to do this, we need to reorganize an economic development effort into four regions equal to the congressional districts, establish regional boards of directors and provide leadership locally. and i will announce tonight that my running mate, monica, will take the lead. she's a leader in her community. the local business leaders know what they need. and we'll rely on their advice. we need a community up economic development proposal, not a top down. we need local people picking what they want to invest in, not winners and losers from a board in des moines. thank you very much. >> governor branstad. >> first of all, thank the greater burlington partnership, kwqc, and all of you in the audience for being here and

sponsoring this. great to have this debate at the first territorial capital in burlington. my mother was born here, and proud to have my wife, my stepmother here. and i love this state. i grew up on a farm, learned to work hard at an early age. and i worked every day. kim reynolds and i go all over the state, every county every year. we work to bring more good jobs to iowa to make iowa the best in the nation in terms of education, to reduce the tax and regulatory burden. we have reduced the size of government by over 1400, and we're not done yet. we're focused on college affordability and reducing student debt. two years, no increase in resident state tuition, and we're going to do more to reduce that and make college more affordable. we have proposed the center for human capital enrichment, and a

goal to connect every acre so we have high-speed internet every in area. i would appreciate your vote of confidence, your support and the opportunity to work hard for you for the next four years. i love iowa and i'm proud to have the opportunity to serve you and i would appreciate your vote. thank you very much. >> gentlemen, thank you. [ applause ] the conversation -- [ applause ] the conversation continues at your next debate. but that is all the time we have for tonight. thank the candidates, senator jack hatch and governor terry branstad. and you can continue to watch this at kwqc.com and at thehawkeye.com. thank you for watching tonight. >> tonight at 9:00 p.m. eastern,

our campaign 2014 coverage continues, a debate between the candidates running in the nebraska second house district. incumbent republican lee terry and brad ashe ford, the democrat. here are some of the campaign ads airing in that race. >> i'm pastor harry waller from omaha, nebraska. at one point in time, the homeless veterans signed a contract with the united states government saying we'll go to battle and give our life if necessary. when you talk homeless veterans, the v.a. hospital, the veterans cemetery, you hear lee terry. thank you for caring about our veterans and giving us an opportunity to serve them. >> i'm lee terry and i approve this message. my dad flew a b-26 bomber on d-day. never forget those who serve our nation.

my disagreements with congressman terry aren't personal, but his votes against veterans are. he defended his own pay while soldiers were on the battle field, and defended taxpayer-paid health care for life while cutting veterans health care. it's personal and why i approve this message. >> lee terry is fighting to keep our neighborhoods strong. he's strengthened grants, and fought for the violence against women act. cracking down on human trafficking. and lee terry passed a law empowering a neighborhood activist to start a radio station, giving voice to a community trying to stop street violence. lee terry, working hard to keep us safe. i'm not running for congress to represent any political party, i'm running to make a difference for nebraska. reducing partnership in washington isn't one easy step,

one single day or electing one new member. i'm going to work from day one to create a coalition of 25 members of congress who set aside partisanship and work. i'm brad ashford and i approve this message. >> working together, changing congress. the nebraska second house district candidates debate tonight at 9:00 p.m. eastern on c-span. now former housing and urban development secretary talks about housing needs for seniors. he comments on a new report released by the harvard joint center for housing studies which co-hosted this event along with the aarp foundation. he's a former mayor of san antonio, texas, and co-chairs the bipartisan community center.

this is 30 minutes. [ applause ] thank you very much. what an energetic presentation. it's not necessary to be the mayor of san antonio to become secretary of hud, but it doesn't hurt. lisa, thank you for your kind words about my city. and i am very proud of julian castro, but equally proud of his successor. san antonio is now the seventh-largest city in the country. there's never a city larger than san antonio to have an african-american woman mayor which we now do in san antonio. so it's a very inclusive place. even though the african-american population there is relatively small, ivy taylor succeeded julian castro and speaks to the kind of breath, if you will, of the city. and i'm very, very proud of what

we have been able to accomplish. lisa, thank you, you're a pioneer in your own right. lisa, who has been the president of the aarp foundation for the last ten months was previously the president of a college for 20 years. wells college in upstate new york. a thank you to you and the aarp foundation for producing this very important report -- for

establishing life-long sustaining programs. really iconic programs. insurance and so many other things that touch the lives of seniors across the country. and very importantly for sounding the warning bell for decades of the work that we need to be doing as a country to support older americans. this is a most important report. now it's hard to break through the clutter of important subjects at a time when the news is full of worrisome crisis. isis in iraq, israel and the palestinians trade blows, russia threatens ukraine, and unaccompanied minors at the border, v.a. issues, vital stale

mates on important questions. it's hard to raise a subject to the level of attention it deserves. but today's report on housing and supporting ageing americans addresses a set of demographic and financial dynamics which have the power to profoundly impact our nation. and its people. these issues may not be in the headlines daily. and they may be slower-burning. but they have the power to profoundly impact our way of life. they may not affect all of us personally today, but they affect some of us today. including people who are suffering deeply because of the way these issues come together right now as we speak. all across this country. and in time, the life of every in this room, will be touched. the challenges of housing and

supporting an ageing population are not unique to the united states. japan is the oldest country in the world. and ageing most rapidly. in fact, japan is now, because it is not a country that has welcomed immigrants and has this ageing dynamic, actually losing population. some of the northern european countries like france, the skan di knave yan nations, and russia, are on the path to declining population. spain and portugal are on the same path in southern europe. and china by 2040 will have more people over 65 years of age than the united states will have residents. over 400 million people in china will have reached 65. and the die nynamic of what it s in china is impacted by their one child policy. so this interplay of demographics is huge on the

world stage. now our ageing problem as a nation may be different. in some ways it maybe more manageable because we have a growing population. we were 306 million in the census of 2010. we'll be over 400 million in the census of 2050. and so in that time span we will but a growing÷(d. workforce. and that makes the problems more manageable than a country in decline because you have resources being generated, taxes being paid, economy growing. that's hugely important. largely a function of the fact that we have younger populations in our minority populations and immigration. so lest you think these things are unrelated, they call come together in the national debate. but still, despite the fact that we'll be growing and despite the fact that we'll be able to manage some of these issues, at least have the resources to do it, the absolute numbers of

ageing americans are stunning. chris has capsulized this morning the key dimensions. but i want to reflect for a moment on what some of these things might mean. this report is about housing and support systems. but it is really driven by two fundamental realities. one of them is the scale of demographic change. the scale of an ageing population. and secondly, it's about money. that is to say, the personal assets that people have or don't have to provide for their own housing and governmental budgets. we have a big problem because the scale of the change is big. today's population of roughly 20 million americans over 65 will grow to almost 40 million by 2030. so our over 65-population will double over the course of the next 20 years or so. that's just a mass of people.

and if you doubt the sense of it, then get off an airplane any day and see how many wheelchairs are lined up and how many people need assistance. our society is changing just because of the size of the number of population that's age. and we're talking about doubling the over 65. and that's because the first of the baby boomers born between 1946 and '64, an 18-year span, turned 65 in 2011. and that was 2.8 million people turning 65 just in that year. the number grows dramatically and impacts this doubling of the 65-year-old population. today's population of persons over 85 is 6 million, roughly. and that will grow to 20 million people in the same time frame. so the over 85 population will triple. by 85 years of age, two out of three adults face cognitive,

hearing, mobility or vision challenges. so the scale of the real life impact, the scale of what this means for real people in massive numbers, is huge. the second dimension that makes this an important issue is money. how do we pay for the needed housing and care? you could even make a case that while this is a big issue, if we had the money, if we knew what the systems are by which we would pay for it, it begins to solve itself because the market would respond with necessary housing and the government would have the money available. but if you don't have the money and the scale is huge, that doubles the impact of the problem. many ageing americans don't have personal savings. and governmental budgets are strapped. government -- in 2012, one-third of persons over 50 years of age,

20 million households, were cost-burdened. that is to say they paid more than 30% of their incomes for housing. so 20 million people were paying more than the suggested 30% of their income for housing. and half of those were severely cost-burdened. which means they paid more than 50% of their budgets for housing. that's the number that chris was referring to earlier who pay 40% less for food than the average household and 70% less for health care because they don't have it. they just don't have the money. they can't pay 50% of their housing -- i mean, their budget for shelter and still have money left over for these other things. those are people over 50. now people over 65, of those, 6.5 million households have incomes under $15,000. imagine trying to live on $15,000. that's an increase of 37%. almost a third more than just a decade ago.

and 77% of those are cost-burdened at the 30% of -- of their budget going to shelter reality. chris made a point this morning about the distinction between owners and renters. we know that in our country those who have invested in home ownership have some net worth, have some assets. but it's hard to believe that among the elderly, those who are owners -- this is people over 50 years of age -- among that age group, those who are owners have a net worth 44 times that of renters. 44 times. and that translates into realities. among homeowners over 65, most have enough wealth to pay for about nine years of in-home care. and about six and a half years

of assisted care by cashing in on the equity in their home. but for renters, what they have available to expend on care is about two months. so the implications of those who are owners today and those who are renters in terms of what they can translate that into in terms of their care, is huge. as chris said, two out of three older adults with disabilities rely on care from family members. that is spouses or, usually, adult daughters. and the ratio of family care givers is declining, as he said, from seven to one to three to one by 2050. now that's sort of personal budgets. governmental budgets are just as strapped. social security and medicare already account for 41% of all federal outlays.

with the ageing reality, those numbers will increasingly drive the federal budget deficit. i served on a budget deficit committee, and it's abundantly clear that it is this ageing dynamic, and particularly health care costs that will drive the budget deficit. so as we confront these two realities, the scale of demographics and the financial dimensions, it's clear that we will need more housing that is age-appropriate for the various stages of ageing. housings that accessible, affordable, well-located, linked to services with trained staffs, properly accessorized, healthy, and safe. and we must provide it because, first, it is the compassionate and responsible thing to do. it is consistent with our ideals that we don't leave people to suffer in their most vulnerable years. we never have believed that as a

country. and it's consistent with our ideals that we not. so there's a -- [ applause ] a kind of a first principle involved. secondly, it's necessary to make our communities and our society function. or we'll be overburdened with the costs of care of people who are left behind. and because we can link housing and health to create a better sense of well-being. at every step of the type of housing that's necessary, we can do better. ageing in place for the 90% of people who say they'd like to stay in their own home for as long as possible, now)o>r:h aps to independent living. the first level of con ggregate care when people realize they are not going to be in their own home. assisted living, the next level, more costly.

and the memory-related(# units, dementia in its many forms. brain science is not keeping up with other forms of medical science. people are physically okay, but at some particular point they begin to lose cognitive capabilities. and finally we need new skilled nursing facilities for the numbers of people who at the end of life will need that kind of care. let me just say a quick word about each of these &%??pieces you will, the spectrum as we need them over the span of life. first of all, ageing in place. the vast majority of people when polled, over 90%, say that they want to stay at home. and indeed some 94% of elderly americans live at home now. it is a tight connection to health and peace of mind for many of them that they are at

home. and dr. james frees at stanford put together a framework he calls compression of morbidity. which means if we can find ways to change the arc of decline over time. imagine an arc that begins around 50 or so, and steadily declines over time. if we're able to change that trajectory to one that's on a plateau for a longer president period of time, and there is a drop, but a sharper drop at the very end, then we save not only suffering and family issues, but immense cost to the society. because the end of life costs are the most expensive. and the fact that they come much later in the process would be huge. how do we keep that trajectory, if you will, stronger? includes many elements including fitness, eliminating things like smoking, dealing with diseases that used to be debilitating

earlier in life, but very importantly, providing people the physical conditions in which they can stay strong. sole socialized, get exercise for a longer span of time. so that's the significance of this whole issue related to the number of people ageing in place. it involves, as chris said earlier, renovations as well as new prototypes of housing. renovations, fixing homes to put in ramps at the appropriate time, or lower kitchen cabinets, or change bathroom fixtures or put a different kind of lighting for security, or accessorize with security devices with which care givers can be called at the appropriate time. but a whole range of things related to renovations. and there's some very interesting work being done now on new prototypes of homes. there's a company in florida creating what they call the liberty home that begins with zero step entrance and wider

hallways and the bathroom fixtures at the appropriate height and turned handles instead of knobs that make it hard for the elderly wrist to turn as strength declines and so forth. and they're finding that if they do it at the time that they construct the home, it ends up being a lot cheaper than having to come back in and do it later. and, oh, by the way, there's no problem in having these things in place for younger generations so we can create the life span home that lasts over an entire lifeti lifetime. and as chris said earlier, there are things that the local government and the national government can do to encourage both the renovations as well as the new prototypes. universal design features by ordinance, tax credits to builder as is being done in ohio to encourage the inclusion of universal fee kmurps grants and

loans in sites like massachusetts, and hud and the federal government can play a major role in the community development block grant program. which has a great deal of discretion at the local level. and i've always felt it's time to be thinking about something like, or adapting the existing weatherization prom that's done such a good job of retro fitting homes for energy. we need to retro fit homes for . we can adapt that program or modify it to create the life span setting. everybody medicaid can be ada adapted so that renovations are possible under it and medicare as well. and vice chairman of habitat international, and one of commitments at habitat is to have a prototype home for the volunteers. if they're building, they should

be building with these values in mind. and habitat is going to be building 100,000 homes a year over the next several years. we're about to finish the millionth home around the world. it's not an insignificant commitment to be ahemade from volunteer organizations. there's the reality of not just changing homes, houses, but existing communities the so-called norks, naturally occurring retirement communities and the new communities we have built. city planners have that phrase, nork. i recognized places like that exist when had i was mayor. and i used to go to town hall meetings, and everyone was older. it's a place like my mom has lived until very recently, and the neighborhood that i live in now in west san antonio. and i recognized as i was listening to people discuss their problems, that the problems were different. they're not the same problems

that you encounter in a younger neighborhood. they're issues of security, and you think about it in a different way. and the need for in-home care and nutrition assistance. and a different set of problems in communities. we have whole communities across america. as chris said earlier when you saw that map, 5% in 1990 of those counties, 5% in 1990, had population over 50 years of age. that was at least 40% of the population of the county. 20 years later, in 2010, that number was not 5%, but 33% of american counties had at least 40% of their population over 50 years of age. so this is a national problem of importance. transportation is a huge issue when we get to thinking about ret retrofitting communities. as i have done town hall meetings with elderly

populations in these naturally occurring places, they site isolation as their greatest fear. a sense of loneliness as children have moved out. as there is no way for them to drive any longer. and their fear of going out by themselves. so providing ageing specialists who are able to help them get to doctors offices and get to the groceries. very, very important. we thank the area agencies on ageing and their emphasis on care and homes versus institutionalization, in-home services like those offered by mercy housing missions. missions creek community in san francisco, for example. we're seeing communities doing things like changing zoning. interestingly, one of the most aggressively creative cities in the country is new york city. which is changing -- first of all, it ranks very highly as a

place for the elderly to live because it is so walkable. transit is available. wouldn't have thought of new york city as a good place for ageing. but there was an analysis of best places in america for ageing, and new york ranked very "tp&ong with other places that e working to change zoning to make uses compatible nearby. accessory dwelling units as passed in davis, california, that make it possible to place a unit or a lotted adjacent to an existing home so multi-generational families can live together. and, of course, the virtual village network which today upscale side. but they're working very hard to try to find ways to make it more accessible. so then we go to the other elements of housing and things that can be done beyond those who are living on their own. independent living, new

approaches, that involve co-housing and approaches to providing services through interagency collaboration. the reality is that for most -- and chris made this point earlier -- that many, many people who need independent living or other forms of assisted housing can't get it because two out of three elderly residents who are eligible for federal housing assistance do not get it. the housing assistance is just not available. assisted care. the challenges, trying to pay for long-term care. medicaid requires spending down, or disposition of assets for families which ruin them. and medicare provides only short-term care after hospitalization. so we have some new thinking we have to do about these critical memory care. we need a lot more of it.

my mom lived in the house that she and my dad bought in 1945 where all of my brothers and sisters and i grew up until one month ago.4 0 she made it to 90. on july 11th. and two weeks later, had a fall and went into a facility, a hospital. and the doctor said we would not be responsible if we let her go home because the disorientation and the forgotfulness would only result in a situation like this again. so we began to look, my sister and i, for a memory care facility. and we looked for days before we could find any -- a facility that didn't have a waiting list that was three, four, six months long. found a wonderful place in the end. truth is, she doesn't want to be there, she wants to go home, and it's a very sad thing for me to visit her. because it ends with her crying

as i leave, and then i want to go out to the car and cry myself before i drive away. but it's just -- it's a -- it's a really difficult, difficult thing to find quality memory care. and we need more of it. and then, of course, skilled care nursing is the next step. and the median age of skilled care facilities in the country is 36 years old. facilities are older. we just need more of them. but, again, we need to find the ways to help pay for this. so the long and short is that today's report should be heard as a wakeup call. it stresses why we must act. why? because, i'll repeat, it is the compassionate and right, it is the civilized and responsible thing to do. we owe the generations that have gone before. the truth of the matter is that the human body wears down. and it loses strength.

and as frailties increase, so do disorientation and even depression. care givers are saddened, and frequently at a loss. i edits this book several years ago on the subject of independent living, and i probably made 40 speeches on the subject. and easily 35 out of those 40 times someone in the audience, when we get to the questions, stands up and describes a personal circumstance at which they're in complete despair. and it's not unusual for someone to break down and cry in those sessions as they're describing the problems they confront. there's an article in today's "washington post" about a new book entitled "we are not )t's on alzheim. and it's on the features section. it quotes a doctor. i thought this was appropriate for today's presentation.

this is about the interface of cognitive disorientation and ageing and housing. he said this is a disease where you never win. it doesn't just take down the sufferer. it takes down the spouse and the children and friends. and so we're dealing with the reality of what the human body can do over time. it's just a practical fact. and if we don't have good housing solutions for people, then we're just not doing what we ought to be doing. and when you overlay on top of these physical realities, these chronological realities, the financial inadequacies, then we're courting family meltdowns. and the truth of the matter is, that we're also courting the vast potential for a breakdown of key societal systems because we can't deal with people and we

cannot leave them on their own in this vulnerable state. why, again? communities can't sustain economic prosperity. we look at vast sections of the midwest. you saw the map. if you go to many communities in the rural heartland of america, you found that the young people have left and the old people are left behind. we refuse to accept throwaway communities, why would we accept throwaway people? so a commitment to deal with the realities that we confront as a nation is essential. finally, i would say that because we know from many other applications of housing policy, we understand the pry massy of shelter. ñy and we have issuesly)w related families and children. we understand the role that a safe, live means.7bsb well, that same logical, the d

primacy of housing is with older americans too. it's the hope of staying long as possible. that's potential contact, exercise, peace of mind. familiar -- vulnerabas a rulvul life. our country must face)8mo&e basc facts. and today's report+xéñ makes th facts clear.vz we are ageing. we're not ready. we're not preparing well enough. we will reap the sad consequences, and we will see many people suffer. it doesn't have to be that way.6 we can go to work now. we still have time. we're just at the beginning of the baby boom surge. the critical mass is when those

80s which is 12, 17, 20 years from now. we have some time. but we must think anew. weçq@ñ+i must act with determination, and we must fulfill our responsibilities as the great #b compassionate nation that we are.ompassionate nation that we thanks to all involved in today's presentation. hold is resigning. he's been attorney general since the start of president barack obama's first term. holder is the first black attorney general and has been the fourth-longest person to hold the job. he plans to remain at the justice department until his successor is in place. the president made that announcement today. we'll showyuguv you the preside remarks tonight at 8:00 p.m. eastern on c-span.

the phoenix v.a. medical center held a town hall:6"v me last friday for veterans and their families to ask questions and share comments about their medical care and experiences. this particular site was the center of the department of veterans affairs inspector general's report about long wait times and other systemic problems about delivering patient treatment. here's a portion of their remarks. >> it took me two years after i got out to get an appointment. i'm just curious, the general reason the whole v.a.'s in trouble is because of the secret waiting lists. am i correct? >> right. >> and that's because we were putting people on the secret waiting lists because there were too many people, not enough providers, relatively correct? >> yeah, yeah. >> so i finally came in here june of this year. i got seen for three minutes by a doctor who didn't ask me any

question about service-related ññ put out for, and my disability was cut in half. they didn't ask me about mental health, they said that dipping was disrespectful, not as disrespectful as killing veterans, but still disrespectful, and sent me on my way. since i left the army, my wife left, moved in with my parents and couldn't get a job. telling them that made them think the issues are better. they scheduled me for a primary care provider appointment late august. i get a phone call, it's canceled. and september, it's canceled. and october, i get a postcard saying it's cancelled. so i start calling. i can't get a human on the phone. i get an operator who i'm sure has been cussed out more than any person on the planet because

she's the only human. i'm going to go into the clinic. i walk in, tell them i have four canceled appointments because i want to talk to someone. after walking in, they say talk to this guy over here who spent an hour answering phone don't you think it's ironic that i had to go to the clinic was because i couldn't talk to anyone on the phone? they wouldn't give me his phone number. i get an appointment. i talk to one of the advocate people. and they tell me that i canceled all my appointments. i've canceled five appointments, here i am. so what i'm curious, so you guys got in trouble because you're canceling, or not making appointments, or putting people on the lists, and you're still doing the same damn thing, of making the patients cancel the appointments themselves. i got care because i went down there and raised hell.

>> the phoenix v.a. town hall meeting for veterans and their families. watch it tonight at 8:00 p.m. eastern on c-span2. c-span campaign 2014 debate coverage continues tonight at 9:00. nebraska's second congressional district debate between the incumbent representative, lee terry, and state senator brad ashford. on friday at 2:00, the oregon's debate, the incumbent governor, and state representative, dennis richardson. and sunday, the iowa u.s. senate debate between bruce braley and jonierness. more than 100 debates for the control of congress. now the house oversight and government reform hearing on security and privacy aspects of the health care exchange website. centers for medicare and

medicaid services marilyn tavener testified, announcing 3.4 million people have signed up and paid for health care coverage as of mid-august. this is two hours and 20 minutes. welcome. come on, sit right up here. >> thank you. the committee will come to order. without objection, the chair is authorized to declare a recess of the committee at any time. the oversight committee exists to secure two fundamental principles. first, americans have a right to know that the money washington takes from them is well-spent. and, second, americans deserve an efficient, effective government that works for them.

our duty on the oversight and government reform committee is to protect these rights. our solemn responsibility is to hold government -- government accountable to taxpayers. because taxpayers have a right to know what they get from their government. it's our job to work tirelessly in partnership with citizen watchdogs to deliver the facts if the american people and deliver reform to the federal bureaucra bureaucracy. over the past four years, the a oversight committee has vigorous oversight of the affordable care act, often called obamacare. including the design and launch of health care.gov. today the committee focuses on the interconnected issues of security of the website, accountability within the administration and most of all, transparency to the american people. the government accountability office released a report this

week on security of health care.gov. the gao found the administration failed[57 to take appropriate sufficient steps to protect health care.gov and associated systems against security and privacy risks. more importantly, the gao reported strong -- report strongly asserts that security testing is not complete and security weaknesses continue to plague the website. one of the principal authors of the gao report will testify before us today. the committee has released a report detailing several breakdowns in both accountability within the administration and transparency to the american people during the design and implementation of health care.gov. it is important to understand that with private sector,

high-profile losses of information due to hackers, there are human repuercussions o those companies and the government often further comes in and victimizes the companies who have been victimized by hackers. and yet when the government fails to protect involuntarily-taken personally-identifiable information, there's nobody but people on this dais to try to hold government accountability. factions developed within the agency in charge of implementing obamacare, the center for medicare or medicaid services, cms, these factions fought over several issues, including website security. cms often fought to keep information from their colleagues within the larger department of health and human services. and additionally, the

administration endeavored to keep the truth and the true nature of the website's problems out of the public eye. following the collapse of health care.gov, administration officials refused to admit that the public that the website was not on track to launch without significant functionality problems and system risks. last month cms denied the associated press access to security documents requested under the freedom of information act. even more recently, cms refused to provide the government accountability office documents related to the 13 incidents that we're going to hear about in vague detail here today. i want to make something very clear. refusal to cooperate with the gao, a non-partisan government-created entity, refusal to allow access by the whistle blowers under freedom of information act, and refusal to

cooperate with even the inspectors general, something we saw here just a few days ago with 47 inspector generals out of 73 complaining with the lack of access even within the executive branch, this is not the most transparent administration in history. and certainly the transparency we see here today was only done under subpoena. cms has offered to brief gao on these 13 incidents. it is not acceptable after the public scrutiny reveals that they exist and they have been denied on the eve of a hearing and only after an audit is completed to then say we'd be glad to brief you. that's unacceptable and quite frankly one of the most disingenuous things i have ever seen. there were five months during the audit to comply with a reasonable request by the

general accountability office and it doesn't done. questions of security can no longer be easily dismissed by the administration. in late july health care.gov suffered a malicious attack from a hacker and took two months for cms to identify the intrusion. marilyn who is with us today will testify. and we will discuss that in addition to the gao report. i'm sure we will hear that there was no loss of data, that this was not the main site and so on. that doesn't change the fact that security risk exists whenever you fail to secure not just the main site, but back doors. too often, back doors have been what we have discovered. in the case of another investigation of this committee, we discovered that the back doors were something as simple, in one case, as a stolen laptop

on which those who stole is later added peer-to-peer software which then made information on that database available to the public potentially. the federal trade commission opened on investigation. and a plaintiff's trial lawyer sued and won money on behalf of people who's information was never actually released. but in fact both the government and plaintiffs bars thoroughly enjoyed going after a non-profit aids clinic. i cannot and will not allow our government to put itself at a different standard of accountability. last month, the center for medicare and medicaid services informed the committee that once again, there were lost e-mails in response to the subpoena and documents relative to hoealth care.gov. this is not an uncommon pattern, this is a pattern of predictabili

predictability. this administration has not complied with nor caused their political executives, including appoint appointees, to comply with the federal records act. she admitted to deleting e-mails during the time period of obamacare implementation. madam, your actions hinder congress's investigation and hinder the release of information under the freedom of information act. it appears as though this administration holds itself to a different level of compliance with historical documents than the last administration or any administration since the page. we are joined by the u.s. emergency readiness team or serc. they have concerns about the team's transparency about a hack reported earlier this month. the u.s. spent a billion dollars

on a website that's not fully operational and secure. the same responsible for the lack of transparency and accountability a year ago remain in the position of authority. questions of transparency go beyond whether or not you you support the president's health care law. many of these issues are not related to health care and are raised by 47 of 43 auditors. heal healthcare.gov experienced a vicious attack this year. they contacted my office to give them limited details of the successful hack. during the brief call, hhs gave

my staff the name and phone number of a contact in the department of homeland security the hack itself and my staff responded to the hack.zlpz my staff was told dhs was running the request back with hhs to see if we can all jointly get on the phone, seeing if tomorrow will work. however, my staff followed up on wednesday and friday and then, on monday and tuesday, with no response from dhs, i would like to note that dhs was unable to make time to brief our committee

even by phone. however, two days ago, the minority staff notified me that they were asking dhs to appear as a witness. i accepted it, even though clearly this is a witness from an organization that has refused to answer questions or cooperate with the investigation. when the minority staff reached out as a witness, dhs was able to produce a witness, apparently, prepared in detail to provide testimony bf this hearing today. however, dhs has still not arranged to properly brief our staff. i would like to introduce into the record this time the correspondence between what appears to be a very different treatment from this administration to a request from the majority staff.

i have with me three witnesses. two, very clearly, are not part of transparency in government. i have no doubt that your organizations have worked diligently with the minority to try to make this hearing good for you. it is not our job to try to make this hearing bad for you. but the american people deserve the truth. not a cozy relationship between the people of your president's party in covering up the on going failure to secure a web site that cost over a billion dollars. >> thank you very much, mr. chairman.

first of all, i apologize for being late. one of our most important jobs in congress is to help protect the interest of the american people. they demand the government and private companies safeguard their personal information, safeguard their social security numbers, credit cards and their health information. nobody wants 20 get a call from your personal information has it can end your financial life and cause serious financial

we can help promote robust entire government in the axzutr% sector. today, though, we have not filled this agenda. today's hearing is our 29th on the affordable care@:d

this there certainly has been attempts. last week, thex vñ centers for medicaid services, mallware onto a server. there are several key facts to know about the attack.bml first, it was not directed at health care alone, but a much wider universe of tar gets. second, the server that was attacked was a test server that had no personal information on it. third, the most important, nobody's important information that incident was investigated by the united states emergency readiness team and the department of homeland security.

>> there is no indication that any data was compromised in the result of this conclusion. end of quote. we have spent a tremendous amount of time focusing on the affordable care act and this web site. we've been disregarding much more serious attacks that have actually compromised a massive amount of our constituents. we are talking about hundreds of millions of people. hundreds of millions. for example, january 14th, i sent a letter requesting a bipartisan hearing with senior officials from target. as i wrote, up to 1120 million americans were subjected to one of the most massive information technology breeches in history when their credit, debit and

other personal information, reportedly, was compromised.÷l end of quote. on september 9th, i sent a letter requesting a bipartisan hearing on a major data security breech. the nation's largest for-profit hospital chain. as i noted, this was the largest related hacking ever reported. a recent security breech at home depot. i explained that home depot has more stores 234 the united states and a higher total annual sales volume than target.

it appears that every data security breech for a loonger period of time than what occurred at target. end of quote. monday, i sent a letter to a company that conducts more background checks for the government than any other?nñññ contractor. which had its own breech this summer. although press attacks may have reported of up to 27,000 federal employees, government cyber security experts now believe this number is a floor, not a ceiling. end of quote. i'm talking about the people who work for capital hill.

the people who work for the federal government. a response i heard back from the chairman, these serious incidents merit further review. end of quote. >> chairman, i thank you for that. i hope we can start on this right away. after all, these are our constituents. let me close by highlighting that this is much broader than health departmentcare.gov. the ceo warns that the number of cyber attacks is increasing across the federal government. obviously, the same is true for oversight of our project. i hope that this rises to the challenge. with that, i yield back. >> i thank the gentleman. this time, i ied like to place

on the record kparms of state prosecution and even public sec tor entities and the history of them going avp entipties for financial damages. mr. chairman, so ordered. >> can i get a copy of that? >> we'll make copies available to you. it's all public information.z[s6 we now welcome our witnesses today, mr. gregory wilshuzen is the director of nfgtsz security issues at the government acountability officer. and, overshrill, the subject of some frustration before getting

here today.0y >> all members are to be sworn. would you please all rise and raise your right hand to take the oath. >> in order to allow sufficient suspect would be a robust series of questions, i would ask that you limit your opening statement to 5 minutes.

>> please, continue: chairman and ranking members of the committee. i am pleased to be here today as you have itmplementation of the affordable care act. in each state to assist consumers and small businesses in comparing, selecting and enrolling the health benefitvwd plans by participating with private insurers. this marketplace is supported by the consumer portal to the marketplace. my statement today will summarize the key findings from our recently issued work on the security and privacy protection of the systems.

but before i proceed,if i may, i ed like to recognize several members of my team who were instrumental in protecting and performing this work. in addition, members from the security lab also participated.x >> health care dot gov related systems and federal data services hub, represent a complex systems that interconnects a broad range of federal systems.

the security of such a system causes a significant challenge. to meet that challenge, cms has undertaken a number of activities to enhance the security and privacy. for example, it developed a process for mediating security witnesses. it instituted certain privacy questions such as notifying the public of the types of information that will be maintained in the s.cms did not

sufficiently implement patches in a timely manner. cms had shortcomings with its information security. for example, system security plans for the federally facilitated marketplace and data hub. each plan was missing key security information. yet, these control assessments did not fully identify and tests all relevant controls prior to the point of the systems. to ep sure that they could be recovered in the event of a disruption or disaster. to assist cms, we made six

recommendations addressing the shortcomings with the information security and privacy program and 22 recommendations to resolve technical security weaknesses. in conclusion, thanks to the supportive systems, weaknesses remain that put these systems and the sensitive, personal information they contain at an increased and unnecessary risk of compromise. mr. chairman, that concludes my opening statement. >> thank you. >> thank you for the opportunity to be here today.

i want to make aware that cms strives as much as possible. we've already provided 420,0 00 pages of documents to this committee.ao transparency is important and that's why i'm here today. and we will continue to produce documents. in the almost five years that i i've worked at cms,we've focused on consumers enrolling in the marketplace. when i come to work each day, i come to improve quality in way that is make a difference in people's lives. we're making a rail and important progress.abz

we're encouraged by the number of consumer who is have paid their premiums and continue to enroll in the market place every day through special enrollment periods. this is the most recent number in place. everything from getting a new job to moving to a new state or becoming eligible for medicaid or medicare. there's also good news about medicare. spending is growing slower than the overall economy. the medicare trustees recently projected that the trust fund that finances medicare's hospital insurance coverage will remain solvent until 2013. we strive to make halthcare safer and better. and the last five years, we've

seen a 9% reduction in harm in the hopts, such as decreased health care-associated infoerkss. this represents adverse events avoided. this adds up to better health care at a better price and that makes a real difference for people. i take that trust very seriously. cms has decades of experience and operating the medicare program and its supporting systems. we successfully protect the personal information of both beneficiaries and providers. however, we must continue to be vigilant.

consumers can use the markts place with confidence that their information is safe and take comforts in knowing that no personally identifiable information has been malicious lip accessed from the site. there is risk inhernt in any system. it is simply, sadly, a part of the cyber world in which we all live. we appreciate the work done by the gao to suggest additional controls to help us further protect against these risks and are always seeking to improve upon the security protections in place. as we look forward to our second

enrollment period, our goal is to address outstanding challenges. we're making management improvements with clear accountability and are committed to being transparent. as problems arise, we will fix them just as we always have. my focus has been on providing people with high quality health care. i'm proud of the progress we've made and i hope we continue to work on those efforts. >> chairman, ranking members,

that you think for the opportunity to be here before you today. we are making every effort to be transparent as possible. my name is anne barren. i'm the director of u.s. cert. we lead the department of home securities in our space to share critical cyber security nfrgs with trusted partners around the world. >> we are committed to the protection of privacy and civil liberties for all americans. at u.s. cert, we strive for a safer, stronger internet for all americans.

dhs's cyber capableties have grown immensely and we are working more closely than ever with partners across public and private sectors to develop a comprehensive picture of malicious activity. protecting our networks requires coordination across a global cyber community to enhance others as we continue to watch our own. agency heads are responsible to take appropriate measures to su port those networks.ç.7wn

>> u.s. cert was notified of an incident by cms. we concluded -- we conducted analysis of the images provided to us by cms and found evidence of mallware on a server. our analysis concluded that there was no indication of personally identifiable information, also known as p.i.i. exposure and no indication of data exfiltration. additionally, there's no lateral movemented. we've provided cms a report with these findings, as well as mitigation recommendations. additionally, we were able to share indicators from our analysis so that agencies, partners and stake holders can dhs remains co

to creating a safe, secure cyber space. i look forward to answering any question that is you might have. thank you, i'll start with you then. when did you find out that you were going to appear here today? >> i believe iwas informed on monday.gñín >> when did you start preparing? >> when i was informed monday. >> i appreciate that. the question was has cert conducted any security testing of heltcare.cog's vulnerableties. $y÷df1 o

on who didn't have expertise and would get back to us. maybe i'll go onto gao. when this hearing is over, i would like you to accept the -- pardon me?

i would like you to accept a briefing related to the 13 breechings. i'm going to presume that you'll agree that you will have full access to all information relate today that so that gao may develop specific additional recommendations based on the actu actual breeps. that will allow us to get what we don't have here today. and i appreciate that. would you describe for the committee the level of cop ration as you did your investigation? or your audit? >> well, there's some good news and some not so good news, mr. generally, we receive the audit.

as it relates to receiving information that we provide. in this case, there were delays in providing certain documents that we've requested. >> i think they indicate that they were concerned about the sensitive security investigation. >> so they don't trust you? >> i wouldn't say that, sir, no. but we elevated the issue within ngo and within the department and we've reached an agreement where we would be able to and they did provide the information for us to look at. >> so at the end of it all, there was no reason they should have denied it to begin with? >> in my view, no. shale should have provided it earlier. but at the same point, you know, they had a concern about the

security of the information. >> when you looked at the robustness of how they determined with such certainty that there have been no breeches, no loss of personally identifiable information, were you satisfied that that -- all of those procedures were robust enough that with the certainty that ms. cavner said, that no losses had occurred that no losses had occurred? >> well, we did not receive actual security ips dent reports on these incidents. we did receive a written

response that there was something compromised but got to a consumer. it was a technical glitch. >> so personally identifiable information was lost or disclosed? >> was disclosed, according to their description. >> your opening statement said none had been lost. how can we reconcile none has been lost with a sworn statement that some has been lost. >> i think what my statement said is there were no malicious attacks. >> oh, so if you just screw up and put the public's information out there, it's okay because it wasn't a malicious attack? >> no, sir. i don't think any time we put consumer information out there it's okay. >> okay, so my time has expired and i want the ranking member to have full time. i just want to make it clear that word smithing of no malicious was done versus accidental, just as we discovered at the time of the

launch, that if i went to the section above where the url was, i could have looked at somebody's record. that was part of what you guys had wrong on the day of the launch. you could simply go to somebody else's record by changing that long streak at the top. meaning no code. when you say no personally identifiable information was lost, what you're saying is that you don't know what was lost, you just believe that the definition of malicious wasn't met. is that right? >> i think this relates to the personal incidents and i believe we want to cooperate with the gao on that. >> thank you, your desire to want to cooperate after we bring you here involuntarily is most appreciated.

but you should have coop rated beforehand. sir. >> sir, i always like to cooperate with the gio and we've had over 140 open audits under way. i'd also like to say i came here voluntarily. >> thank you. thank you. and i thank you ranking member for the time. when it was first lost in part because of a lack of adequate oversight security contractor. is that right? when we recognized that our audit first occurred, we found

that based on review of the documents, that there was certain vulnerableties to take control that have not been tested at that i mean time. >> whose responsibleties were n >> whose responsiblem'es were n correct? >> i think in some cases, there may be incidents where we did identify weaknesses that were operated by a contractor, but that was subsequent.

in the development and security testing in the web site. is that correct? >> yes. what we found,too, is that in certain instances, who was responsible as the contractor for certain tests and implementing a firewall, the contractor admitted it was not his responsibility. that it was another contractor. and that responsibility was not identified in that contract statement of work. >> scenarios like this, obviously, increase the likelihood of security risk. is that correct? yegs. >> was there a specific cms that

was responsible for overseeing the security testing of health care guide? is there a group? >> overall, the chief information officer and chief information skurts officer have sampled all for the security over this system. now, for a project of this magnitude, shouldn't an agency official with a broad understanding of it security testing, oversee coffin tractors? >> i would say yes. >> and was that the case here? >> i would say there is the cai/cis individuals that would have that responsibility. overall. so who would the cms official be that would have the kind of understanding of it security testing.

was there a person in place? >> yes, they -- in addition, there were several individuals responsible for the aspects. there is a security officer that has responsibility controls are proper. >> and you know, the issues with i.t. security management did not start with health care dot gov. broader government problem that needs to be addressed, don't you think? >> gao security and information security is a government-wide high-risk area since 1997. so, sadly, yes. it's a broad government issue.

18 out of the 24 major anyonen sills reported either a material weakness or significant deficiency in the controls for financial services. 21 out of the 24 igs. >> so it would be fair to say that all systems involve some risk. is that correct? given the nature of the internet, yes, the answer is there is risk in conducting online -- >> thank you so much for your responses. mr. chairman, i yield back. we now go to the gentleman from florida for five minutes.

>> thank you, chairman. first of all, i think you found that the testing was not complete. and the whole program was rolled out. would that be an accurate statement? okay. i also see that you say gio strongly asserts that testing of the web site still remains insecure. is that correct? >> i would say that the testing of health care dot gov has not been comprehensive. >> so even today, we have risks? >> today we have risks..uúc0 security risks. privacy information risks. okay. thank you. there was a sign on the report that had four states that had

not taken action to secure privacy. >> i would characterize it as they have not met cms security requirements. >> right. security requirements. and we'll have those for the record, this states. so it's incomplete testing. i see a cover up of the failure that took place. did you see any of that? >> i went through some of these e-mails and the record of the committee is. it looks like quite a cover up where they tried to not let the public know the failure of the rollout. is that correct?

i can tell you it's page after page. >> without objection.sw >> it's astounding. this is one of the hhs people that saw what was going on in chs. politico has a two-day story and it's stating overwhelming traffic that could have been replicated and!w)ñ tested. just one point after another. i think they were involved in some of the cover up. did you ever attempt, ma'am, to have any e-mails or records deleted? >> i'm not aware of the e-mails.

i have one e-mail here that you had asked that it be deleted. and it goes onto detail what was going on with the failure that was going on. first of all, it was accompanied by a name of circo that was employed to retain the contract of $1.2 billion. is that correct? >> i don't have the amount in front of me. >> well, again, this e-mail f%l and the failure of the proper processing. there were problems with the processing the paper applications.

and you had nothing to do with the awarding of a $1.2 billion con trakt, right? >> i don't understand the question that you're asking. >> of the contract process paper. >> i'm actually not part of it: >> you're asking for dleeting of the information. and then i looked a little bit in circo. dit you know that circo had been awarded the contract of $1.2 billion while they were being investigated? it's a british u.k. firm and they were being investigated as they were being awarded a $1.2 billion con trakt? >> no, sir, i wasn't aware. >> any of the background. >> again, i think we need to put

this -- mr. chairman, i'd like to put this e-mail in the record where the witness ask that we deal with this particular e-mail. finally, are you aware that you violate federal law when you ask to delete information like this? again, congressman, i'd have to see the e-mail. >> we'll have to get it quickly down. i'd ask to stop the clock and give her an opportunity to read it. thank you.

just simply, is that your e-mail and did you ask to have it deleted? >> it states pretty clearly your intention. >> mr. chairman, i'll defer to you to get a response. >> this e-mail is from me, yes, sir. that's accurate. this e-mail was written to julie batai and was about the call center information. oil think that i asked that she delete this e-mail because it involves sensitive information regarding the president's schedule. i think that's the area that's redacted. sometimes i would ask that things be close hold or do not move forward.

but in this case, it involved -- >> mr. president, i would like the entire e-mail entered into the record. >> thank you. why would the president skechblg wall after the fact, have any relevance to being deleted. i hear you, but the president's schedule becomes very public within a very short period of time. >> you were surmising that it had to do with the president's schedule. the president's schedule is not all that secretive. and after the fact, it has no relevance for protection. >> i understand. >> and under the federal records act, it is -- >> it was retained.

>> so deleting it doesn't change the fact that it was retained for the federal records act. >> it was retained. and, in fact, if you are asking about our response to nora, we did that out of an abundance of caution. so going back to the issue of transparency, we decided to notify nora. >> i would hope that the unredacted versions of this go back to the gao and i would ask, simply, that unredacted versions see if it's consistent. >> i have articles and people paid to do nothing in processinb

circo's checkered past. the unhealthy truth about oba obamacare contractors. >> without objection. so ordered.r(iq and, with that, we'll go to the gentleman from pennsylvania for five minutes. >> thank you, mr. chairman. and thank you to the wchbss for joining us here today. >> one of the most critical features of the affordable care act is it expands eligibility to millions of low-income american adults.

according to an issue of the foundation, about 4% of adults.m under the aca, medicaid eligibility can be expanded to cover all non-elderly aadulthoods with incomes below 138% of the poverty level. administrator, is that correct? >> yes, sir, i believe that is correct. pays states 100% of the costs for the first three years. and then favors its match down to about 90% in 20 to. despite this enormous level of federal assistance, more than 20

state haves decided not to participate in the expansion leaving millions of their own citizens without health care. can you comment on the gap that is resulting from these decisions not to expand medicaid in those states. >> yes, sir. i would start, first, by saying with pennsylvania's recent decision we are now at 27 states plus the district of columbia. obviously, if you look at a lot of independent studies, there's noticeable difference in the states that have decided to expand medicaid in terms of lowering the number of uninsured. we're going to continue with those remaining under 20 something and will remain with the best we cp!n. >> aren't the states leaving

billions of federal dollars on the table that can improve the health of their own citizens 1234. >> yes, sir, they are. >> recently, someúmw9 republica governors who recollects had originally refused to expand medicaid, have now reconsidered their original decisions and have submitted medicaid expansion plans for cms's approval. for instance, in my own state of pennsylvania, they've decided to expand medicaid in which we'll now provide health insurance to 600,000 low income adult individuals in our state. how will medicaid expansion in pennsylvania impact the health of its citizens?44;-

now, and i don't want to leave this question out. other than political posturing, are you aware of any good reason why 600,000 pennsylvanians went without coverage for an extra nine months from the rest of the states that expanded medicaid right away? >> no, sir. we want everyone to expand and expand quickly. >> why do you think they're so divided on the issue of medicaid expansion? >> sir, i can't answer that. i'm not sure. we just try to work with them and meet them where they want to be. >> do you expect to work with governors who are now reconsidering expansions 1234. >> absolutely.

i want to say i thank you for coming here today and i thank you for your testimony. i hope that governors and states that have so far not elected to expand med kat will reconsider. will consider the impact on their communities and take advantage of the historic community to lift up all of the americans and their states, as well. >> will the gentleman yield? oh, okay. at some future time, i'm happy to work with you and explain republican governors to your satisfaction. we now go to the governor of utah. >> reclaiming my time. i thank the chairman. and thank you all for being here. question for you about the oregon exchange, the american taxpayers put in some $304 million to develop that state exchange.

now they want to congresswoman over and make a transition. did you or anybody at cms conduct a cost benefit analysis to determine that the switch to the federal exchange was the most cost effective for the taxpayers? >> yes, sir, we did an analysis of what it would cost. i wouldn't say it would be a so fest kated analysis, but it would be a cost analysis. as you might imagine, we already have 36 in the exchange and adding two more is cost effective. >> can you share that analysis with us? >> certainly. >> what is the additional cost. >> i don't have that in front of me, but i'm happy to get it for you. >> when is a good time -- when would i raise the flag and say

that's been long enough? can you give me a sense of the time? >> we should be able to get you that in a few days. >> oh, thank you, i appreciate that.qqco >> what's being done to claw back? there's $304 million. is that money all gone? >> i think oregon has very actively going after their contractor. and i think that's been impressed. but i'm happy to get you more detail. >> yeah, but what's the federal government doing? >> it's between the state and the contractor. so the states are working that

initially. we're doing nothing to claw back those dollars? >> ultimately, it's in the decision making. >> the federal pataxpayers give $304 million and we say it's up to oregon what to do? >> when we gave these grants, was thereálgkz expectation thatt could work? was there a deal that said we just literally hand over the money and we don't care what happens? it ultimately didn't work, correct? >> we did a series of progress reports and requirements with the states. and i'm happy to get you that information, as well. >> just trying to get some degree of specificity. i haven't heard you yet say we're doing something to try to claw back nearly a third of a

billion of dollars. >> i think what i've said is space is doing that right now. we're cooperating the states. >> so we're just waiting for oregon to tell us something. >> and, mr. chairman, i don't know how -- >> it's just what she said. that's all she's going to say. she won't answer your question. >> i know. it's something that the congress should look at. we give out 300 plus million dollars and we just call it a day and move on? is there any criteria or guidance? >> well, we obviously have a list of criteria requirements

for the state to move from the state-based exchange to move to the ffm. there are criteria they have to move back into the system. and i'm happy to share that with you. >> okay. so 234 a few days, you'll share that as well? >> we have a plot of documentation. >> thank you. >> i appreciate it. and, again, for my colleagues here, we really have to look at. it's stunning that we would hand out by the hundreds of millions of dollars to states and have no recourse. and if it doesn't work, it's just up to somebody else to figure it out? that's not the way we should operate.

>> we now go to the gentleman from massachusetts who was here first, mr. lynch? >> thank you, mr. shannon. . >> thank you, mr. chairman. generally, the way things work is that the private sector has far more resources than oftentimes our government entities. and they are better prepared, better incentivized to keep data secure. and that troubles me because i'm also on the financial services committee as well. and we've been dealing with home depot, we've been dealing with target. we've been dealing with j.p. morgan chase, the largest bank in the united states of america. we're still not sure about the breadth of that breech. but we're concerned about it.

we have hart lant payment systems. that was 134 million people in the united states. jb financial group, 104 million people. global payment systems. 950 e 000 people. we're not sure yet. they each breached the iranian banks, about 3 million people. that was probably us who did that. morning star, 184,000 people. city group, 360,000 people. jjut(r(rpáq they got some very, very smart people. they have an extreme financial interest as well as a reputational interest to hang on to that data. so i'm just worried with the -- sort of the botched rollout, the

difficulty with the state exchanges, including my state of massachusetts, we have had data breaches related to healthcare. are you sure that you can sit here under oath today and tell me that nobody's breached the healthcare.gov site and that the folks whose healthcare information, tax information, personal information, that it remains secure today as we sit here? >> let me answer that in a couple of ways. i will go back to the chairman's point about transparency as well. i dare say, there's very little that concerns me more on a daily basis than the security of this website for a host of reasons. it's a new project. it's been very, very visible in the press on a daily if not

hourly basis. and we did have the difficulty in the rollout. we have even within our limited resources spent a great deal of time and money securing the website. we have been able to meet standards, omb standards, hippa standards. but i will always worry about the safety and security of the website. we talked about the earlier incident with the malware. yesterday, i was informed of another case not related to healthcare.gov, but an independent site, if you will, that was working with the cloud, with website material, where there was another malware incident. now, there was no personal information. this is something that i don't even have the details of. but these are the types of things that worry me every day. we meet about security weekly. we review -- >> yeah. i'm not hearing the answer to my

question. i appreciate all of that, believe me, i really do. but i only have a minute left. i think you're going to burn all my time here. there's no guarantee that there has been no breach. i don't want to put it that way. you don't seem to be able to give me a guarantee. >> we have had no malicious breach. >> that's fair enough. one of the problems we're having with our credit card issuers -- i'm using this as an analogy, is that for them that is -- that's product. they sell information, i think. sometimes by selling it, they bring on the breach themselves. they also compile it so that these credit card companies have 15, 20 years' worth of data there all sitting there waiting to be hacked. my purchases at home depot ten, 15 years ago are still part of that data grouping.

do we do anything to put firewalls up so that there -- if there is a breach of the medical information that we can somehow limit the damage? >> if you remember the hub, no information is stored on the hub. that was one step. second, we do not keep any medical information. there is some personal information, but we don't have the need for medical /hdsñ information. so that's not stored within the ffm.

the only thing that's stored in the ffm itself separate from the hub is the ability to work appeals of cases for people who say i didn't get a tax credit, i should have gotten a tax credit. we keep it minimal. >> is that tax information in there? >> no. there's not tax information. there can be sometimes people can state their income, but there's not tax information. >> okay. all right. my time has expired. thank you for your indulgence, mr. chairman. >> thank you. thanks for a good round of questioning. we go to mr. meadows. >> thank you, mr. chairman. i'm over here. i want to go ahead -- i will speed through some of these questions. miss tavenner, can you confirm that cms will not change their open enrollment dates? we had so many different dates that changed before. can you confirm to the american people and really to the providers that those open enrollment dates will not move? >> the open enrollment date for this year is november 15 through february 15. >> those will stay firm? >> yes, sir. >> no changes? >> no changes. >> they can count on it. that's good news. how about window shopping? last time you had to enroll, put your -- i had to go on when i was shopping, i actually had to

sign up to be able to figure out what i -- is that going to be available? >> window shopping will be available. you would not have to sign up this year. >> we will be able to compare plans? >> that's right. >> without having to put any personal data? >> yes, sir. >> okay. great. let me go a little bit further into this. brian sevok has shared testimony with this committee. >> i know who brian is. >> when we were looking out the rollout, he said -- this was him in an e-mail. to your question, how am i feeling about the launch, not good.

kind of heart broken. whatever launches, if functional, will only meet the criteria of launching the exchange. it will be riddled with confusing and hard to use compromises. but i don't know.dce i'm not seeing anything that's being delivered. kind of through the grapevine. there was not a real communication going on between cms and hhs during the whole healthcare.gov launch? test. tavenner. >> so, let me go a little bit further into this. brian sevoc has come and shared testimony with this committee. are you familiar with who he is,

at hhs? >> i know who brian is, yes. >> okay. let me read -- when we were looking at the rollout, to your question, this was him in an e-mail, so to your question, how am i feeling about the launch? not good. kind of heartbroken actually. whatever launch is, if functional, will only technically meet the criteria of launching the exchange. it will be riddled with confusing and hard-to-use i and the team did not think that was possible. >> and why did you not follow his advice? >> about the beta site? you say beta site, b i say delay. why did you not follow his advice? >> well, i didn't think it was possible the way the ffm was configured to do that, nor did i think it was necessary. >> okay. you shared your testimony,

earlier, you shared your res may what part of your resume included an i.t. background, that was his expertise. you sounded like you're a health care provider, not an i.t. expert. >> i'll a health care provider. i have become more of an i.t. expert the last year. >> this was in january, what expert outweigh his? >> taking the recommendations of our i.t. expert team, cms, as well as cms contractors who i felt were a lot closer to this issue than brian. >> okay. so, now we can look backwards and realize that the rollout was a disaster. so, what do you think of your i.t. expertise within cms today? was brian right? we should have delayed it? >> i don't know that brian was right. i know that -- >> was he closer to right than

your team? >> not necessarily. i know that we have come a long way in our launch and as i said earlier, we have 7.3 million people paying premiums -- >> i didn't ask how many had signed up. this is about security and he had a concern in january about security and yet, you ignored his advice. why would that have been? >> because i had my own i.t. team who conveyed to me that they were confident in the project. >> i yield back. i'm out of time. >> the other witnesses want to comment on the answer to the gentleman's question about a year ago was the site ready and should it have launched, in retrospect? >> well, i would just say that at the time of his launch that cms did accept increased risk, that -- from a security perspective. >> not having reviewed the data that the cmsi.t. team had, i wouldn't feel comfortabl