Next month, most Americans who want to purchase health insurance through Obamacare — as well as everyone who purchased it last year — will have to return to healthcare.gov to either select a policy or update their income information.
Judging from last year's experience, one would expect the bureaucrats who run healthcare.gov to be relatively transparent about any issues they expect this time around. The last thing they need is for customers to be blindsided again by massive technical, systemic or security failures on the website.
Unfortunately, the Center for Medicare & Medicaid Services — the agency in charge of healthcare.gov, known colloquially as CMS — has chosen darkness and smoky back rooms over sunlight. The agency has explicitly forbidden insurers who participate in testing the new system this month from revealing anything about their experience. To gain access, insurers must agree not only not to share secure or confidential information but also not to “use, disclose, describe, post to a public form, or in any way share Test Data with any person or entity, including but not limited to the media.”
Based on last year's disastrous experience, this is absolutely the last thing the agency should be doing. As congressional investigations have revealed, CMS officials made healthcare.gov the total disaster it was precisely because they surrounded their project with so much secrecy, ignoring or blocking out all good advice from knowledgeable independent sources.
In September 2013, CMS paid for independent security testing of the website by a private firm. When that firm reported back poor results just days before the launch, indicating several serious flaws, officials within CMS immediately started trying to cover up the findings. One team leader wrote an email to his colleagues disparaging the test report as “only partially accurate, and extremely opinionated, false, misrepresentative, and inflammatory.” He then hinted he would run the report by senior CMS officials to have it altered, according to House Oversight Committee investigators.
The chief information security officer at CMS was brushed aside when she tried to bring concerns about the site to her superiors' attention. They disregarded her input and signed off on the launch.
The culture of secrecy at CMS was so pervasive that its bureaucrats successfully bamboozled officials in their parent agency, the Department of Health and Human Services.
Some HHS managers recognized multiple warning signs in CMS' opacity, and one even recommended delaying the launch. But the department's higher-ups, as one HHS employee put it in an email after the fact, “only wanted to hear beautiful music and talk about rainbows and unicorns.”
Unfortunately, CMS has once again shown a preference for keeping its secrets until the last moment. Not only is the same incompetent agency rolling out the Obamacare package again — with new problems this year for people signing up — but it claims a right to do so from the shadows. No wonder Americans are losing faith in government.