Lawmakers have expressed serious concerns regarding the security of personal information on the HealthCare.gov website, an online portal where consumers in 36 states can enter personal information, including Social Security numbers and income data, to enroll in health insurance. For example, the House Oversight and Government Reform Committee, led by Rep. Darrell Issa (R., Calif.), last week subpoenaed information about the website from the Obama administration, including whether the site was well-protected from hackers. Sen. Orin Hatch (R., Utah) and 10 other Republican members of the Senate Finance Committee have also asked Health and Human Services Secretary Kathleen Sebelius for more information on security, stating in a letter this week that "serious questions remain as to the privacy and security of the very detailed personal information being transmitted" through the site. Rep. Mike Rogers (R., Mich.), chairman of the House intelligence committee, said he was concerned the race to fix the site would give security short shrift: "you can't ask all these Americans to risk their information so you can make your deadline."
The reason such suspicion has been raised is largely based on the problematic rollout with the website. Specifically, congressmen fear that because so much attention was focused on the launch and technical problems experienced shortly after the launch that security of personal information submitted by individuals on the website has been overlooked. As support, critics are citing a government memo from Sept. 27 that showed final security tests of HealthCare.gov weren't completed because the site wasn't ready in time.
The Obama administration last week announced a "tech surge" to fix the site. This surge included the naming of two individuals to the technology team: Google Inc.'s Michael Dickerson, a site reliability engineer, and Greg Gershman, a former presidential innovation fellow.
Time will tell whether suspicions about the security of personal information on the HealthCare.gov website will translate into reality, i.e. a data breach compromising individuals’ Social Security numbers, income data, and other personal information.