House Passes New Security Requirements for HealthCare.gov

Eric Gay/AP

The bill, which is unlikely to become law, would notify consumers within two days if their information is hacked.

The House voted by a substantial margin on Friday to impose stringent new security standards on HealthCare.gov.

The vote would require the Health and Human Services Department to notify consumers within two business days if their personal information was hacked on the online health insurance marketplace. It comes following Republican claims that security on the site is more lax than the Obama administration admits and follows numerous earlier votes to repeal or pare back Obamacare.

The vote on the bill was 291 in favor and 122 opposed. Sixty-seven Democrats voted yes.

The bill was introduced on Tuesday by Rep. Joe Pitts, R-Pa., and debated and passed on the House floor three days later. As with previous anti-Obamacare measures, the bill, known as the Health Exchange Security and Transparency Act, is highly unlikely to pass the Senate and be signed by the president.

The White House slammed the proposed law on Thursday, saying it “would impose an administratively burdensome reporting requirement that is less effective than existing industry standards and those already in place for federal agencies.”

Health and Human Services officials have said HealthCare.gov meets the government’s information security standards and that there have been no successful breaches of people’s personal information on the site to date.

House investigators, led by Oversight and Government Reform Committee Chairman Rep. Darrell Issa, R-Calif., claim the Obama administration ignored numerous red flags in the rush to meet their Oct. 1 deadline for HealthCare.gov to go live, including a recommendation from the Centers for Medicare and Medicaid Services Chief Information Security Officer Teresa Fryer that the launch be delayed.

House Democrats claim Fryer’s warnings are taken out of context and the security risks on the website are overblown.

Both sets of claims are based on documents from contractors and government officials that have not been released publicly out of fear they could give hackers a “road map” into HealthCare.gov.

HealthCare.gov was nearly un-usable after its Oct. 1, 2013 launch due to about 400 coding glitches and insufficient storage space. The online marketplace has functioned at an acceptable level since Dec. 1 but analysts worry the early troubles may have made consumers wary of the site and could prevent the government from reaching its enrollment goal of 7 million people by the end of March.

If too few people enroll in the marketplace, that could increase risk and raise premiums to unaffordable levels. Concerns about security risks on the website could further depress enrollment.

Get the Nextgov iPhone app to keep up with government technology news.