A high-ranking federal healthcare official recently outlined communication breaks between officials in testimony before the House Committee on Oversight and Government Reform, chaired by Rep. Darrell Issa (R-Calif).
Deputy Chief Information Officer and Deputy Director of the Office of Information Services at the Centers for Medicare and Medicaid Services Henry Chao said he had been excluded from a memo that described the website’s security issues days before it launched.
Chao said he was surprised that he hadn’t received the memo and that CMS’s chief information security officer recommended the website’s launch without disclosing the security issues to him.
“It is disturbing,” Chao said. “I mean, I don’t deny that this is, kind of, a fairly nonstandard way to document a decision to make a recommendation to proceed…”
At least one of the security issues outlined in the memo “presented a significant risk to the system.” Chao testified that he was unaware if it had been corrected.
Chao was a co-author of a memo sent to CMS Director Marilyn Tavenner on Sept. 27 that recommended authorization of the website’s launch on Oct. 1, although Chao hadn’t been made aware of potential security issues.