HealthCare.gov: Rebuilding TrustTechnical Fixes Must Address Security
The HealthCare.gov website launch, as even President Obama admits, has been a disaster so far. But the fiasco has been made worse by the heavy political baggage the Obamacare site carries.
See Also: How to Use Risk Scoring to Propel Your Risk-Based Vulnerability Management Program Forward
In the private sector, when big IT projects stumble, companies can quietly push deadlines and get more time to smooth out wrinkles before going live. People on the outside often never even know about it.
Nobody who applies for health insurance coverage should have to cross their fingers that the website is secure and that their privacy is being protected.
But Healthcare.gov was sitting on a time bomb. The rush to go live - even if the site wasn't ready for prime time - was, in large part, due to the reluctance of the Obama administration to miss the Oct. 1 launch target in light of longstanding GOP efforts to pull the plug on the entire Affordable Care Act.
During a Nov. 8 briefing with reporters, former Office of Management and Budget official Jeff Zients - who President Obama brought in as an unpaid consultant to lead a "tech surge" to fix Healthcare.gov's problems - admitted "the complexity of the system coupled with the compressed timeline" was the overall underlying issue causing the site's problems.
The total IT spend on the project so far has been $630 million, including contracts and services, a Centers for Medicare and Medicaid spokeswoman says. In light of that hefty price tag, Americans expect the website to be running smoothly. But the technical problems on the site, unfortunately, are making it difficult, if not impossible, for many consumers to sign up for health insurance.
Federal officials promise that the site's many technical glitches will be fixed by the end of November. Last week, the CMS spokeswoman told reporters during a briefing that Quality Software Solutions Inc., the contractor overseeing technology mitigation efforts, has implemented a new protocol for subject matter and technology experts to work together to more quickly identify problems and fixes. Hopefully, that will help the Department of Health and Human Services to achieve its goal of enabling the vast majority of interested consumers to enroll in time for their insurance coverage to start early next year.
CMS also says the security of the site's systems - and the data collected from consumers - is also a "top priority," with a team also addressing that. A glitch that allowed a North Carolina consumer to access personal information of a South Carolina man was "immediately" fixed once the problem was reported, CMS officials said last week. Still, the incident raised more concerns.
Building the public's trust is essential to the success of Obamacare. Given the difficulties so many consumers have had in using HealthCare.gov, it's understandable that many Americans may also question the security of the site.
With so many people unable to sign up for healthcare coverage on the website - and perhaps unwilling to come back anytime soon for another try - the Obama administration is at risk of enrollment figures coming up far short of its goals.
But it's important to keep in mind that some insurance exchanges run independently by states, including the exchange in Washington state, are having much better success. And perhaps the feds can learn some lessons from these efforts
Washington Health Benefit Exchange CIO Curt Kwak stresses that quality checks played an important role in the success of Washington's exchange. "We used quality assurance and internal verification to make sure each step of the way was validated," he says. "We didn't take any short cuts, we were disciplined and stuck with the plan and executed on that plan." (See: State Insurance Exchange: Why It Works.)
Clearly the tech experts trying to fix HealthCare.gov need a similar commitment to quality assurance every step of the way.
This week, the Obama administration is expected to release enrollment numbers for Obamacare. HHS Secretary Kathleen Sebelius is also due on Nov. 13 to respond to a subpoena by House Oversight and Government Reform Committee Chairman Darrell Issa, R-Calif., that requests documents related to the troubled launch of HealthCare.gov.
In the meantime, many GOP leaders, including 10 Republican senators last week, continue to call on President Obama to fire Sebelius because of the botched Healthcare.gov rollout
CMS last week disclosed that its CIO, Tony Trenkle, was leaving on Nov. 15 to take a position in the private sector. While CMS didn't publicly link Trenkle's departure to the Healthcare.gov mess, it seems clear that he was being held accountable.
But rather than arguing about who should get fired, the feds need to focus intensely on immediate fixes to Healthcare.gov and a redoubling of security efforts.
One way of doing this would be taking the site offline until all problems are fixed. On Nov. 8, the Center for Democracy & Technology, a consumer advocacy group, called for Healthcare.gov to be turned off until the security of the site is validated.
"HealthCare.gov should be shut down, the security flaws must be addressed and a permanent security certificate should be granted," wrote Christopher Rasmussen, a CDT policy analyst in a blog. "Nobody who applies for health insurance coverage should have to cross their fingers that the website is secure and that their privacy is being protected."
Clearly, building public trust in Healthcare.gov will be an uphill climb, whether or not the site is temporarily shuttered. So what do you think? Would shutting the site down prove helpful to efforts to bolster security? I'd like to hear from you. Use the space below to share your comments.