You choose, we deliver
If you are interested in this story, you might be interested in others from The Journal Gazette. Go to www.journalgazette.net/newsletter and pick the subjects you care most about. We'll deliver your customized daily news report at 3 a.m. Fort Wayne time, right to your email.

U.S.

Advertisement
Associated Press photos
Health and Human Services Secretary Kathleen Sebelius testifies Wednesday on Capitol Hill on the difficulties plaguing the health care website.

Top health official apologizes for website woes

Associated Press
Rep. Corey Gardner, R-Colo., questions Health and Human Services secretary Kathleen Sebelius during a House Energy and Commerce Committee.

– President Barack Obama’s embattled top health official declared herself accountable Wednesday for failures of the much-maligned health insurance website HealthCare.gov as a newly surfaced government memo pointed to security concerns that were laid out just days before its launch.

Despite the problems, Health and Human Services Secretary Kathleen Sebelius defended the health care overhaul, the signature legislative accomplishment of Obama’s first term. She said the website problems will be fixed by Nov. 30 and gaining health insurance will make a positive difference in the lives of millions of Americans.

The website was still experiencing outages, even as Sebelius was testifying to the House Energy and Commerce Committee that “I’m responsible.” And she faced a new range of questions about an internal memo from her department that revealed the troubled website was granted a temporary security certificate on Sept. 27, just four days before it went live on Oct. 1.

The memo, obtained by The Associated Press, said incomplete testing created uncertainties that posed a potentially high security risk for the website. It called for a six-month “mitigation” program, including ongoing monitoring and testing.

Republicans opposed to Obama’s health care law are calling for Sebelius to resign. She apologized to people having trouble signing up but told the committee that the technical issues that led to frozen screens and error messages are being cleared up on a daily basis.

Security issues raise major new concerns on top of the long list of technical problems the administration is grappling with.

“You accepted a risk on behalf of every user ... that put their personal financial information at risk,” Rep. Mike Rogers, R-Mich., told Sebelius, citing the memo. “Amazon would never do this. ProFlowers would never do this. Kayak would never do this. This is completely an unacceptable level of security.”

Sebelius countered that the system is secure, even though the site’s certificate, known in government parlance as an “authority to operate,” is of a temporary nature. A permanent certificate will be issued only when all security issues are addressed, she stressed.

Spokeswoman Joanne Peters added separately: “When consumers fill out their online ... applications, they can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure. Security testing happens on an ongoing basis using industry best practices.”

The security certificate is required under longstanding federal policy before any government computer system can process, store or transmit agency data. The temporary certificate was approved by Medicare chief Marilyn Tavenner, the senior HHS official closest to the rollout. No major security breaches have been reported.

The memo said, “From a security perspective, the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as a high risk for the (federal marketplace website).”

It recommended setting up a security team to address risks and conduct daily tests, and it said a full security test should be conducted within two to three months of the website going live.

A separate page stated that “the mitigation plan does not reduce the risk to the (website) itself going into operation on October 1, 2013. However, the added protections do reduce the risk to the overall Marketplace operations and will ensure that the ... system is completely tested within the next 6 months.”

That page was signed by three senior technical officials below Tavenner at the Centers for Medicare and Medicaid Services. All the officials deal with information security issues.

Sebelius’ statement about her ultimate accountability for problems with the sign-up rollout came as Rep. Marsha Blackburn, R-Tenn., peppered her with questions about the “debacle.”

“Hold me accountable for the debacle,” Sebelius responded. “I’m responsible.”

The HealthCare.gov website was intended to be the gateway to coverage for millions of uninsured Americans, as well as those who already buy their policies individually.

Many people in the latter group will have to get new insurance next year, because their policies do not meet the standards of the new law.

Throughout the 3 1/2 -hour hearing, Sebelius was respectful, often addressing lawmakers as “sir” or “congresswoman.” She kept her cool as some lawmakers repeatedly cut off her answers. But she did not shy a few times from tersely interjecting her views while a member was speaking.

Addressing consumers who have tangled with the confusing system, Sebelius added, “So let me say directly to these Americans, you deserve better. I apologize.”

She parried questions about problems with the website as well as a wave of cancellation notices hitting individuals and small businesses who buy their own insurance. Those notices are coming because many existing individual policies are too skimpy to meet the law’s requirements. The administration says consumers affected will be able to find better coverage.

Advertisement