The Senate Republican Leader offers a welcome addition to Rep. Diane Black's laudable legislative effort in the House on an especially toxic tentacle of Obamacare: Widespread data security vulnerabilities. This law is already raising premiums, stripping people of their current coverage and doctors, adding to national deficits, and accelerating the doctor shortage spiral. Now Americans must also fear whether their confidential financial and healthcare records will fall into the hands of identity thieves and other malicious actors. Sen. Mitch McConnell expresses these concerns in a letter to the administration, dated today:
I write to express my deep concern about reports that the Centers for Medicare and Medicaid Services (CMS) has missed multiple deadlines for assuring the security of the Federal Services Data Hub. Americans should not be forced to enter into exchanges when CMS is so ill-prepared to guarantee the protection of personal data and taxpayer resources from hackers and cyber criminals who would use this sensitive data for personal gain. As you know, I oppose Obamacare and support its full repeal. Yet in recent months, even some of the Administration’s closest allies have raised alarms about the potential implementation “train wreck” to come. While I believe we ought to repeal this law and replace it with commonsense reforms that lower cost, Americans ought to be assured, at an absolute minimum, that their personal and financial data will be safe from data thieves.
HHS’ recent track record does not inspire much confidence. Last week, the Office of the Inspector General reported that the CMS has missed multiple deadlines for testing, reporting, and remediating data security risks in the Federal Data Services Hub. In fact, HHS does not expect a final Security Control Assessment (SCA) report from an independent testing organization until 10 days before the Hub is scheduled to begin operations, hardly enough time to fix any problems that may be identified. Furthermore, the current schedule calls for CMS’s Chief Information Officer (CIO) to certify the Security Authorization Decision on September 30, 2013, the day before exchanges open. Adding to these concerns are reports that CMS has signed a $1.2 billion contract with a company to receive, sort, and evaluate applications for financial assistance in the exchanges that include personal, sensitive data. According to published reports, this particular company “has little experience with the Department of Health Human Services or the insurance marketplaces, known as exchanges, where individuals and small businesses are supposed to be able to shop for insurance.”
As McConnell notes, the administration has given itself zero margin for error by pushing data security certification off to the last possible minute. The Obamacare squad has now: (a) scaled back the training regimen for the law's insufficiently-vetted "navigators" because their training is "barely off the ground" in many places, (b) dispensed with many of the eligibility verification mechanisms designed to ensure that enrollees only receive the taxpayer subsidies for which they actually qualify, and (c) wavered on the timing state exchange roll-outs, due to IT security bugs related to the law's so-called 'data hub.' McClatchy reported last week:
The opening of the health insurance marketplaces in October – key to Obamacare – is in jeopardy because of looming questions about information security. The problem stems from tight deadlines that must be met to ensure the security of data moving through an information system that supports the marketplaces, sometimes referred to as exchanges, according to a new government watchdog report...The Obama administration had expected Tony Trenkle, the chief information officer for the Centers for Medicare and Medicaid Services, to decide Sept. 4 whether information routed through the hub was secure from hackers and identity thieves. But a new report by the inspector general for the Department of Health and Human Services says that decision now is expected Sept. 30, only a day before open enrollment on the marketplaces is scheduled to begin. Any further delays, the report said, mean the chief information officer may not have enough time to gauge the security of data transfers.
The liberal war cry through the pains of implementation has always been to refer to the two or three things people do like in the bill and then brush their shoulders off triumphantly. Problem is, they didn’t pass two or three things people liked and that they could reasonably handle implementing. They passed a gargantuan, systemic change to 1/6 of the economy, waited three years to bother even beginning to implement most of it to protect Obama’s reelection, ran into a Charlie Foxtrot of a situation of their own making, and then decided to tell Americans how much they’re benefitting from this Charlie Foxtrot.