Dec. 11 (Bloomberg) -- The U.S. Department of Health and Human Services told contractors not to cooperate with Congress’s efforts to investigate work related to the Obamacare website, a top Republican lawmaker said.
The agency informed Creative Computing Solutions Inc. on Dec. 6 that it isn’t authorized to disclose security testing information and other details to third parties, according to a letter today from Representative Darrell Issa to Health and Human Services Secretary Kathleen Sebelius.
The department may have sent similar letters to other contractors working on the implementation of the Patient Protection and Affordable Care Act of 2010, wrote Issa, a California Republican and chairman of the House oversight committee.
The department’s actions constitute “criminal obstruction of a congressional investigation,” he said in the letter.
Issa’s committee already has copies of the documents requested from the company, which were redacted to protect sensitive security information, said Joanne Peters, a health agency spokeswoman. Committee members are also allowed to review unredacted copies in person, she said.
“We intend to continue to work with committee staff to accommodate their requests in an appropriate manner and be cooperative with their oversight investigation,” she said in an e-mail.
Creative Computing, a closely held company based in Rockville, Maryland, is one of the contractors that has done work tied to the Obamacare website, which debuted Oct. 1 with flaws that rendered it unusable to many Americans attempting to shop for health insurance.
Creative Computing officials didn’t immediately respond to phone messages seeking comment on the letters.
Issa didn’t identify other contractors that may have received letters from the Medicare and Medicaid agency. Companies that have performed work tied to healthcare.gov include Montreal-based CGI Group Inc., Minnetonka, Minnesota-based UnitedHealth Group Inc. and New York-based Verizon Communications Inc.
In the agency’s Dec. 6 letter to Creative Computing, an official from the health agency’s Centers for Medicare and Medicaid Services told the company not to disclose information collected or produced during security testing. That included monthly technical progress reports, an Affordable Care Act “issues list” and security incident reports, according to the letter.
At the same time, the letter says the department wants to protect consumers’ personal information along with “vital” information technology assets. Issa’s committee provided a copy of the letter to Bloomberg.
Republican lawmakers, including Issa, have previously criticized potential security flaws in the healthcare.gov site.
A transcript of a Nov. 1 meeting between Issa’s Oversight Committee and Henry Chao, the deputy chief information officer for the Medicare agency, reveals that the website’s builders were concerned about “unauthorized access” to customer data because security testing hadn’t been fully conducted.
Chao said the government was willing to accept a “level of an increased risk” in order to make sure the site was running by Oct. 1.
To contact the reporter on this story: Kathleen Miller in Washington at email@example.com
To contact the editor responsible for this story: Stephanie Stoughton at firstname.lastname@example.org