The GAO identified weaknesses in the technical controls protecting the confidentiality, integrity, and availability of the marketplace. Specifically, the CMS had not consistently required or enforced strong password controls, adequately restricted access to the Internet, consistently implemented software patches, and properly configured an administrative network, its report said.
During the hearing, Tavenner reiterated that there is no evidence that hackers have been able to obtain personal information from the marketplace. Healthcare.gov regularly monitors for any attempts to inappropriately access information, she said.
“Consumers can shop with confidence knowing their information is safe,” Tavenner said.
The agency is continuing efforts to build the functionality required for auto-reenrolling those that received coverage on the federal marketplace and adding to the infrastructure to better support open enrollment, Tavenner testified.
The 700,000 enrollee loss from the initial count of 8 million the Obama administration said had obtained coverage via the state and federal exchanges came through normal churn, Tavenner said.
Reasons for individuals leaving the exchanges range from their obtaining employer-provided insurance to transitioning to Medicaid. The agency hopes to have a more specific picture at the end of this year, when it performs a lookback of enrollment trends during the first year the exchanges were operational.
Answering another question many have speculated on, Tavenner said the exchange has seen a 90% payment rate for premiums, meaning nine in 10 enrollees are paying for their insurance as required for coverage to take effect.
Follow Virgil Dickson on Twitter: @MHvdickson