The federal Obamacare website has been blasted for technical problems, but Republicans say an even bigger problem may be lurking inside the computer system — weak protections of private information.
Late Monday, the Obama administration, in an acknowledgment of the website’s problems, officially announced a six-week grace period for signing up for insurance, saying that those who have coverage by April 1 won’t have to pay the Obamacare tax penalty. The previous deadline was Feb. 15.
The White House signaled last week that it would need to make some allowances because of the problems with the federal website, which it now says won’t be fixed until the end of November.
Rep. Diane Black, Tennessee Republican, said Monday that the “incompetent” launch of healthcare.gov gives her little confidence that the system can protect Social Security numbers and other personal data turned over by those seeking to sign up for Obamacare.
“I have been warning about these problems from the beginning and, after watching this embarrassing rollout, am more concerned now than ever about the potential for cyberthreats and identity theft in Obamacare,” she said.
Ms. Black is a member of the Ways and Means Committee that is set to question Marilyn Tavenner, administrator of the Centers for Medicare and Medicaid Services (CMS), during an oversight hearing Tuesday about the program’s flawed rollout.
The hearing is likely to focus on what the administration knew about the website’s faulty performance in the run-up to its Oct. 1 launch.
But Republican lawmakers also worry that websites tied to the Affordable Care Act amount to a “hacker’s dream.”
“This White House has repeatedly misled the American people about every stage of the ACA rollout, so why would we believe them when they assure us our personal information is protected?” said Rep. Kevin Brady, Texas Republican and chairman of the Ways and Means Committee’s subcommittee on health. “I’m going to continue to demand truthful answers until we get them.”
Troubles with healthcare.gov continued Sunday with a network outage that hampered enrollments until the hosting company, Verizon Terremark, got its systems back online by Monday morning.
But the problems have forced the administration to tweak how it is enforcing the law.
In guidance issued late Monday, the Department of Health and Human Services said it wanted to make sure people could apply for insurance up until the end of March and still be in compliance. The department previously said that Americans would need to apply by Feb. 15 so they would be enrolled as of March 1.
“HHS has determined that it would be unfair to require individuals in this situation to make a payment,” the department said. “Accordingly, HHS is exercising its authority to establish an additional hardship exemption in order to provide relief for individuals in this situation.”
Despite all the hiccups, administration officials said cybersecurity issues have not been among the site’s well-documented problems.
“I’m not aware of any,” CMS spokeswoman Julie Bataille said on a conference call with reporters.
Sen. Orrin G. Hatch, Utah Republican and ranking member on the Senate Finance Committee, is dissatisfied with assurances from the Obama administration and has called for an independent review of privacy and security controls within the exchange system, his spokeswoman said.
Donald White, a spokesman for the HHS office of the inspector general, said the office is focusing its resources on an eligibility-verification mandate that came out of the recent deal to raise the debt limit and reopen the federal government. The language requires the agency’s inspector general to report by July 1 on the effectiveness of efforts aimed at “preventing the submission of inaccurate or fraudulent information by applicants for enrollment” on the exchanges.
Mr. White said there is no separate review of security protocols on the exchanges that he could “talk about right now,” but the office does plan to look into exchange-related issues — which could include security — in the coming months and will coordinate those efforts with the Government Accountability Office or any other oversight entities that examine Obamacare.
Democrats say Republican critics are more interested in scaring people than making the law work.
Rep. Frank Pallone Jr., New Jersey Democrat, accused rival party members on the Energy and Commerce Committee of holding a “monkey court” last week after a Texas Republican asked Obamacare contractors whether fine print within the website amounted to a violation of health information privacy laws.
The privacy waiver cannot be a violation, Mr. Pallone said, because no health data — besides whether or not the enrollee smokes — will flow through the system.
Ms. Bataille told reporters Monday that the federal exchange’s hub does not store personal information but instead serves as an “information router, so to speak.”
Republican outcry over Obamacare’s treatment of personal information is months in the making. The House voted in August to bar the Internal Revenue Service from carrying out the law, shortly after a Treasury inspector general report said the revenue agency used inappropriate criteria to vet political groups with names like “tea party” in their titles. The bill died in the Democrat-controlled Senate.
Now, Republicans say the disastrous start to a law they never liked anyway is cause for concern.
“These glitches have a reverberating effect,” said Sarah Swinehart, a Republican spokeswoman for the House Ways and Means Committee.