Aug. 7—Testing of security controls in the data compilation tool that will serve enrollees in coming health insurance exchanges is months late, a government watchdog warned.

The Office of Inspector General (OIG) reported Aug. 2 that the Centers for Medicare & Medicaid Services (CMS) has delayed by weeks or months the expected completion dates for a range of security-related components of the federal data sharing tool. The data hub is a key component of the coming health insurance exchanges that will allow real-time determinations of applicants’ eligibility for enrollment and subsidies. But the hub’s functions also carry high security requirements because it will access a range of sensitive personal information from several disparate federal agencies.

The OIG’s findings about delays in the readiness of the hub’s security features could have far-reaching consequences for enrollees who are scheduled to begin accessing the hub for enrollment determinations Oct. 1.

“If there are additional delays in completing the security assessment and testing, the CMS CIO may have limited information on the security risks and controls when granting the security authorization of the Hub,” the OIG investigators wrote about the agency’s chief information officer.

Publication Date: Wednesday, August 07, 2013