recommended reading

Obamacare Data Hub Apparently Works Well, Mitigating Security Fears


For all the problems with, one very big, very important piece of Obamacare technology seems to be working well.

It's called the "data services hub"—and it's not nearly as boring as it sounds. When the law's critics raise fears of security breaches, they're talking about the data hub. The hub transmits massive amounts of information about people seeking health insurance, drawing from several federal agencies and communicating with every state's insurance marketplace.

It was initially seen as one of the most likely places for problems to arise in the enrollment process.

So far, though, the reviews are positive.

"It's working well for us," said Chris Clark, the technology program manager for Kentucky's insurance exchange.

The data hub is a massive IT operation that pulls information from myriad federal databases, including records from the IRS, the Social Security Administration, and the Homeland Security Department.

When people apply for insurance through an exchange—whether it's the federally run portal at or one of the 14 state-run exchanges—the data hub is the tool for verifying their identity. It's supposed to pull various records to verify that applicants are who they say they are, and also to verify their income and employment information.

Clark said 92 percent of the applicants through Kentucky's exchange have been successfully verified through the data hub.

"We're overjoyed with that 92 percent. I don't know that we thought it would be that high of a success rate," he said.

Several other health care analysts also said the data hub seems to be working well so far, noting that has been able to verify their identities—and reject inaccurate information—when they have tried to use the site.

A successful data hub is critical to the enrollment push for the Affordable Care Act and was a prime target for criticism before the enrollment window opened on Oct. 1.

"I have grave concerns about the ability to establish sufficient security in this massive, unprecedented network by Oct. 1.… I fear that our government is about to embark on an overwhelming task that will at best carry an unfathomable price tag and at worst place a target on every American who enters the exchange," Rep. Pat Meehan, R-Pa., said this summer at an Oversight and Government Reform Committee hearing about the data hub.

Republicans in Congress have raised concerns about the data hub and painted it as a magnet for fraud, implying that a sophisticated hacker could gain access to reams of personal health care information.

Many of their fears are unfounded: The data hub doesn't store any information. It's simply a conduit. And it doesn't collect personal health care records.

Still, the hub isn't perfect. And so few people have been able to use the exchanges that bigger issues could emerge down the line, once the system grows.

Andrew Slavitt, a vice president at Optum, the contractor that built the data hub, acknowledged some problems during a House Energy and Commerce Committee hearing Thursday.

But he said the problems haven't been severe—unlike those that have prevented users from accessing the federal marketplace at

"When we have encountered occasional bugs in the Data Services Hub, they have been discrete issues and we have promptly corrected them," he said in prepared testimony. "While future issues could arise and business requirements could change, to my knowledge, the Data Services Hub continues to operate well."

(Image via voyager624/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.