WASHINGTON — Administration officials tried to assure skeptical members of Congress on Wednesday that highly personal information given by millions of Americans joining health care marketplaces will be protected from hackers.
At a House hearing led by Rep. James Lankford, members from both parties expressed concerns that breaches of the new “hub” could expose a range of private data.
“I believe this hub has a bull's-eye on it,” said Rep. Jackie Speier, D-Calif. “And the potential for it being hacked is great.”
Rep. Patrick Meehan, R-Pa., said the health care exchanges would lead to “the largest consolidation of personal information in the history of the republic.”
Marilyn Tavenner, head of the Centers for Medicare and Medicaid Services, said the hub being created for the health care marketplaces known as exchanges would not retain data. Rather, she said, it was created to connect to databases — like those at the Internal Revenue Service — that can verify such information as whether a person's income qualifies the person for insurance subsidies.
But Lankford, R-Oklahoma City, noted that a person seeking insurance through an exchange would create an account containing personal information that would be stored. That would include Social Security numbers and information about a person's age, gender, race, addresses and phone numbers and potentially some health-related matters, Lankford said.
“The large amount of information sharing raises the risk of identity theft and other types of misuse,” Lankford said. “This risk is even more pronounced since the Department of Health and Human Services has missed several of their own self-imposed deadlines.”
Under the health care law, individuals should be able to shop for insurance on the exchanges beginning Oct. 1.
Auditors told lawmakers at the hearing Wednesday that the administration has a lot of work to do on the data hub — which has already cost about $400 million — in a short amount of time.
An assistant inspector general for the Treasury Department, which includes the IRS, told the House members that it would be difficult to complete all the final integration of various federal databases and test the system by the deadline.
“The lack of adequate testing could result in significant delays and errors in accepting and processing ... applications for health insurance coverage,” Alan R. Duncan testified.
Administration officials said federal agencies such as the IRS, Social Security Administration and the Centers for Medicare and Medicaid Services have decades of experience in protecting private information.
Daniel Werfel, principal deputy commissioner at the IRS, said the agency would be providing information about family size and income to help determine the level of premium subsidies available to people buying health insurance.
Any outside agency — including state-based exchanges that offer health insurance — will have to meet “robust” standards of security to access IRS information, Werfel said.
Rep. Darrell Issa, R-Calif., said Serco, the British company that recently won a $1.2 billion contract to process paper applications for health insurance, had its computers hacked, and information of about 123,000 participants in the federal Thrift Savings Plan was stolen. The incident came to light last year.