Sept 11 The data system supporting President
Barack Obama's healthcare reform has been tested and certified
as secure for millions of Americans who will seek health
coverage beginning on Oct. 1, meeting a critical deadline for
launching the program, the administration said on Wednesday.
Concerns over whether consumer information would be secure
in time were raised last month, when a government report said it
could take until Sept. 30 to sign off on the system's data
protections, leaving little room for error before Obamacare is
due to go live.
The Centers for Medicare & Medicaid Services (CMS), part of
the U.S. Department of Health and Human Services, said on
Wednesday that the federal data system used to determine
eligibility for government subsidies for this new healthcare was
ready to go.
The news came as a House of Representatives subcommittee on
cybersecurity held a hearing to discuss the system, called the
Hub. Republican lawmakers and panel witnesses raised questions
about the ability to secure the system ahead of the Oct 1
IT security is a concern because the health exchanges that
will sell insurance plans to individuals under the new program
need various federal agencies to communicate on sensitive
information about applicants, such as social security numbers,
through the Hub.
Stephen Parente, a finance professor at the University of
Minnesota who specializes in health insurance and health
information technology, told the House hearing that the Hub is
"the largest personal data integration government project in the
history of the republic."
"Greater transparency is needed, as well as a frank
acknowledgement that the (healthcare law's) posted deadlines
should take second place to reasonable data concerns," Parente,
a health policy adviser to Senator John McCain's failed 2008
presidential campaign, said in his testimony.
Last month, the HHS inspector general said in a report that
missed deadlines this summer had pushed back the critical
security testing. In particular, the date for CMS to certify
that the Hub met requirements for information technology
security was moved to Sept. 30 from Sept. 4.
Security requirements for the Hub, which is being built by
an outside contractor, include access controls and
authentication to help prevent hackers from viewing personal
information such as tax records.
CMS, which will be overseeing the health exchanges, said on
Wednesday in a statement that the IT-security authorization
occurred on Sept. 6.
"The completion of this testing confirms that the Hub
complies with federal standards and that HHS and CMS have
implemented the appropriate procedures and safeguards necessary
for the Hub to operate securely on October 1," CMS said.
The inspector general's office has not independently
verified CMS' progress since the office's August audit, Kay
Daly, assistant inspector general in the inspector general's
office, testified on Wednesday.
Representative Patrick Meehan, a Pennsylvania Republican who
chairs the subcommittee, was dubious of the agency's ability to
address all the security concerns.
"This is an agency who for three years failed to meet a
single deadline," Meehan said during the hearing. "The word
continues to be, 'Just trust us.'"