What else could this disastrous web site possibly do wrong?
Obamacare’s Healthcare.gov website discloses eligibility letters written to other applicants. Hmm, thanks for the break of privacy of unsuspecting individuals who signed onto Healthcare.gov. The security flaw disclosed eligibility letters addressed to individuals from another state. Just curious, was a data disclosure made to HHS in compliance with HIPAA privacy rules like many healthcare government contractors are supposed to do within a specified amount of time? Or do your own rules not apply to yourself?
As reported at The Weekly Standard, below is a screen shot of one of the “eligibility letters” he wasn’t supposed to receive.
Justin Hadley logged on to HealthCare.gov to evaluate his insurance options after his health plan was canceled. What he discovered was an apparent security flaw that disclosed eligibility letters addressed to individuals from another state.
“I was in complete shock,” said Hadley, who contacted Heritage after becoming alarmed at the breach of privacy.
Hadley, a North Carolina father, buys his insurance on the individual market. His insurance company, Blue Cross Blue Shield of North Carolina, directed him to HealthCare.gov in a cancellation letter he received in September.
After multiple attempts to access the problem-plagued website, Hadley finally made it past the registration page Thursday. That’s when he was greeted with downloadable letters about eligibility — for two people in South Carolina.
The document shows that administration officials at the Centers for Medicare and Medicaid Services were concerned that a lack of testing posed a potentially “high” security risk for the HealthCare.gov website serving 36 states.
Last week, the Associated Press disclosed a government memo revealing the “high” security risk for HealthCare.gov. Those concerns surfaced at Wednesday’s hearing with HHS Secretary Kathleen Sebelius, who claimed the system was secure.
HHS spokeswoman Joanne Peters told the AP, “When consumers fill out their online … applications, they can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure.”
However, that didn’t stop members of Congress from voicing alarm.
“You accepted a risk on behalf of every user … that put their personal financial information at risk,” Representative Mike Rogers (R-MI) told Sebelius. “Amazon would never do this. ProFlowers would never do this. Kayak would never do this. This is completely an unacceptable level of security.”