recommended reading

Officials Spent Just Two Weeks Testing Prior to Launching It


Contractors that helped develop the Obama Administration’s troubled online health insurance marketplace told lawmakers on Thursday they wish they’d had more time to test the site before launch but denied any ongoing problems with their portions of the site.

The Centers for Medicare and Medicaid Services, or CMS, which oversaw the building of, only performed two weeks of end-to-end testing before the site went live on Oct. 1, representatives from contractors CGI Federal and QSSI told the House Energy and Commerce Committee.

That’s significantly less testing time than major Web applications typically endure in government or the private sector, the contractors said.

“Ideally, integrated testing would have occurred well before that date,” said Andrew Slavitt, group executive vice president of Optum/QSSI, which built the data hub that manages information that passes through the system and a tool that manages user registration on the site.

Slavitt declined to offer a date for when end-to-end testing should have begun on, but said “months would have been nice.” That time frame was echoed by Cheryl Campbell, senior vice president of CGI Federal, which was the main contractor for’s backend systems.

CGI played a major role in building, for which they had several months of testing, Campbell said.’s glitches have left the majority of insurance seekers unable to enroll in plans. While the site’s performance has improved since the first week after its launch, the White House and the Health and Human Services Department have declined to reveal how many people have successfully enrolled in plans through the site.

Despite the slow progress, Campbell said Thursday she’s confident the site will be operating well before the Dec. 15 deadline for insurance seekers to obtain benefits.

Both contractors said their systems had performed well in individual testing, though the system itself performed poorly once all the components were integrated and launched to the public. They said CMS was responsible for that integrated testing and the decision to launch the site.

While Slavitt said QSSI told CMS it was concerned about a lack of testing, neither contractor recommended that CMS delay launch, they said.

“We did not make a recommendation, we simply made everyone aware of the risks we saw,” Slavitt said.

Slavitt acknowledged problems with QSSI’s registration tool after the site’s initial launch, but said those were fixed in a matter of days and are now working properly.

A late decision by CMS to not allow users to “window shop anonymously” for insurance plans before registering with the site may have contributed to those failures, he said, by driving up the number of people simultaneously using the registration function. QSSI first learned of that decision within 10 days of the public launch, he said.

Republican members of the House Oversight and Government Reform Committee have accused the White House of improperly urging CMS to turn off the public search function to hide the cost of insurance plans from the broader public. In a letter detailing those accusations, they cite interviews by oversight committee staff with CGI officials.

Campbell testified Thursday that CGI learned of the decision to disable anonymous searches from CMS Deputy Director Henry Chao and that she’s not aware of any improper White House influence on those decisions. She suggested statements about White House influence made by CGI employees were taken out of context.

Chairman Darrell Issa, R-Calif., and other Oversight Committee Republicans doubled down on their assertions on Thursday in letters to 11 major contractors for the health care reform law. The letters repeat the claim that the White House pressured CMS to disable the “anonymous shopper” feature and asks for copies of any emails or other correspondence between contractors and officials at the White House, CMS or the Health and Human Services Department, CMS’s parent agency. 

When asked whether CGI could simply turn off the portion of its system that prevents unregistered insurance plan browsing, Campbell said they could but CMS has not asked the contractor to do that. The government has not tested in that form, though, she said, and there’s no guarantee that would make the site’s current problems go away.

The government is in the midst of what it calls a “tech surge” to repair for which it has enlisted software experts from inside and outside government. The White House has not revealed the companies are involved in the surge. Contractors said Thursday they did not know or could not say which companies had been brought in.

(Image via Jirsak/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.