WASHINGTON – Congresswoman Renee Ellmers (R-NC-02) released the following statement this afternoon after voting in favor of the Health Exchange Security and Transparency Act:

"We've started a new year with the same old problems. Over three months since the Obamacare exchanges took effect, the website continues to be plagued with errors and threatens to expose the personal information and health records of millions of Americans. That's why today I voted with my colleagues on both sides of the aisle for the Health Exchange Security and Transparency Act."

"This bill will require the Department of Health and Human Services (HHS) to notify individuals within two days if there has been a breach to the exchange website and if their personal information has been exposed. The Obama administration must be held accountable for the failures in this website and their inability to perform basic security procedures that could have an enormous impact on people's lives and their privacy."

Background on H.R. 3811:

Well before the October 1, 2013 launch date, red flags were raised regarding the vulnerability of HealthCare.gov, including security vulnerabilities. In fact, on August 2, 2013, the Inspector General of the Department of Health and Human Services reported “several critical tasks remain to be completed in a short period of time, such as the final independent testing of the Hub’s security controls, remediating security vulnerabilities identified during testing, and obtaining the security authorization decision for the Hub before opening the exchanges.”

Since October 1st - and the website’s failed launch - even greater concern has been expressed regarding the website’s vulnerabilities, including the security of personal and medical information. In fact, in an interview late last year, Experian Vice President, Michael Bruemmer, is quoted as saying he expects a significant increase in the number of health care breaches in 2014. Specifically, Bruemmer is quoted as saying “[the website infrastructure] was put together too quickly and haphazardly.” Thus, “we have volume issues, security issues, multiple data handling points – all generally not good things for protecting protected health information and personal identity information.”

# # #