A computer system underpinning the U.S. health-care overhaul has completed security testing and is ready to go, the federal government said.
The update may ease concerns that the network might not be functional when the uninsured begin shopping for coverage on Oct. 1. The computer hub, a frequent target of Republicans, is designed to route data on customers using new insurance exchanges from seven federal agencies including the Internal Revenue Service and Social Security Administration.
“After over two years of work, it is built and ready for operation, and we have completed security testing and certification to operate,” U.S. Chief Technology Officer, Todd Park said in an e-mail from a spokesman for the Centers for Medicare and Medicaid Services.
The system will enable the marketplaces to provide “accurate and timely eligibility determinations,” Park said. The inspector general for the Department of Health and Human Services, which built the system, said last month that testing had fallen behind schedule and might not be completed until Sept. 30.
Congressional Republicans have questioned whether the hub presents a security risk because of the amount of sensitive data it will handle. The system will use the databases of the IRS and the other federal agencies to confirm information about Americans’ income, citizenship and insurance coverage when they apply for plans through the exchanges.
The Obama administration has defended its ability to keep the hub secure. The Centers for Medicare and Medicaid Services, which will run it, has long experience securing personal data under Medicare, the health program for the elderly. The hub itself won’t store any data, officials have said.
“The hub and its associated systems have several layers of protection in place to mitigate information security risk,” the Medicare agency said in a fact sheet to be released today. Health exchanges will use a “continuous monitoring model” to quickly identify and react to “irregular behavior and unauthorized system changes” on their networks, the agency said.
The hub was authorized to operate on Sept. 6, according to the fact sheet. The network is subject to the 1974 Privacy Act, the 1987 Computer Security Act and the 2002 Federal Information Security Management Act. It operates under rules set up by the Office of Management and Budget, Homeland Security Department and the National Institute of Standards and Technology, the fact sheet shows.
A subcommittee of the House Committee on Homeland Security, which is led by Republicans, is holding a hearing on the computer system today. At a hearing yesterday by the House Energy and Commerce Committee, an executive for the contractor building the hub said that software coding was finished.
“Performance and integration testing” of the hub is continuing, Michael Finkel, an executive vice president for the contractor, Quality Software Services Inc., told the committee in prepared testimony. QSSI is a unit of Minnetonka, Minnesota-based UnitedHealth Group Inc., the largest U.S. health insurer.
Park didn’t respond directly to an e-mail asking about Finkel’s testimony.
The 2010 Affordable Care Act is aimed at providing coverage for at least half the nation’s 50 million uninsured people, and about 7 million Americans are expected to gain insurance through exchanges next year, according to the Congressional Budget Office.