From: Nextgov
By Aliya Sternstein
Inspectors have declined to review draft and final security plans for health insurance online marketplaces set to launch Oct. 1.
Due to limited means, Health and Human Services Department internal watchdogs do not intend to examine key security designs they did not have a chance to assess during a recent audit of Obamacare’s online insurance network, a federal investigator told Nextgov.
At a Wednesday House hearing, lawmakers and the former Social Security Administration commissioner blasted the HHS inspector general for failing to probe the system’s vulnerability to hacking. The so-called hub, which opens Oct. 1, will transmit personal information to and from various agency databases when a patient visits a government website, called an “exchange,” to sign up for insurance coverage.
“We’ve got to cut off our work at a certain point,” HHS assistant inspector general Kay Daly said during an interview on Friday. A system security plan and risk assessment completed July 16 did not make it into the Aug. 2 audit, because their inspection ended on July 1, she said.
“We don’t have any plans to look at those at this time. We are still trying to figure out what’s the best use of our resources, given all the various risks associated with this project and many others,” Daly added.
Former SSA Commissioner Michael Astrue, who observed the hub’s construction until his term ended in January, chided the inspector general at the hearing for overlooking existing draft security plans.
Daly on Friday said, “We did not view it to be really essential for us to review a draft plan because it was still subject to change.” Centers for Medicare and Medicaid Services, the entity responsible for protecting Obamacare records, did not withhold the material, she said.
The hub was constructed to retrieve, from separate government databases, enrollee information requested by consumers, regulators, insurers and marketplace staff. The information technology could become the target of criminals attempting to steal personal data from the multiple databases, as well as anti-Obamacare hacktivists determined to disrupt health care reforms, health IT specialists say.
Leave a Reply