Limited resources will keep federal watchdogs from conducting reviews of draft and final security plans for health insurance exchange sites created under the Affordable Care Act, according to a federal investigator who spoke to Nextgov.
Kay Daly, assistant inspector general at the U.S. Department of Health & Human Services, told Nextgov that HHS did not believe review of a draft plan was "essential," because of the potential for change to the plan. Daly was scolded by legislators at a House hearing last week for not also testing the security of the data hub that will connect state health insurance exchanges created under the Affordable Care Act with federal agencies. The Obama administration announced prior to that hearing that security testing for the hub had been completed, but Daly said those results had not been provided to her office for review.
"We've got to cut off our work at a certain point," Daly told Nextgov. "We don't have any plans to look at [the insurance exchange sites] at this time. We are still trying to figure out what's the best use of our resources, given all the various risks associated with this project and many others."
A report published last month by the HHS Office of Inspector General stated that security testing for the data hub had been behind schedule. Meanwhile, legislation introduced in July by Rep. Pat Meehan (R-Pa.) called for a one-year delay in the launch of the hub. Meehan, in a statement about the legislation (H.R. 2837), said the abuse and theft potential for information stored in the hub is "unprecedented."
In a letter sent to U.S. Department of Health & Human Services Secretary Kathleen Sebelius in June, 16 Republican lawmakers raised concerns about the hub, saying that "it remains unclear whether it will be operable and able to protect sensitive health and taxpayer information." One of the lawmakers who signed the letter--Rep. Diane Black of Tennessee--brought up similar concerns in an opinion piece published in U.S. News & World Report.