Bill mandates reporting of PII breaches by insurance exchanges
Representative Gus Bilirakis (R-FL) introduced the One Hour Notification Act of 2013 or the “OH No Act of 2013” (H.R. 3795). The legislation requires the Secretary of Health and Human Services to notify Congress and the individuals impacted, when a breach of personal identifiable information (PII) occurs by system maintained by the Health Insurance Exchanges created under the Patient Protection and Affordable Care Act. The legislation has been referred to the House Committee on Energy and Commerce for consideration.
The legislation states that within one hour after the time the Secretary is notified of a breach, the individual that was the subject of the breach must alerted. Further, in a timely manner, the House Committees on Energy and Commerce, Ways and Means, and Education and Workforce and the Senate Committees on Finance and Health, Education, Labor, and Pensions must be notified.
The legislation also calls for an annual report to Congress beginning on January 1, 2015, detailing the breaches that occurred during the past year and the rules, standards and strategies pursued to prevent future breaches.