HealthCare.gov could only handle 1,100 users on the eve of the launch and had undergone limited, if any, security testing. From Day 1, this was a mismanaged and troubled project destined for failure.
It is astounding to think that $946 million was spent on the HealthCare.gov failure from fiscal year 2010 until March 2014, yet many seemingly obvious mistakes were made that could have been easily avoided.
Here’s an excerpt from the report:
“Imagine this: A complex website, which is meant to verify your identity, record this information, match it with insurance options, and enroll you into a plan, has significant security holes. According to experts, virtually no security testing went into the site’s rollout.”
And why wasn’t healthcare.gov HIPAA complaint?
CRN published an article entitled “Heathcare.gov website is not HIPAA compliant“. HHS (Health and Human Services) commented the website did not require HIPAA compliance.
“This was very surprising to read because as the department that oversees HIPAA (Health Insurance Portability and Accountability Act – privacy compliance regulations on the disclosure of protected information, such as medical records or personal information), you would think they would practice all the requirements to keep the data going intoHealthcare.gov secure.”