Hultgren Supports "Safe and Secure" Bill for Federal Websites

Washington, DC — U.S. Representative Randy Hultgren (IL-14) has co-sponsored H.R. 3635, the Safe and Secure Federal Websites Act, a bill to protect the privacy and security of Americans who access federal websites.

H.R. 3635 requires Healthcare.gov and future federal websites that collect sensitive personal information, such as social security numbers, be reviewed by the Government Accountability Office and certified as secure by the agency’s Chief Information Officer before being made available to the public. Further, any federal website published after July 1, 2013 not certified must be taken down until certified as secure. Full text of the bill is available here.

“No federal website that intakes the personal data of Americans should be online without basic, industry-accepted standards of security. We’ve heard directly from security experts that the administration rushed out Healthcare.gov without the proper security measures or infrastructure in place to protect health consumers’ personal data,” said Rep. Hultgren. “Later this week, our committee hopes to hear assurances that these experts have seen improvements in the website, but the administration has so far refused to answer the committee’s requests for basic information regarding the security procedures they have put in place. Americans should never be forced to jeopardize their personal data by using an insecure government website. It’s bad enough they are forced to buy health insurance in the first place.”

On Thursday, the House Science, Space and House Science, Space and Technology Committee will host a hearing entitled, “Healthcare.gov: Consequences of Stolen Identity,” featuring online security experts.

At a November 19 hearing, David Kennedy, a so-called ‘white hat hacker,’ demonstrated how hackers are attempting to access personal information on the website. Mr. Kennedy testified that there are “clear indicators that even basic security was not built into the Healthcare.gov website.” Following his testimony, Rep. Hultgren and members of the Science Committee sent a letter to President Obama raising concerns over the security and privacy risks surrounding the online Obamacare portal.

Last week, Rep. Hultgren voted with the House to protect consumers from the security risks associated with Healthcare.gov and to hold the President and his administration to the same online security standards of American businesses by passing H.R. 3811, the Health Exchange Security and Transparency Act, requiring HHS to notify individuals of any breach on the health care law exchanges that endangers personal data within two business days.


This post is contributed by a community member. The views expressed in this blog are those of the author and do not necessarily reflect those of Patch Media Corporation. Everyone is welcome to submit a post to Patch. If you'd like to post a blog, go here to get started.

John Tips January 14, 2014 at 10:17 AM
Until our government finds a "perfect" way of protecting our privacy on line, we will never be free of hackers! One way to help stop these assaults is to declare war on hacking, making hacking in the USA a felony offense punishable by at least 10 years in prison with no reduction. What is also needed is an international agreement to stop hackers in other countries - allowing the country harmed to extradite these people and imprison them here sizing all their assets!
Jim Ryan January 14, 2014 at 02:59 PM
Instead of endlessly trying to chink away at ACA, perhaps our legislators should consider a Safe and Secure bill to protect our children from being shot on school grounds. I'd be willing to bet great solutions could be crafted if only these same lawmakers weren't NRA puppets and beneficiaries.
Mike January 14, 2014 at 05:48 PM
This is good legislation. If and when your personal information is compromised, the government must notify you within 2 business days, just like any other organization has to do. Are opponents afraid that when people are being constantly notified of security breaches they'll realize what a poorly conceived and hostility thrown-together the ACA really is?
Jim Ryan January 14, 2014 at 07:28 PM
This could be good legislation if it was meant to be an across the board piece of work and not aimed at one particular website/law. Other organizations only report data breaches when they are caught by outside organizations, primarily news outlets. Otherwise, they keep a very tight lid on hack notifications. The 2 business day rule only applies when they're called out. So, if the gov't works under the same rules, most people won't be constantly notified. ACA was well conceived (most of it was written by the insurance industry) - as a retired data systems engineer, I agree that the website was probably hastily thrown together. Beware the spell-checker.


More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something