Full Text
Official text as published. Use Ctrl+F / Cmd+F to search within the document.
[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 9515 Introduced in House (IH)]
<DOC>
119th CONGRESS
2d Session
H. R. 9515
To amend the Patient Protection and Affordable Care Act to require the
use of multi-factor authentication to access certain information
through healthcare.gov.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
June 29, 2026
Mr. Grothman (for himself, Mr. Fine, and Mr. Arrington) introduced the
following bill; which was referred to the Committee on Energy and
Commerce
_______________________________________________________________________
A BILL
To amend the Patient Protection and Affordable Care Act to require the
use of multi-factor authentication to access certain information
through healthcare.gov.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Marketplace Fraud Accountability
Act'' or the ``MFA Act''.
SEC. 2. REQUIRING THE USE OF MULTI-FACTOR AUTHENTICATION TO ACCESS
CERTAIN INFORMATION THROUGH HEALTHCARE.GOV.
(a) In General.--Section 1311(c) of the Patient Protection and
Affordable Care Act (42 U.S.C. 18031(c)) is amended by adding at the
end the following new paragraph:
``(8) Multi-factor authentication.--
``(A) In general.--Subject to subparagraph (B), not
later than the date that is 1 year after the date of
enactment of this paragraph, the Secretary shall
require the use of multi-factor authentication to
verify the identity of any individual attempting to
access the healthcare.gov website (or any successor
website) for purposes of--
``(i) enrolling in a qualified health plan
offered through an Exchange; or
``(ii) accessing any personalized
information with respect to such enrollment.
``(B) Exceptions.--Subparagraph (A) shall not apply
in the case of an individual that does not have access
to broadband service or cellular service, or is
otherwise unable to use multi-factor authentication for
reasons specified by the Secretary.
``(C) Multi-factor authentication defined.--For
purposes of this paragraph, the term `multi-factor
authentication' means authentication through the
verification of 2 or more of the following types of
authentication factors:
``(i) Knowledge factors, such as a
password.
``(ii) Possession factors, such as a token.
``(iii) Inherence factors, such as
biometric characteristics.''.
(b) Effective Date.--The amendments made by this subsection shall
apply with respect to plan years beginning on or after the date that is
1 year after the date of enactment of this subsection.
<all>