Costs of HealthCare.gov fiasco near $1B

CMS delayed key governance reviews
By Erin McCann
11:15 AM
It's official. The Government Accountability Office today affirmed what the general public knew this past October: the launch of the HealthCare.gov website was a poorly-planned and mismanaged disaster -- one that cost the federal government a pretty penny.
 
Leading up to the October go-live of the ill-fated federal health insurance website, the Centers for Medicare & Medicaid Services, the agency responsible for overseeing the site, failed to implement effective oversight practices and forged ahead with development despite not knowing "key technical requirements," wrote William T. Woods, director of acquisition & sourcing management at GAO, in a July 31 testimony. 
 
 
Due to these myriad "oversight gaps," the bill for the website grossly exceeded original cost estimates. For starters, as Woods pointed out, from September 2011 to February 2014, the obligated costs, originally pegged at $56 million, skyrocketed to $209 million. For data hub costs, those numbers increased from $30 million to $85 million, officials pointed out.
 
Overall, as of March 2014, the HealthCare.gov site has cost the federal government some $840 million.  
 
What's more, CMS gave the go-ahead to launch HealthCare.gov prior to receiving confirmation that the site met performance requirements. 
 
 
"CMS delayed key governance reviews, moving an assessment of FFM readiness from March to September 2013 – just weeks before the launch – and did not receive required approvals," Woods wrote. "As a result, CMS launched HealthCare.gov without verification that it met performance requirements."
 
Moreover, CMS officials were made aware of myriad and significant problems with the contractor but failed to effectively remedy the situation.
 
CMS' lack of oversight and mismanagement effectively rendered the website unsecure, said David Kennedy, chief executive officer of information security firm TrustedSEC, speaking on the website's security in a November hearing before Congress.
 
As part of his job, Kennedy, a self-described white hat hacker, will break into systems to determine their security risks. And although he and his team did not hack the HealthCare.gov website, from what he could tell on the front end, it wasn't secure enough. 
 
"We should have had a lot of defensive capabilities into this site well ahead of it being released," he said. Just by looking at the website, Kennedy and his team identified some 17 different exposures and subsequently reported these vulnerabilities. "A lot of those have been addressed," he said. "Some of them have not been."
 
The website "has not lived up to the expectations of the American people and is not acceptable," said former Health and Human Services Secretary Kathleen Sebelius in an Oct. 30 hearing before Congress.
 
In April of this year, after five years at the post, Sebelius announced her resignation. 
 
Tony Trenkle, the CIO of CMS, also stepped down in November 2013, following the troubled website launch. Trenkle had reportedly been involved in approving a request in September that ultimately delayed a comprehensive security assessment of HealthCare.gov for up to 90 days. 
 
As of April 2014, some 8 million Americans have signed up for healthcare plans through both state and federal marketplaces. 
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.