Security concerns prompt supoena for Healthcare.gov data

A U.S. House committee chairman, citing security concerns, today ordered a Healthcare.gov contractor to provide detailed information about its work on the project.

Rep. Darrell Issa, (R-Calif.), chairman of the Committee on Oversight and Government Reform chairman, Tuesday issued a subpoena for Quality Software Services Inc.'s contract with the U.S. Dept. of Health and Human Services (HHS) to work on the Affordable Care Act's (ACA) website.

The subpoena also orders QSSI to disclose how much it has been paid so far for its work on the project for the project, along with details about all Healthcare.gov-related internal communications and that between the company and workers at HHS and the White House.

Issa said he issued the subpoena after QSSI failed to voluntarily hand the information after it was asked for it by the committee last week.

QSSI did not respond to a request for comment on the subpoena.

"It is crucial that you provide information quickly because of the serious concerns about data security related to the lack of testing," Issa said in a letter sent to QSSI and 10 other Healthcare.gov contractors on October 23. "This lack of testing is concerning due to the amount of sensitive consumer information flowing through the data hub and exchanges."

QSSI is responsible for building Healthcare.gov's core Data Hub, which is designed to support ACA health exchanges. The hub is operated by the U.S. Centers for Medicare and Medicaid Services (CMS) and is designed to let healthcare marketplaces quickly verify the eligibility of individuals seeking insurance coverage.

Healthcare.gov's Data Hub doesn't store data, it's designed to connect insurance exchanges with federal databases at various government agencies, including the Social Security Administration, the Internal Revenue Service, the Dept. of Homeland Security and the Dept. of Veterans Affairs.

QSSI also oversees the testing of software code developed by other Healthcare.gov contractors and last week signed a contract to be the general contractor in charge of fixing glitches that have plagued the site since it went live on Oct. 1.

Issa said that QSSI's first-hand knowledge of the design and implementation of the Data Hub could help committee members better understand the decisions that went into building the website.

The subpoena is the latest sign of a growing unease over the security controls in Healthcare.gov. Though the site does not store much personal data, critics fear that it could nonetheless expose users to identity theft and other types of fraud.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is jvijayan@computerworld.com.

Read more about gov't legislation/regulation in Computerworld's Gov't Legislation/Regulation Topic Center.