recommended reading

Did Sebelius Have the Authority to Delay Obamacare Website Launch?

Health and Human Services Secretary Kathleen Sebelius

Health and Human Services Secretary Kathleen Sebelius // Evan Vucci/AP

Centers for Medicare and Medicaid Services Administrator Marilyn Tavenner said Tuesday that she did not know whether Health and Human Services Secretary Kathleen Sebelius had the authority to delay the Oct. 1 launch of

The CMS official testified before the Senate Health, Education, Labor, and Pensions committee on the rocky rollout of the Obamacare enrollment website.  

Tavenner's statement came as Sen. Richard Burr, R-N.C., questioned her on the decision to go ahead with the scheduled launch date despite indications that there were security issues with the site.

Burr brought up a CMS memo dated Sept. 27 that said insufficient testing "exposed a level of uncertainty that can be deemed as a high risk," just a few days before the site went live. The memo—signed by Tavenner—granted authority to proceed with the website launch.

"I think in this case, because of the visibility of the exchange, the chief information officer wanted to make me aware of it, and I agreed to sign it, with their recommendation to proceed," Tavenner said, explaining that no one else, including Sebelius, reviewed that decision.

"My expectation was that the site would work, but have the customary glitches of any new site," she said of launch.

Lawmakers have tried to get to the bottom of what exactly was known about the extent of the website's problems prior to Oct. 1, and who made the ultimate decision to go ahead with the scheduled launch date despite indications of trouble.

HHS did not immediately respond to a request for comment on whether Sebelius had that authority.

Here today's exchange:

Burr: "Secretary Sebelius said last week that the implementation took place on Oct. 1 because that was the law. Now let me ask you: I've read the act several times. My interpretation is that Secretary Sebelius had the authority not to execute that on Oct. 1—and clearly my interpretation—if you had not signed the authority to operate the website, it would not have stood up on Oct. 1. Are my two statements accurate?"

Tavenner: "I don't know that your statements are accurate. The law says that Jan. 1 is when individuals have to have coverage. We put a regulation in place that said Oct. 1 would be the day we would start, so that people would have time to sign up. We did—we declared the six-month enrollment window."

Burr: "Do you think that the secretary had the authority to waive the Oct. 1 regulation?"

Tavenner: "I do not know the answer to that question."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.