Obamacare months behind testing IT security, navigator training “barely off the ground”
posted at 4:51 pm on August 7, 2013 by Mary Katharine Ham
One thing that has always distinguished Obamacare’s roll-out from state-level health care reforms and other large IT projects is that there appeared to be no plan for beta testing— a preliminary step during which a small number of users gain access to a new technology to help programmers work out bugs. Obamacare supporters argued the federal government had built exchange-like mechanisms before and would be prepared to build them again, but Obamacare is a much larger endeavor than anything built before, and must marry with myriad state and federal databases and technological systems to work as advertised.
Now, it seems sure that beta testing will be happening on launch day, in the particularly sensitive area of IT security:
The federal government is months behind in testing data security for the main pillar of Obamacare: allowing Americans to buy health insurance on state exchanges due to open by October 1
The missed deadlines have pushed the government’s decision on whether information technology security is up to snuff to exactly one day before that crucial date, the Department of Health and Human Services’ inspector general said in a report.
As a result, experts say, the exchanges might open with security flaws or, possibly but less likely, be delayed.
“They’ve removed their margin for error,” said Deven McGraw, director of the health privacy project at the non-profit Center for Democracy & Technology. “There is huge pressure to get (the exchanges) up and running on time, but if there is a security incident they are done. It would be a complete disaster from a PR viewpoint.”
Despite the possible threat of identity theft, the administration will likely push through with exchange launches because the PR hit from not launching would be greater than launching with a few suckers’ intimate financial and health information being stolen. A 2002 law requires that the federal “data hub” through which all the IRS income information, Social Security info, and health care exchange info runs be certified as secure through a three-step process, according to Reuters, but there’s also an allowance for administrators to deem the data hub, basically, “secure enough” — an option they’ll likely take for the reasons stated above.
“CMS,” concludes the inspector general’s report, “is working with very tight deadlines.”
The delays mean that the ruling by CMS’s chief information officer certifying the Obamacare IT system as secure will be pushed back from September 4 to September 30, a day before enrollment under the Patient Protection and Affordable Care Act, the law that established Obamacare, is supposed to start.
“Several critical tasks remain to be completed in a short period of time,” the report concluded.
Any additional delays could mean CMS would not have the information it needs to authorize use of the system by October 1, the inspector general found.
As for Obamacare’s navigators, who may be a risk for fraud and identity theft themselves, they’re having their training cut down:
Opening day for the new health-insurance marketplaces is two months away, but efforts to recruit and train workers to help people enroll are barely off the ground in many states. With time running short before enrollment kicks off Oct. 1, the Obama administration last week cut back on training requirements for these ‘navigators.’ Officials were concerned there might not be enough time to do more-extensive training before the health-insurance exchanges open … Three weeks ago, the administration said navigators would need up to 30 hours of training before they start, but it said last week that 20 hours would be sufficient.
So rather than maintaining some semblance of quality control, the administration has slashed by one-third the amount of training taxpayer-funded Obamacare ‘experts’ will receive before they’re “qualified” to walk ordinary Americans through the process of obtaining healthcare through the law’s exchanges. Yes, these are the same under-trained, under-vetted “navigators” that privacy experts worry will have too much unfettered access to reams of citizens’ confidential information. This alteration was necessitated by realities on the ground — from uncertainty surrounding whether the exchanges will be ready on time, to worries about technical “glitches” and “crashes,” to the fact that Obamacare worker training is “barely off the ground in many states.” To avoid another political embarrassment, Team Obama is cutting corners with your healthcare.
This makes three major security concerns with Obamacare the administration has decided to mostly ignore instead of taking the time and effort to ensure consumer safety. First, they dropped any pretense at verification of income, thereby allowing anyone to claim subsidies no matter what their income or whether they’d been offered health insurance elsewhere. Second, we have a security system that will admittedly get no substantial test run, and can’t even hope to finish a security certification process required by law until the day before the exchanges launch. And, third, they’re cutting corners on vetting and training the very people who are supposed to walk Americans and their sensitive data through the insecure process.
This is basic stuff. If this were a private business, everyone would be reporting them to the Consumer Financial Protection Bureau, and with good reason.