Utah's Sen. Orrin Hatch, ranking Republican on the Senate Finance Committee, has asked the Government Accountability Office to review security and privacy features of the data hub for the new health insurance exchanges, The Hill's Healthwatch reported.
In a letter to the GAO, Hatch asked for information on the "security and privacy of the data being exchanged" through the hub, which will connect state health insurance exchanges with federal agencies to determine if an exchange applicant is eligible for subsidies.
Hatch also asked the GAO to explain how federal agencies are planning to manage risk and to determine the effectiveness of plans to correct any problems, according to Healthwatch.
Hatch's request followed revelations earlier this month from the Department of Health & Human Services Inspector General, which reported that security testing for the data hub is behind schedule. After twice being delayed, a security control assessment initially scheduled for early June was to take place in mid-August, the IG said.
The Centers for Medicare & Medicaid Services (CMS) "is working with very tight deadlines to ensure that security measures for the Hub are assessed, tested, and implemented by the expected initial open enrollment date of Oct. 1, 2013," the report's authors said.
"If there are additional delays in completing the security assessment and testing, the CMS CIO may have limited information on the security risks and controls when granting the security authorization of the Hub."