03/27/2014
PROVIDENCE, R.I. — A congressional oversight panel is asking Rhode Island to provide a wide range of documents related to the development and launch of HealthSource RI, its Obamacare-mandated health insurance website, as it seeks to review whether personal information was potentially exposed to identity theft.
In a letter dated March 25 and addressed to Governor Chafee, the U.S. House of Representatives’ Committee on Oversight and Government Reform says the Centers for Medicare and Medicaid Services concluded late last year that there was a “high risk” of personal information being stolen if Rhode Island’s exchange, which allows individuals and businesses to compare and purchase health-care plans online, was allowed to connect to federal databases.
According to the letter, federal officials completed their assessment of Rhode Island’s exchange on Sept. 20, 2013, just days before the website’s official Oct. 1 launch.
The Centers for Medicare and Medicaid Services (CMS) cited 29 “high risk findings” and recommended several ways Rhode Island could address its concerns, according to the oversight committee.
“Despite the high risk, CMS allowed Rhode Island’s exchange to connect to the data hub on October 1, 2013,” the committee said in its letter. “[T]hese fixes, if they took place, likely did not occur until after October 1, 2013.”
It’s not immediately clear what the nature of CMS’ concerns were or whether they have since been resolved. The committee’s letter does not disclose CMS’ findings.
HealthSource RI spokeswoman Dara Chadwick said the agency is evaluating the committee’s request, which it received Wednesday afternoon.
“We were fully authorized by CMS to connect to the federal data hub prior to our system going live and the HealthSource RI system has experienced no security breaches,” she wrote via email.
Ten states and the District of Columbia were sent similar letters this week, according to the committee, which is chaired by U.S. Rep. Darrell Issa, R-Calif.
The other states are Hawaii, Colorado, California, Minnesota, Oregon, Connecticut, Maryland, Massachusetts and Nevada.
The committee is requesting that the following information be submitted by April 8:
“All documents and communications between any employees, contractors, or agents of the State of Rhode Island and any employees, contractors or agents of the U.S. Department of Health and Human Services, including but not limited to any employees, contractors or agents of the Centers for Medicare and Medicaid Services, referring or relating to the Rhode Island exchange or the federal data services hub between May 1, 2013, and the present.”
“All documents and communications between any employees, contractors, or agents of the State of Rhode Island and any employees, contractors or agents of the White House, including but not limited to the Executive Office of the President, referring or relating to the Rhode Island exchange or the federal data services hub between May 1, 2013, and the present.”
“All assessments or audits of the Rhode Island exchange’s development, readiness, or security between July 1, 2012, and the present.”
No comments:
Post a Comment