Bilirakis Introduces One Hour Notification Act to Address Obamacare's Security Risks

January 6, 2014

There have been reports that the Department of Health and Human Services (HHS) is not required to notify consumers of data breaches under Obamacare. Furthermore, normal medical privacy laws, like HIPAA, do not apply to the federal government or the Exchanges.

A government bureaucrat should not decide if the loss of personally identifiable information (PII) constitutes "harm." Under Obamacare, millions of Americans have lost their healthcare coverage, have seen their premiums rise and have been forced to choose new doctors. Now, they're faced with concerns regarding their personal information and whether it has been compromised — all because the President's signature law was never ready for prime time. The government forced individuals onto these Exchanges, and the government should be held accountable for keeping all PII secure.

Therefore, I have introduced the One Hour Notification Act, which provides real solutions to protect the privacy of hardworking Americans. In short, the bill would:

(1) Require HHS to notify someone within an hour when there's been a data breach and their personal information may have been compromised;

(2) Require timely notification of the breach to Congress; and

(3) Require an annual report to Congress on cybersecurity breaches of the Exchanges and what strategies are being used to mitigate that risk.

As the House works to address this issue this week, I look forward to working with my Congressional colleagues to incorporate some of these ideas into the legislation that is taken up on the House floor.