There is strong media evidence that the Healthcare.gov web site(run by the U.S. Department of Health & Human Services, or HHS) does not meet the security requirements for protecting sensitive information. As such, the personal information of millions of American citizens is at risk. As such, HHS should be required to engage an INDEPENDENT auditor to assess the web site, as well as interconnected systems, for compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). It is unacceptable for the federal government to create the real risk of identity theft by knowingly operating a web site with insufficient security measures. As stated on the HHS web site, covered entities include: "Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs" I believe the Obamacare is included in "covered entities", given this description. Join your electronic voice with others to tell the administration that you will boycott Healthcare.gov until the security problems are fixed.