HouseH.R. 9515119th Congress

MFA Act

Full Text

Official text as published. Use Ctrl+F / Cmd+F to search within the document.

[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 9515 Introduced in House (IH)]

<DOC>

119th CONGRESS
  2d Session
                                H. R. 9515

To amend the Patient Protection and Affordable Care Act to require the 
   use of multi-factor authentication to access certain information 
                        through healthcare.gov.

_______________________________________________________________________

                    IN THE HOUSE OF REPRESENTATIVES

                             June 29, 2026

Mr. Grothman (for himself, Mr. Fine, and Mr. Arrington) introduced the 
   following bill; which was referred to the Committee on Energy and 
                                Commerce

_______________________________________________________________________

                                 A BILL

 
To amend the Patient Protection and Affordable Care Act to require the 
   use of multi-factor authentication to access certain information 
                        through healthcare.gov.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Marketplace Fraud Accountability 
Act'' or the ``MFA Act''.

SEC. 2. REQUIRING THE USE OF MULTI-FACTOR AUTHENTICATION TO ACCESS 
              CERTAIN INFORMATION THROUGH HEALTHCARE.GOV.

    (a) In General.--Section 1311(c) of the Patient Protection and 
Affordable Care Act (42 U.S.C. 18031(c)) is amended by adding at the 
end the following new paragraph:
            ``(8) Multi-factor authentication.--
                    ``(A) In general.--Subject to subparagraph (B), not 
                later than the date that is 1 year after the date of 
                enactment of this paragraph, the Secretary shall 
                require the use of multi-factor authentication to 
                verify the identity of any individual attempting to 
                access the healthcare.gov website (or any successor 
                website) for purposes of--
                            ``(i) enrolling in a qualified health plan 
                        offered through an Exchange; or
                            ``(ii) accessing any personalized 
                        information with respect to such enrollment.
                    ``(B) Exceptions.--Subparagraph (A) shall not apply 
                in the case of an individual that does not have access 
                to broadband service or cellular service, or is 
                otherwise unable to use multi-factor authentication for 
                reasons specified by the Secretary.
                    ``(C) Multi-factor authentication defined.--For 
                purposes of this paragraph, the term `multi-factor 
                authentication' means authentication through the 
                verification of 2 or more of the following types of 
                authentication factors:
                            ``(i) Knowledge factors, such as a 
                        password.
                            ``(ii) Possession factors, such as a token.
                            ``(iii) Inherence factors, such as 
                        biometric characteristics.''.
    (b) Effective Date.--The amendments made by this subsection shall 
apply with respect to plan years beginning on or after the date that is 
1 year after the date of enactment of this subsection.
                                 <all>