Lawmakers approved a proposal Friday to address potential security breaches on the HealthCare.gov Web site as Republicans seek to keep political attention focused on concerns with the ongoing rollout of the new federal health-care law.
On a vote of 291 to 122, more than five dozen Democrats joined with all voting Republicans to approve a measure that would require the Department of Health and Human Services to notify affected users of any potential breach of a state or federal exchange within two business days.
Republicans openly crowed at Friday's vote tally, boasting that 67 vulnerable Democrats were willing to buck President Obama, who signaled Thursday that he strongly opposed the proposal. The White House said the measure would create "unrealistic and costly paperwork requirements" that wouldn't improve the safety or security of the site's users.
The vote capped the first week of the new year for the Republican-controlled House, but comes as attention on Capitol Hill has started shifting to broader concerns with income inequality, especially regarding unemployed or low-wage workers, and away from concerns with the health-care law.
In recognition of the emerging debate, House GOP leaders this week distributed talking points to rank-and-file members advising them how to show compassion for the nation's unemployed. Even House Speaker John A. Boehner (R-Ohio) sought to remind reporters that House Republicans are "concerned with those having a difficult time trying to find a job" as he raised doubts about Democratic proposals to extend unemployment insurance.
But Boehner also has vowed to continue passing legislation to address widespread concerns with the implementation of the Affordable Care Act. He described the measure approved Friday as part of GOP attempts "to protect the American people from the consequences of this disastrous law."
Next week, Republicans will turn their attention to a similar proposal that would require the Obama administration to provide detailed state-by-state reports on the number of people enrolling for new health-care coverage under the law. The proposal is billed as another common-sense attempt to address public concerns about the effectiveness and success of the law.
Democratic aides privately concede this week that dozens of Democrats in tight reelection contests will likely continue voting with Republicans on such proposals, not only in an attempt to blunt attempts to tie the lawmaker to Obama and the law, but also to demonstrate a willingness to address concerns in a bipartisan fashion.
The bill approved Friday came as House Republicans have seized on the fact that the chief information security officer at the Centers for Medicare and Medicaid Services, Teresa Fryer, recommended against authorizing the launch of HealthCare.gov on Oct. 1 on the grounds that not enough testing had been done in advance.
Fryer gave the House Oversight and Government Reform Committee a Sept. 24 memo she had drafted — but not sent — to her boss suggesting that the federal health insurance marketplace “does not reasonably meet the CMS security requirements” intended to minimize risks. “There is also no confidence that the Personal Identifiable Information (PII) will be protected.”
Ultimately, CMS administrator Marilyn Tavenner and the agency’s chief information officer, Tony Trenkle, who has since retired, made the decision to launch HealthCare.gov as scheduled.
House Majority Leader Eric I. Cantor (R-Va.) read passages from the draft memo on the House floor Friday. But House Democrats argued that Republicans have exaggerated the Web site’s vulnerability, in part because consumers provide limited personal information when signing up through HealthCare.gov, and because CMS put additional security measures in place a few days after Fryer voiced her objection to the launch.
"Republicans are still obsessed with killing this law," Rep. Elijah Cummings (D-Md.) said before the vote Friday. "Since they cannot do so legislatively, they have shifted to a different tactic: scaring people away from the Web site."
"There have been no successful security breaches of HealthCare.gov," Cummings added later. "Nobody's personal information has been maliciously hacked."
CMS also said Friday that there have been no successful security attacks on the Web site and that “no person or group has maliciously accessed personally identifiable information from the site.” The site undergoes security testing on an ongoing basis and is monitored to deter or prevent any authorized access, the agency said in a statement.
During her interview with congressional investigators, Fryer said there were "several layers of protection" within the computer system, and that some of the mitigation measures the department had implemented were “best practices above and beyond what is usually recommended” because the federal marketplace is so visible.
But she also said that even with the "extra protections" for the site, "We couldn’t mitigate or remediate those unknown risks" that prompted her initial recommendation against the Oct. 1 debut.
Even though the bill passed the House easily Friday, it will be ignored by the Democratic-controlled Senate, where leaders spent this week seeking to shift attention away from years of spending battles and the botched rollout of the health law to renewing unemployment benefits and raising the federal minimum wage.
"It's a different political structure than it was even a year ago," Sen. Charles E. Schumer (D-N.Y.) told reporters this week. "Issues like the deficit and Obamacare are important, but helping average people, getting the economy going and creating jobs is now number one, and [Republicans] block things like unemployment insurance and minimum wage at their peril."