Gross incompetence led to the problems with the federal health care exchange, the government deserves more blame than the contractors and no one should feel safe entering personal information on the site, according to a well-respected information technology expert.
The Obama administration is touting healthcare.gov as working fine for the “vast majority” of Americans, although there are still accounts of the site malfunctioning and many more stories emerging about information being transmitted inaccurately to insurance companies and the mechanism for customers to pay for their coverage still does not exist.
Reports are also emerging that data security is even worse than before on the site and some experts believe there’s no coherent security in place at all.
“Yeah, that’s pretty scary,” said Chris Witt, CEO of the respected IT firm Wake Technology Services, Inc.
“Since we are talking about patient health data, there’s already laws on the books, specifically HIPAA and HITECH, that regulate security and privacy of projected health information. So it’s a little surprising that they would even have these types of problems. If it was you or me that were doing this on a private basis, we’d probably be locked up because we’d be breaking all kinds of different laws,” said Witt.
“It seems like the folks who have done a little more of the security auditing did not find too much difficulty in breaking into the system and accessing users’ data,” he said.
But with the individual mandate looming and just days left for many to enroll if they want their coverage to start on January 1, should Americans roll the dice and go on healthcare.gov?
“Oh, I wouldn’t. No, not from what the experts have been saying. These people do not have an ax to grind. They have come in very apolitical and raised some very serious red flags. What’s even more problematic is more than one have stated that this is not a fixable problem in its current state, which would concern me greatly,” said Witt.
As for the problems at the “back end” of healthcare.gov such as patient information transfers and payment challenges, Witt says things are only getting worse.
“What we’ve only seen is the very superficial layer and that’s the people trying to access and put their data in and go through the process,” said Witt. “So we’ve got some front end superficial problems. We’ve got security issues, which you never want to understate, and you’ve got some back end interfacing or connectivity problems. So as they fix layers, it’s going to shine a light on layers further down or deeper into the application that are flawed.”
So how did this get so badly bungled? Witt says it appears there was very poor communication among the various project managers, but is skeptical that no one knew about all the problems before the site launched October 1.
“Throughout the process, it was surprising that certain things came to light after the website was rolled out. I find it hard to believe that was really the case,” he said.
He also believes the government did not delegate enough to the contractors. Witt cites congressional testimony from government contractors that strongly suggests they were not responsible for the testing.
“They probably did some levels of unit testing, some integrated testing but not complete end-to-end testing, which would also include load testing,” said Witt, referring to tests to see what kind of web traffic the site could handle before it crashed.
“It seemed like the government was supposed to be doing the load testing, so the contractor did all of their testing up to a certain point,” he said, noting that he would not normally expect to handle load testing and we would have already heard the administration cry foul if that work should have been done by the contractors.
So what is the lesson learned through the technical side of the exchange?
“There’s always a question of what’s the place of the government in large initiatives like this. The government’s not always in the best position to oversee and implement this type of technology solution. I think they would have been better off putting the complete implementation of it out to contract to a large, U.S.-based developer who could have done it in a much quicker timeline and that would meet all the requirements,” said Witt.
