White House, oversight panel battle over contractor documents

A House committee is tangling with the Obama administration over access to HealthCare.gov documents and has subpoenaed information from 11 key contractors, including communications between contractors and government officials and a list of meetings they attended about the website's rollout.

Some contractors have tried to deflect the Oversight and Government Reform Committee's subpoena at the behest of the Centers for Medicare and Medicaid Services, the Department of Health and Human Services component that runs HealthCare.gov. In a Dec. 11 letter to HHS Secretary Kathleen Sebelius, committee chairman Darrell Issa (R-Calif.) was sharply critical of that practice.

"The department's instruction to...contractors not to respond to congressional document requests runs afoul of a federal statute that prohibits interfering with an employee's right to furnish information to Congress," Issa wrote.

So far, Creative Computing Solutions Inc. and security-testing contractor MITRE have indicated they will furnish the committee with the unredacted documents as requested.

The Obama administration and Democrats on the House committee, including ranking member Elijah Cummings of Maryland, want contractors with sensitive security information to provide briefings in a closed session. They do not want the companies to release documents -- including security control assessments (SCAs) of HealthCare.gov -- that could wind up in press reports.

"It is the view of cybersecurity experts from across the administration that these documents, if further disclosed, would provide information to potential hackers that increases the risk they could penetrate HealthCare.gov, the Federal Data Services Hub, and other federal IT systems," White House counsel Kathryn Ruemmler wrote in a Dec. 15 letter to House Speaker John Boehner (R-Ohio). "Even though many of the original vulnerabilities have been successfully mitigated, details in the unredacted SCAs could be misused to develop a targeted intrusion strategy."

Issa's committee released a staff report on Dec. 16 that alleged CMS failed to create a backup plan in the event that the HealthCare.gov website did not work as designed when it launched on Oct. 1. The numerous problems with the site affected navigators in particular, who were hired to guide consumers through the process via a telephone help desk and in-person enrollment services.

"Unable to use the website because of widespread glitches, navigators lacked direction from HHS on how to sign up consumers," the committee report states.

Meanwhile, the team repairing the troubled site reported that fixes implemented during the "tech surge" in November have greatly reduced errors in sending enrollment information to health insurance carriers.

A persistent technical problem was botching the transmission of enrollment forms, known as 834s. Carriers received forms with garbled information, multiple forms for a single application, forms that mislabeled children as spouses, and in many cases no forms at all from individuals who completed the enrollment process on HealthCare.gov. In a Dec. 13 press release, HHS officials said applications from 15,000 enrollees resulted in no 834 being transmitted -- the first indication from official sources of the scale of the problem.

HHS also indicated that since Dec. 1, the rate of missing 834s has dropped to nearly zero.

However, the number of applications with faulty or missing 834s could continue to increase because total enrollment is on the rise, with consumers facing a Dec. 23 deadline to sign up for coverage that takes effect Jan. 1, 2014. So far, 365,000 private insurance policies have been issued under the health insurance exchanges -- about 137,000 through HealthCare.gov and more than 227,000 through the 14 state-run exchanges. In addition, more than 800,000 people have been deemed eligible for Medicaid under the expansion of the program authorized by the 2010 overhaul.

Files with garbled transmissions are also being reviewed, according to Quality Software Services Inc., the general contractor for HealthCare.gov. Speaking at an insurance industry conference on Dec. 12, QSSI Executive Vice President Andy Slavitt said, "Now is the time to make sure everyone who thinks they're enrolled in a plan is indeed enrolled."

There is reportedly a process underway to match garbled or incomplete 834s with accounts and applications from the HealthCare.gov site.