Congressmen raised strong doubts about the security of the infrastructure undergirding the Obamacare exchanges in interviews with the Washington Free Beacon on Monday, undermining the administration’s claims that Obamacare is secure and will be ready to go on schedule.
The administration’s claim that the "data hub" is secure, for example, has not been independently verified, leaving Congress and the public reliant only on the administration’s word for updates on the law’s status and security. The data hub will route personal identifying information from several federal agencies to the state-based exchanges.
The congressmen’s complaints come as the exchanges are set to open in one week, on Oct.1.
"All we have are the statements that they’re ready," said Rep. Patrick Meehan (R., Pa.), chairman of the House Homeland Security Committee’s Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.
"At the end of the day, HHS really feels like everything is going to be fine," said Rep. James Lankford (R., Okla.), chairman of the House Oversight Committee’s health care subcommittee, referencing the Department of Health and Human Services, which is implementing much of the law.
Meehan emphasized the high risk of cyber attacks on the data hub.
"There’s no evidence that this system has been constructed to be completely safe against those kinds of attacks when you know that this will be identified as one of the greatest collections of private information," Meehan said.
When asked if he has seen any verification that the data hub has indeed passed security tests and is ready to go, Meehan was skeptical.
"It’s all internal, and it’s not checked by the inspector general or by anybody else," he said.
The administration launched a campaign last week to assure consumers that their information will be safe on the exchange, with several top officials meeting at the White House on Wednesday to strategize. HHS did not return a request to comment on the current status of the law’s security measures and testing.
Some congressmen are skeptical of the administration’s assurances, given their history of implementing the law.
"They missed 41 of the 82 deadlines for the implementation of Obamacare" by mid-summer, said Rep. Diane Black (R., Tenn.), an outspoken critic of the law’s security.
The administration has also delayed the requirement that those applying for subsidies to help buy insurance be checked to assure their eligibility, said Black, opening up the subsidy system to the risk of fraud and waste.
Additional risks lie at the state and local level, the congressmen said.
The states that are creating their own exchanges such as California and Connecticut will have to create their own portal into the federal data hub. The federal government is not verifying that each of these different access points fulfills security requirements. They are instead simply relying on each state to assure that they are following the regulations, Meehan said.
Other risks exist with the number of entrances into the system, Lankford said.
"I don’t feel like there are good parameters to protect" the gateways, Lankford said. Each navigator, who will help people sign up for insurance on the exchanges, will have only 20 hours of training on the Internet, said Black, not giving the government very much oversight and control. Additionally, many navigators will not have to go through a background check, Meehan said, although some states are requiring them.
Both Meehan and Black mentioned a security breach in Minnesota where the personal information of 2,400 people was accidentally emailed out.
"It demonstrates the potential for human errors in other things," Meehan said.