Menu
Senators question security at HealthCare.gov

Senators question security at HealthCare.gov

Lawmakers point to reports of a website user having his personal data shared with another user

U.S. lawmakers questioned the security of HealthCare.gov, the U.S. government's troubled insurance-shopping website, after reports that one applicant's personal information was shared with another applicant.

Reports that the website shared South Carolina resident Tom Dougall's personal information with another insurance applicant raises serious concerns about security at the site, Republican members of the U.S. Senate Health, Education Labor and Pensions Committee said during a hearing Tuesday.

The security concerns come on top of the website's existing problems, including site outages, sluggish page load times and users' inability to complete coverage applications, since the U.S. Department of Health and Human Services launched the website Oct. 1. The website is a key piece of insurance reform law the Affordable Care Act, or Obamacare, passed by Congress in 2010.

"We are now more than 30 days into one of the greatest website disasters in history," Senator Tim Scott, a South Carolina Republican, said during the hearing. "After nearly US $400 million, HealthCare.gov is synonymous now with failure. The public's trust has been broken."

In the South Carolina case, another applicant received download links to Dougall's insurance application, Scott said. Dougall and Scott have asked HHS to remove all his personal information from HealthCare.gov, but agency officials have not been able to tell him if that will happen, said Scott, one of Dougall's senators.

"There's no delete option for consumers," Scott said.

The team working on HealthCare.gov for the HHS Centers for Medicare and Medicaid Services [CMS] has fixed the problem that caused the data to be shared, said Marilyn Tavenner, administrator at CMS. The agency has been trying to contact Dougall to address his concerns, she said.

Tavenner defended the site's security, saying contractor Mitre has continually tested the site and is monitoring for intrusions. The site is using similar security measures as are used in the CMS Medicare program, she said.

Capacity has been added to improve site performance and HealthCare.gov should be working well by the end of the month, as HHS has projected, she said.

But committee Republicans -- who have opposed Obamacare -- raised doubts about security. The HHS inspector general's office warned HHS and its Centers for Medicare and Medicaid Services [CMS] about possible security problems in an August report, Scott said.

That report warns CMS of a tight time frame for completing security testing, with the report noting that the targeted data of security authorization for the website slipped from early September to Sept. 30, a day before launch. "If there are additional delays in completing the security authorization package, the CMS CIO may not have a full assessment of system risks and security controls needed for the security authorization decision by the initial opening enrollment period," the report said.

Senator Michael Enzi, a Wyoming Republican, repeated concerns raised in earlier hearings that end-to-end security testing on the site was not completed before it went live.

Security testing for the website's hub, which verifies applicants' eligibility for insurance coverage, was completed, Tavenner said, while individual components of the site's exchange functionality, where users can apply for insurance and compare plans, were also tested. The testing complied with U.S. government rules, she said.

The exchange "was not signed off as a complete package, because we were still upgrading modules," she said. "The testing will continue this month and next month as we do these software upgrades."

Committee Chairman Tom Harkin, an Iowa Democrat, urged CMS to focus on security. "This is a paramount concern," he said. "Consumers have to be absolutely certain that when they go on and they fill out that application, they give all that information, that is secure."

Other committee Democrats said they were disappointed in HealthCare.gov's rollout. The botched launch of the site has led to a "crisis of confidence" in the system, said Barbara Mikulski, a Maryland Democrat.

CMS plans to reach out to website users and to people who have avoided the site because of the problems after the agency is confident HealthCare.gov is working correctly, Tavenner said. The agency is planning a media campaign after the problems are resolved, she said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Tim ScottTom DougallGovernment use of ITMichael EnziEducation Labor and Pensions CommitteeHealthcare.govMarilyn Tavennerindustry verticalsTom HarkinU.S. Senate HealthMikulskiU.S. Department of Health and Human ServicesPat Robertshealth caregovernment

Featured

Slideshows

Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
Show Comments