On several occasions since November, I have written to you to request that we meet to discuss the adoption of a bipartisan protocol to safeguard sensitive documents obtained during this investigation and to develop a responsible approach to making information public that the Committee determines is important to its investigation.

I also remain concerned with the unilateral release by your office of partial transcripts and select document excerpts to promote partisan narratives that often turn out to be inaccurate, particularly when these releases are not part of any official report, correspondence, or other Committee action. Not only is this a disservice to the American people and the goals we share, but it undermines the credibility and integrity of the Committee.


Another concern is the security of documents in the custody of the Committee. Currently, the Committee has no procedure governing the storage and handling of these sensitive documents. As a result, there have been two separate occasions last week when sensitive documents were left unattended in unlocked rooms accessible by the public. Although I understand that your office believes these documents are not sensitive, one was produced to the Committee in encrypted, password-protected format, and both were marked as sensitive documents that require special handling.


A third concern relates to providing access to sensitive information to individuals outside the Committee. In December, you stated that you intended to “consult carefully with non-conflicted experts to ensure no information is released that could further jeopardize the website’s security.” Several days later, you wrote a letter to the Department of Health and Human Services indicating that you had already begun this process, stating that you would “continue” consulting with outside security experts.


Based on your statements, it is unclear who these outside experts are, who they work for, and who they may be affiliated with, raising concerns about what they may do with the information. If they do not work for the government or any of its contractors, it is unclear what contractual or other restrictions they are under not to disclose this sensitive information further. There have been multiple reports about organizations and individuals who are deliberately targeting the Healthcare.gov website for malicious purposes. The risk that this information could get into the wrong hands increases dramatically as more individuals gain access to it, particularly when these individuals are under no obligation to safeguard it.


http://democrats.oversight.house.gov/press-releases/cummings-seeks-protocols-to-safeguard-sensitive-healthcaregov-documents/