Consumer Advocate: Shut Obamacare SiteHe Says Shutdown for Security Fixes Would Build Trust
Shutting down the website until security is thoroughly tested is the key to "building back trust with consumers that the site is secure and they can apply there without having to worry about their security or privacy being compromised," says Rasmussen, a privacy expert at the Center for Democracy & Technology, in an interview with Information Security Media Group.
Regarding the Obama administration's promise that the "vast majority" of consumers will be able to successfully enroll on the site by end of November, Rasmussen says: "I'm not confident that all [the technical issues] are going to be addressed [by then] even if the site is shut down."
In Congressional hearings that delved into the HealthCare.gov technical problems, officials from the Department of Health and Human Services and technology vendors involved in the project have testified that end-to-end security testing of the integrated Healthcare.gov systems was not completed before the site went live on Oct. 1. That was due, in large part, to components of the overall system still being under development (see: IT Experts Answer Obamacare Questions).
In a Nov. 19 hearing of the House Energy and Commerce Committee's Oversight and Investigations subcommittee, Henry Chao, deputy CIO at HHS' Centers for Medicare and Medicaid Services, testified that 30 percent to 40 percent of back-end systems related to the federally facilitated marketplace, including payment systems linked to insurers, as well as accounting systems, are still being built. Those remaining components - which should be completed in December - are undergoing security testing, just as all other components of the HealthCare.gov site underwent security testing before going live on Oct. 1, Chao testified.
Rasmussen agrees with the assertion that political factors are playing a role in the intense scrutiny that the HealthCare.gov technical woes - including data security issues - are getting from Congress, with some Republicans overstating the problems, and some Democrats understating them.
"I think the Republicans might be a little more correct in saying there are legitimate problems with this website. But that's not to say politics is not deeply infused in these Congressional hearings; of course they are," he says.
"The independent security testers ... out there that have found these security flaws in the HealthCare.gov website's code. Obviously, they're not coming from a political perspective, and I think that's what's prompting ... Republicans to instigate these hearings."
In the interview, Rasmussen also discusses:
- The security and privacy issues of HealthCare.gov that trouble him the most;
- His assessment of how state-run health insurance exchanges are doing when it comes to privacy and security so far;
- How consumers can avoid becoming victims of the fake health insurance exchange websites and related e-mail phishing scams that have sprung up.
Rasmussen is a policy analyst at the Center for Democracy & Technology, a Washington-based, not-for-profit civil liberties organization. Previously, Rasmussen worked with the Department of Veterans Affairs' Veterans Health Administration, where he researched health data access and use policies from a privacy and security perspective and developed a common health data access policy.