Centers for Medicare and Medicaid Services initially refused to cooperate with the Government Accountability Office to address security concerns surrounding the implementation of Healthcare.gov, according to testimony at a House Oversight Committee hearing Thursday.
CMS Administrator Marilyn Tavenner testified before the House Oversight Committee on the current security status of Healthcare.gov and addressed accusations that the administration attempted to cover up the website’s initial failings. Gregory Wilshusen, the director of information security issues at the GAO, and Ann Barron-DeiCamillo, the director of U.S. computer emergency readiness team, also testified.
Republicans and Wilshusen, who conducted the GAO’s recent report, contended that security flaws continue to surround the website, and that CMS, the agency responsible for running Healthcare.gov, has failed to be transparent as they evaluate website failings.
"Generally we do receive good cooperation with agencies that we audit as it relates to receiving information. In this case, initially there were delays in providing certain documents that we requested. In addition, there were certain restrictions on some of the documents," Whilshusen told the committee.
"I think they indicated that they were concerned about the security," Whilshusen added. "In my opinion they should’ve provided [the documents]" when the first requests were made.
According to House Republicans, the administration has similarly withheld information pertinent to the congressional investigations into the nearly billion dollar website.
The report that was issued by Chairman Darrell Issa (R., Calif.) on Wednesday alleged that "the administration has repeatedly attempted to obstruct congressional investigation of the launch of Healthcare.gov," and that a significant component of the problems in the rollout can be tied to a "lack of transparency and collaboration within [the administration’s] own agencies."
Tavenner was asked about the finding that she violated federal record keeping laws by deleting emails and "instruct[ing] subordinates to do so as well."
According to the report, Tavenner forwarded an email in October 2013 "from Jeanne Lambrew, a key White House adviser, about call center workers giving callers incorrect information." In that email, Tavenner wrote, "Please delete this email—but please see if we can work on call script [redacted]."
When asked about the email, Tavenner confirmed that she sent the email, but appeared to dismiss suggestions that it was improper.
"This email is from me, yes sir, that’s accurate," Tavenner said. "I think that I asked that she delete this email because it involved sensitive information regarding the president’s schedule and I think that’s actually the area that’s redacted, but no it’s not normally my custom to ask [that emails be deleted]."
Issa rebuffed the response asking, "Why would the president’s schedule after the fact have any relevance to be needed to be deleted? I hear you, but the president’s schedule is very public in real time—in a very short period of time."
Issa requested that an unredacted version of the email be seen by the GAO to ensure it is consistent with "what we’re hearing," but he did not back away from the original suggestion that deletion violates federal law.