The system, which has faced delays, received authorization to operate last Friday, according to the CMS, after a “security controls assessment” was completed Aug. 24. The green light comes after an HHS Office of Inspector General report released last month expressed concern over testing of the system, and found it troubling that the CMS had stated that stated security authorization for the hub would not come until Sept. 30, one day before the exchanges are to begin open enrollment.
The hub is designed to work seamlessly with IT systems from all 50 state exchanges, drawing information from the IRS, Department of Homeland Security and other federal sources. When individuals apply for coverage through their state's exchange, their personal information and annual income is transferred to the hub, which then is supposed to determine, in near real time, if they are eligible for coverage through the exchange, and if so, if they qualify for any premium subsidy and cost sharing subsidy.
One of the concerns with the hub has been over the security and confidentiality of personal information it would be handling, including individuals' Social Security numbers. But the CMS today sought to allay those fears.
“Marketplace systems will employ a continuous monitoring model that will utilize a sensors and active event monitoring to quickly identify and take action against irregular behavior and unauthorized system changes that could indicate a potential incident,” the CMS said in a fact sheet about the security of the hub. It added that the agency developed an enterprise information security program to protect consumer information.
Despite the CMS' assurances, some health IT experts worry that the system still will have kinks when it goes into operation, and some state exchanges may have difficulty in connecting to the hub.
“Our surveillance of the exchange landscape shows that while some states have completed basic testing with the hub, others are working through the final testing phases despite still being in the building stages of development,” Brett Graham, managing director of the Center for Exchange Excellence at Salt Lake City-based Leavitt Partners, which provides exchange expertise to a range of states, told members of the House Energy and Commerce Health subcommittee Tuesday. “Several states have expressed concern to us about using the federal data services hub and, where possible, are planning on using their own data sources for verification.”
He predicted that most exchanges “will experience a rocky enrollment period,” adding that “there will be technical issues that will impede a consumer's ability to enroll in a seamless and timely manner.”
But other contractors hired by the federal government and states to help build the hub and exchanges said at the same hearing that their work is on track. Michael Finkel, executive vice president for program delivery at Quality Software Services, which has written software code for the hub, told lawmakers that coding is complete, as is connecting the hub to other government agency computers to verify information and connecting to other insurers' data systems.
The hub will be the focus of discussion again this afternoon on Capitol Hill, as the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies holds a hearing on the security of the system.
Follow Jonathan Block on Twitter: @MHjblock