recommended reading

Is This a Different Kind of Contract?

Feng Yu/

A few days before a report reamed Obamacare officials for poor contracting practices, the government announced another cloud computing procurement for -- this one based on lessons learned, it said.

In some ways, the contract looks like those that have come before -- the follow-ons, scope expansions and re-ups that have run the federal health insurance marketplace website’s price tag to nearly $1 billion so far.

The Centers for Medicare and Medicaid Services wanted to expand the capacity of a hosting contract with Terremark, Verizon’s cloud division, which had already more than quintupled in price.

The most recent Terremark re-up earlier this year “was intended to be a short-term bridge while CMS transitions this work to the competitively awarded HP Enterprise Services Virtual Data Center task order by Sept. 1, 2014,” procurement documents said. But the bridge keeps getting extended.

“CMS has elected to continue to utilize the Verizon Terremark Data Center as the primary site for … hosting services through the open enrollment 2015 period,” the agency said this week.

CMS spokesman Aaron Albright told Nextgov the agency has decided to use three data cloud services, assigning each with specific responsibilities.

“Based on our lessons learned, we have instituted a plan to better manage peak traffic, while providing greater flexibility and scalability within the system,” he said.

Under the new plan, HP will host staging and other test environments for the federal marketplace -- which serves residents in states that chose not to create their own marketplace. HP will also serve as an alternate site to the main system. Amazon Web Services, which is subcontracting for HP, will serve most new users, while Verizon continues to support returning members and more complex new members.

“Our first priority is to ensure that millions more consumers will be able to enroll in quality, affordable coverage during the next open enrollment period,” Albright said.

When launched last October, the site was essentially unusable, with the vast majority of visitors during the next two months experiencing failures, errors and delays.

Andy Slavitt, who joined CMS from the private sector less than a month ago to become principal deputy administrator, told lawmakers Thursday the situation this year is “vastly different.”

“We have a website that’s already up and live and running,” he said. “We’re adding improvements, and we’re adding them in a much less risky fashion. We’re doing releases frequently. We’ve built in a big testing window.”

He also said the agency is contracting differently, “making sure that we have precise requirements, with daily management and senior level accountability that goes all the way up to the secretary.” CMS is part of the Department of Health and Human Services.

Albright described these changes as CMS “building on the lessons learned during the launch of and the first open enrollment period.”

Still, when pressed by lawmakers Thursday who were angry CMS had mounting reason to believe the launch would fail last year even as top officials assured Congress the project was proceeding as planned, Slavitt conceded 2015 open season was unlikely to be perfect.

“There will certainly be bumps,” he said.  

(Image via Feng Yu/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.