HEALTHCARE.GOV: Actions Needed to Address Weaknesses in Information Security and Privacy Controls
Abstract
PPACA required the establishment of health insurance marketplaces to assist individuals in obtaining private health insurance coverage. The Department of Health and Human Services CMS is responsible for overseeing the establishment of these marketplaces, including creating the website for obtaining coverage. The marketplaces became operational on October 1, 2013. As requested, this report examines the security and privacy of the Healthcare.gov website. GAO (1) describes the planned exchanges of information between theHealthcare.gov website and other organizations and (2) assesses the effectiveness of the programs and controls implemented by CMS to protect the security and privacy of the information and IT systems used to support Healthcare.gov. GAO compared the implementation of controls over Healthcare.gov's supporting systems with privacy and security requirements and guidelines. This is a public version of a limited official use only report that GAO issued in September 2014. Certain information on technical issues has been omitted from this version.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2014
- Accession Number
- AD1176084
Entities
People
- Duc Ngo
- Gregory C. Wilshusen
- John De Ferrari
- Justin Palk
- Lon Chin
- Marisol Cruz
- Mark Canter
- Michael L Stevens
- Monica Perez-nelson
- Nabajyoti Barkakati
- Nancy Glover
- Sandra George
- Tammi Kalugdan
- Torrey Hardee
- West Coile
Organizations
- United States Government Accountability Office