O-Care official didn't see website audit

A top official in charge of the federal health insurance marketplace said that he had not read an independent audit of problems with the government website months before its troubled Oct. 1 rollout.

On Monday, the House Energy and Commerce Committee released documents showing that an independent consulting firm had warned the Obama administration about problems with the website’s launch in March and April.

ADVERTISEMENT
But Henry Chao, the deputy chief information officer and deputy director of information services at the Centers for Medicare and Medicaid Services (CMS), told the panel’s Oversight subcommittee on Tuesday that he hadn’t read the warning from McKinsey and Co.

“I was aware that some document was being prepared,” Chao said; he was interviewed for it around the month of April. But he acknowledged never having reviewed the materials himself.

Republicans said that that omission was troubling. 

“McKinsey is hired to come and present what the problems are and they had a roadmap of the problems,” Rep. Tim Murphy (R-Pa.), the subcommittee’s chairman, told Chao. “I’m deeply concerned that this is something you knew and had not read.”

Health and Human Services Secretary Kathleen Sebelius and CMS Administrator Marilyn Tavenner were both present at an April 4 briefing about the auditors’ findings.

The April discussion focused on issues with a central data hub that could lead to system failures, long processing times and risks due to the short timeframe workers had to test the system, according to the documents released by the committee.

“It doesn’t take you but about 10 minutes to go and look at it,” Rep. Joe Barton (R-Texas) said, “and it is absolutely clear that the startup of the site was not going to work well, if at all, on Oct. 1.”

Rep. Steve Scalise (R-La.) said that President Obama should fire people who were aware of potential problems with the website but did not send their concerns up the chain of command.

“This report says absolutely they knew, and they didn’t tell the president,” he said. “He ought to go and fire every single one of those people right now.”

Democrats on the panel objected to the Republican majority’s treatment of the documents; they said they didn't have a chance to review the papers before they were given to the press late on Monday. 

Despite the troubles with the rollout of HealthCare.gov, Chao said that Americans should not worry about the safety of their personal information on the site.

“Security vulnerabilities have not necessarily been reported in terms of it being a security threat,” he said.

Chao added that the site has had 16 “incidents” with the system, involving problems with training at call centers and some users’ login information, but that none of those were from people trying “to hack the website.” All those incidents had been addressed, he said.

Republicans have questioned the strength security at the website, where Americans without health insurance can shop for coverage.

Instead of keeping a promise that Americans could keep could keep their health insurance if they liked it, Murphy said that the website currently tells crooks: “If you like my healthcare info, maybe you can steal it.”

Consumers can get subsidies to help to pay for the insurance, based on their income and other factors. To check the information they provide, the CMS worked with an outside contractor to build an information hub, connecting it and state agencies with different agencies like the Internal Revenue Service and the Social Security Administration. 

Unlike the part of the website that consumers interact with, that information hub is working smoothly, Chao said on Tuesday.

He said in his prepared testimony that the hub and HealthCare.gov both have “several layers of protection in place” to protect against identity theft and protect Americans’ privacy, and that the website is tested for security on a daily and weekly basis.

Republicans alleged that the website’s troubled rollout had ruined the administration's credibility about its security.

“How can the public trust a hastily thrown together system in which meeting a deadline is more important for the administration than conducting complete end to end testing of the site’s security?” said Rep. Fred Upton (R-Mich.).