Obamacare Administrators Fail to Protect Individuals’ Personal Data Entered on Obamacare Website

The Centers for Medicare and Medicaid Services (CMS) at the Department of Health and Human Services (HHS) did not implement auditor recommendations to protect personal information at HealthCare.gov, Politico reported.

An official told lawmakers that CMS “has not yet implemented auditors’ recommendations that it conduct privacy impact assessments on HealthCare.gov systems that store personal information,” states Politico.

This is cause for concern considering the Office and Personnel Management (OPM) news that more than 21 million individuals had their sensitive information, including Social Security numbers and family and personal data, accessed by hackers because of a data breach.

“The U.S. Office of Personnel Management (OPM) has identified a cyber security incident potentially affecting personnel data for current and federal employees, including personally identifiable information (PII),” said OPM in a statement on June 4.

At a House Science, Space and Technology Committee hearing on the OPM data breach, Gregory Wilshusen, an information security expert at the Government Accountability Office (GAO), said he is not aware of any efforts by CMS to act on GAO’s recommendations regarding the Obamacare website. GAO recommended in September 2014 that CMS and HHS “implement security and privacy controls to enhance the protection of systems and information related to Healthcare.gov.” (Read more from “Gov’t Agency Fails to Protect Individuals’ Personal Data on Obamacare Website” HERE)

Follow Joe Miller on Twitter HERE and Facebook HERE.