HealthCare.gov security problems escaped official's knowledge

Name: WORLD
Price range: $

WASHINGTON—One of the chief architects of Obamacare has acknowledged to House investigators that he didn't know the extent of security flaws with the federal government’s healthcare exchange website, HealthCare.gov, when it launched Oct. 1.

Henry Chao, the deputy chief information officer at the Centers for Medicare and Medicaid Services (CMS), said he was “surprised” and “disturbed” to learn of the issues during private testimony before the House Oversight and Government Reform Committee on Nov. 1.

House investigators showed Chao, who will appear before the same House panel in a public hearing on Wednesday, a Sept. 3 memo that outlined six security problems with the website, including two high-risk issues that were redacted from the document. Chao agreed one of the problems presents “significant risk to the system” and said he doesn't know if it has been corrected.

“I’m surprised,” Chao told the committee. “And I probably—with that knowledge, I would have at least acknowledged what those findings were in the risk assessment.”

Tony Trenkle, the CMS chief information officer, wrote the Sept. 3 memo, which said the website was only approved to launch if the issues were addressed.

On Sept. 27, Chao ordered the exchange to launch on schedule though he knew security testing was only partially finished. He said he didn't know of any problems at that time and should have been notified of the Sept. 3 memo detailing the security threats. Chao said he takes the security of the website very seriously, but he admitted the lines of communication on security issues may not have been working properly.

Rep. Darrell Issa, R-Calif., chairman of the House Oversight Committee, released the interview transcript late Monday.

The revelation comes as The Washington Post on Monday reported enrollments for the new healthcare exchange are woefully behind schedule after six weeks of operation. The Post cited sources with direct knowledge of the government's enrollment numbers—which will be officially released on Friday—saying 40,000 people have signed up for coverage through private insurers. If security problems persist, or even the threat of security problems, they could serve to chase away even more consumers than the faulty website and high prices already have.

Republicans have insisted the website is fraught with security problems, but Democrats argue Republicans are simply using scare tactics to turn public opinion against the healthcare law.