It’s been nearly one year since Obamacare’s nightmarish debut. The federal website was plagued with technical glitches that crippled HealthCare.gov and a number of state exchange websites suffered an even worse fate. Just as health officials are preparing for Obamacare round two, auditors are warning that both the federal and some state websites are still not ready for prime time.
The Government Accountability Office released a new report Tuesday night concluding that while the federal exchange website has improved, it’s not fully secure—with two months to go before its second launch. In the report, auditors detailed an array of issues that left unaddressed pose security risks to user information and the entire website itself.
"Until it addresses shortcomings in both the technical security controls and its information security program, the Centers for Medicare and Medicaid Services is exposing HealthCare.gov-related data and its supporting systems to significant risks of unauthorized access, use, disclose, modification and disruption,” the report said.
GAO released the review ahead of a House Oversight Committee hearing scheduled for Thursday—where Republicans are expected to grill CMS officials on the website. The hearing and report come just days after administration officials revealed that HealthCare.gov had been hacked this summer—though they say no consumer information was stolen.
"Protecting consumers’ personal information is a top priority. When Americans use HealthCare.gov, their data is protected by stringent security measures that adhere to industry best practices and meet or exceed federal standards," HHS said in a statement.
Tuesday’s report details steps CMS failed to take during HealthCare.gov’s major repair effort last fall—including not enforcing strong password controls for supporting systems, or implementing consistent security patches. The auditors blamed the problems on poor management and communication between CMS and the contractors tasked with working on the website.
CMS, for its part, disputed the GAO and said that it had tested the website’s security thoroughly and added that the system goes through several inspections every day. Meanwhile, it added that they had taken up GAO’s other recommendations and would continue to improve the website.
Still, Republican lawmakers say the report proves that the website isn’t ready for the second open enrollment period on Nov. 15.
"Almost a full year after the initial failed launch, numerous security weaknesses remain and private taxpayer information is still at risk," said Senate Finance Committee Ranking Member Orrin Hatch (R-Utah) in a statement. "This is simply unacceptable. It is my hope the administration demands CMS address the website’s vulnerabilities as quickly and efficiently as possible."
While federal lawmakers scrutinize HealthCare.gov, health officials and experts in some states are raising concerns over their own exchanges and the costs that have been adding up to rebuild and repair them.
A new policy brief by the Pioneer Institute reveals that Massachusetts’ troubled state exchange is expected to top $1 billion over two years—“far more than it would have cost had Massachusetts simply used the federal exchange.”
The new health exchange is expected to cost more than $600 million over two years. “There has been little in the way of transparency regarding the cost of the exchange’s failure,” said Pioneer Institute Senior Fellow Josh Archambault, the author of ‘The Undisclosed Cost of Developing an Affordable Care Act State Exchange in Massachusetts.’
The report warns that it could take some time until the state actually knows the total cost of the website and its repair efforts. And Massachusetts isn’t alone, other states like Maryland, Oregon and Hawaii all suffered from major tech failures that crippled their websites and have cost hundreds of millions of extra dollars.
Top Reads From the Fiscal Times:
- Thousands of Obamacare Enrollees to Lose Coverage
- If Obamacare Fails, Blame the States
- Public Opinion on Obamacare Still Unfavorable