In contrast, states such as California and Kentucky launched exchanges that, while hardly problem-free at the start, began functioning effectively in the first week, enabling thousands of residents to apply and enroll in a health plan. These states first allow individuals to log onto their sites anonymously, enter basic information such as their family size, income and residence location, and then watch as the software calculates whether they are eligible for enrollment in Medicaid coverage or for federally subsidized private coverage under the Patient Protection and Affordable Care Act.
Customers are then able to shop for coverage that fits their needs and budgets. Only then do the sites take the potential enrollee to the federal data hub that requires them to provide personally identifiable information. That information enables the federal hub to verify income with the Internal Revenue Service and legal residency status with the Department of Homeland Security, among other checks.
Under the federal site configuration, the more robust and secure eligibility checking functions—which require HIPAA-level privacy and security protections—were initially performed upfront, before visitors were allowed to shop around and compare plans. The privacy and security at that early point—and the massive scale of the traffic—was the source of trouble, according to several experts.
All businesses that offer Web-based services make judgments on how secure they want their customer transactions to be, said Aneesh Chopra, President Barack Obama's first White House chief technology officer and a senior fellow at the Center for American Progress.
“What HHS chose to do was err on the side of more security,” Chopra said. “So validation took more (computing resources). That step was engineered to handle about 60,000 accounts at the same time. But (they got) nearly four to five times more volume. To correct this, they have to make both software and hardware adjustments. That's why it's taking weeks, not days, to fix.”
Part of the security fixation was politically driven, given widespread concern about privacy and security protections on the exchange, said John Kelly, principal business adviser at Edifecs, Bellevue, Wash., a claims-management services provider. “I suspect it wasn't a choice to make things that secure. But if they made a decision to only scale to 60,000 concurrent accounts and didn't anticipate on the first day they could hit four or five times that number, that's a pretty critical error in judgment.”
Nevertheless, Kelly said the insurers his company serves now are receiving thousands of electronic insurance applications a week from the federal exchange, indicating that consumers are now having more success enrolling.
States that allowed people to browse before the high-powered federal security requirements kicked in are doing “much better,” said Stanley Nachimson, a consultant on healthcare claims technology. He said it was questionable as to why the batting order of functions was set up the way it was. But in hindsight, it was “a poor business decision” to launch the site on Oct. 1 without adequate testing.
HHS, in a prepared statement Friday, said the HealthCare.gov site handled 17 million unique visitors in the first two weeks and is improving, though it did not disclose the number of registered applicants.
“We are seeing progress: Wait times to begin the online process have been virtually eliminated, and more consumers are creating accounts, completing applications and ultimately enrolling in coverage if they choose to do so at this time,” HHS said. “We are continuing to add more server capacity, and are implementing hardware and software changes that make the system more efficient and enable it to handle higher volumes. We have a team of experts working 24/7.”
Covered California, that state's exchange, has been relatively successful, though not without glitches. It used CGI Federal as a subcontractor to Accenture, the prime contractor. Covered California has had 1.5 million unique visitors and more than 94,000 applications in its first two weeks of operation, said Anthony Wright, executive director at Health Access California, a consumer advocacy coalition.
The California exchange went live with both online shopping and a calculator to determine subsidies before the Oct. 1 federal start date. On Oct. 1, it connected to the federal hub for identity proofing, income verification and subsidy eligibility checking. Because not all online functions were ready by the start date, California “triaged” its program, Wright said. For now, final applications for insurance coverage are processed by mail. A fully electronic enrollment system is expected by year's end, he said.
Kentucky's Kynect exchange, considered one of the most successful state-run exchanges, also used CGI Federal software. Chris Clark, technology program manager for Kynect, said Deloitte, its prime contractor, has done an “excellent” job and CGI has been “great.”
Follow Joseph Conn on Twitter: @MHJConn