Officials Pressed on Security, Fraud Risks in Affordable Care Act Delays

Administration assures congress Obamacare technology will be ready for rollout

Rep. James Lankford / AP
• July 17, 2013 3:40 pm


Obama administration officials assured Congress on Wednesday morning that the technology undergirding Obamacare will be ready on time and will be secure from cyber attacks, although testimony and congressional questions revealed risks.

The hearing before a joint meeting of a subcommittee of the House Oversight and Government Reform Committee and a subcommittee of the House Homeland Security Committee also revealed some of the partisan tensions animating the debate over the law.

The IRS is overseeing much of the law’s implementation, as the subsidies for purchasing health insurance on the state insurance "exchanges" will be run through the tax code.

However, the official overseeing the IRS’ implementation of Obamacare was formerly in charge of the IRS’ tax exempt unit as it was inappropriately targeting conservative groups before the 2012 election—a point raised by Rep. Jim Jordan (R., Ohio) to the acting IRS commissioner Daniel Werfel.

"I know that moving forward in implementing this law you have a credibility issue," said Rep. Scott Desjarlais (R., Tenn.) in reference to the IRS targeting scandal that set off a political firestorm.

The administration’s incomplete implementation of Obamacare has ignited another partisan brawl over the past couple of weeks as the administration has delayed several key parts of the healthcare overhaul act.

The administration delayed the requirement that state exchanges verify the income and insurance status of those applying for health insurance subsidies, raising the concern among some experts that the system will be open to fraud.

Republicans from both the Senate and the House have called on President Barack Obama to delay more parts of the law.

The delays also raised the question of whether the technology facilitating the law will work and whether it will be secure from cyber attacks.

"The large amount of information sharing raises the risk of identity theft and other types of misuse," said Rep. James Lankford (R., Okla.), chairman of the oversight subcommittee. "This risk is even more pronounced since the Department of Health and Human Services has missed several of their own self-imposed deadlines."

Officials from the IRS and Health and Human Services (HHS) tried to assure the congressmen that the technology systems would be both operational and secure when the insurance exchanges go live on Oct. 1.

"The technology underlying this process has been tested and is secure," said Marilyn Tavenner, an administrator at the Center for Medicare and Medicaid Services (CMS), part of HHS.

The Government Accountability Office backed up Tavenner’s testimony, although they conceded that there could still be problems prior to the Oct. 1 deadline, when the exchanges are set to open.

"Certain factors, such as the still-unknown and evolving scope of the exchange activities CMS will be required to perform in each state, and the large numbers of activities remaining to be performed—some close to the start of enrollment—suggest a potential for implementation and challenges going forward," testified John Dicken, GAO’s director of the health care division.

Much of the discussion revolved around the so-called data hub, which will route information from federal agencies to the state exchanges.

"I believe that the hub has a bullseye on it, and the potential of it being hacked is great," Rep. Jackie Speier (D., Calif.) said.

Rep. Patrick Meehan (R., Pa.), chairman of the Homeland Security subcommittee, pressed Tavenner on how much she knows about the threat cyber attacks pose, ultimately forcing her to concede that she has never attended a briefing by the FBI or Department of Homeland Security—the two departments that deal with the issue.

Tavenner also faced questions on how HHS will verify that only eligible people will receive subsidies since the Obama administration waived the verification requirement. She insisted that those who lie about their income and insurance status would face legal repercussions, although Rep. Patrick McHenry (R., N.C.) was not convinced that there would be any viable enforcement mechanism.

"This is outrageous, this non-answer I was given," McHenry said after Tavenner pledged to get him information on their verification process after the hearing.

"The risk of fraud is high, and they know it," Lankford said after the hearing, noting that the system is susceptible to both intentional and unintentional fraud.