Lawmakers question security of health insurance hub days from launch
More testing of security in the U.S. government's health exchange data hub is needed, critics say
IDG News Service - Less than three weeks before a massive U.S. government health information database is scheduled to go live, some lawmakers have significant concerns about the ability of the system to protect personal health records and other private information.
It's unclear if security measures are in place at the U.S. Department of Health and Human Services' health exchange data hub, a huge IT system that will process uninsured U.S. residents' applications for health insurance, said Representative Patrick Meehan, a Pennsylvania Republican.
"I have grave concerns from a cybersecurity standpoint," Meehan said on Wednesday during a hearing of the cybersecurity subcommittee of the U.S. House of Representatives Homeland Security Committee.
The data hub, scheduled to go live Oct. 1, will process names, dates of birth, Social Security numbers, health conditions and several other pieces of personal information, Meehan said.
Other lawmakers raised similar fears about the hub, a key piece of the Affordable Care Act, often called Obamacare, passed by Congress in 2010. "The issue is not if but when we're going to have a breach of the data hub," said Representative Mike Rogers, an Alabama Republican.
But subcommittee Democrats noted that earlier this month the HHS Centers for Medicare and Medicaid Services (CMS) completed testing of the hub and received security authorization for the system. The security testing was established by the U.S. National Institute of Standards and Technology, according to CMS.
Representative Yvette Clarke, a New York Democrat, praised CMS for focusing on U.S. residents' privacy. State-operated health care exchanges, allowing uninsured people to shop for insurance, "will function only if people are certain that their private information -- medical and financial -- will be protected," she said.
Meehan questioned how CMS completed its security assessment nearly a month ahead of schedule after the agency had "for three years failed to meet a single deadline."
Critics have long raised concerns that the hub will collect large amounts of health and other personal information, and a breach could cause significant problems for users. Officials with President Barack Obama's administration have said the hub will store little information, instead accessing information in other databases as needed.
Data breaches at the hub would do "irreparable harm" to users, said Stephen Parente, director of the Medical Industry Leadership Institute at University of Minnesota. There hasn't been enough security testing on the hub, which is a "massive IT project with literally no technical precedent," he added.
Meehan on Wednesday repeated his concerns that the hub would make an attractive target for hackers. "We face a time in which we have very sophisticated adversaries ... who may wish to do us harm," he said.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
Currently, the FDA does not regulate consumer medical apps, so, like the supplement industry, it’s a buyer-beware situation. Without rigorous clinical trials, there is no way to know which, if any, of these apps will actually improve health outcomes. Since few of these apps have been tested in clinical trials, their efficacy and safety are largely unknown.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Healthcare Firm Ramps Up for Claims Processing Spikes
- Huge increases in claims processing loads and stringent SLAs for Medicaid patients prompted Molina Healthcare to enhance their IT infrastructure with VCE.
- The Telemedicine Revolution: Patients Can't Wait
- How high bandwidth, low latency ethernet communications is changing the practice of medicine. Comcast Ethernet offers the robust, scalable backbone for telemedicine for...
- Escape Plan: How Integrated IT Portfolio Management Helps Organizations Clear the Chaos
- Meaningful Use, ICD-10 compliance, EMR Implementation--do you feel lost in this ever-growing jungle?
- Osterman White Paper: The Need for Enterprise-Grade File Transfer
- Key trends in file transfer
- The New Universe of Managed File Transfer: Why your existing solution might not be adequate
- The Evolution of File Transfer All Healthcare IT White Papers
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- Fighting Fraud Videos: IBM Intelligent Investigation Manager Short videos about IBM Intelligent Investigation Manager (IIM) for Fraud. IIM optimizes the investigation of fraud for customers across many industries in both...
- IBM Intelligent Investigation Manager: Online Product Demo Intelligent Investigation Manager optimizes fraud investigation and analysis and it dynamically coordinates and reports on cases, provides analysis and visualization, and enables more...
- All Healthcare IT Webcasts
Johns Hopkins, OhioHealth, Kaiser Permanente and other top healthcare organizations each won a place on Computerworld's Best Places to Work in IT 2013 list. Honorees say the distinction helps them both recruit and retain top talent.
Want to join this elite group? Nominate your organization for our 2014 list.