WASHINGTON -- Democrats are accusing House Oversight Committee Chairman Darrell Issa (R-Calif.) of releasing yet another damning excerpt of testimony on the troubled Obamacare website and leaving out important context.
Issa claimed in his release, sent after 7 p.m. on Veterans Day, that the official in charge of running the health care exchanges -- or the "Federal Facilitated Marketplaces" -- found it "disturbing" to have not seen a Sept. 3 memo that seemed to indicate six security risks, including two deemed to be high.
Indeed, Henry Chao, the deputy chief information officer and deputy director of the Office of Information Services at the Centers for Medicare and Medicaid Services (CMS), acknowledged in a Nov. 1 interview with Issa's committee investigators that it was “disturbing” he hadn't seen the memo and appeared to have been excluded.
But Democratic committee staff pointed out that the memo talks about two specific systems: the "Qualified Health Plans (QHP) and Dental modules." CMS told the Oversight Committee that the relevant parts of those programs will not be online until the spring, meaning they actually pose no security risk now, Democrats said. On top of that, the systems flagged as potentially posing a risk will be used by insurance companies and will not transmit people's personal information, they said.
An administration source confirmed that the "modules" are back-end pieces of the website and that consumers never come in contact with them in the marketplace. The official also said that the problems identified in the Sept. 3 memo have been fixed.
The authority to operate the health care exchanges for the public, the official said, was granted Sept. 27 in a separate document that requires a new authorization after six months.
A CMS spokesperson said in a statement that "security testing happens on an ongoing basis using industry best practices to appropriately safeguard consumers’ personal information."
A spokesman for Issa pointed to a Washington Post story mentioning that insurance shoppers were enrolling in "qualified health plans" and a Healthcare.gov definition that describes those plans as "starting in 2014."
Part of the apparent confusion stems from redactions of the memo. In the two spots where an attachment lists "open high" risks, the specific risks and the areas they affect are blacked out. However, the document does reveal the dates by which CMS officials expect the risks to be fixed -- May 31, 2014, and Feb. 26, 2015 -- which seems to back the Democrats' argument that there is no immediate threat.
Democrats have been willing to admit that the rollout of the health care website is a mess, but they've bristled at what they see as Issa's attempts to hype non-existent problems in order to generate headlines.
“It’s hard to understand why anyone would trust the accuracy of Chairman Issa’s press releases when they consistently distort and manipulate the truth," a Democratic committee staffer said in an emailed statement. "The Chairman’s staff basically sandbagged this witness with a document he had never seen before and then failed to inform him that it has nothing to do with parts of the website that launched on October 1. In fact, it relates to a function of the website that is not currently active and won’t be until the spring of 2014. Rather than seeking out the truth, this press release tries to scare the public by capitalizing on confusion caused by the Chairman’s own staff.”
In his interview with Issa's investigators, Chao repeatedly qualified his remarks, such as when he was asked about one of the specific risks:
Q- Do you think that this issue presented a significant risk to the system?
A- In my opinion, no, because I think this is actually -- this might be an outdated one. I'm not sure if you actually picked up -- this might be a flaw in the report. Because I was aware of this issue. This issue actually existed during April when we first tested the system.
At other points, Chao said that he might not have been shown specific information because it was his boss who ultimately had to sign off on certain things and that the detailed reports behind the memos he was shown would probably answer the questions.
Chao did agree with Issa's investigators on one point -- that the communication among different offices and officials was not good and that there was confusion.
However, in the transcript of that conversation, Issa's investigator admits during a discussion about a "pre-flight checklist" that his office also lacked documentation explaining the status of the risks that Issa highlighted as a threat in his press release.
Q- And under the system, it lists "FFM." [Federal Facilitated Martketplaces] And under the category residual risks, it has "too high." Where are those high risks that were remaining as of September 17th?
A- I would have to look at what it says, the notes, the certification form for details, which -- is it part of this?
Q- We couldn't find it.
Another moment in the transcript reveals a similar lack of knowledge about the threats that Issa's press release asserted:
Q- So either that's the case and this document is incorrect, or what you thought in early September was incorrect and the document is correct, that there were still high findings as of September 27th.
A- Yeah, we need to confirm that. I agree.
Q- Does that suggest some confusion in the reporting and tracking of these high-risk elements?
A- I think so.
Democrats also took issue with another Issa claim on Tuesday, releasing a document that counters his allegation that the White House disabled an "anonymous shopper" function on the health care exchange because the White House didn't want people to suffer sticker shock. Democrats said CMS did it out of frustration with contractor delays and failures.
Michael McAuliff covers Congress and politics for The Huffington Post. Talk to him on Facebook.
This story has been updated with comment from administration officials about the purported Obamacare website risks.