ACA Computer Hub Completes Security Tests

by: Alex Wayne
September 17, 2013

A computer system underpinning the U.S. health care overhaul has completed security testing and is ready to go, the federal government says.

The update may ease concerns that the network might not be functional when the uninsured begin shopping for coverage on Oct. 1. The computer hub, a frequent target of Republicans, is designed to route data on customers using new insurance exchanges from seven federal agencies including the Internal Revenue Service and Social Security Administration.

“After over two years of work, it is built and ready for operation, and we have completed security testing and certification to operate,” U.S. Chief Technology Officer, Todd Park said in an e-mail from a spokesman for the Centers for Medicare and Medicaid Services.

The system will enable the exchanges to provide “accurate and timely eligibility determinations,” Park said. The inspector general for the Department of Health and Human Services, which built the system, said last month that testing had fallen behind schedule and might not be completed until Sept. 30.

Congressional Republicans have questioned whether the hub presents a security risk because of the amount of sensitive data it will handle. The system will use the databases of the IRS and the other federal agencies to confirm information about Americans’ income, citizenship and insurance coverage when they apply for plans through the exchanges.

Defends Ability

The Obama administration has defended its ability to keep the hub secure. The CMS has long experience securing personal data under Medicare. The hub itself won’t store any data, officials have said.

“The hub and its associated systems have several layers of protection in place to mitigate information security risk,” the Medicare agency said in a fact sheet. Health exchanges will use a “continuous monitoring model” to quickly identify and react to “irregular behavior and unauthorized system changes” on their networks, the agency said.

The hub was authorized to operate on Sept. 6, according to the fact sheet. The network is subject to the 1974 Privacy Act, the 1987 Computer Security Act and the 2002 Federal Information Security Management Act. It operates under rules set up by the Office of Management and Budget, Homeland Security Department and the National Institute of Standards and Technology, the fact sheet shows.

At a hearing earlier this week by the House Energy and Commerce Committee, an executive for the contractor building the hub said that software coding was finished.

“Performance and integration testing” of the hub is continuing, Michael Finkel, an executive vice president for the contractor, Quality Software Services Inc., told the committee in prepared testimony. QSSI is a unit of Minnetonka, Minnesota-based UnitedHealth Group Inc., the largest U.S. health insurer.

Park didn’t respond directly to an e-mail asking about Finkel’s testimony.

Comments (0)

Be the first to comment on this post using the section below.

Post a Comment

Already Registered?

If you have already registered to Health Insurance Exchange News, please use the form below to login. When completed you will immediately be directed to post a comment.

Not Registered?

You must be registered to post a comment. Click here to register.

About HIX

HIX is an information resource and marketplace of ideas for the next generation of benefits delivery professionals.
Image: pWc
Tracking Insurer Filings for 2015 ACA Exchange Premiums

A graphic tool from PwC’s Health Research Institute blends a map with data analysis to offer a preliminary look at 2015 individual market rate filings.


Events Calendar