Independent Government Watchdog Warns Administration Months Behind On Testing Data Security for Health Law

August 7, 2013


AUGUST 1: CMS Chief Assures Congress October 1 Implementation is on Track

AUGUST 2: HHS IG Reports CMS Months Behind on Testing IT Security

Appearing before the full House Energy and Commerce Committee last week, Marilyn Tavenner, Administrator of the Centers for Medicare and Medicaid Services, testified, “Sixty days from now is the beginning of open enrollment when Americans will be able to compare and enroll in affordable health care coverage, and that implementation is on track.”

Click here to watch.

In her written testimony, Tavenner said, “Over the last three and a half years, CMS and our Federal partners have been hard at work drafting policy, implementing consumer protections, working with stakeholders, and building IT systems that will enable Americans to shop and apply for insurance coverage starting just two months from now.” But, less than 24 hours after Tavenner’s claims to Congress, the Department of Health and Human Services Office of Inspector General added its voice last Friday to the chorus of concerns sounding the alarm on the administration’s readiness for the October 1, 2013, enrollment. Reuters reports, “The federal government is months behind in testing data security for the main pillar of Obamacare: allowing Americans to buy health insurance on state exchanges due to open by October 1.” Translation: the data hub, where Americans’ personal health and financial information will be stored, will not be deemed secure until one day before enrollment begins, a process that was supposed to be completed in early June. Add this to a growing list of concerns about the ability of the administration to implement this law in a timely and responsible manner.

Obamacare months behind in testing IT data security: government
August 6, 2013

The federal government is months behind in testing data security for the main pillar of Obamacare: allowing Americans to buy health insurance on state exchanges due to open by October 1.

The missed deadlines have pushed the government's decision on whether information technology security is up to snuff to exactly one day before that crucial date, the Department of Health and Human Services' inspector general said in a report.

As a result, experts say, the exchanges might open with security flaws or, possibly but less likely, be delayed.

"They've removed their margin for error," said Deven McGraw, director of the health privacy project at the non-profit Center for Democracy & Technology. "There is huge pressure to get (the exchanges) up and running on time, but if there is a security incident they are done. It would be a complete disaster from a PR viewpoint."

The most likely serious security breach would be identity theft, in which a hacker steals the social security numbers and other information people provide when signing up for insurance.

The inspector general's report, released without fanfare last Friday, found that the Centers for Medicare & Medicaid Services or CMS - the agency within HHS that is running Obamacare - had set a May 13 deadline for its contractor to deliver a plan to test the security of the crucial information technology component.

A test was to have been performed between June 3 and 7. But the delivery deadline slipped and the test - assessing firewalls and other security elements - is now set for this week and next.

"CMS," concludes the inspector general's report, "is working with very tight deadlines."

The delays mean that the ruling by CMS's chief information officer certifying the Obamacare IT system as secure will be pushed back from September 4 to September 30, a day before enrollment under the Patient Protection and Affordable Care Act, the law that established Obamacare, is supposed to start.

"Several critical tasks remain to be completed in a short period of time," the report concluded.

Any additional delays could mean CMS would not have the information it needs to authorize use of the system by October 1, the inspector general found.

CMS spokesman Brian Cook said the agency is confident the Obamacare exchanges will open on time. "We are on schedule and will be ready for the marketplaces to open on October 1," he said. …

Read the complete report here.