Americans Can’t Trust Healthcare.gov with Their Personal Information

In the months leading up to HealthCare.gov’s launch, Administration officials claimed that the Obamacare exchanges would be tested, secure, and ready to start enrolling people on October 1. Republicans and outside observers repeatedly questioned how well the Federal Data Hub and other Obamacare website system components would protect Americans’ private information. The Obama Administration ignored the warnings and simply said, “trust us,” we’re “on track.”

Just 19 days before Obamacare’s exchanges went live, the Administration’s Chief Technology Officer, Todd Park, declared that HealthCare.gov “is built and ready for operation, and we have completed security testing and certification to operate.” White House Press Secretary Jay Carney recently asserted that “Consumers can trust that their information is protected by stringent security standards.” The facts simply do not support these claims.

• CMS Memo Warned Website a “High Risk” Security Threat. An internal Centers for Medicare and Medicaid Services (CMS) memo – dated four days before HealthCare.gov went live – shows that Administration officials knew the website contained “inherent security risks.” The memo, written by lead CMS IT officials James Kerr and Henry Chao and signed by Administrator Marilyn Tavenner, says, “From a security perspective, the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as high risk for [the Federally Facilitated Marketplace].” The Obama Administration went ahead with the October 1 launch despite the high security risk.

• Administration Failed to Conduct Website Security Tests Prior to October 1 Launch. According to one report, “key tests to ensure the security and privacy of customer information on troubled Obamacare website fell behind schedule. A deadline for final security plans was delayed three times over the summer, and final top-to-bottom security tests never were finished before the launch.”

• Senior CMS Official Warned Website Faced “Limitless” Security Risks. A September 3 memo, written by then-CMS Chief Information Officer Tony Trenkle, outlines six specific security concerns with the exchange. Two concerns summarized in the memo were described as “high findings” and therefore redacted from media reports due to security reasons. Federal guidelines define high risk as “the vulnerability could be expected to have a severe or catastrophic adverse affect on organizational operations … assets or individuals.” The Trenkle memo went on to say that “the threat and risk potential (to the system) is limitless.” It also indicates CMS previously offered deadlines to fix system security risks at “mid-2014 and early 2015.”

Henry Chao, the CMS Deputy Chief Information Officer who cleared HealthCare.gov to launch on October 1, told House Oversight Committee staff in a deposition that he never saw the Trenkle memo. Mr. Chao said he was “surprised” and found it “disturbing” that he had not seen the memo. Someone inside the Obama Administration knew the extent of the website security risks. Did anyone see Mr. Trenkle’s memo before the October 1 launch? Was the information ignored by Secretary Sebelius, White House officials, or President Obama?

Health Care Headlines

Politico: “New security issues emerge for ACA site” An incensed Rep. Mike McCaul (R-Texas), leader of the House Homeland Security Committee, opened a hearing on the website Wednesday with charges that DHS “has not participated in any meaningful way in developing, monitoring or ensuring the security of HealthCare.gov, the health exchanges or the federal data services hub.”

New York Daily News: “Fewer than 27,000 people signed up for health are using federal website” The Obama Administration revealed Wednesday that just 26,794 Americans signed up for private health insurance through Obamacare in October using the administration's floundering healthcare.gov website.

Associated Press: “Obama Apologizes to People Losing Health Coverage” Bowing to intense criticism, President Barack Obama apologized to Americans who are losing health insurance plans he repeatedly said they could keep and pledged to find fixes that might allow people to keep their coverage.

Washington Post: “Troubled HealthCare.gov Unlikely to Work Fully by End of November” Software problems with the federal online health insurance marketplace, especially in handling high volumes, are proving so stubborn that the system is unlikely to work fully by the end of the month as the White House has promised, according to an official with knowledge of the project.

New York Times: “Obama in Bind Trying to Keep Health Law Vow” White House officials are struggling to make good on President Obama’s promise that Americans can keep their insurance coverage without undermining the new health law or adding unaffordable costs.