
Full profile: /officials/G000576
Source: Congress.gov · FEC
Members who have signed on to support this bill since introduction. Source: Congress.gov.
The most recent step in the bill's legislative path. Committee Activity below shows referrals and reports; the full action-by-action history including floor proceedings lives at Congress.gov →
Currently in
The proposal would require healthcare.gov, the federal website where people shop for health insurance, to use multi-factor authentication—an extra security step like a text message code in addition to a password—when users access their personal health information. This change would make it harder for hackers or unauthorized people to access sensitive details like Social Security numbers, medical records, and insurance information. The requirement would affect millions of Americans who use the website to enroll in coverage or manage their health insurance plans.
AI-assisted summary generated from the official bill metadata (title, subjects, actions) sourced from Congress.gov. Cached and reviewed. Always verify against the official text linked below.
Verbatim text published on Congress.gov via GovInfo. Use Cmd+F / Ctrl+F to search within this excerpt.
[Congressional Bills 119th Congress] [From the U.S. Government Publishing Office] [H.R. 9515 Introduced in House (IH)] <DOC> 119th CONGRESS 2d Session H. R. 9515 To amend the Patient Protection and Affordable Care Act to require the use of multi-factor authentication to access certain information through healthcare.gov. _______________________________________________________________________ IN THE HOUSE OF REPRESENTATIVES June 29, 2026 Mr. Grothman (for himself, Mr. Fine, and Mr. Arrington) introduced the following bill; which was referred to the Committee on Energy and Commerce _______________________________________________________________________ A BILL To amend the Patient Protection and Affordable Care Act to require the use of multi-factor authentication to access certain information through healthcare.gov. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Marketplace Fraud Accountability Act'' or the ``MFA Act''. SEC. 2. REQUIRING THE USE OF MULTI-FACTOR AUTHENTICATION TO ACCESS CERTAIN INFORMATION THROUGH HEALTHCARE.GOV. (a) In General.--Section 1311(c) of the Patient Protection and Affordable Care Act (42 U.S.C. 18031(c)) is amended by adding at the end the following new paragraph: ``(8) Multi-factor authentication.-- ``(A) In general.--Subject to subparagraph (B), not later than the date that is 1 year after the date of enactment of this paragraph, the Secretary shall require the use of multi-factor authentication to verify the identity of any individual attempting to access the healthcare.gov website (or any successor website) for purposes of-- ``(i) enrolling in a qualified health plan offered through an Exchange; or ``(ii) accessing any personalized information with respect to such enrollment. ``(B) Exceptions.--Subparagraph (A) shall not apply in the case of an individual that does not have access to broadband service or cellular service, or is otherwise unable to use multi-factor authentication for reasons specified by the Secretary. ``(C) Multi-factor authentication defined.--For purposes of this paragraph, the term `multi-factor authentication' means authentication through the verification of 2 or more of the following types of authentication factors: ``(i) Knowledge factors, such as a password. ``(ii) Possession factors, such as a token. ``(iii) Inherence factors, such as biometric characteristics.''. (b) Effective Date.--The amendments made by this subsection shall apply with respect to plan years beginning on or after the date that is 1 year after the date of enactment of this subsection. <all>
Bills by the same sponsor or covering overlapping subjects.