Reform Update: CMS says recent HealthCare.gov security issues 'fixed'

A top CMS official told congressional staffers Tuesday that the federal insurance exchange website has had two high-level security vulnerabilities since it was launched in October, including one this week. But the CMS said one issue proved to be false and that it has fixed the other problem.

Teresa Fryer, the CMS' chief information security officer, met with the majority and minority staff members of the House Oversight and Government Reform Committee, which released a transcript of the Dec. 17 interview (PDF). In it, Fryer said that two “high findings”—the highest level of security vulnerabilities—were identified since open enrollment began, including one in November and one this week.

Fryer said she recommended to Tony Trenkle—the technology leader at CMS during the HealthCare.gov launch—a that an “authority to operate” be denied because of high-risk security concerns before the site went live. Trenkle stepped down from his position in early November.

Staff members asked Fryer if she made that recommendation to Trenkle in person.

“Yes, and it was during the security testing when the issues were coming up about the availability of the system, about the testing in different environments,” Fryer said, according to the transcript (PDF). “I had discussions with him on this and told him that my evaluation of this was a high risk.”

The CMS released a statement on the security of HealthCare.gov, saying the components are compliant with the Federal Information Security Management Act. The agency also commented on the high findings.

“In one case, what was initially flagged as a high finding was proven to be false,” the statement said. “In the other case, we identified a piece of software code that needed to be fixed and that fix is now in place. Since that time, the feature has been fully mitigated and verified by an independent security assessment, per standard practice.”

Rep. Diane Black (R-Tenn.), a critic of the healthcare reform law and its security features, released a statement that the law should be “stopped in its entirety.” Until then, she added, the Obama administration should notify consumers if the personal information they entered is at risk. That's why she said she introduced legislation that would require the federal government to notify those whose personal information has been compromised on the federal exchange.

A December tracking poll (PDF) from the Kaiser Family Foundation found that 34% of the American public holds a favorable view of the Patient Protection and Affordable Care Act, while 48% hold an unfavorable view. The remaining 18% said they either don't know or refused to answer. Those views remain the same from a November poll, although the December survey found a 13 percentage point increase in support of the law among Democrats.

Meanwhile, a New York Times/CBS News poll released this week found that 53% of the uninsured disapprove of the law, compared with 51% of those who have coverage. The poll found widespread lack of information about the law even at this point.

Even so, nearly six in 10 uninsured said having insurance would help them improve their own health, and 56% said they were more likely than not to get insurance by March 31, with 35% saying they were more likely to pay the tax penalty for not obtaining coverage.

Most respondents, both insured and uninsured, said that it hurts the country when individuals do not have health insurance. In addition, 64% of the uninsured and 54% of the general public said providing access to affordable coverage for all Americans was the responsibility of the federal government.

The New York Times/CBS poll found also found that 55% of the general public disapproves of how the president is handling healthcare, while 73% disapprove of how congressional Republicans are handling the issue.

Sens. Chuck Grassley (R-Iowa), Jay Rockefeller (D-W.V.) and Tom Carper (D-Del.) announced this week they will look for ways to advance their bipartisan proposal that would provide coverage of intensive behavioral therapy for obesity—as well as the coordination of programs to prevent and treat obesity—in the Medicare and Medicaid programs. The three senators had sponsored an amendment to the Senate Finance Committee's permanent sustainable growth-rate repeal bill, but the amendment was withdrawn. The proposal would establish diabetes-prevention program services for eligible diabetes prevention program participants and also broaden coverage of prescription drugs for weight-loss management under Medicaid and Medicare Part D.

Actress Glenn Close was on Capitol Hill this week to champion the Excellence in Mental Health Act from Sens. Debbie Stabenow (D-Mich.) and Roy Blunt (R-Mo.). The bipartisan legislation is intended to improve quality and expand access to mental healthcare through community mental health providers and was approved as an amendment last week in the Senate Finance Committee's bill to repeal Medicare's SGR formula. Close joined Stabenow, Blunt and other behavioral healthcare advocates for a news briefing in the Capitol this week to lend her support to the legislation. Close founded the organization Bring Change 2 Mind, which works to end the stigma and discrimination against those with mental illness.

Follow Jessica Zigmond on Twitter: @MHjzigmond