Menu
Senators question security at HealthCare.gov

Senators question security at HealthCare.gov

Lawmakers point to reports of a website user having his personal data shared with another user

U.S. lawmakers questioned the security of HealthCare.gov, the U.S. government's troubled insurance-shopping website, after reports that one applicant's personal information was shared with another applicant.

Reports that the website shared South Carolina resident Tom Dougall's personal information with another insurance applicant raises serious concerns about security at the site, Republican members of the U.S. Senate Health, Education Labor and Pensions Committee said during a hearing Tuesday.

The security concerns come on top of the website's existing problems, including site outages, sluggish page load times and users' inability to complete coverage applications, since the U.S. Department of Health and Human Services launched the website Oct. 1. The website is a key piece of insurance reform law the Affordable Care Act, or Obamacare, passed by Congress in 2010.

"We are now more than 30 days into one of the greatest website disasters in history," Senator Tim Scott, a South Carolina Republican, said during the hearing. "After nearly US $400 million, HealthCare.gov is synonymous now with failure. The public's trust has been broken."

In the South Carolina case, another applicant received download links to Dougall's insurance application, Scott said. Dougall and Scott have asked HHS to remove all his personal information from HealthCare.gov, but agency officials have not been able to tell him if that will happen, said Scott, one of Dougall's senators.

"There's no delete option for consumers," Scott said.

The team working on HealthCare.gov for the HHS Centers for Medicare and Medicaid Services [CMS] has fixed the problem that caused the data to be shared, said Marilyn Tavenner, administrator at CMS. The agency has been trying to contact Dougall to address his concerns, she said.

Tavenner defended the site's security, saying contractor Mitre has continually tested the site and is monitoring for intrusions. The site is using similar security measures as are used in the CMS Medicare program, she said.

Capacity has been added to improve site performance and HealthCare.gov should be working well by the end of the month, as HHS has projected, she said.

But committee Republicans -- who have opposed Obamacare -- raised doubts about security. The HHS inspector general's office warned HHS and its Centers for Medicare and Medicaid Services [CMS] about possible security problems in an August report, Scott said.

That report warns CMS of a tight time frame for completing security testing, with the report noting that the targeted data of security authorization for the website slipped from early September to Sept. 30, a day before launch. "If there are additional delays in completing the security authorization package, the CMS CIO may not have a full assessment of system risks and security controls needed for the security authorization decision by the initial opening enrollment period," the report said.

Senator Michael Enzi, a Wyoming Republican, repeated concerns raised in earlier hearings that end-to-end security testing on the site was not completed before it went live.

Security testing for the website's hub, which verifies applicants' eligibility for insurance coverage, was completed, Tavenner said, while individual components of the site's exchange functionality, where users can apply for insurance and compare plans, were also tested. The testing complied with U.S. government rules, she said.

The exchange "was not signed off as a complete package, because we were still upgrading modules," she said. "The testing will continue this month and next month as we do these software upgrades."

Committee Chairman Tom Harkin, an Iowa Democrat, urged CMS to focus on security. "This is a paramount concern," he said. "Consumers have to be absolutely certain that when they go on and they fill out that application, they give all that information, that is secure."

Other committee Democrats said they were disappointed in HealthCare.gov's rollout. The botched launch of the site has led to a "crisis of confidence" in the system, said Barbara Mikulski, a Maryland Democrat.

CMS plans to reach out to website users and to people who have avoided the site because of the problems after the agency is confident HealthCare.gov is working correctly, Tavenner said. The agency is planning a media campaign after the problems are resolved, she said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags industry verticalshealth careGovernment use of ITU.S. Department of Health and Human ServicesMichael EnziHealthcare.govEducation Labor and Pensions CommitteeTom HarkinTim ScottMarilyn TavennerTom DougallU.S. Senate HealthMikulskiPat Roberts

Featured

Slideshows

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Meet the winners of the 2020 Reseller News Innovation Awards

Meet the winners of the 2020 Reseller News Innovation Awards

Reseller News honoured the standout players of the New Zealand channel in front of more than 500 technology leaders in Auckland on 21 October, recognising the achievements of top partners, start-ups, vendors, distributors and individuals.

Meet the winners of the 2020 Reseller News Innovation Awards
Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Show Comments