ACA Computer Hub Completes Security Tests

A computer system underpinning the U.S. health care overhaul has completed security testing and is ready to go, the federal government says.


(Bloomberg) A computer system underpinning the U.S. health care overhaul has completed security testing and is ready to go, the federal government says.

The update may ease concerns that the network might not be functional when the uninsured begin shopping for coverage on Oct. 1. The computer hub, a frequent target of Republicans, is designed to route data on customers using new insurance exchanges from seven federal agencies including the Internal Revenue Service and Social Security Administration.

“After over two years of work, it is built and ready for operation, and we have completed security testing and certification to operate,” U.S. Chief Technology Officer, Todd Park said in an e-mail from a spokesman for the Centers for Medicare and Medicaid Services.

The system will enable the exchanges to provide “accurate and timely eligibility determinations,” Park said. The inspector general for the Department of Health and Human Services, which built the system, said last month that testing had fallen behind schedule and might not be completed until Sept. 30.

Congressional Republicans have questioned whether the hub presents a security risk because of the amount of sensitive data it will handle. The system will use the databases of the IRS and the other federal agencies to confirm information about Americans’ income, citizenship and insurance coverage when they apply for plans through the exchanges.

Defends Ability

The Obama administration has defended its ability to keep the hub secure. The CMS has long experience securing personal data under Medicare. The hub itself won’t store any data, officials have said.

“The hub and its associated systems have several layers of protection in place to mitigate information security risk,” the Medicare agency said in a fact sheet. Health exchanges will use a “continuous monitoring model” to quickly identify and react to “irregular behavior and unauthorized system changes” on their networks, the agency said.

The hub was authorized to operate on Sept. 6, according to the fact sheet. The network is subject to the 1974 Privacy Act, the 1987 Computer Security Act and the 2002 Federal Information Security Management Act. It operates under rules set up by the Office of Management and Budget, Homeland Security Department and the National Institute of Standards and Technology, the fact sheet shows.

At a hearing in mid-September by the House Energy and Commerce Committee, an executive for the contractor building the hub said that software coding was finished.

“Performance and integration testing” of the hub is continuing, Michael Finkel, an executive vice president for the contractor, Quality Software Services Inc., told the committee in prepared testimony. QSSI is a unit of Minnetonka, Minnesota-based UnitedHealth Group Inc., the largest U.S. health insurer.

Park didn’t respond directly to an e-mail asking about Finkel’s testimony.

More for you

Loading data for hdm_tax_topic #better-outcomes...