The HealthCare.gov contracting process hampered finding the best contractors to create the site, according to a new report from HHS' Office of Inspector General. Those findings raise concerns about long-term data security on the site, some experts said.
“The complexity and significance of the federal marketplace underscored the need for CMS to have the opportunity to select the most qualified contractors,” the report said. “CMS' procurement decisions may have limited its choices for selecting federal marketplace contractors.”
The CMS did not adequately plan for awarding contracts nor develop a contractor acquisition strategy for the site, the report noted.
In addition, the CMS in some cases did not perform thorough reviews of contractors' past performance, the report said.
Of the 60 federal marketplace contracts awarded from April 2010 through January 2014, only five were given to contractors the agency had not worked with in the past. Collectively, the federal marketplace contracts are worth more than $1 billion. As of February 2014, the government had committed to paying $800 million of that amount.
“CMS didn't wait for the IG report to make changes. It has already implemented acquisition reforms that eclipse the recommendations in the report, including ending the CGI Marketplace contract and moving to a new type of contract with Accenture that rewards performance,” said Meaghan Smith, an HHS spokeswoman. “Our goal is to limit costs, to continue to identify areas where we can improve, and to be accountable for our progress.”
OIG's flagging of inadequate contracting practices raises security concerns for some cybersecurity experts.
“There is a real chance that we have been left with systems that are not the best possible solution or may have potential vulnerabilities,” said Michael Gregg, chief operating officer of IT security firm Superior Solutions. Gregg has testified on the Hill about his concerns for the security of data housed by the marketplace.
“It is critical for CMS to practice due diligence going forward and to take the time to properly assess that all contracts have proper oversight-review requirements to prevent fraud,” Gregg said.
Despite the numerous issues outlined, some experts defended CMS' contracting procedures. Many of the deficiencies outlined by the OIG were likely the result of intense political pressure to get contracts awarded as quickly as possible, they contended.
Since the Patient Protection and Affordable Care Act was passed at a time when Democrats were in the majority in both the House and Senate, its likely there was a big push from the Hill to get contracts awarded before the majority was lost and that pressure may have hindered procurement staff's ability to adhere to contracting procedures, according to Geoff Orazem, founder of Virginia-based Eastern Foundry, an incubator for companies aiming to be government contractors.
Others agreed.
“There was political pressure from people who don't understand the acquisition process,” said Larry Allen, president of Allen Federal Business Partners, a consulting firm for government contractors. “It's no surprise that the OIG would find that corners were cut.”
The tight timeline to put ACA rulemakings in place and get a site up was no doubt the cause of some of the rollout woes the marketplace experienced last fall, some said.
“They realized it was having IT problems but rushed it out anyway,” said Russell Branzell, CEO of the College of Healthcare Information Management Executives. “Had it been more of a standard contracting process, there would have been more development and quality testing”
The OIG suggested that the CMS should assess whether to assign a lead systems integrator for complex IT projects involving multiple contractors.
“I do think it's the best way forward as they and other government agencies don't have the internal capability to do proper management on a day-to-day basis, not only in terms of bandwidth but also in terms of experience,” Allen said.
This alleged shallow bench is the result of difficult financial times in the 1990s and early 2000s that resulted in many acquisition officers leaving the federal government, Allen said. Often, new procurement officers haven't had the same amount of experience as those they replaced, he said.
Follow Virgil Dickson on Twitter: @MHvdickson