Skip to Content

Privacy & Data

Doctor’s Orders: Bed Rest for HealthCare.gov

Over the past month, Congressional hearings on the rollout of HealthCare.gov (the website for the federal health insurance exchange) have been filled with political finger pointing. The Republican House majority is calling for the resignation of HHS Secretary, Kathleen Sebelius, while the Democrats lay the blame for the botched rollout on GOP unwillingness to adequately fund the project. None of the political bickering is helpful and in fact it is getting in the way of finding a solution for the many problems facing the website. Of most concern to CDT are reports of security problems that threaten applicant privacy. In short, the website is sick and is in need of bed rest and significant recuperation.

The most visible problem with HealthCare.gov are the error messages that applicants see when they visit it. Although the Administration may view an inaccessible website as a mere public relations black eye, the fact that it is inaccessible undermines the credibility of the site’s operational readiness. Furthermore, the reports of security flaws in HealthCare.gov, including reports that an applicant’s eligibility letter may have been exposed to another applicant, are alarming. The Administration should take these reports seriously and respond in detail about its investigation and resolution of these issues. Claiming there are “no serious security issues” feels like just more empty rhetoric.

Most alarming of all is that HHS knew in the days before launch that incomplete testing of the HealthCare.gov website, “… posed a potentially high security risk for the website.” Despite this warning, the website was granted a questionable temporary security certificate (see question 28 on page 11 of its report) while implementing a six-month “mitigation program” that included ongoing monitoring and testing. The Administration plans to fix problems on the fly while Americans continue to be exposed on the high risk website.

The events of the past month have clearly shown that HealthCare.gov was not ready to go live on October 1st and is still not functioning as needed. Two Members of Congress have already called for HealthCare.gov to be shut down until its problems have been fixed. CDT agrees. HealthCare.gov should be shut down, the security flaws must be addressed and a permanent security certificate should be granted. Nobody who applies for health insurance coverage should have to cross their fingers that the website is secure and that their privacy is being protected. Only then will the American public have some degree of trust that they can safely apply for health care coverage. It’s time for tough medicine for HealthCare.gov.

Related Reading

Samir Jain Testimony for House Committee. White document on black background.

CDT VP of Policy Samir Jain Testimony Before U.S. House Energy & Commerce Committee on “Legislative Solutions to Protect Kids Online and Ensure Americans’ Data Privacy Rights”
The CDT logo. A light and dark grey "cdt" alongside "Center for Democracy & Technology" on a white background.

Deprecating third-party cookies: a small step towards a more private web
CDT brief, entitled "Unintended Consequences: Consumer Privacy Legislation and Schools." White and blue document on a grey background

Brief – Unintended Consequences: Consumer Privacy Legislation and Schools