President Obama, meanwhile, acknowledged for the first time that some Americans will have to switch health plans under the law. But he said these people now have “cut-rate plans” from “bad-apple insurers” — a situation the health-care law was designed to change. He urged consumers to “shop around” to “get a better deal” under the law.
The cancellations have become a big issue for Republicans, in part because Obama repeatedly had said that people would be able to keep their plans if they liked them.
Obama delivered his remarks Wednesday at Boston’s historic Faneuil Hall, where years ago his 2012 Republican opponent, Mitt Romney, signed the state law that became a model for the federal health-care overhaul.
During the House Energy and Commerce Committee hearing, which featured Sebelius as the sole witness, critical Republicans seized on evidence that the administration knew that HealthCare.gov had security flaws days before it went live.
Rep. Mike Rogers (R-Mich.) quoted from a Sept. 27 memo to Medicare administrator Marilyn Tavenner from her staff that warned of “inherent security risks” stemming from inadequate testing.
“You accepted a risk on behalf of every user . . . that put their personal financial information at risk because you did not even have the most basic end-to-end test on security of this system,” Rogers said.
Sebelius acknowledged that HealthCare.gov launched with at least one security weakness that would allow hackers to obtain personal information entered into the site. But no breach occurred, she said, and the problem has since been corrected.
“It was a theoretical problem that was immediately fixed,” Sebelius said.
At a briefing later in the day, Julie Bataille, a spokeswoman for the Centers for Medicare and Medicaid Services, the HHS agency in charge of HealthCare.gov, said the site was still undergoing security testing. But she said consumer information is safe in the meantime.
Separate security testing for the Web site’s federal data hub, which helps determine eligibility for financial aid by verifying data with many federal agencies, has been completed and the hub has a permanent security certification, Bataille said. She could not immediately answer why one part of the system had completed security testing and another part had not.
Sebelius, in her testimony, also addressed what she said was a key flaw in the health-law technology: transmissions of inaccurate or incomplete enrollment data to health plans. Without accurate information, insurers will not know who has signed up for coverage and who should be billed.