The Department of Health and Human Services on Wednesday returned fire at House Oversight Committee Chairman Darrell Issa (R-Calif.) over his threat to investigate HHS Secretary Kathleen Sebelius for “false and misleading” testimony to Congress.
In a letter obtained exclusively by The Hill, HHS Assistant Secretary for Legislation Jim Esquea wrote a measured and clinical point-by-point rebuke of Issa’s charges that the secretary sought to mislead Congress about testing and security issues surrounding HealthCare.gov.
Caught in the dispute is MITRE Corp., a contractor working to assess security issues with the ObamaCare website.
Issa contends that documents he obtained and briefings he conducted indicate that, contrary to Sebelius’s testimony, MITRE was not conducting ongoing security testing of the website after the launch, that MITRE raised red flags about the security of the website before the launch, and that HHS ignored a recommendation from MITRE to delay the launch because of security fears.
Esquea’s letter says that, as Sebelius has testified, security testing of HealthCare.gov is “robust and ongoing.” He cited on-sight security testing and audit reports conducted and released by two contractors between September and December. He also said there is a dedicated security team monitoring the “regular independent security testing” that is “conducted on an ongoing basis.”
On the second claim, Esquea pointed Issa to MITRE documents the committee obtained that show “there were no high risk findings that remained open” after the September and October audits.
“All high, moderate, and low risk security risk findings … for the portion that launched October 1 were either fixed, or were addressed by implementing strategies and plans that meet industry standards,” Esquea wrote.
Issa based his charges on two issues he said a Centers for Medicaid and Medicare Services (CMS) official raised, but Esquea said one was proven false and the other was fixed.
In regards to the claim HHS ignored a “recommendation” from MITRE to not move forward with the launch, Esquea said, as a contractor, MITRE can only report findings. Esquea added that nobody with the authority to make such a recommendation did so.
Finally, Issa has questioned whether Sebelius told the truth when she testified nobody within HHS or the CMS advised her that the HealthCare.gov launch should be delayed.
The letter states, while a “variety of scenarios and strategies were discussed during this period,” nobody who had “direct knowledge of and responsibility for the development of the website” advised the secretary to delay the launch because of security and testing concerns.
The Oversight Committee has heard testimony from two individuals who, Issa says, warned officials the launch should be delayed. However, the letter says one official had no “personal, direct, or detailed knowledge” of the development security of the website, and that the other does not advise Sebelius and put her worries in a letter that was never sent because she believed the issues to be resolved.
“As the record shows, the Committee’s charges concerning the Secretary’s testimony are incorrect and not supported by the facts,” Esquea continued. “We recognize the Committee’s oversight interest in a full understanding of the development and security of the HealthCare.gov platform, and will continue to cooperate with the Committee in its investigation.”
Wednesday’s letter is the latest volley in the increasingly acrimonious relationship between Issa and Democrats, led by Oversight Committee ranking member Elijah Cummings (Md.).
The chairman has accused the administration of obstructing the panel's ObamaCare investigation and ignoring security warnings, while Democrats have accused Issa’s committee of recklessly handling sensitive material and cherry-picking data to intentionally mislead the public.
Democrats have also accused Republicans of trumping up security fears around the website to keep people away.
The feud came to a head in early January, when Issa threatened Sebelius with a perjury investigation.
“Providing false or misleading testimony to Congress is a serious matter,” Issa warned in a letter. “Witnesses who purposely give false or misleading testimony during a Congressional hearing may be subject to criminal liability.”
Some of Issa's charges against Sebelius stem from MITRE documents. Last year, Issa subpoenaed documents from the company but was furious that the administration only allowed his staffers to review the reports in a secure room, instead of turning over physical copies of the documents.
Democrats argued the documents contained highly sensitive material that could compromise HealthCare.gov’s security. MITRE said the documents included "software code and other technical information that is highly sensitive and could give hackers a roadmap to compromise the security of the website and the personal information of consumers."
Democrats said Issa had a history of leaking confidential information in a way that promotes “inaccurate” media coverage and therefore couldn’t be trusted with the documents.
MITRE ultimately complied with the subpoena, which provoked some of the charges Issa leveled at Sebelius.