Mish Moved to MishTalk.Com Click to Visit.
In response to the curious statement in Obamacare website source code: "You Have No Reasonable Expectation of Privacy" one reader wondered if that was just "standard disclosure practice".
If so, then why didn't Cheryl Campbell, senior vice president of CGI Federal Inc., the company that built the Obamacare health care exchange website, simply say so?
The reason is now apparent. The website design is a clear breach of privacy.
Clear Breach of Privacy
The Foundry reports HealthCare.gov Users Warn of Security Risk, Breach of Privacy.
Justin Hadley logged on to HealthCare.gov to evaluate his insurance options after his health plan was canceled. What he discovered was an apparent security flaw that disclosed eligibility letters addressed to individuals from another state.
Hadley wrote to Heritage on Thursday night and also contacted the U.S. Department of Health and Human Services, which administers HealthCare.gov, as well as elected officials in his state. He has yet to hear back from HHS, even though HealthCare.gov still displays the personal information of the South Carolina residents on his account.
Dougall said he was able to register on HealthCare.gov, but decided not to sign up for insurance. “The plans they offered were grossly expensive and didn’t provide the level of care I have now,” he said.
After learning of the privacy breach, Dougall spent Friday evening trying to contact representatives from HealthCare.gov to no avail; he spent an hour waiting on the telephone and an online chat session was unhelpful.
“I want my personal information off of that website,” Dougall said.
Last week, the Associated Press disclosed a government memo revealing the “high” security risk for HealthCare.gov. Those concerns surfaced at Wednesday’s hearing with HHS Secretary Kathleen Sebelius, who claimed the system was secure.
Heritage cyber-security expert Steven Bucci, director of the Douglas and Sarah Allison Center for Foreign Policy Studies, said users of HealthCare.gov are leaving their personal information unsecured.
“Once it goes out over the system, it is vulnerable,” Bucci said. “There appears to have been a singular lack of concern for security. The site needs to receive and transmit sensitive personal information, yet it has less than state of the art security.”
Memo Raises Security Concerns
Let's dig a little deeper. Please consider Memo raises security concerns about government health website
The nation’s top health official tells lawmakers ‘I’m responsible’ for the problems with the launch of Healthcare.gov.
Defending President Barack Obama’s much-maligned health care overhaul in Congress, his top health official was confronted Wednesday with a government memo raising new security concerns about the trouble-prone website that consumers are using to enroll.
The document, obtained by The Associated Press, shows that administration officials at the Centers for Medicare and Medicaid Services were concerned that a lack of testing posed a potentially “high” security risk for the HealthCare.gov website serving 36 states. It was granted a temporary security certificate so it could operate.
Security issues are a new concern for the troubled HealthCare.gov website. If they cannot be resolved, they could prove to be more serious than the long list of technical problems the administration is trying to address.
“You accepted a risk on behalf of every user ... that put their personal financial information at risk,” Rep. Mike Rogers, R-Mich., told Health and Human Services Secretary Kathleen Sebelius during questioning before the House Energy and Commerce Committee.
Sebelius Says "Americans Deserve Better"
“So let me say directly to these Americans, you deserve better. I apologize.”, said Sebelius.
That's a start. Not many politicians apoligise when they make a mistake. President Obama should try the same, first by firing Sebelius. Second, and more importantly, Obama should offer his own apology, then reach out to Republicans and health care officials in an attempt to fix Obamacare. Better yet, he should start all over.
Mike "Mish" Shedlock