TRENDING:

Safe & Sound with Marianne Kolbasuk McGee

HealthCare.gov: Rebuilding Trust

Technical Fixes Must Address Security Marianne Kolbasuk McGee (HealthInfoSec) • November 11, 2013    
HealthCare.gov: Rebuilding Trust

The HealthCare.gov website launch, as even President Obama admits, has been a disaster so far. But the fiasco has been made worse by the heavy political baggage the Obamacare site carries.

See Also: The Cybersecurity Swiss Army Knife for Info Guardians: ISO/IEC 27001

In the private sector, when big IT projects stumble, companies can quietly push deadlines and get more time to smooth out wrinkles before going live. People on the outside often never even know about it.

But Healthcare.gov was sitting on a time bomb. The rush to go live - even if the site wasn't ready for prime time - was, in large part, due to the reluctance of the Obama administration to miss the Oct. 1 launch target in light of longstanding GOP efforts to pull the plug on the entire Affordable Care Act.

During a Nov. 8 briefing with reporters, former Office of Management and Budget official Jeff Zients - who President Obama brought in as an unpaid consultant to lead a "tech surge" to fix Healthcare.gov's problems - admitted "the complexity of the system coupled with the compressed timeline" was the overall underlying issue causing the site's problems.

The total IT spend on the project so far has been $630 million, including contracts and services, a Centers for Medicare and Medicaid spokeswoman says. In light of that hefty price tag, Americans expect the website to be running smoothly. But the technical problems on the site, unfortunately, are making it difficult, if not impossible, for many consumers to sign up for health insurance.

Federal officials promise that the site's many technical glitches will be fixed by the end of November. Last week, the CMS spokeswoman told reporters during a briefing that Quality Software Solutions Inc., the contractor overseeing technology mitigation efforts, has implemented a new protocol for subject matter and technology experts to work together to more quickly identify problems and fixes. Hopefully, that will help the Department of Health and Human Services to achieve its goal of enabling the vast majority of interested consumers to enroll in time for their insurance coverage to start early next year.

Security Issues

CMS also says the security of the site's systems - and the data collected from consumers - is also a "top priority," with a team also addressing that. A glitch that allowed a North Carolina consumer to access personal information of a South Carolina man was "immediately" fixed once the problem was reported, CMS officials said last week. Still, the incident raised more concerns.

Building the public's trust is essential to the success of Obamacare. Given the difficulties so many consumers have had in using HealthCare.gov, it's understandable that many Americans may also question the security of the site.

With so many people unable to sign up for healthcare coverage on the website - and perhaps unwilling to come back anytime soon for another try - the Obama administration is at risk of enrollment figures coming up far short of its goals.

But it's important to keep in mind that some insurance exchanges run independently by states, including the exchange in Washington state, are having much better success. And perhaps the feds can learn some lessons from these efforts

Washington Health Benefit Exchange CIO Curt Kwak stresses that quality checks played an important role in the success of Washington's exchange. "We used quality assurance and internal verification to make sure each step of the way was validated," he says. "We didn't take any short cuts, we were disciplined and stuck with the plan and executed on that plan." (See: State Insurance Exchange: Why It Works.)

Clearly the tech experts trying to fix HealthCare.gov need a similar commitment to quality assurance every step of the way.

What's Next?

This week, the Obama administration is expected to release enrollment numbers for Obamacare. HHS Secretary Kathleen Sebelius is also due on Nov. 13 to respond to a subpoena by House Oversight and Government Reform Committee Chairman Darrell Issa, R-Calif., that requests documents related to the troubled launch of HealthCare.gov.

In the meantime, many GOP leaders, including 10 Republican senators last week, continue to call on President Obama to fire Sebelius because of the botched Healthcare.gov rollout

CMS last week disclosed that its CIO, Tony Trenkle, was leaving on Nov. 15 to take a position in the private sector. While CMS didn't publicly link Trenkle's departure to the Healthcare.gov mess, it seems clear that he was being held accountable.

But rather than arguing about who should get fired, the feds need to focus intensely on immediate fixes to Healthcare.gov and a redoubling of security efforts.

One way of doing this would be taking the site offline until all problems are fixed. On Nov. 8, the Center for Democracy & Technology, a consumer advocacy group, called for Healthcare.gov to be turned off until the security of the site is validated.

"HealthCare.gov should be shut down, the security flaws must be addressed and a permanent security certificate should be granted," wrote Christopher Rasmussen, a CDT policy analyst in a blog. "Nobody who applies for health insurance coverage should have to cross their fingers that the website is secure and that their privacy is being protected."

Clearly, building public trust in Healthcare.gov will be an uphill climb, whether or not the site is temporarily shuttered. So what do you think? Would shutting the site down prove helpful to efforts to bolster security? I'd like to hear from you. Use the space below to share your comments.



About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.