The Obama administration has refused to give in to a request to publicly disclose records that relate to the computer systems and security software used for the federal healthcare website HealthCare.gov.
The decision of the White House has something to do with concerns that disclosing the information to the public could potentially compromise the safety of the website as this would potentially give hackers the information they need to break in.
Late last year, the Associated Press made a request under the Freedom of Information Act for records about the computer system and security software used by HealthCare.gov amidst concerns raised by Republicans about the site's security as technical glitches have prevented millions of Americans from signing up for the insurance under the health care law of the Obama administration.
The Centers for Medicare and Medicaid Services (CMS), however, denied the request for access to the documents which include what is known as the website's security plan. Medicare justified its decision by telling the AP that releasing the records could lead to the violation of health-privacy laws as this could give hackers sufficient information to hack the system and steal people's personal information.
"We concluded that releasing this information would potentially cause an unwarranted risk to consumers' private information," CMS spokesperson Aaron Albright said.
Concerns over the potential risks of publicly disclosing the security system of a federally-funded website does not appear to be unfounded. A group of hackers from China known as APT 18, for instance, has managed to attack the computer system of Community Health Systems, which oversees over 200 hospitals in the country, which led to the theft of the social security numbers, addresses, birth dates and other personal data of 4.5 million patients.
Information technology experts, however, appear to support the idea of the government giving the public information about the website's security practices.
"Security practices aren't private information," said industry consultant David Kennedy, who testified about the security of the HealthCare.gov before the Congress last year.
Attorney General Eric Holder is also apparently amenable to revealing at least parts of the records. Holder has already instructed agencies to consider if parts of the records that the CMS wants to keep private can be revealed when sensitive information and passages are blocked out.
The CMS, however, said that it will not release any of the requested records either in part or in full.
