Top CMS official didn't know about ObamaCare security flaws

Henry Chao, the deputy chief information officer at the Centers for Medicaid and Medicare Services (CMS), said he was surprised and “disturbed” that he had not been included on a memo noting potential security flaws with HealthCare.gov.

In testimony released Monday by the House Oversight Committee, Chao, a top official charged with implementing the ObamaCare website, indicated he was cut out of the loop about the potential flaws and should have been included. The committee showed Chao the memo that did not reach him.

ADVERTISEMENT
In late September, Chao signed off on a memo to CMS Administrator Marilyn Tavenner that said there were no “open high findings” of security risks and that the site was ready to proceed with its launch.

However, a memo from CMS Chief Information Officer Tony Trenkle dated Sept. 3, which Chao was not included on, described six security flaws, two of which were of the “open high findings” variety.

Chao said he should’ve been included on Trenkle’s memo and that he was surprised Trenkle recommended he move forward with the approval memo to Tavenner while these items remained open.

“I’m surprised,” Chao said in his Oversight testimony. “And I probably, with that knowledge, I would have at least acknowledged what those findings were in the risk assessment.”

Chao said “it’s a good possibility” the lines of communication between the agencies and the contractors involved in launching the ObamaCare website were not functioning properly.

Chao will testify in front of the Oversight Committee on Wednesday.

Oversight Committee Chairman Darrell Issa (R-Calif.) has sought to highlight the confusion between the contractors and the government agencies in the run-up to the ObamaCare launch by releasing a slow drip of documents he’s obtained through panel requests and interviews.

Republicans have also sought to make the security of personal data on the website a central issue as they drag administration officials and contractors to Capitol Hill to testify.

A Democratic Oversight committee staffer said the security issue relates to a function of the website that isn’t currently active and won’t be until early next year.

“It’s hard to understand why anyone would trust the accuracy of Chairman Issa’s press releases when they consistently distort and manipulate the truth,” the staffer said. “The chairman’s staff basically sandbagged this witness with a document he had never seen before and then failed to inform him that it has nothing to do with parts of the website that launched on Oct. 1.”

“Rather than seeking out the truth, this press release tries to scare the public by capitalizing on confusion caused by the chairman’s own staff,” the staffer added.

— Updated at 9:24 p.m.