Critiquing Insurance Exchange Fixes

Obama Outlines Strategy for Addressing Glitches
Critiquing Insurance Exchange Fixes

Now that the partial government shutdown is over, the Obama administration is calling in an army of experts to work out the technical issues that have plagued the HealthCare.gov website that supports most of the state health insurance exchanges under the Obamacare program.

See Also: OnDemand | Don't Be the Next Cyber Attack Headline! Using Microsegmentation to Achieve Zero Trust

But some technical experts question why the sites have had so many problems and point out the fix strategy raises questions about the seriousness of the issues to be resolved.

In remarks in the White House Rose Garden on Oct. 21, President Obama admitted that the experience of consumers shopping for health plans on the federally run site has been less than rosey.

"There's no sugarcoating it. The website has been too slow, people have been getting stuck during the application process. And I think it's fair to say that nobody is more frustrated by that than I am," Obama said. "And there's no excuse for the problems, and these problems are getting fixed."

An Oct. 20 blog posting by the Department of Health and Human Services noted: "Our team is bringing in some of the best and brightest from both inside and outside government to scrub in with the team and help improve HealthCare.gov."

In his statement, Obama explained: "Experts from some of America's top private-sector tech companies who, by the way, have seen things like this happen before, they want it to work. They're reaching out. They're offering to send help. We've had some of the best IT talent in the entire country join the team. And we're well into a 'tech surge' to fix the problem. And we are confident that we will get all the problems fixed."

No Quick Fix

One security expert thinks that it's more important that the administration get the problems fixed completely, rather than quickly. "I'm confident with the right expertise on the problem they will work out the issues and get things up and running properly," says Mac McMillan, CEO of security consulting firm CynergisTek. "I just don't think swift is doable, or necessarily the right focus. Getting it right should be the focus. Another false start could be really disastrous," he says.

McMillan also says that having technical glitches in the early days of new online marketplaces isn't unusual. But given the high profile of the Healthcare.gov site, some troubles should have been caught earlier, he adds. "These kind of issues are commonplace and not surprising. What's surprising is that they had plenty of time to design this, roll it out and test it thoroughly prior to go-live, and they apparently did not do that."

The fact that the administration is bringing in a tech surge "raises a lot of questions," says Kev Coleman, who is head of research and data at HealthPocket Inc., a technology and research firm that ranks health plans.

While HHS hasn't divulged many details about the technical issues going on with the federal site, bringing in an army of technical experts suggests that there could be software architectural problems, Coleman says, questioning just how serious those issues are. Serious coding problems, for example, might require that the Healthcare.gov site be temporarily shut down for fixes, in part to prevent security issues, he says. Experts will likely review code, debug it, and do performance testing to reveal the extent of the problems, he adds.

Online Marketplaces

The state health insurance exchanges are online marketplaces where consumers and small businesses can enroll in health plans. Sixteen states are operating their own exchanges, while 34 states are either partnering with the federal government or are having the federal government run their exchanges. Healthcare.gov is the federal website behind the federally facilitated insurance exchanges (see: Federal Data Hub Passes Security Testing).

In its blog, HHS says it's "putting in place tools and processes to aggressively monitor and identify parts of HealthCare.gov where individuals are encountering errors or having difficulty using the site, so we can prioritize and fix them. We are also defining new test processes to prevent new issues from cropping up as we improve the overall service and deploying fixes to the site during off-peak hours on a regular basis."

State-Run Sites

Some states, including those operating their own exchanges, have been smoothing out technical issues that caused slow consumer access in the first days of the Affordable Care Act open enrollment launch which started Oct. 1 (see: Insurance Exchanges: Work in Progress).

HealthPocket found that technical errors that were widely reported during the initial days of the health exchange websites were not prevalent later, during the period Oct. 11 through October 17, when it re-evaulated the websites.

As of Oct, 17, HealthPocket found "download times for individual web pages on the exchange sites were also satisfactory and averaged approximately one second per page. However, despite these commonalities among the exchanges, there was still a substantial disparity among the online health plan shopping experiences provided by the different exchanges," says analysis on the firm's site.

HealthPocket reported that overall, states using the federal government's Healthcare.gov technology for their exchanges "required nearly four times as many steps to produce a health plan comparison page" than those states that are running their own sites.

Exchange Security

Coleman says that so far, no state exchanges, including those operated by the federal government, have reported security or privacy breaches since going live. But Minnesota's MNsure exchange experienced a breach before its launch.

That incident involved a MNsure worker who inadvertently disclosed personal information on 2,400 brokers and agents in an unencrypted attachment e-mailed to two unauthorized individuals. The recipients of the e-mail were a private insurance broker and agent working together in the same office (see: Exchange Breach Triggers State Review).

"People need to understand that it's not just technology by also human beings involved in these exchanges," Coleman says. That makes the exchanges vulnerable to breaches caused by human error, he says.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.