Menu
Senators question security at HealthCare.gov

Senators question security at HealthCare.gov

Lawmakers point to reports of a website user having his personal data shared with another user

U.S. lawmakers questioned the security of HealthCare.gov, the U.S. government's troubled insurance-shopping website, after reports that one applicant's personal information was shared with another applicant.

Reports that the website shared South Carolina resident Tom Dougall's personal information with another insurance applicant raises serious concerns about security at the site, Republican members of the U.S. Senate Health, Education Labor and Pensions Committee said during a hearing Tuesday.

The security concerns come on top of the website's existing problems, including site outages, sluggish page load times and users' inability to complete coverage applications, since the U.S. Department of Health and Human Services launched the website Oct. 1. The website is a key piece of insurance reform law the Affordable Care Act, or Obamacare, passed by Congress in 2010.

"We are now more than 30 days into one of the greatest website disasters in history," Senator Tim Scott, a South Carolina Republican, said during the hearing. "After nearly US $400 million, HealthCare.gov is synonymous now with failure. The public's trust has been broken."

In the South Carolina case, another applicant received download links to Dougall's insurance application, Scott said. Dougall and Scott have asked HHS to remove all his personal information from HealthCare.gov, but agency officials have not been able to tell him if that will happen, said Scott, one of Dougall's senators.

"There's no delete option for consumers," Scott said.

The team working on HealthCare.gov for the HHS Centers for Medicare and Medicaid Services [CMS] has fixed the problem that caused the data to be shared, said Marilyn Tavenner, administrator at CMS. The agency has been trying to contact Dougall to address his concerns, she said.

Tavenner defended the site's security, saying contractor Mitre has continually tested the site and is monitoring for intrusions. The site is using similar security measures as are used in the CMS Medicare program, she said.

Capacity has been added to improve site performance and HealthCare.gov should be working well by the end of the month, as HHS has projected, she said.

But committee Republicans -- who have opposed Obamacare -- raised doubts about security. The HHS inspector general's office warned HHS and its Centers for Medicare and Medicaid Services [CMS] about possible security problems in an August report, Scott said.

That report warns CMS of a tight time frame for completing security testing, with the report noting that the targeted data of security authorization for the website slipped from early September to Sept. 30, a day before launch. "If there are additional delays in completing the security authorization package, the CMS CIO may not have a full assessment of system risks and security controls needed for the security authorization decision by the initial opening enrollment period," the report said.

Senator Michael Enzi, a Wyoming Republican, repeated concerns raised in earlier hearings that end-to-end security testing on the site was not completed before it went live.

Security testing for the website's hub, which verifies applicants' eligibility for insurance coverage, was completed, Tavenner said, while individual components of the site's exchange functionality, where users can apply for insurance and compare plans, were also tested. The testing complied with U.S. government rules, she said.

The exchange "was not signed off as a complete package, because we were still upgrading modules," she said. "The testing will continue this month and next month as we do these software upgrades."

Committee Chairman Tom Harkin, an Iowa Democrat, urged CMS to focus on security. "This is a paramount concern," he said. "Consumers have to be absolutely certain that when they go on and they fill out that application, they give all that information, that is secure."

Other committee Democrats said they were disappointed in HealthCare.gov's rollout. The botched launch of the site has led to a "crisis of confidence" in the system, said Barbara Mikulski, a Maryland Democrat.

CMS plans to reach out to website users and to people who have avoided the site because of the problems after the agency is confident HealthCare.gov is working correctly, Tavenner said. The agency is planning a media campaign after the problems are resolved, she said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Tim ScottTom DougallGovernment use of ITMichael EnziEducation Labor and Pensions CommitteeHealthcare.govMarilyn Tavennerindustry verticalsTom HarkinU.S. Senate HealthMikulskiU.S. Department of Health and Human ServicesPat Robertshealth caregovernment

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments