Quantcast
Get breaking news alerts via email

Click here to manage your alerts
Marilyn Tavenner, the administrator of the Centers for Medicare and Medicaid Services, goes over her notes on Capitol Hill in Washington, Tuesday, Oct. 29, 2013, prior to testifying before the House Ways and Means Committee hearing on the implementation of the Affordable Care Act. Stressing that improvements are happening daily, the senior Obama official closest to the administration's malfunctioning health care website apologized Tuesday for problems that have kept Americans from successfully signing up for coverage. (AP Photo/ Evan Vucci)
Concerns raised about security of health website
First Published Oct 30 2013 08:38 am • Last Updated Oct 30 2013 02:09 pm

Washington • efending President Barack Obama’s much-maligned health care overhaul in Congress, his top health official was confronted Wednesday with a government memo raising new security concerns about the trouble-prone website that consumers are using to enroll.

The document, obtained by The Associated Press, shows that administration officials at the Centers for Medicare and Medicaid Services were concerned that a lack of testing posed a potentially "high" security risk for the HealthCare.gov website serving 36 states. It was granted a temporary security certificate so it could operate.

Photos
Join the Discussion
Post a Comment

Security issues are a new concern for the troubled HealthCare.gov website. If they cannot be resolved, they could prove to be more serious than the long list of technical problems the administration is trying to address.

"You accepted a risk on behalf of every user...that put their personal financial information at risk," Rep. Mike Rogers, R-Mich., told Health and Human Services Secretary Kathleen Sebelius during questioning before the House Energy and Commerce Committee. "Amazon would never do this. ProFlowers would never do this. Kayak would never do this. This is completely an unacceptable level of security."

Sebelius countered that the system is secure, even though the site has a temporary certificate, known in government parlance as an "authority to operate." Sebelius said a permanent certificate will only be issued once all security issues are addressed.

Added spokeswoman Joanne Peters: "When consumers fill out their online...applications, they can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure. Security testing happens on an ongoing basis using industry best practices."

A security certificate is required before any government computer system can process, store or transmit agency data. Temporary certificates are allowable, but under specific circumstances.

Earlier, the secretary said she’s responsible for the "debacle" of cascading problems that overwhelmed the government website intended to make shopping for health insurance clear and simple.

"Hold me accountable for the debacle," Sebelius said during a contentious hearing. "I’m responsible."

Sebelius is promising to have the problems fixed by Nov. 30, even as Republicans opposed to Obama’s health care law are calling in chorus for her resignation. She told the committee that the technical issues that led to frozen screens and error messages are being cleared up on a daily basis.


story continues below
story continues below

Addressing consumers, Sebelius added, "So let me say directly to these Americans, you deserve better. I apologize."

The Sept. 27 memo to Medicare chief Marylin Tavenner said a website contractor wasn’t able to test all the security controls in one complete version of the system.

"From a security perspective, the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk for the (website)," the memo said.

It recommended setting up a security team to address risks, conduct daily tests, and a full security test within two to three months of going live.

HealthCare.gov was intended to be the online gateway to coverage for millions of uninsured Americans, as well those who purchase their policies individually. Many people in the latter group will have to get new insurance next year, because their policies do not meet the standards of the new law.

Sebelius’ forthright statement about her ultimate accountability came as she was being peppered with questions by Rep. Marsha Blackburn, R-Tenn., about who was responsible. It was Blackburn who introduced the term "debacle."

Rep. Henry Waxman of California, the ranking Democrat on the committee, scoffed at Republican "oversight" of a law they have repeatedly tried to repeal.

"I would urge my colleagues to stop hyperventilating," said Waxman. "The problems with HealthCare.gov are unfortunate and we should investigate them, but they will be fixed. And then every American will have -- finally have access to affordable health insurance."

Throughout the 3 ½-hour hearing, Sebelius was respectful and poised, often addressing lawmakers as "sir" or "congresswoman." She kept her cool as some lawmakers repeatedly cut off her answers. But she did not shy a few times from tersely interjecting her views while a member was speaking.

The standing-room-only hearing room was silent when she swore an oath to tell the truth and began her statement. "I apologize," she told the rapt committee.

Sebelius faced questions about problems with the website as well as a wave of cancellation notices hitting individuals and small businesses who buy their own insurance.

Next Page >


Copyright 2014 The Salt Lake Tribune. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Top Reader Comments Read All Comments Post a Comment
Click here to read all comments   Click here to post a comment


About Reader Comments


Reader comments on sltrib.com are the opinions of the writer, not The Salt Lake Tribune. We will delete comments containing obscenities, personal attacks and inappropriate or offensive remarks. Flagrant or repeat violators will be banned. If you see an objectionable comment, please alert us by clicking the arrow on the upper right side of the comment and selecting "Flag comment as inappropriate". If you've recently registered with Disqus or aren't seeing your comments immediately, you may need to verify your email address. To do so, visit disqus.com/account.
See more about comments here.
Staying Connected
Videos
Jobs
Contests and Promotions
  • Search Obituaries
  • Place an Obituary

  • Search Cars
  • Search Homes
  • Search Jobs
  • Search Marketplace
  • Search Legal Notices

  • Other Services
  • Advertise With Us
  • Subscribe to the Newspaper
  • Login to the Electronic Edition
  • Frequently Asked Questions
  • Contact a newsroom staff member
  • Access the Trib Archives
  • Privacy Policy
  • Missing your paper? Need to place your paper on vacation hold? For this and any other subscription related needs, click here or call 801.204.6100.