HealthCare.gov Gets Revamp; OIG Finds Critical Security Flaws in Site
September 24, 2014 in News
The Obama administration is restructuring HealthCare.gov to make the enrollment process quicker and less complicated for first-time applicants, the New York Times reports.
As part of the update, first-time applicants will be able to use a new application that is intended to provide a “smoother, simpler user experience.” Further, the site will have “a new look and feel,” according to an internal memorandum by HHS.
Only first-time applicants will have access to the new application, while consumers who have previously purchased coverage through the federal exchange and applicants with more complicated household scenarios will use the previous application.
To determine which application should be used, consumers will be asked questions such as:
- Do any of your dependents live with a parent who is not on your tax return?;
- Does everyone applying for coverage have the same permanent home address?; and
- Is anyone an American Indian or naturalized citizen?
Officials estimate that about 70% of consumers will use the new application, while 30% with more complicated household situations will use the old form.
Those who use the new application will have to answer fewer questions during the enrollment process. The application also will have fewer pages, which will reduce the number of mouse clicks needed to navigate through it.
Further, the new application has a back button, which will allow consumers to return to previous pages to change information or fix mistakes, rather than starting the application over. In addition, applicants will be able to create new accounts on one, long screen.
The new features are being “randomly released” to some HealthCare.gov users and will be completely implemented by Nov. 15 when the second enrollment period begins. Officials said the process will allow them to ensure everything is working correctly (Pear, New York Times, 9/22).
CMS Extends QSSI Contract
In related news, CMS has announced that it is retaining Quality Software Services Incorporated as a general contractor on HealthCare.gov for an additional eight months, Modern Healthcare reports.
The new extension validates the contract through March 2015 and is valued at $24.2 million. If CMS ends up hiring a new contractor, an “optional transition period” provision will trigger another extension through June 30, 2015, worth $4.8 million.
CMS in a notice said it is extending QSSI’s contract because there is not enough time before the second enrollment period to seek new bidders for the contract. “Given the criticality of the period leading up to and through the open enrollment, CMS determined that the risks from potentially having to transition to a new contractor during this period were too great, and could result in an unsatisfactory user experience for consumers,” according to the notice.
CMS also touted QSSI for increasing the site’s capacity to 150,000 simultaneous users from 5,000 when it first launched (Dickson, Modern Healthcare, 9/22).
Government Hackers Test HealthCare.gov Security
In related news, “white hat” hackers hired by HHS’ Office of Inspector General have discovered a “critical” vulnerability in HealthCare.gov’s security that could allow malicious hackers to gain control of system, according to an HHS OIG report released Tuesday, the AP/U-T San Diego reports.
The hackers in April and May attempted to break into HealthCare.gov using a technique called “vulnerability scanning.” They found a flaw that could allow hackers to:
- Download data;
- Execute commands; or
- Modify information.
However, the website’s security defenses blocked the government hackers when they attempted to perform malicious actions another hacker might attempt.
In addition, the review found two vulnerabilities in the site’s supporting databases. Details were not released, but the report said they had not been exploited by hackers.
Overall, the report concluded that the administration “has taken actions to lower the security risks associated with HealthCare.gov systems and consumer [personal information],” but the auditors “remain[ed] concerned” about certain aspects of its security, such as the use of encryption technology that does not meet government standards (Alonso-Zaldivar, AP/U-T San Diego, 9/22).