Tipsheet

McConnell: Obamacare's Exchanges Threaten Private Data and Should be Delayed


The Senate Republican Leader offers a welcome addition to Rep. Diane Black's laudable legislative effort in the House on an especially toxic tentacle of Obamacare: Widespread data security vulnerabilities.  This law is already raising premiums, stripping people of their current coverage and doctors, adding to national deficits, and accelerating the doctor shortage spiral.  Now Americans must also fear whether their confidential financial and healthcare records will fall into the hands of identity thieves and other malicious actors.  Sen. Mitch McConnell expresses these concerns in a letter to the administration, dated today:

I write to express my deep concern about reports that the Centers for Medicare and Medicaid Services (CMS) has missed multiple deadlines for assuring the security of the Federal Services Data Hub.  Americans should not be forced to enter into exchanges when CMS is so ill-prepared to guarantee the protection of personal data and taxpayer resources from hackers and cyber criminals who would use this sensitive data for personal gain.  As you know, I oppose Obamacare and support its full repeal.  Yet in recent months, even some of the Administration’s closest allies have raised alarms about the potential implementation “train wreck” to come.  While I believe we ought to repeal this law and replace it with commonsense  reforms that lower cost, Americans ought to be assured, at an absolute minimum,  that their personal and financial data will be safe from data thieves.

HHS’ recent track record does not inspire much confidence.  Last week, the Office of the Inspector General reported that the CMS has missed multiple deadlines for testing, reporting, and remediating data security risks in the Federal Data Services Hub.  In fact, HHS does not expect a final Security Control Assessment (SCA) report from an independent testing organization until 10 days before the Hub is scheduled to begin operations, hardly enough time to fix any problems that may be identified.  Furthermore, the current schedule calls for CMS’s Chief Information Officer (CIO) to certify the Security Authorization Decision on September 30, 2013, the day before exchanges open.  Adding to these concerns are reports that CMS has signed a $1.2 billion contract with a company to receive, sort, and evaluate applications for financial assistance in the exchanges that include personal, sensitive data.  According to published reports, this particular company “has little experience with the Department of Health Human Services or the insurance marketplaces, known as exchanges, where individuals and small businesses are supposed to be able to shop for insurance.”


As McConnell notes, the administration has given itself zero margin for error by pushing data security certification off to the last possible minute.  The Obamacare squad has now: (a) scaled back the training regimen for the law's insufficiently-vetted "navigators" because their training is "barely off the ground" in many places, (b) dispensed with many of the eligibility verification mechanisms designed to ensure that enrollees only receive the taxpayer subsidies for which they actually qualify, and (c) wavered on the timing state exchange roll-outs, due to IT security bugs related to the law's so-called 'data hub.'  McClatchy reported last week:

The opening of the health insurance marketplaces in October – key to Obamacare – is in jeopardy because of looming questions about information security. The problem stems from tight deadlines that must be met to ensure the security of data moving through an information system that supports the marketplaces, sometimes referred to as exchanges, according to a new government watchdog report...The Obama administration had expected Tony Trenkle, the chief information officer for the Centers for Medicare and Medicaid Services, to decide Sept. 4 whether information routed through the hub was secure from hackers and identity thieves. But a new report by the inspector general for the Department of Health and Human Services says that decision now is expected Sept. 30, only a day before open enrollment on the marketplaces is scheduled to begin. Any further delays, the report said, mean the chief information officer may not have enough time to gauge the security of data transfers.


The GAO has been anticipating these snags for some time, and Oregon has already announced that its exchange will not be fully operational by the October 1 deadline.  Some Americans have already been victimized by fraudsters exploiting Obamacare uncertainty. The ranks of the defrauded could expand considerably in October and beyond if millions of citizens' sensitive information isn't properly protected, and if some of the "navigators" hurried into their new roles either make mistakes or harbor bad intentions.  Remember, experts already "expect bugs, errors and crashes."  Also recall that the administration has had more than three years to prepare for this moment, yet the implementation roll-out remains in a shambolic state.  MKH has a theory on why such glaring shortcomings still exist:

The liberal war cry through the pains of implementation has always been to refer to the two or three things people do like in the bill and then brush their shoulders off triumphantly. Problem is, they didn’t pass two or three things people liked and that they could reasonably handle implementing. They passed a gargantuan, systemic change to 1/6 of the economy, waited three years to bother even beginning to implement most of it to protect Obama’s reelection, ran into a Charlie Foxtrot of a situation of their own making, and then decided to tell Americans how much they’re benefitting from this Charlie Foxtrot. 

Yes, part of this 'Charlie Foxtrot' (look it up) is attributable to the fact that Team Obama's top priority for much of that span had little to do with working to ensure that the president's jarring re-engineering of Americans' healthcare system wouldn't harm said Americans.  That, and the fact that Obamacare's tower of regulatory dictates weren't made public until late last year, before which public sector administrators and private companies didn't know what would be asked of them.  But even if worst comes to worst, Americans can rest assured that Congress will see to it that they themselves will not suffer any adverse affects from the law they foisted upon an unwilling populace.  Speaking of which, Harry Reid has objected to Mitch McConnell's first attempt to force a vote to delay the unpopular individual mandate tax, which would level the playing field between big business and average people.  From Reid's vantage point, who cares if the law is unfair and screwy?  Obamacare's just a placeholder anyway.