Second Healthcare.gov Contractor, MITRE, Rejects Illegal HHS Request, Turns Over Subpoenaed Documents to Congress

December 13, 2013

WASHINGTON – MITRE, a second contractor working on the HealthCare.gov website, has rejected illegal requests from the Department of Health and Human Services to withhold documents subpoenaed by the House Oversight and Government Reform Committee. MITRE’s President and CEO Alfred Grasso, in a letter sent to the Committee today, stated:

“MITRE continues to believe that HHS is the appropriate party to provide the Committee with the unredacted SCA documents you are seeking. Nonetheless, I understand from consultation with MITRE’s legal counsel that MITRE has no alternative but to comply with the terms of a congressional subpoena absent some form of judicial intervention.”

On December 4, 2013, HHS attempted to prevent MITRE from complying with a subpoena issued by the Oversight Committee, citing a non-disclosure clause in MITRE’s contract. Obstructing a congressional investigation is a crime, and the contracting language does not preclude the contractors from complying with a legally issued subpoena.

“MITRE’s decision is a rejection of efforts by the White House to obstruct oversight,” Committee Chairman Darrell Issa, R-Calif., said. “The American people deserve an honest assessment of decisions by the Administration to proceed with the October 1 launch of HealthCare.gov despite warnings about security vulnerabilities. When we have released information on sensitive topics, we have exercised great care to ensure that there are not unintended consequences.  Most often, these releases shed light on false and misleading public statements, whether they are made by the Administration or others. In reviewing the documents lawfully provided by MITRE, we intend to consult carefully with non-conflicted experts to ensure no information is released that could further jeopardize the website’s security.”

The Committee has subpoenaed documents related to the security vulnerabilities in HealthCare.gov when the website launched on October 1, 2013, including unredacted copies of the Security Control Assessments (SCAs) delivered to CMS prior to the website’s launch. The Committee has reviewed, but not been allowed to have copies of documents or retain their own notes, suggesting that HHS officials decided against addressing security vulnerabilities with the site that would have required a delay of the October 1 launch.

You can read MITRE’s letter to the Oversight Committee here.

 

 

Related Documents