Skip to main content
Report Published: Sep 17, 2014

Behind the Curtain of the HealthCare.gov Rollout

Key findings in the report:

·         Department of Health and Human Services (HHS) officials contemplated a “covert ops mission” to circumvent incompetent CMS officials: “I grow weary of the bullshit passive/aggressiveness of [CMS official] Henry [Chao], or rather his lack of engagement to the point that we can only speculate that it is passive/aggressiveness. … The other way to do this is through a complete covert ops mission to unseat the CMS FFE rules engine.”

·         When HHS employee Julie Herron transferred to CMS before the website’s launch, she funneled information about security testing to HHS’s Bryan Sivak, who told Ms. Herron “I don’t want to tell anyone that we talk anymore.”  Mr. Sivak used Ms. Herron’s information about system readiness results to recommend that HHS “declare victory without fully launching [the website].”

·         CMS official Teresa Fryer acknowledged that that other CMS officials did not properly convey the true state of security testing leading up to the launch:  Kevin Charest [HHS CISO] has asked for an update of the FFM testing by noon tomorrow and I’m going to give him a truthful update of exactly what is going on. I am tired of the cover ups.”

·         When CMS officials were unhappy with the negative results of MITRE’s independent security assessment, CMS’s Thomas Schankweiler sought to have it changed: “We need to hit the pause button on this report and have an internal meeting about it later next week.  It is important to look at this within the context of the decision memos and ATO memo that is going up for Tony [Trenkle, CMS Chief Information Officer] and Michelle [Snyder, CMS Chief Operating Officer] to sign. … It is very possible that this report will be reviewed at some point by OIG, and could see the light of day in other ways.”

·         CMS reduced internal access to user account metrics when the media reported accurate figures, suspecting a leak within CMS.  CMS’s Marianne Bowen wrote, “[s]ome of the metrics that are being reported are showing up in newspapers and they’re close enough to reality to know someone with knowledge of the metrics is talking.”

·         In response to draft talking points that explained the problems occurring at ObamaCare Call Centers, CMS’s Julie Bataille wrote, We NEVER want to say most of this publicly. We need consumers to call us and not worry about these details.”

·         In violation of federal record-keeping rules, Administrator Tavenner deleted her emails, and instructed subordinates to do so as well.  In an email, dated October 5, 2013, Ms. Tavenner forwarded a complaint from Jeanne Lambrew, a key White House advisor, about call center workers giving callers incorrect information: “Please delete this email –but please see if we can work on call script [redacted].”

·         CMS removed Healthcare.gov code from open source project, Github, for public relations reasons because developers were publicly criticizing the code: “[t]his Github project has turned into a place for programmers to bash our system, submit service requests (!) and now people have started copying Marketplace source code that they can see and making edits to that (!!). …  I am sure there may be some blowback from this decision but I think it is better to take a short term hit with this deletion than to let this bashing of the source code continue on our official Github site on an ongoing basis.”

Related Documents
Name Document
Committee Report: Behind the Curtain of the HealthCare.gov Rollout Document