Log Out | Member Center

69°F

81°/56°

HealthCare.gov official questioned about website security

  • McClatchy Washington Bureau
  • Published Tuesday, Nov. 5, 2013, at 4:37 p.m.
  • Updated Thursday, Nov. 14, 2013, at 6:49 p.m.

— A top Obama administration official on Tuesday tried to assure anxious senators that Americans’ personal information was secure on the troubled HealthCare.gov website, which erroneously provided a South Carolina man’s personal information to a man in North Carolina last week.

In testimony before the Senate Health, Education, Labor and Pensions Committee, Medicare Administrator Marilyn Tavenner said she became aware of the mistake on Monday and told the committee a “software fix” had remedied the problem.

After a bruising round of testimony in the Republican-led House of Representatives last week, Tavenner again faced a pointed, but this time more cordial, line of questioning from the Senate committee chaired by Sen. Tom Harkin, D-Iowa. The more relaxed atmosphere was evident before the proceeding as committee members from both parties warmly greeted the embattled Obama administration health care official.

The incident involving the personal information occurred last week when Justin Hadley of North Carolina opened his personal account on HealthCare.gov and saw a letter from the U.S. Department of Health and Human Services addressed to Tom Dougall of Elgin, S.C. The letter, on department stationary, included information about Dougall’s eligibility for federal subsidies.

According to a blog on the website of the Heritage Foundation, a conservative policy think tank in Washington, Hadley used the information to contact Dougall by phone. He left a message, which caught Dougall by surprise.

“Initially I was concerned because I didn’t know if this was some guy who was scamming me or if in fact this was a guy who really had my personal information,” Dougall told the Heritage blog.

Dougall eventually contacted Sen. Tim Scott, R-S.C., a member of the Senate health committee, who chided Tavenner about the incident at Tuesday’s hearing. Scott, who called the HealthCare.gov debut “one of the greatest website disasters in history,” said that Dougall wanted his personal information removed from the site but that HHS staffers could not help him.

“Of course, now (neither) Mr. Dougall nor Mr. Hadley will use the website to purchase insurance,” Scott said.

He added that when his staff questioned HHS customer service representatives about deleting Mr. Dougall’s information from the website, “The response was silence,” Scott told Tavenner. “Not a ‘yes.’ Not a ‘no.’ Not a ‘maybe.’ Not ‘Let me check with my supervisor.’ They just simply refused to have an audible word in response to our questioning.”

Scott also said Dougall’s calls to HHS weren’t returned, but Tavenner said her agency has “reached out to Mr. Dougall.”

Julie Bataille, a spokeswoman for HHS’ Centers for Medicare and Medicaid Services, said the problem was caused by a piece of software code that needed to be fixed. She said the fix was made, tested and the system is working properly.

Bataille said it was the only such incident reported to HHS, but she would not speculate about whether other, similar incidents have occurred.

It was Tavenner, in the weeks prior to the Oct. 1 launch of open enrollment on HealthCare.gov, who decided not to allow website users to browse and compare health plans without first registering through a personal account. That extra hurdle contributed to the bottleneck of users that helped disable the system shortly after midnight on Oct. 1 as only 2,000 users tried to access the system nationwide.

Problems with the federal marketplace that serves 36 states have continued ever since.

Sen. Barbara Mikulski, D-Md., said the problems have created a "crisis of confidence" that could keep millions of people, including young adults, from signing up for coverage.

Sen. Lisa Murkowski, R-Alaska, said only three people in Alaska had been able to sign up for coverage on the federal health care website as of Oct. 29.

But Sen. Sheldon Whitehouse, D-R.I., said Republican outrage over the flawed website was disingenuous, since many GOP-led states decided not to set up their own state marketplaces.

“If you didn’t want to take the trouble or bother to set one up yourself, it’s a little nervy to be complaining the federal government didn’t do it for you well enough, when you perfectly well could have by yourself,” Whitehouse told the committee.

A team of government and private industry information technology experts has been working to fix the website, and the improvements have been noticeable, with speedier page loads and fewer error messages. But congressional Republicans say the safety of Americans’ personal financial information could be at risk because only individual components of the federal exchange have been security tested.

The fully integrated system hasn’t undergone end-to-end testing and, as a result, operates on a short-term security authorization.

“We knew we were going to be making software enhancements” as repairs continued, Tavenner said.

During the repairs and software upgrades, she said, the site is security tested regularly by an outside contractor and monitored continuously for breaches. Despite her assurances about the safety of users’ information, not all Senate members were convinced.

Sen. Johnny Isakson, R-Ga., wasn’t pleased when Tavenner said she didn’t know that an HHS inspector general’s report from June found that Quality Software Services Inc., a key marketplace contractor and the project manager for the HealthCare.gov repair work, didn’t follow proper security measures when testing Medicare records that were unrelated to the website.

According to the report, Quality Software’s lack of security controls risked “exposure of personally identifiable information for over 6 million Medicare beneficiaries.”

“This information security is extremely important,” Isakson told Tavenner. “I would ask that you follow the IG’s report and make sure QSSI is in compliance. And if they aren’t, (that) they get in compliance.”

Tavenner deflected criticism from committee Republicans who continued their attacks on President Barack Obama’s promise that people who liked their coverage could keep it. The president’s misleading statement has come under heavy political fire as hundreds of thousands of Americans with individual coverage are being required to get new policies with beefed-up benefits and consumer protections now mandated by the Affordable Care Act.

In a meeting Tuesday with CEOs of large health insurers, White House Chief of Staff Denis McDonough stressed the need to “ramp up communication and education efforts” to these consumers, said White House spokesman Jay Carney.

Tavenner said she opposed a proposed bill that would allow people to keep their current plans if they like. Carney wouldn’t comment about the proposals but said that allowing insurers to continue offering substandard coverage would “undermine the fundamental promise of the Affordable Care Act, which is that everyone in America should have access to affordable quality health coverage.”

Lesley Clark of the Washington Bureau contributed.

Email: tpugh@mcclatchydc.com; Twitter: @TonyPughDC

Subscribe to our newsletters

The Wichita Eagle welcomes your comments on news of the day. The more voices engaged in conversation, the better for us all, but do keep it civil. Please refrain from profanity, obscenity, spam, name-calling or attacking others for their views. Please see our commenting policy for more information.

Have a news tip? You can send it to wenews@wichitaeagle.com or consider joining the Public Insight Network and become a source for The Wichita Eagle.

Search for a job

in

Top jobs