A Government Accountability Office report that revealed HealthCare.gov lacks the ability to verify user information is drawing both support and criticism.
GAO officials posed as phony applicants for coverage on HealthCare.gov and were able to get subsidies two years in a row, even though they provided fake information.
The findings raise questions about whether HealthCare.gov is able to detect fraud, according to the GAO. One Republican lawmaker wasted no time in questioning the success of the Affordable Care Act.
The Senate Finance Committee will host a hearing Thursday to discuss the findings.
"Not only does this negligence enhance the likelihood for abuse of taxpayer dollars, but it also calls into question the legitimacy of the health law's enrollment numbers and challenges the integrity of the website's security checks," Finance Committee Chairman Orrin Hatch (R-Utah) said in a statement.
While concerned, GAO ultimately questioned how widespread the problems were with the site. "GAO's undercover testing, while illustrative, cannot be generalized to the population of all applicants or enrollees," the agency said.
There were mixed reactions to the agency's analysis.
“Big new programs, especially those with many moving parts, often experience problems early on,” said Elena Marks, a health policy scholar at the Baker Institute for Public Policy at Rice University. “The roll-out of Medicare Part D was bumpy but over time the program improved and is now well-regarded.”
“Given the scope of the undertaking, the abbreviated timelines, and the limited resources, it is not surprising that there are some holes in the system,” said David Harlow, principal of The Harlow Group, a healthcare law and consulting firm in Boston.
Others were not as understanding.
“It is hard to believe that our government is so inept at implementing basic quality-control procedures,” said Larry Ponemon, chairman and founder of the Ponemon Institute, a research organization dedicated to cybersecurity, data protection and privacy. “A commercial organization would last one nanosecond if it operated at this level of incompetence.”
"Once again these findings highlight the fact that insufficient controls have been built into the program. I am afraid that this is just another indicator that HealthCare.gov is flawed and that the administration has failed to implement the appropriate safeguards to protect sensitive data and prevent misuse," said Michael Gregg, chief operating officer of IT security firm Superior Solutions.
A CMS official did not immediately respond to a request for comment, nor will the agency have an official present as a witness at Thursday's hearing. “I hadn't heard of anybody from HHS or CMS being invited,” Taylor Harvey, a spokesman at the Senate Finance Committee, said.