When Target department stores found a security breach that exposed the credit and debit card information of millions of customers this month, the company was legally required to inform the customers.
The federal government has no such requirement for its troubled HealthCare.gov website, but
Rep. Diane Black, R-Tenn., has introduced a bill that would require the government to do just that.
State health exchanges and private companies such as Target are already legally required to inform customers of security breaches.
Two IT managers at the Centers for Medicare and Medicaid Services refused to sign the authority-to-operate order because the site wasn't safe, Black said. Eventually, CMS head Marilyn Tavenner signed the order.
Related Stories: