Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
Despite the fact that private companies are required to publicly disclose any incidents. State laws also require many of the 14 state-run insurance exchanges to disclose such information, but no such law exists for the federally run exchange, which 36 states rely upon.
When asked HHS to ensure the exchanges would promptly notify affected enrollees in the event of a data breach or unauthorized access to the exchange’s databases. HHS responded: “We do not plan to include the specific notification procedures in the final rule. Consistent with this approach, we do not include specific policies for investigation of data breaches in this final rule.” In other words, the government doesn’t have to tell you about a security breach unless it decides it wants to.
There is a very simple answer and that is for states to create their own exchanges. Most of the states that use the federal exchange are Republican run so it would be simple for them to fix this problem if they wanted to.
I think its pretty clear at this point in time that entering ones data into the federal exchange is extremely risky. From the very beginning computer security experts have noted that the exchange is not well protected. One even called the website, "a hacker's wet dream". It's pretty disgusting that they have built a website that is not secure and barely works, forced many Americans into using it and then not doing the right thing in case of a security breach which would be to notify people. This is a huge mess.
Despite the fact that private companies are required to publicly disclose any incidents. State laws also require many of the 14 state-run insurance exchanges to disclose such information, but no such law exists for the federally run exchange, which 36 states rely upon.
When asked HHS to ensure the exchanges would promptly notify affected enrollees in the event of a data breach or unauthorized access to the exchange’s databases. HHS responded: “We do not plan to include the specific notification procedures in the final rule. Consistent with this approach, we do not include specific policies for investigation of data breaches in this final rule.” In other words, the government doesn’t have to tell you about a security breach unless it decides it wants to.
There is a very simple answer and that is for states to create their own exchanges. Most of the states that use the federal exchange are Republican run so it would be simple for them to fix this problem if they wanted to.
Can states opt in at any time or is it too late once the federal exchange is established?
Despite the fact that private companies are required to publicly disclose any incidents. State laws also require many of the 14 state-run insurance exchanges to disclose such information, but no such law exists for the federally run exchange, which 36 states rely upon.
When asked HHS to ensure the exchanges would promptly notify affected enrollees in the event of a data breach or unauthorized access to the exchange’s databases. HHS responded: “We do not plan to include the specific notification procedures in the final rule. Consistent with this approach, we do not include specific policies for investigation of data breaches in this final rule.” In other words, the government doesn’t have to tell you about a security breach unless it decides it wants to.
Aren't those 36 states mostly Republican governor run states? Guess Republican governors don't care about security or they would of had their state run their own exchange programs so that they could better monitor it themselves instead of relying on the federal government.
There is a very simple answer and that is for states to create their own exchanges. Most of the states that use the federal exchange are Republican run so it would be simple for them to fix this problem if they wanted to.
Aren't those 36 states mostly Republican governor run states? Guess Republican governors don't care about security or they would of had their state run their own exchange programs so that they could better monitor it themselves instead of relying on the federal government.
Did anyone expect that HHS would be so crass as to shrug at security issues?
I think its pretty clear at this point in time that entering ones data into the federal exchange is extremely risky. From the very beginning computer security experts have noted that the exchange is not well protected. One even called the website, "a hacker's wet dream". It's pretty disgusting that they have built a website that is not secure and barely works, forced many Americans into using it and then not doing the right thing in case of a security breach which would be to notify people. This is a huge mess.
HHS was told by the government IT security person it wasn't ready and HHS went forward anyway so they wouldn't miss the date.
She testified that to Congress. The memo to HHS was dated September 2013.
Did anyone expect that HHS would be so crass as to shrug at security issues?
Sure, we have a do nothing Congress with tons of Republicans bragging about not wanting to create new laws.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.