Sebelius Claims Obama Didn’t Know About Site Problems, But Aug. 2 IG Report Called Out Insufficient Testing
In an exclusive interview with CNN aired Tuesday night, Health and Human Services Secretary Kathleen Sebelius said President Obama only learned about the issues with the healthcare exchange website in “the first couple of days” after the Oct. 1 launch.
“No one could be more frustrated than I am and the president,” Sebelius told CNN’s Dr. Sanjay Gupta. “We’re not at all satisfied with the workings of the website. We want it to be smooth and easy and let consumers compare plans.”
When Gupta pressed the secretary on whether Obama knew about the site issues before Oct. 1, Sebelius responded, “No.”
But the inspector general for HHS issued a report at the beginning of August noting that the Centers for Medicare & Medicaid Services missed multiple deadlines for testing and reporting data security risks in connection with signing up on the healthcare exchanges as they barreled toward the launch date.
“Several critical tasks remain to be completed in a short period of time, such as the final independent testing of the Hub’s security controls, remediating security vulnerabilities identified during testing, and obtaining the security authorization decision for the Hub before opening the exchanges,” said the report from Deputy Inspector General for Audit Services Gloria L. Jarmon to CMS Administrator Marilyn Tavenner and Chief Information Officer Tony Trenkle.
Tavenner was confirmed to her post in May. She succeeded Donald Berwick, a controversial recess appointment who eventually had to step down before he faced a losing Senate vote. Tavenner is set to appear before the House Ways & Means Committee next Tuesday to explain the Obamacare site failings.
The inspector general’s review approached “the adequacy of the development and testing of the Hub from a security perspective.” This included interviewing the contractors and CMS employees involved and reviewing the security testing data from March to May.
At the time of the review, “CMS and its contractors were continuing to develop the Hub and work with its Federal and State partners in testing the Hub to ensure its readiness in time for the initial open enrollment to begin.”
The report noticed that deadlines had been bumped and new “very tight deadlines” established to rush to finish security testing and certification of the site with the security authorization decision slated for Sept. 30, the day before launch.
This Aug. 2 report was hardly a secret confined to HHS. Senate Minority Leader Mitch McConnell (R-Ky.) used the report to call on the administration to not force people onto healthcare exchanges when the government was missing testing deadlines and benchmarks on the security of personal and financial data.
McConnell sent a letter to Tavenner stating “Americans should not be forced to enter into exchanges when CMS is so ill-prepared to guarantee the protection of personal data and taxpayer resources from hackers and cyber criminals who would use this sensitive data for personal gain.”
“As you know, I oppose Obamacare and support its full repeal. Yet in recent months, even some of the Administration’s closest allies have raised alarms about the potential implementation ‘train wreck’ to come. While I believe we ought to repeal this law and replace it with commonsense reforms that lower cost, Americans ought to be assured, at an absolute minimum, that their personal and financial data will be safe from data thieves,” he added.
McConnell noted that the final report from an independent testing organization assessing the system’s security was not even expected by HHS until 10 days before launch — “hardly enough time to fix any problems that may be identified.”
“Adding to these concerns are reports that CMS has signed a $1.2 billion contract with a company to receive, sort, and evaluate applications for financial assistance in the exchanges that include personal, sensitive data. According to published reports, this particular company ‘has little experience with the Department of Health Human Services or the insurance marketplaces, known as exchanges, where individuals and small businesses are supposed to be able to shop for insurance,’” the senator continued. “And just last year, it was disclosed that more than 120,000 enrollees in the federal Thrift Savings Plan had their personal information, including Social Security numbers, stolen from your contractor’s computers in 2011.”
He requested that CMS not rush forward with any sloppy security certification just to meet an Obamacare timeline.