Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
Federal IT officials shirk responsibility for HealthCare.gov problems
Thursday - 11/14/2013, 3:42am EST
House Oversight and Government Reform Committee Chairman Darrell Issa (R-Calif.) said federal technology failures are like orphans — no one takes responsibility for them.
Issa pressed federal Chief Information Officer Steve VanRoekel, federal Chief Technology Officer Todd Park, Department of Health and Human Services CIO Frank Baitman and Centers for Medicare and Medicaid Services deputy CIO Henry Chao to acknowledge the oversight failings, and for someone to declare they were in charge of the program.
"Mr. Baitman where were you, since you, and Mr. VanRoekel, are a critical part of this process? Mr. Park was brought in afterwards, where were you in the months and years leading up to this? Why is it that you not aware that on day one, this product would fail to launch in any legitimate, acceptable way?" Issa asked during the four-plus hour hearing.
Baitman responded to Issa's question, "As I indicated in my opening testimony, HHS is a federated agency. The job for running…"
Issa then cut him off, "OK, not your job. This is an orphan."
Issa then turned his attention to VanRoekel, asking about his private sector experience with Microsoft.
"Bill Gates and Steve Ballmer and a lot of other people at Microsoft would've had someone's neck hung. Maybe not literally and maybe fired them, but they would want to know and demand to know. Can you tell me today, whose job today was to make sure we didn't have this dreadful failure to launch that didn't call the one person that should've known and didn't do their job? One person, who was that one person?"
VanRoekel said he wasn't close to the actual development, "I'm not in a position to make that call."
Issa interrupted again. "I had you, Mr. Park, Mr. Baitman, Mr. Chao and none of you today can tell me who failed to do their job."
Best practices ignored
He said OMB, HHS and CMS failed to follow industry standard best practices. Issa used a car manufacture analogy to describe how the federal oversight process should work. He said Toyota or Honda relies on every employee to take the responsibility to stop the assembly line if they see a problem with one car.
In this case, Issa said no one spoke up about the site's problems before it was too late.
And so went the contentious hearing with both sides of the aisle taking shots at each other and trying to get the witnesses to explain the IT and procurement breakdowns that led to the HealthCare.gov debacle.
Several committee lawmakers pressed witnesses about why they didn't know or say something sooner.
Rep. Trey Gowdy (R-S.C.) asked Park why was he brought in now instead of 184 week ago.
"If you are being asked to fix this after Oct. 1 in a couple of weeks, where were you in the first 184 weeks after the so-called Affordable Care Act passed? Where did they have you hidden?" he said.
Park responded, "So sir, in my role in the White House as U.S. CTO in the Office of Science and Technology Policy, I'm a technology and innovation policy adviser, so I have a broad portfolio of responsibilities."
Gowdy interrupted Park, "But you are obviously good enough to fix what was broken. It's been called a train wreck; that's not fair to train wrecks. It's been called other things. They brought you in to fix it. Why didn't they bring you to start it? Why didn't they bring you in to build it? Why are you doing a reclamation project? Why didn't you build it?"
Park said he's being brought in under Jeff Zients and up until Oct. 1, "that wasn't part of my role."
When Issa didn't get the first panel to accept responsibility, he turned to former federal officials for their take on accountability.
Karen Evans spent six years as the associate administrator for e-government and IT at OMB. She told the committee she would have been hands-on and told her bosses about the problems.
"So in my analysis from the public record and watching the testimony that happened prior, I believe that if I was in that position that I would have elevated things through because that is the President's key priority. That is his number one priority. That is what the CIO is supposed to do," Evans said. "They are supposed to analyze what potential decisions are being made, and what is that impact on the President's priorities to get done from a political perspective, from a communications perspective and from an oversight perspective on what the impact would be and how you would have to do congressional notification if you were changing things. That would have been elevated up so the OMB director would have known what the impact was happening so the director could talk to the President about potential opportunities."
Richard Spires, the former Homeland Security Department CIO, said the committee brought the right people to testify earlier, and from what he could see, HealthCare.gov lacked proper governance and oversight from all parties involved.
Spires' take on the oversight shortcomings is supported by the Government Accountability Office.
David Powner, GAO's director of IT management issues, testified complex federal IT projects can be successful if agencies follow seven acquisition best practices, including accountability, transparency, oversight, expertise and program management.
He said too often when federal IT projects fail, many of these best practices aren't used, which seems to be the case with HealthCare.gov.
"Key IT executives need to be accountable with appropriate business leaders responsible for the project. This needs to start with department CIOs, and for projects with national importance, this includes the President's CIO," Powner said. "At HHS, CIO authorities are an issue GAO reported on just last week. Both OMB and department and agency oversight and governance are important so executives are aware of projects' risk and ensure they are effectively mitigated."
He added the oversight includes the use of TechStat sessions, which have produced "excellent results, primarily halting, rescoping and redirecting troubled projects." "We've also recommended more TechStats need to occur on troubled and risky projects," Powner said. "We are not aware if HealthCare.gov was subject to a TechStat review."
He said OMB's IT dashboard is supposed to shine the light on major investments to hold agencies accountable, but that didn't seem to work for this project.
For HealthCare.gov, Powner said CMS CIO Tony Trenkle rated it green most recently. He said in March CMS gave it a red rating. Trenkle will retire from government this month.
HealthCare.gov joins the list of many other failed federal IT projects, including the FBI's Virtual Case File, DHS' financial management modernization programs Emerge and TASC, the Defense Department's DIMHRS and the Census Bureau's handheld devices for the Decennial census.
One expert said it's been a few years since the government has had a really big failure, which signifies agencies were improving their program and project management skills.
But when something that is politically charged and complex comes up, old habits die hard.
Powner said there are a number of key questions that should be asked of any IT acquisition to make sure appropriate accountability, transparency and program management are in place. He said these include:
- What role is OMB playing and how involved is the federal CIO?
- Is the agency CIO accountable and activity involved in managing risks?
- Is the IT dashboard data accurate?
- Are OMB and agency governance appropriate, including TechStats and follow ups?
But it seems these best practices weren't followed. VanRoekel and Park repeatedly told the committee they only got involved later on in the process.
Records show both officials attended meetings at the White House, along with CMS' Chao. VanRoekel and Park said they were not there as technology overseers, but in other roles. Chao said he would offer five-minute briefings on the status of certain aspects of the program.
Issa and Rep. Gerry Connolly (D-Va.) co-authored the Federal IT Acquisition Reform Act, which was passed by the full House as part of the Defense Authorization bill earlier this summer, as a way to address many of these long-standing problems.
Issa said the hearing wasn't held to sell other members or the administration on the need for IT reform, but rather to figure out what happened to $600 million and why there are so many problems.
Portal is making progress
As for the portal, Park wouldn't commit to meeting the Nov. 30 deadline to fix most of the problems. He'd only say there is a team working hard and making progress, but there's still a lot of work that needs to be done.
"Average system response time, which is the time it takes a page to render a request to be fulfilled of a user, was eight seconds on average a few weeks ago. Now, it's under a second," Park said. "Another measure is the system error rate, which is the rate in which you experience errors in the marketplace application, that was over 6 percent a few weeks ago. Now, it's at 1 percent and getting lower than that. So, we are making really good progress, still much work to do, but there is a system and pattern of attack in place around monitoring, production stability work and functional bug fixing."
The biggest unanswered question from the hearing was about the portal's security. There seems to be differing accounts of what's going on with system testing and how big of a risk do users face in giving the portal their personal information facing. Most of the hearing went back and forth over the issue of the authority to operate and the memos from Chao and others.