SNAFU, FUBAR, ClusterF–k: Welcome to the Rollout of the Affordable Care Act
Security vulnerabilities may make using the state insurance exchanges a crapshoot.
August 9, 2013 - 12:42 am
As we advance toward the much anticipated rollout of Obamacare on October 1, the true horror of what Congress and the president have wrought is beginning to sink in. There is a growing nervousness that the state insurance exchanges not only won’t be ready, but may harbor a dangerous vulnerability that would allow hackers access to the personal information of consumers who sign up for insurance via the sites.
There is also a growing number of Democrats who are advocating a repeal of one of Obamacare’s major pieces: the Independent Payment Advisory Board, which will arbitrarily rule on Medicare payments to doctors and hospitals. Howard Dean wrote in an op-ed last month that the IPAB would end up rationing healthcare for Medicare recipients and should be repealed. Also, in a vote last month, several Democrats broke from the pack and voted to delay the individual mandate for a year — the first real sign of dissension within the ranks, as vulnerable members search frantically for a way to avoid responsibility for their vote to enact Obamacare.
Then there’s the exemption for members of Congress and their staffs from some Obamacare requirements, while special rules have been written that would allow lawmakers to keep their generous tax-payer subsidy — up to 75% of their insurance premiums. Add that to the thousands of waivers granted to administration allies and large corporations who are exempted from the ACA for at least a year.
Beyond all of this, there is the threat that, in the process of trying to defund Obamacare, Republicans will force a government shutdown creating further chaos. A shutdown will not stop Obamacare from being implemented, but it will probably create additional confusion (if that’s possible) among consumers.
The U.S. military has come up with several euphemisms that are apt descriptions of what we might expect on October 1 and beyond with Obamacare’s rollout; SNAFU (“Situation Normal, All F–ked Up”), FUBAR (“Fu–ked Up Beyond All Recognition”), and the simple, declarative Clusterf–k. Given what we know, less than 60 days from the rollout, those may be some of the milder epithets we will hear from the American people once they begin to deal with the state exchanges, the Independent Payment Advisory Board, the IRS, HHS, and the insurance companies themselves.
Perhaps the most serious threat to the rollout is the inexplicable and incompetent manner in which the government is trying to ensure that a citizen’s personal information — massive amounts of which will be required to sign up for the insurance policies and get the subsidy — is protected and secure.
The news was dumped on an unsuspecting public last Friday, and it wasn’t until midweek that it began to sink in that the government geeks responsible for designing a secure website to handle all the private information of American citizens had fallen months behind in testing the sites’ vulnerability. At issue is the Federal Data Services Hub that will connect the various federal agencies to the exchanges and allow the flow of information necessary to service the consumer. An inspector general’s report revealed that a “security control assessment” scheduled for May still hasn’t been performed and that other critical tests have also been delayed. It is now expected that a final report on security won’t be forthcoming until September 20 at the earliest and that a decision on whether the exchanges are secure enough to open won’t be made until September 30 — one day before the sites go live.
As this Investor’s Business Daily editorial points out, the reason this comes as a surprise is because officials in the Obama administration lied to Congress about progress on securing the exchanges:
As far back as December 2012, Obama administration officials were insisting that the data hub at the center of the ObamaCare exchanges was nearly finished.
Yet all the while, they were pushing back deadlines or missing them altogether, to the point where, unless ObamaCare’s launch is delayed, millions of people’s privacy will be at risk.
Obama officials may, in fact, have flat-out lied to lawmakers about the data hub’s progress.
In February, Sen. Orrin Hatch pressed Gary Cohen — who is heading up much of the ObamaCare implementation efforts at the Health and Human Services Department — about the status of “service-level agreements” required with all the agencies before they can open their data to the hub. The agreements define services, responsibilities, performance and other terms for data sharing.
Hatch asked Cohen whether HHS had “signed service-level agreements with IRS, the Social Security Administration, homeland security and all the other agencies that will be providing information to the data hub.”
“We have,” Cohen said.
But at that time there were no service-level agreements in force, according to an inspector general report. HHS didn’t sign its first — with the IRS — until March. And all but two of the seven still haven’t been signed.
It isn’t a question of the sites being totally secure in order to open. A loophole in a 2002 law governing the security of government websites will allow the Health and Human Services chief information officer to sign off on opening the exchanges even if the level of security isn’t totally up to snuff.
In short, political considerations may enter into the decision of whether to open the insurance exchanges despite known vulnerabilities. The PR disaster of delaying the opening of the exchanges could very easily outweigh the security concerns that might still be present due to the rush to get things done.
Even if the IT people meet their deadlines and everything is secure, that won’t prevent low-level government workers and even total strangers from accessing someone’s personal information. It will be part of the job of bureaucrats to eventually vet the information being supplied by consumers, such as income levels and citizenship status.
Then there are the tens of thousands of “navigators” who will be assisting consumers who need help in signing up. They, too, will have access to some of your information in order to help you sign up for the right insurance plan, get the subsidy you are eligible for, and generally speed you on your way.
The most vulnerable point for hackers will be the data hub itself. The Obama administration has said that “the hub will not store consumer information, but will securely transmit data between state and federal systems to verify consumer application information.”
But a regulatory notice filed by the administration in February tells a different story.
That filing describes a new “system of records” that will store names, birth dates, Social Security numbers, taxpayer status, gender, ethnicity, email addresses, telephone numbers on the millions of people expected to apply for coverage at the ObamaCare exchanges, as well as “tax return information from the IRS, income information from the Social Security Administration, and financial information from other third-party sources.”
“The federal government is planning to quietly enact what could be the largest consolidation of personal data in the history of the republic,” noted Stephen Parente, a University of Minnesota finance professor. Now doesn’t that just make you feel all warm and fuzzy inside?
One devoutly wishes this train wreck could be defunded, defrocked, demobilized, and destroyed. But even if the Futility Caucus in the Republican House were successful in shutting down the government, the Obamacare juggernaut would continue to roll forward. It may be hard for some Republicans to accept, but there it is. The current justification is that shutting down the government will give heart to the base and “prove” that the Republican in Congress really, truly, cross-their-heart-and-hope-to-die want to repeal Obamacare. One would think that 40 votes to repeal the law would convince most rational people, but when it comes to Obamacare, rational left the building long ago.
The argument is bizarre. Republicans in Congress should shut down the government to prove they’re as irrational as their base? Forget the political fallout. If you don’t want to believe the GOP will be blamed for a government shutdown, fine. How about responsible governance? It is an extreme, radical, unnecessary, and ultimately self-defeating gesture to shut down the government when the purported objective for doing so — defunding Obamacare — cannot be accomplished. Cheering up or firing up the base is not a legitimate reason to take such a drastic step.
No matter. The American people may very well destroy Obamacare before the fantasies of some Republicans are realized. Who is going to trust the government when they say that the exchanges are secure? Would they even tell us if there was a breach? And if the government’s expectations for millions of young invincibles to sign up in order to offset the cost of insurance for the sick isn’t realized because the youngsters are smart enough not to fool with a website that has gaping security vulnerabilities, the whole system could collapse of its own weight before it’s barely off the ground.
The incompetence of government may yet rescue us from this monstrosity of a law.