Security of ACA web site questionedBy WILLIAM BRANIGIN
The Washington Post
October 30. 2013 10:56PM
New problems emerged Wednesday with the implementation of President Obama's health care law even as Health and Human Services Secretary Kathleen Sebelius assured lawmakers that "miserably frustrating" problems with a nearly month-old health-insurance Web site would soon be fixed.
The Web site, HealthCare.gov, was down again most of the morning while Sebelius was testifying before a House committee. And new security issues with the site were raised Wednesday after an internal memo obtained by The Washington Post and other media outlets showed that, days before the Web site's launch, administration officials knew it put the privacy of user data at risk.
The internal HHS memo warned that the system had not been sufficiently tested, "exposing a level of uncertainty that can be deemed high risk."
Sebelius, testifying Wednesday before the House Energy and Commerce Committee, offered assurances that consumers' personal data were safe.
She pledged that the problems would be fixed by the end of November and offered an apology for the site's troubled launch, while also attributing the breakdowns to private-sector contractors.
Sebelius made no reference in her prepared remarks to a controversy over canceled health insurance policies, with hundreds of thousands of Americans receiving notices that their insurance is being canceled as of Dec. 31.
But the subject came up often in questions to the former Kansas governor. Prodded by committee Republicans, Sebelius denied that President Obama had misled Americans by pledging that they could keep health-insurance plans they liked under the new health care law.
She said some people in the individual insurance market are receiving cancellation notices because the policies were issued after the law was enacted and do not meet basic requirements.
Speaking in Boston Wednesday, President Barack Obama said on Wednesday that "bad apple" insurance companies, not his signature health care law, are to blame for hundreds of thousands of people losing their coverage in the past few weeks.
Wednesday's hearing marked Sebelius' first public appearance before lawmakers to publicly explain the problems with the launch of HealthCare.gov.
According to the Sept. 27 memo to Medicare chief Marilyn Tavenner, a Web site contractor was not able to test all the security controls before the launch.
The memo recommended setting up a security team to address risks and conduct daily tests, with a full security test to follow within two to three months.
"You accepted a risk on behalf of every person . . . that put their personal and financial information at risk because you did not even have the most basic 'end-to-end' test on security of this system," Rep. Mike Rogers, R-Mich., told Sebelius. "Amazon would never do this. ProFlowers would never do this. Kayak would never do this."
Sebelius said in response to questions that the government so far has spent $118 million on the Web site and $56 million on other information technology to support the Web site.
She said she was confident that the site would be "optimally functioning" by the end of November.
Nearly 700,000 applications have been submitted to federal and state insurance exchanges since the Web site was launched Oct. 1, with more than 20 million unique visits to the site, Sebelius said in separate written testimony.