On the hot seat before a House panel for more than three and a half hours today, Health and Human Services Secretary Kathleen Sebelius directly apologized to consumers for the “flawed launch” of HealthCare.gov and took full responsibility for what she called a “debacle.”
“Hold me accountable for the debacle,” she told the House Energy and Commerce Committee in Washington. “I’m responsible.”
Sebelius insisted that the site can and will be “optimally functioning” by the end of November, but suggested that it could remain a troubled resource until that time. The website was not accessible for the duration of her appearance today.
The secretary resisted calls for a delay in the individual mandate or extension of the open enrollment period, saying four months of access to a “functional” online marketplace after Nov. 30 should be sufficient.
“Step number one is fix the site, because we don’t want people to be invited back and then have a bad experience a second time around,” she said.
Sebelius said the administration still has no “reliable data around enrollment” because of flaws with the system. The first batch of data is due out in the middle of next month.
Lawmakers peppered Sebelius with questions about whether she should have known the website was not ready for prime time, citing contractor CGI’s report to the Center for Medicare and Medicaid Services in late August indicating that there was not time for “adequate performance testing.”
Sebelius claimed none of the contractors at any time “advised a delay” in the launch date. “They indicated to me that they would always have risks because the system is brand new,” she said. “No one indicated that this could possibly go this wrong.”
“Contractors had never suggested a delay,” she added. “No one ever imagined the volume of issues and problems we’ve had and we must fix it.”
The secretary was pressed about security concerns involving the website that could put consumers’ private information at risk. A memo raised by Rep. Mike Rogers, and obtained by ABC News, shows that CMS officials recognized “high” risk about inadequate security testing.
“You accepted a risk on behalf of every user of this computer that put their personal financial information at risk because you did not even have the most basic end-to-end test on security of the system. Amazon would never do this,” Rogers, R-Mich., said. “ProFlowers would never do this. Kayak would never do this. This is completely an unacceptable level of security.”
“Weekly testing of our devices, including interface testing daily, weekly scans are going on,” Sebelius replied. The agency has also appointed a “dedicated security team” to monitor the site’s security until a full test can be completed within 60 to 90 days.
Sebelius had argued earlier that the exchange system is “storing the minimum amount of data,” thereby limiting users’ exposure to potential hackers. An HHS spokesperson told ABC News that the agency is deploying “stringent security standards and that the technology underlying the application process has been tested and is secure.”
This post has been updated.