatives has spent so much time debating and approving largely pointless bills to repeal or defund Obamacare that it’s tempting to ignore anything coming out of that body on that topic. But that would be a mistake in the case of a measure approved Jan. 10 to protect health insurance buyers against data theft. This one is not symbolic or hyperpartisan, and it deserves to become law.
It imposes a simple and reasonable requirement that in no way impairs the basic point of the program. The federal government would be obligated to inform Americans using the new health insurance exchanges if their personal information is compromised — along the lines of what happened recently to millions of Target shoppers who used debit or credit cards, exposing them to potential identity theft.
No fewer than 67 House Democrats voted for the bill, but it got a negative reaction from many on their side of the aisle, as well as the White House. Rep. Elijah Cummings, D-Md., protested: “There have been no successful security breaches of HealthCare.gov.” House Democratic leader Nancy Pelosi called the legislation “silly,” noting that the websites don’t ask for personal health information.
The administration said it would inflict “unrealistic and costly paperwork requirements” and that consumers “can trust that the information that they are providing is protected by stringent security standards.”
The fact that something has not yet happened, though, is not exactly a guarantee it never will. The soothing promises also would be more convincing if the program’s rollout had not been a series of failures, delays and snafus.
Asking the American people to place complete trust in the competence of the people in charge of the Affordable Care Act is asking way too much right now. If Target, a well-regarded corporation with decades of experience in retail, could suffer such attacks, there is no obvious reason why the insurance websites will be immune.
Should the administration assurance prove to be 100 percent reliable, it’s hard to see how the mandate would cause it such an expensive hassle. If no consumers have their data swiped, no consumers will need to be notified. Only if information breaches do occur is there any burden on the federal government. It’s worth noting that corporations somehow manage to operate despite laws that in most states require them to report serious breaches of customer information.
That burden on the federal health care administrators seems minimal given the possible harm to insurance customers. They don’t stand to have confidential medical information exposed, but they do have to worry the loss of other data that thieves could use.
Also, as House Republican leader Eric Cantor noted, Americans can decide for themselves if they want to shop at Target. But they are legally required to get health insurance.
We can hope no one will ever lose such data while accessing HealthCare.gov. But if they do, they ought to know about it.