everything we can to defend the constitution and the laws of the united states. i have heard some unfortunate things on the other side. they said we have to do everything in our power to prevent obamacare. obamacare, get rid of it. our friends on the other side have forgotten that. i hope they will continue to forget it. we have a chance to see to it that the american people get health care as a matter of right, not financial privilege. it helps all of the american people. now, a slow website is better than the alternative. her health care is a privilege only for the few it doesn't seem

to matter. for everybody we have to address that question. we need to take care of all of our people. i look forward to seeing how the website can be fixed in this hearing today. i look forward to working with my republican colleagues and democratic colleagues to see that we do a constructive job of making this work i would remind all that when we are dealing with medicare part d, not something that originated on the side of the aisle, we work together to see to it that it worked. now is an accepted conclusion to a significant problem. that is improved by the affordable care act. i thank you for your courtesy. i hope we can work constructively on this matter. >> the gentleman from michigan's time has expired. >> i would like to introduce the

witnesses for today's hearing. our first witness is cheryl campbell, senior vp for cgi federal health in compliance program. she was appointed to this position in 2009. she is the driver of strategy and execution for the practice to serve the needs of providers, government, and public. andrew slavitt, the group executive vp for optum/qssi. he is responsible for business strategy, public policy, corporate investment, research and development, acquisition and corporate governance. he has served in other roles at unitedhealth group and was founder and ceo of health health allies. our third witness is lynn spellecy. she serves as the corporate

counsel for equifax workforce solutions. she advises the business on matters related to contracts products, and client relationships. she works with sales an internal contract staff and the broader legal department to manage workforce solutions and issues related to litigation. our last witnesses john lau, program director at serco, responsible for overseeing eligibility and enrollment support services. he specializes in implementation and management of large scale health and human services in the u.s., including chip and tanf. his experience is in design and management of multimillion dollar health care systems including california's and texas' systems.

i will now swear in the witnesses. the committee is taking testimonies under oath. the you have an objection to testifying under oath? the chair advises you that under the rules of the house and the rules of the committee, you are entitled to be advised by counsel. do you desire to be advised by counsel during your testimony today? seeing none, please rise and raise your right hand. i will swear you in.

do you swear that the testimony you are about to give is the truth, the whole truth, and nothing but the truth? thank you. you are now under oath. subject to the penalties set forth under u.s. code. you are now able to give a five minute summary of your written statement. ms. campbell? >> chairman upton, ranking member waxman, members of the committee, thank you very much for the opportunity to appear before you today. my name is cheryl campbell, and i am a senior vice president at cgi federal inc. i have responsibility for all of cgi federal's projects at the department of health and human services and several other federal agencies. i am here to reinforce cgi federal's ongoing commitment to the success of healthcare.gov. cgi federal is fully committed to its partnership with the with cms.

our priority is for american to have a positive experience. we dedicate the best experts to optimize our portion of the federal exchange. let me describe our role in the federal exchange. the exchange is comprised of six systems and involves 55 contractors, including cgi federal. 5 government agencies, 36 states, and more than 300 insurers, all coming together in healthcare.gov. cms awarded cgi federal its portion of the federal exchange, an application called the federally facilitated marketplace. specifically, the ffm provides functionality for eligibility and enrollment, plan management, and financial management. cms serves as the systems integrator, having ultimate response ability for performance of the exchange.

it is important to understand the complexity of cgi federal's work on the exchange. the ffm is a software application that combines a web portal, a transaction processor, and business analytics to help americans determine the eligibility for insurance, apply for subsidies, shop for health plans, and enroll in plans. the technology works in real- time with analytic systems developed by other contractors. large scale data repositories, and health plans for more than 300 insurers. the federal exchange, including the ffm, is not a standard consumer website. rather, it is a sophisticated technology platform that for the first time in history combines the processes of selecting and enrolling in insurance and determining eligibility for government subsidies all in one

place and in real-time. since september 30, 2011, cgi federal has worked diligently to develop the ffm by following a rigorous process. it passed eight reviews before going live on october 1. some consumers were able to enroll on october 1, we acknowledge that issues arising in the federal exchange made the enrollment process difficult for too many americans. consequently, cgi federal's focus shifted to solving consumer access and navigation problems on the exchange. the first set of issues on the exchange concerned another contractor's eidm function. this allows consumers to create secure accounts. consumers must pass through the

front door to enter the ffm application. the eidm created a bottleneck, preventing the majority of consumers from accessing the ffm. we have worked together to troubleshoot and solve this front door problem. as more consumers are gaining access and enrolling in qualified plans, the number of transactions caused performance problems such as slow response time and data issues. cgi will address these problems through fine tuning, optimization, and application improvements. over the past two weeks, the federal exchange has steadily improved. we continue to dedicate the resources necessary to shorten wait and transaction times, and improve data quality. we are confident in our ability to deliver successfully. the company i represent has

successfully delivered some of the most complex i.t. implementations for the u.s. government including federalreporting.gov. we have partnered with cms on programs like medicare.gov which has enabled more than 50 million beneficiaries to compare plans. we are recognized for our expertise and have cmmi level 5 credentials. as part as the fifth largest independent i.t. and business process company in the world, we leverage the expertise of a global workforce. i will end this testimony where i began, by reinforcing cgi federal's unwavering commitment to working collaboratively with cms to improve the consumer experience. >> thank you.

mr. slavitt? >> chairman upton, ranking member waxman, and members of the committee, good morning. my name is andy slavitt, and i am group executive vice president of optum, a business unit of unitedhealth group. optum owns qssi, one of the contractors working on the online healthcare marketplaces. i am here today to discuss our work on the data services hub a project that was the subject of much interest. the data services hub is a pipeline that transfers data routing queries and responses betwea different -- en a marketplace and data sources. specifically, a consumer interested in purchasing health

insurance goes to the web portal to fill out forms and select a plan. the consumer provides the marketplace with information such as citizenship, which must be verified. the data service hub directs queries to various sources, such as databases, that can verify that information and send it back to the marketplace. as a technology pipeline, the data services hub does not determine the accuracy of the information, nor is the store data. the data services hub has performed well since the marketplace has launched. on october 1, the data services hub processed more than 178,000 transactions and has processed millions more since. when bugs were identified, they

were promptly corrected. qssi also developed the eidm, a registration and access management will as part of the registration system. this tool helps the marketplace create user accounts and is being used successfully currently in at least two other cms applications. while the eidm is important, it is onlyone piece of the registration system. there are other functions such as user interface, confirmation e-mails, the links users click on, and the webpage users land on. all of these tools must work together seamlessly. after the launch, healthcare.gov

was inundated by many more consumers than expected. many parts were overwhelmed, including the eidm tool. one of the reasons for the high- volume in the registration system was the late decision requiring consumers to register for an account before they can browse for products. this may have driven higher simultaneous usage of the registration system. we worked around the clock to meet this unexpected demand, this has largely succeeded. by october 8, the eidm was processing those volumes at error rates close to zero. it continues to keep place with

demand. we are working with other vendors to plan for higher levels of activity. finally, qssi was one of several testers he used to test the functionality of the marketplace. in our testing role, we identified errors in code. we reported back the results to cms and the relevant contractor, who was responsible for making changes. the data services hub has performed well. after initial challenges, the eidm is keeping up with demand. we are committed to helping resolve any new challenges that may arise in any way we can. thank you for the opportunity to discuss choices i -- qssi's work. i am happy to answer questions. >> ms. spellecy?

>> good morning. my name is lynn spellecy and i serve as senior director and corporate counsel for equifax workforce solutions. i am the primary attorney responsible for day to day legal operations and i provide guidance. i appreciate the opportunity to provide an update related to the income verification services that equifax is providing cms to assist in benefit eligibility. the income verification tool is working as designed. we have not experienced any problems or interruptions in the processing of data to cms. we have received and responded

to verification requests from the federal and state market places. equifax workforce solutions tested our verification solutions before the start date to ensure that we could transmit data between our servers and federal hubs. we performed end to end and internal testing to guarantee we would be prepared for applicant volumes. now that the federal marketplace is open, we are monitoring the volumes from the hub to our services. equifax's role is limited. they receive a verification request only after an applicant gains access to the

healthcare.gov website, creates a username and a profile and enters an application. workforce solutions does not play a role in identity authentication. we are not involved in the eligibility decision process or downstream display and processing of benefit elections. the majority of the verification requests have come through the federally facilitated marketplace, we are also verifying income for several state based market places and state medicaid agencies. the continuing appropriations act for 2014 included new requirements for hhs to ensure that the federal and state marketplaces verify the individuals applying for coverage and seeking premium tax

credits are eligible for subsidies. equifax workforce solutions looks forward to sharing our expertise with cms and hhs as they develop guidance regarding verification for the federal and state exchanges. since the october 1, 2013 date equifax workforce solutions have exceeded their contract with cms to provide verification services for those seeking coverage under the affordable care act. the services we provide to state and federal agencies have prepared workforce solutions to serve cms in this new capacity.

we will continue to monitor our interface with cms data hubs and state agencies to ensure efficacy. thank you for the opportunity to testify. >> good morning, mr. chairman, congressman waxman. >> make sure your mic is set. >> good morning. my name is john lau. i represent serco. i am the program director for our cms contract in connection with the aca. thank you for the opportunity to appear and discuss serco's status and performance in this program. for the next several minutes, i would like to provide a review of serco's role in the program and the current status of our work. serco's contract is to provide eligibility support services in support of the paper application processing as well as error and

issue resolution on applications, regardless of the mode in which the consumer submitted them. it is important to clarify that we have no role in the development of the website, no role in the determination of eligibility, no role in health plan selection. i think there has been some confusion, i want to make sure that is clear. our primary role in the early days of the implementation is to enter paper applications into the eligibility system. as time goes on, our work will entail inconsistency resolution to clear previously submitted applications. this entails data verification and validation of the self tested data from applicants.

these are problems identified through the use of a data hub and then communicated to us. serco has successfully opened 2 of 4 processing centers in kentucky and arkansas. a third will be opened in missouri, and in four or five weeks in oklahoma. we have had no trouble recruiting competent staff and have received compliments from officials and community groups about the professionalism of our recurring efforts and ways we have trained our people. we have instilled a sense of pride in what they are doing our staff is highly motivated and represent an eager workforce. we have built upon our starting capacity with staff members and processing efficiency. the volume of paper documents

received has been increasing and is trending upward in a short period. this has given us the opportunity to make adjustments and improve our processes. to date, we have received about 18,000 documents, about half of those are consumer applications. we have succeeded in key entering about half of those. the remaining half were missing important data and cannot be entered directly until his problems are resolved. we expect to complete processing and entering those applications in the near future. our challenges have included coping with the performance of the portal, that is our means of entering data, just as it is for the consumer. with the relatively low volumes of application, it has not presented a challenge.

as i testified september 10, serco was ready to process on 10/1, and we are processing today. thank you. >> think each of you. we will move to questions, alternating between republicans and democrats. i want to say -- as we have seen the taxpayers spent about $.5 billion, constituents across the country expected a user-friendly system. whether it is like ordering a pizza, a rental car, is a standard that many were expecting to see. i think most at this point would say it is not ready for prime time. listening to your testimony, i have heard words like performing, you want a positive

experience, that is not what we have heard from folks at home. my first question is -- was it ever an option to delay going live on october 1? did any of you come forth to the administration and say this may not be ready on october 1, we might want a delay until we can get right? any hands up? no. prior to october 1, did you know that healthcare.gov was going to have crippling problems or did you not know about these problems and chose not to disclose them to the administration when you figured out that it was not working they way that it was designed to work? maybe i will get comments from each of you as it relates to those questions.

starting with ms. campbell. you all testified in september. either you did not know about these problems or you knew about them and chose not to disclose them, which one is it? >> from a cgi perspective, our portion of the application worked as designed. people have been able to enroll, not at the pace or the experience we would have liked. but the end to end testing with the responsibility of cms. our portion of the system is what we testified in terms of what was ready to go live. it was not our decision to go live. >> it was not your decision? >> it with cms' decision. >> did you ever recommend to cms that it was not ready? >> it was not our position to do so.

let me clarify -- cms had the ultimate decision for live or no go, not cgi. we were not in a position. we were there to support our client. it is not a position to tell our client to go live or not not go live. >> who at cms were you sharing those decisions with? >> i did not have a position to make that decision. >> who at cms made the decision to go live? >> is a body of individuals. >> mr. slavitt? >> we had a limited view of the entirety of the project, we were

confident in the ability of the data services hub, where we spent the bulk of our efforts. we were confident it would work on october 1, and it has. other than that, all of the concerns that we had, mostly related to testing and the inability to get as much testing as we would have liked, we expressed those concerns to cms throughout a project. >> so you shared that there were real difficulties? all the risks we saw and all the concerns were all shared with cms. >> what was the response when you share some of the pitfalls in terms of what was going on he act oh >> -- going on? >> my understanding was it was going on but i do not know further. >> today ever come back to you in terms of the shortcomings and what needed to be done?

any concerns raised by them? >> i never got a depiction from them. we did talk about the risks that we saw in past those long. >> our solution was ready to go on october 1, 2013. we successfully completed testing between workforce solutions and the cms eta hub -- cms data hub. we do not anticipate any sort of problem with our connection. we have not experience any. >> we too were ready to process on 10-1. our first awareness of difficulties with the hubble was 10-1.

>> you did not tested prior? >> no, sir. this website, i think it's important that we focus on the facts. my republican colleagues have been predicting that health care reform would be a disaster for three years now and every time they've been wrong. they said insurance rates would skyrocket. in fact, they're lower than predicted. they said health care costs would soar. in fact, they've grown at a record low rate. and seniors are saving billions on script drugs. so what would need to do it separate the facts for us to reach a determination here. some have said that fixing the website will take six months to

one year. others have said there are 5 million lines of code to rewrite. some of urged health and human services to pull down the entire system and start from scratch. ms. campbell, i hope you can help us but these dire predictions in perspective. does cgi expect it will take six months to one year to get the application and enrollment process working smoothly on healthcare.gov? >> we do not. we anticipate the system as we have seen is improving day over day, and that we anticipate that people will be able to enroll in the timeframe allotted that is necessary for them to have insurance for the january 1 timeframe. >> that means what date? don't they need to have it in by december 15? >> that is correct, sir. >>the system will continue to

improve. i know they spirit has been a difficult experience. the system is working. people are enrolling. people will be able to enroll at a faster pace. the experience will be improved as they go forward. people will be able to enroll by december 15 time printer it >> very good -- timeframe. >> very good. the cgi have to rewrite the code we have seen thus far? >> no, sir. i can tell you the 300 plus employees i have back in the office -- i think they would all walk out if i told them they had to rewrite that 90 lines of code. >> do you think it will be necessary to scrap the entire healthcare.gov system and start from scratch? >> i do not come as her. >> so you think -- i do not sir. >> so you think the website will be fixed for it americans want to get coverage for next year that it will be available to them. >> i do, sir. >> why are you so confident?

can you explain that these problems will be fixed in time. >> because as i said, we're seeing improvements day over day. we're continuing to run queries against our database. we're running -- reviewing system logs. we're fine tuning our servers. we are analyzing the codes for anomalies. every day we're finding challenges in the system and making those corrections. as you would with any system that will go live. when a system goes into production, these are the things you would typically find after production. maybe not to the level of detail that's happened in this experience, but when a system goes live, these are the things you continue to do, you continue to provide system builds and put performance tuning to the application to make sure it continues to improve time over time. >> thank you. mr. slavitt, your company has been deeply involved in troubleshooting and fixing the problems on healthcare.gov.

do you have any reason to believe that this launch will prevent americans were getting insurance for the coming year? >> congressman, i'm confident that the data services hub that q.s.s.i. developed and the eidm registration tool are working well today and will continue to work well. >> you had problems with your part early on but you fixed them? >> for the first seven days, correct. >> so problems kble fixed? >> we doubled the capacity of that registration tool within seven days. >> ms. campbell, did s.g.i. pass its systems test before it went live? >> yes, it did. >> you felt the system was ready to go on october 1, is that right? >> in a is correct. >> you -- neither you nor anyone else at the table thought or made a recommendation not to go forward on october 1 because you didn't think the system was ready, is that a correct statement? >> that's a correct statement. >> mr. slavitt.

>> i'd refer back to my earlier answer. we did not make recommendations. >> we did not make recommendations. >> we did not either. >> thank you. thank you, mr. chair. >> i recognize the vice chair of the full committee, mrs. blackburn from tennessee. >> thank you for your testimony. i'd like each of you to submit in writing for me how much you have been paid to date and then how much you're being paid on retainer or either to clear up and so if you'll submit that to us for the record, that would be wonderful. hipaa compliance, were you all trained in hipaa compliance prior to beginning your contract? i'll just go right down the line, ms. campbell. >> yes. >> mr. slavitt. >> yes. >> ms. spellecy. >> yes.

>> mr. lau. >> yes. >> did your companies meet as a group with h.h.s. before you started the process? anyone? did your companies meet together with h.h.s. to discuss the integration? mr. lau, go ahead. >> yes, the security people from c.m.s. and others have coordinated this. >> all right. let me ask each of you a question. how many people in each of your companies have physical access to the database servers storing the enrolling information? >> we have zero access to the database. >> zero. >> i believe the also zero for our qssi. >> we have no access to c.m.s.'s servers. >> ok. mr. lau. >> 2,000 people. >> 2,000 people have access to the database?

>> through the key entry of the applications. >> ok. you know, under hipaa regs, no one is supposed to have direct access to that database. ok. under the current technology infrastructure, how many separate servers or virtual servers in the cloud are being used to host and store data for healthcare.gov? and ms. campbell, mr. slavitt, i think that's primarily to you. >> i don't have the exact number. what i can tell you from a c.g.i. perspective we have anywhere between 80 to 100 servers. >> so you have 80 to 100 different servers that are holding information? >> that are passing information through our system. >> ok. mr. slavitt. >> mrs. blackburn, i don't have congresswoman blackburn, we don't have the answer to that question specifically as to how many servers we can follow that up.

we don't store any data however, any personal consumer data in any of our systems. >> ok. then, ms. campbell and ms. spellecy, let me ask you this. the application information, is that being stored separately from the patient database information? ms. campbell. >> could you repeat the question again? >> the applicant servers and the patient database servers, are you holding this information on your patients and on the database separately? are you holding those separately? >> we're not holding any information. >> you're not holding any. >> we are provided only with limited information. social security numbers, names and date of birth, which we use to match against our system. >> ok. mr. lau, you mentioned that you all are working through the paper entry and then the data entry from the paper

applications. >> that's correct, yes. >> so where are you physically storing the data that is collected and given to you? >> when the paper comes in, it's scanned and converted to electronic images and then the paper is destroyed once the image has been verified. electronic image is put into a database and kept only until the information is key entered and then it's put in archive and will be retained no more than 30 days. >> retain it no more than 30 days. ok. let me ask each of you. does your system keep detailed error logs that can be referenced with the difficulties that are surrounding healthcare.gov? ms. campbell, i'll begin with

you. >> yes, we do keep error logs. >> yes, we do keep error logs for our product tools. >> yes, we keep error logs. >> we keep track of successful or unsuccessful application. >> ok. do you want to submit these error logs to us? >> i will have to confer back with c.m.s. as to what documents we can and cannot provide. >> you know, it would be interesting to see those error logs because i think it would give us an idea of how many people are actually accessing this system and then the problems that you've had with scaleability on this. i think we'd like to see what is causing these systems to crash and where the security flaws may be in this also and with that i'm over time. i'll yield back. >> thank you. mr. dingell. >> we are having some questions

before us which are very important. i note the problems are not surprising given the fact there's been considerable obstruction to the program going forward. i received a letter from a constituent recently. she said i only make $12. i will buy my own health insurance through the market. i can barely afford it and will need to purchase it through an exchange. i will therefore be eligible for a subsidy making health care affordable at last. this is what the debate is all about. there are problems, but we have time to fix it. so let's work together and get this matter resolved so the people benefit and do not suffer. these questions are for cheryl campbell of c.g.i. federal. one, is -- these are yes or no if you please. is c.g.i. responsible for developing the software for the

facilitated marketplace, yes or no? >> yes, sir. >> did c.g.i. obtain this contract through a competitive bidding process? >> yes, sir. >> does c.g.i. have experience providing other information technology services to the federal government, yes or no? >> yes. >> did c.g.i. conduct testing of your software for the marketplace website prior to october 1 when the launching took place, yes or no? >> yes. >> was c.g.i. responsible for testing the function of the entirety of healthcare.gov? >> no. >> if not, who was? >> c.m.s. >> ok. do you believe it's unusual for such a large project to experience some problems after it launches, yes or no? >> no. >> despite the initial problems with the website, have consumers still been able to enroll in the health insurance plans, yes or no? >> yes.

>> do you believe that the progress has been made getting the website to run as intended since it launched three weeks ago, yes or no? >> yes. >> these questions are for mr. lau of serco. mr. lau, is serco responsible for handling paper applications for health insurance in the marketplace? >> yes, sir. >> with all the problems with the website, many people are turning to paper applications. does serco have the capability to handle larger amounts of paper applications than originally expected, yes or no? >> yes. >> the last question is for all witnesses and we'll start with ms. campbell. do you all commit to working with c.m.s., congress and all the stakeholders until the website is fixed and functioning as intended, yes or no? >> yes. >> yes.

>> yes. >> yes. >> i'd appreciate it very much if you would each submit for the record a summary of actions that you have taken to fix the website after the october 1 launch, could you please do that? >> yes. >> all right. i'd also ask that you submit also, for the record suggestions for there to be changes and improvements in the way the matter is being dealt with by the federal government and any changes that you might deem would be useful in seeing to it that the matter goes forward as it can and should. could you do that for me please? >> yes. >> ok. that question i hope you understand is to all of you. i want to thank you all. it's clear that we have plenty to do in the coming weeks, and i

hope and pray that we will be up to the task. i urge my colleagues on the committee, this is a time when we can work together on something good. maybe we didn't agree with the program or with the legislation, but we do now have a duty to see to it that it works for the benefit of the american people and that we achieve the benefits which we hope we can achieve. i would note this legislation originated under the hand and pen of my dear friend, bob dole, and john chafee and is therefore, i think, subject to the charge that it has some bipartisanship, even though little could be found during the process of it. i yield back the balance of my time with thanks. >> thank you. mr. barton. >> thank you, mr. chairman. i want to put slide number two back up.

unfortunately, that blue highlighted thing is hard to read, so i'm going to read it again. this is the part of the signup that is hidden. the applicant does not see this, but it is in the source code. and what that blue highlighted area that's been circled in red says is, you have no reasonable expectation of privacy regarding any communication or data transiting stored on this information system. now, ms. campbell, mr. slavitt you said you were hipaa compliant. how in the world can this be hipaa compliant when hipaa is designed to protect the patient's privacy, and this explicitly says in order to continue you have to accept this condition that you have no privacy -- no reasonable

expectation of privacy? >> sir, that would be the decision made by c.m.s. >> so you're not -- this is news to you? >> i -- >> you're the main prime contractor. you've never seen this before? >> sir, that's not the -- we are the prime -- one of the prime contractors, yes. >> have you seen this before? were you aware this was in the source code? >> this requirement is -- >> are you aware this was in the source code? >> yes. >> you are aware. do you think that's hipaa compliant? how can that be? you know it's not hipaa compliant. admit it. you're under oath. >> sir, that is c.m.s.'s decision -- >> you told mrs. blackburn that it was hipaa compliant. you know that's not hipaa compliant. you admit that you knew it was in there. it may be their decision to hide it, but you're the company.

not you personally, but your company is the company that put this together. we're telling every american, including all my friends on the democrat side, and they are huge privacy advocates. diane degette is co-chair of the privacy caucus with me. you're telling every american that you sign up with this or even attempt to, you have no reasonable expectation of privacy. that is a direct contradiction to hipaa and you know it. yes or no? >> once again, c.m.s. has us complied to a set of rules and regulations that they established under our contract. and that is a c.m.s. call. that is not a contractor call. >> to break the law? you're now saying that c.m.s. made a decision to break the law, do you agree with in a decision? >> sir, i cannot make a -- i cannot speculate on c.m.s. >> all right.

let me ask mr. slavitt. >> this is the first time i'm seeing and becoming familiar with that source code. >> so you were not aware of it? >> i was not aware of it. >> ok. let me go back to ms. campbell. she's at least admitted she knew about it. who made the decision to hide this or put it in the source code in the first place? >> i can't give you that answer. i don't know. >> who do you report to? >> i can go back to my -- >> was it some junior underling at c.m.s., was it the director of c.m.s.? i mean, who made -- who generically made decisions at the policy level that your company interfaced with, give me that person's name? >> there are many decisions made under this program over this last two, 2 1/2 years. >> so is this another example of where things just go into a cloud? all you are is a contractor that

spent $300 million, $400 million, so it goes to some cloud and then it comes back from down on high? who wrote that? >> i am not clear as to who wrote that. >> do you -- let me ask it this way. do you think that should be in the -- do you think that should be a requirement to sign up for obamacare? that you give up any reasonable expectation of privacy? >> sir, that is not my jurisdiction. >> you are a u.s. citizen. >> one way or another. >> well, i answer, i don't think it should be. i don't think it should be. let me ask -- my time's about to expire. let me ask one more question. ms. campbell, did you do any kind of pilot program on this before it was rolled out? >> no, there was no pilot program. >> ok. and you said that it was complicated and big, but it was meeting your expectation.

do you think it's right that 99% of the people that try to go through the system get rejected, can't even complete the application? is that a system that you're proud of? >> sir, this is the system that we are working every day to make improvements. >> well, in my -- if we have a system that almost no one can successfully navigate, that we have to go to the paper system of this gentleman's company down there, that is a system that's failed. with that, mr. chairman, i yield back. >> thank you. mr. pallone. >> thank you, mr. chairman. i started out in my opening statement saying there was no legitimacy to this hearing and the last line of the questioning certainly confirms is that. hipaa only applies when there's health information being

provided. that's not in play here today. no health information is required in the application process. and why is that? because pre-existing conditions don't matter. so once again, here we have my republican colleagues trying to scare everybody -- >> if the gentleman will yield? >> no, i will not yield to this monkey court or whatever -- >> this is not monkey court. >> do whatever you want. i am not yielding. i am trying to tell you that the problem here -- >> protecting american citizens -- >> no pre-existing condition. pre-existing conditions don't matter. hipaa doesn't apply. there is no health information in the process. you're asked about your address, your date of birth. you are not asked health information. so why are we going down this path? because you are trying to scare people so they don't apply and so therefore the legislation gets delayed or the affordable care act gets defunded or it's repealed. that's all it is, hoping people won't apply. well, the fact of the matter is there are millions of people out there, over 20 million that are going on this site and they are

going to apply and they are ultimately going to be able to enroll. in fact, many of them already have enrolled. i think my republican colleagues forget that a lot of people are enrolling through state exchanges rather than the federal exchange. if it wasn't for the fact that many republican governors, including my own from new jersey, had agreed to set up state exchanges, then we wouldn't be putting so much burden on the federal system. but i just want to give you some examples. in new york and washington, over 30,000 people have enrolled in coverage. in oregon, over 50,000 people have enrolled. in california, over 100,000 have started application. in kentucky, nearly 16,000 people have enrolled. so you know, in website, in federal website is not the only way that you apply. in fact, you can go to your community health center. you can go to the 1-800 number. you can go to -- there are many ways for people to enroll and all we talk about here is the website because you're trying to make a case that people should not enroll. now, i want to ask two questions. ms. campbell, am i correct that

c.g.i. is doing work in several states in addition to the work on healthcare.gov, and would you comment on that, please, in these states? >> that is correct. we are -- we are supporting a number of states. and we -- those states are -- we are a prime contractor in colorado. the prime contractor in hawaii. a prime contractor in massachusetts. a prime contractor in vermont. we are a subcontractor in california, a subcontractor in kentucky, and a subcontractor in new mexico. >> and you -- and that appears to be going well, obviously a lot of people have enrolled, as i said previously. i know that in -- when mr. waxman asked a question, you said you had confidence that whatever problems exist in the federal data system or website that they would be fixed by december 15, and you expect that millions of uninsured people and others who are trying to enroll would be able to by then so that

they could -- their insurance would be effective january 1 was that my understanding? >> that's correct. >> ok. and i wanted to ask mr. slavitt. the data hub that your company set up is working well to connect to the federal data when residents of those states apply. so what i'm trying -- what i'm asking, mr. slavitt, if i go through new york or california or some of the other states that have responsible governors that have set up these state exchange, unlike mine in new jersey, that if you do that or you go through, you know, the 1- 800 number or you go through you know, the other means that you can to apply in person, that they can access the hub, is that correct? >> that is correct. >> ok. i'm trying to tell my colleagues the success of all the state exchanges and, again, a lot of people are being able to enroll. i think the figures show when state governors work to expand medicaid and work to make sure

their own citizens get coverage they can make a big difference. and they also show these statistics how shortsighted it is of republican governors to refuse to expand the medicaid program in their states because that's another big factor to the a.c.a. that really isn't being discussed today. again, i never cease to be amazed how, you know, the g.o.p. uses tactics to try to scare people, and that's what's again happening here today. i was hoping this hearing wouldn't end up accomplishing that goal. and i would just ask, you know the public, please, you know try to find means to enroll. there are a lot of things other than the federal website, and don't be scared by my g.o.p. colleagues into thinking, you know, somehow you're going to lose your privacy. there's no health information provided as part of this exercise. thank you, gentlemen. >> mr. hall. >> mr. chairman, thank you.

this hearing's entitled ppaca implementation failures. didn't know or didn't disclose. i guess this hearing really is to set us in little bit of shape to deal with ms. sebelius. i think she's going to be here next week. president obama often attempts to paint republicans as being out of order, downright crazy in their criticism of the health care law. i want to talk about that a minute before i ask my question. i hear from my district and from americans across the country that the craziest part of the last few weeks is seeing the president's top health care official laughing on jon stewart while americans are having to deal with the consequences -- with the consequences with the president's flawed health care law. for example, i have a teacher there in my hometown where she has to face premiums that will consume a quarter of her monthly income or another constituent

who has tried to comply with the law but has not yet received information about their coverage as promised and claimed, "i am very concerned that my family will not be in compliant, will face i.r.s. fines." they are calling for a repeal of the individual mandate and most of them are calling for that. yet, another who has been advised that their current coverage will end december 31, 2013. so much for keeping what you have. and concern it this dysfunctional health care will expose me to uh-uh wanted liability that i won't get coverage through the website. now -- and how verbose is this? you know, the founding fathers in 1776 declared their independence. next year they wrote a constitution that was 4,500 words. this wording in here, the regulations not voted on by congress, contains a massively 11,588,000,000 words. i just don't know how anybody

could ever answer these things. i just want to ask you in an environment where people are worried whether or not they have a job and there's no jobs now and if we go on like we are going now there won't be employers a year from now, they now have to worry about navigating a flawed law where the chances of finding affordable coverage are often less than before the law's existence. so my question to each of you is -- c.m.s. has had three years and most of you had over a year to ensure this law could work. what do you want me to tell the americans who are terrified of really facing i.r.s. fines for not being able to access coverage they actually can't afford? i guess we start with you, ms. campbell. you chose not to use your opinion. are you in position to use some words that we can give hope that the american people that you are doing your job that you were hired out to do?

is there hope? >> so if i understand the question you're asking, is the system going to be there for them to sign up? >> i beg your pardon? >> what is the -- can you repeat the question? >> just give me something to tell these people that i related to you that are real people, honest people that have to live with what you all have created. you set up, you run the website for people to sign up or exchange. >> and we're continuing to -- >> you must know a whole not more to know what to tell these people. i'm asking these people to give some help along that line. if you can't express your opinions to the people you report to, you sure can't express them to me. >> i would tell your constituents that the system is improving day over day and that we are continuing to work to make improvements for them to be able to enroll.

>> did you really start with one in delaware? >> pardon me, sir. >> did you really start out with one in delaware? that is what the liberal press is reporting. >> i am not familiar. >> how about my time? how much more time do i have? >> 38 seconds. >> all right. i'll yield -- yeah. i'll hear from any of you. i'm asking for help. i want help. i have 700,000 people that i have to report to. and i think about 690,000 of them hate the obama law. my time's up. i yield back. >> the chair recognizes the gentlelady from california, ms. eshoo. >> thank you, mr. chairman. having listened to several colleagues already as well as the witnesses, i'm struck by two

things. first, that my colleagues on the other side of the aisle, if they're serious to pursue what i think is the much larger issue of federal procurement, how it takes place, how we end up with contractors that say essentially everything is all right when it isn't, that's going to take a bipartisan effort to really bring about a fix. but we have to keep in mind that these are the people that shut the entire federal government down, caused pain across the country, and extracted some $24 billion out of america's economy. and the american people were put through hell. that was all over shutting down or delaying or defunding the affordable care act.

so there isn't any love lost between the republicans and the law. and that's their position, and it's abundantly clear. but i think that what the other thing i'm struck with by today is in reading all of the submitted written testimony, when i read it last night, there wasn't anyone that wrote testimony and submitted it. let me put it this way. what you said was, and i read it more than once, that everything was a ok. no one acknowledged anything. now, we got problems with this website. there's no question about it. now, i represent silicon valley, and i find this very hard to follow. this is the 21st century. it's 2013. there are thousands of websites that handle concurrent volumes

far larger than what healthcare.gov was faced with. you keep speaking about unexpected volumes, ms. campbell. and that really sticks in my kragh, i have to tell you that. i tell you, there are thousands of websites that carry far more traffic. i think that's really kind of a lame excuse. amazon and ebay don't crash the week before christmas, and pro flowers don't crash on valentine's day. now, in the testing of this, between c.g.i. and qssi, can you describe exactly what kind of testing you did as the main

contractors for this? i mean, there is internal testing and then kind of external, you turn it around and you test it for the outside. are you saying you didn't test that the tests worked very well, both inside and out, or that you turned it all over to c.m.s.? anybody want to answer? i mean, what's happening? do you have an answer? >> are you asking me that question? >> i'm asking both of you and you're wasting my time with your silence. if you don't have an answer then say you don't. maybe we can take something in writing. but the beta testing and the inside testing i think is clearly the main contractors' job. and you're essentially saying that everything was all right. it's not all right. >> there was testing done throughout the process. c.m.s. did the end-to-end testing, but each component did their separate testing.

we had independent contractors testing our system as well. >> and what was the net result of that? what you just described? >> that the system was -- that our portion of the system that c.g.i. was responsible for, that our functionality worked. >> and it didn't, it didn't in the end result, correct? >> when it became part of an integrated end-to-end system. >> you knew it was going to be integrated. that wasn't a surprise. do you have something to say about the testing? >> so let me be clear about our role of testing. our work, the data services hub was tested, tested well and tested adequately. in addition, we played a role as one of independent contractors testing the code by other independent contractors. we tested every piece of code we received timely.

we returned a full report of any bugs we found to c.m.s. promptly and made everyone fully aware of all the potential risks and concerns that were made available to us. >> well, i'm now over my time but i think that what we'd like to hear from you is when you're going to fulfill your contracts to the taxpayers of the country so that we can go on and have people insured. taxpayers have paid you a lot of money, and you're essentially saying to us everything is all right when it's not. so i'll submit some questions in writing as well. and with that i'll yield back. >> thank you. mr. shimkus. >> thank you, mr. chairman. i have a lot of questions. i am going to try to go fast. mr. slavitt, i'll follow up and ask the comments. we would like the names of the personnel at c.m.s. who you provided the risks that you identified in your analysis of other contractors' code, can you do that? >> yeah. let me follow-up with you on that. >> that's fine, for the record.

and what i am going to ask my colleagues to do is ask for names. there are people there, and i'm going to venture to guess that the regular bureaucrats did their job, the political appointees manipulated the system to hide data they didn't want the public to know. and we're going to find out who that is, because that's the crux of this problem. i've got a letter from a constituent who basically says we have never been without health insurance. however, the affordable care act may force us into the position of going without it. this whole battle is about whether americans can have affordable health care. and this system is not helping in this debate. and i just want my friend, mr. pallone, my friend, ms. degette, i was ranking member when this bill got passed and signed into law. after it got signed into law, we

had 13 subcommittee hearings on things like smokeless tobacco, antibiotic resistant, health care pricing, national electronic schedule reporting system. each one of those i asked for a hearing on the health care law. and it's in the congressional record. statements like on april 28, 2010, we must hold hearings on the new health reform acts. may 6, 2010, we should also call secretary sebelius to testify. june 9, 2010, we need at that hearing on the new health care law. june 2, 2010, shouldn't the committee hold hearings and take immediate action? my friend, mr. waxman, always sends us letters. i want to do this. i want to do that. we sent countless letters to the democrat majority at the time asking for hearings on the recently passed health care law. guess what, no hearings.

so when speaker pelosi then said we have to pass a bill before we know what's in it, we're finding out. we're finding out a flawed tech system that's a mockery. now, let's talk about this. i accept the premise that you tested your individual section. but we are getting to the point of the integrated system. when was the integrated system tested? starting with ms. campbell down to the end of the table, when was the integrated system tested? >> during the last two weeks in september. >> and what was the result of that? >> i don't have the results you'd have to get that result from c.m.s. >> who would i have to go to to get that c.m.s.? who is your point of contact at c.m.s.? >> so there are a number of people. >> give me a name. >> henry chou. >> give me another name.

>> michelle snyder. >> you got another one? >> peter -- peter oh. >> ok. mr. slavitt. >> here's what we saw -- >> isn't that a beta test? wouldn't that put the different components together and see if the system worked? >> here's what we saw. we didn't see the full kind of integrated end-to-end system that you are talking about until the couple days leading up to the launch. >> shouldn't we have had that? >> ideally, yes. >> wouldn't any other system corporate entity rolling out something would test to see if it worked before going out in the field? >> yes. >> mr. slavitt, do you have any names? >> i don't have names. >> would you be happy to tell us? >> we'll follow up. >> so we tested. >> a beta testing, end-to-end, when did it happen?

>> the information only comes to us after the application is completed. so we were testing up to the time that the system went live. and as far as we were concerned, everything that came to us we were able to process. >> quickly. >> our systems are not integrated with the main system. our main interaction with it is key entry. >> and mr. slavitt, i'd like the names by tomorrow morning if you can do that. finally, i want to go to ms. campbell. the feature that was changed on the website, who told you to do that? >> could you repeat that, i didn't hear you? >> the see first plans. the website failed. the problem is people don't know what the cost of the plans are. you all made a change to say see plans first, just reported yesterday by i think cbs. who made that decision? >> i don't know. >> can you give us the names? >> we can get you a name. >> ok. who made the decision if you are younger than 50 you would be quoted a 25-year-old health policy? >> don't have an answer for you. >> can you give us a name?

>> i can try. i can go back to my team to see if they have a name. >> ok. who made the decision that if you're older than 50 you get quoted a 50-year-old policy? >> the same. i'd have to go back to my team. >> thank you, mr. chairman. i yield back. >> the gentleman's time has expired. the gentleman from new york, mr. engel. >> thank you, mr. chairman. you know, it amazes me how our republican colleagues are so concerned about the affordable care act since they tried to defund it, they tried to kill it, they shut down the government because of it. do you think there is politics here? perhaps me should work with us to help improve the affordable care act instead of playing gotcha politics here this morning and trying to scare people not to enroll in the affordable care act. there will be plenty of time to figure out who's responsible for the various problems facing the exchanges. what's more important to me is that americans would be able to access the numerous benefits found in the plans offered through the exchanges. so let me ask -- i know it's been answered before, but i want

to just get a specific answer. how soon will it take to correct these glitches so that people can have unfettered access to the website? i know things are improving, but how soon will it be, do you think, so that the average american can do healthcare.gov and get right in without any of the glitches, ms. campbell? >> what i can tell you is i have a team of people working around the clock trying to quickly get this resolved. as i said, there's improvement day over day. i cannot give you an exact date as to when it will be completely to satisfaction. >> how about a guess? >> i would prefer not doing that. i don't like to raise expectations. >> mr. slavitt. >> we don't happen to control

the pieces of the website that i believe you're referring to. we are committed to continuing to make taint the capabilities that we've -- maintain the capabilities we've built so far and help out when asked to do so. >> let me say this i hope it's as soon as possible. i think there are numerous benefits in the law and i want the american people to utilize this law. i'm proud it came out of this committee, and i'm proud we had many, many months of deliberation before we passed it. now, new york state, my home state, has also been experiencing some technical and capacity related issues since october 1, but i think in new york it's a good example of what's possible when the federal government has a willing and enthusiastic partner in a.c.a. implementation. as of october 23, 174,000 new yorkers have completed their application. new york continues to make improvements to its exchange website, including quadrupling the processing capacity. by the end of the week individuals should be able to look up coverage based on various providers and doctors. but i think that with my republican colleagues, given

their new found interest in seeing, i see people championing the medicaid system in their own states so their most vulnerable citizens can get access for coverage and stop calling for continued repeal votes. now, many were on in committee last time -- this was mentioned before, but i want to emphasize it. a major new health benefit was introduced and that was medicare part d. it's easy to forget now but when that program was introduced, there were significant problems. the website was bulky. headlines gave out bad information. when the program opened, pharmacists called it a nightmare, a disaster. and all kinds of things like that. so ms. campbell, am i correct that c.g.i. did some work for medicare part d in the early years of the program? >> that is correct. >> well, then you probably remember, like i do, that these problems were solved and soon enough medicare part d became a

popular and successful program and by the way, we improved that program by closing the part d drug doughnut hole in the affordable care act. so that's one important lesson to remember now, that even if a program gets off to a rocky start, it does not mean we need to jump to conclusions about its long-term success. and that's why i'm confident that even with the website problems, the affordable care act will be successful. there's another lesson to be learned from that experience. all the members of this committee, democrats and republicans, medicare part d worked together to fix the problem. democrats did not sit on the sideline and root for failure. we pitched in and helped. republican committee members, in particular, insisted we be patient with the part d glitches. and some of the members of this committee, and i can quote what they said at that time, the new benefit and its implementation are hardly perfect but i hope we can work together as we go through the implementation phase to find out what's wrong with the problem. and if we can make some changes, fix it.

let us do it on a bipartisan basis. it's too big of a program. it's too important to too many people not to do that. another member said "anytime something is new, there's going to be some glitches. it is of no value, as a matter of fact, it is a negative value and a questionable ethical value. i think if it people only spend their time criticizing the glitches that are in the program, as with any program that occurs, whether it is a public or private program, criticizing it, standing on the outside is not good." so let me just say that let's take that same approach we had with medicare part d, let's work together on both sides of the aisle to improve this program and not play got you politics. thank you, mr. chairman. >> mr. pitts. >> i thank the chairman. question to everyone. have any of you or your companies prepared memorandums or summaries explaining where the problems are with healthcare.gov?

ms. campbell. would you submit those for the record if you have? >> if we are allowed to do so, we have to get permission under our contract with c.m.s. >> but you have prepared summaries or memorandum? >> i wouldn't call them memorandum. i would say we probably have you know, just a normal course we provided information about what's happening on our system. >> we'd appreciate if you'd submit that to the committee. mr. slavitt. >> nothing holistic in a you're striking to my knowledge. >> ms. spellecy. >> we don't have any involvement with healthcare.gov so we do not. >> mr. lau. >> likewise. >> all right. to c.g.i. and qssi. "the washington post" reported this week, quote, "when the website went live october 1, it locked up shortly after midnight as about 2,000 users attempted to complete the first step." is this true? ms. campbell.

>> that is true. >> 2,000. >> i don't have the exact number. i just know that the system did have -- thank you for that follow-up. i don't have the exact number. what i can tell you is the system became overwhelmed. >> so only 2,000, not millions the administration has claimed. so if it crashed with only 2,000 users, is volume really the issue, as the administration claims? surely the website was designed to handle more than 2,000 users. ms. campbell. >> i was not -- c.g.i. is not responsible for it, as i call it, the front door. so i don't think i am in position. >> who is responsible for the front door? >> qssi had the eidm piece. >> mr. slavitt. >> so what i can tell you is that the eidm tool is in fact capable now of handling all the demands that are being placed on

it through the system. i would point out that the eidm tool is one part of a registration process that includes i think five vendors and multiple pieces of technology. so i can only speak to the eidm tool and their functioning. >> now, i listened to your testimony this morning. it sounded like you think everything is a-ok. it's not ok. we heard a variety of reasons as to the difficulties for why this site does not work. it includes the inability to brouse. required so many people to log in that the website was overwhelmed. poor coding, poor hardware. volume. ms. campbell, why doesn't healthcare.gov work properly? >> sir, if there was a silver bullet to answer that question

i would give it to you. it is not just a component of what c.g.i. is responsible for. it's the end-to-end aspect that is challenged. there's components across the entire system -- across the ecosystem that can have an impact on the -- >> mr. slavitt. >> we absolutely take accountability for those first days when our tool was part of the issue in terms of being able to handle all of the unexpected volume. and we absolutely will take accountability for helping in any way we can to help this project go forward. fortunately today, the data services hub and the eidm tool are performing well. >> now, you were here on september 10 when we conducted the hearing in the health subcommittee. i expressed my skepticism at the time, 40 days later, we've seen the exchange rollout, nothing short of disastrous. i'd like to ask again, c.g.i. and qssi, why were we told everything was ok a few weeks before?

one of the biggest i.t. disasters in government history. ms. campbell. >> once again, sir, the portion of the system that c.g.i. was responsible for is where we had -- >> were you not aware of the problems consumers would face before october 1? >> we were not part of the end- to-end visibility throughout the system to understand exactly what was impacted. >> mr. slavitt. >> as i remember correctly, at that hearing there was a lot of focus on whether or not the data services hub would be ready. i think we were informed to be prepared to answer to this committee around and to your subcommittee around those questions. we mentioned on that date that we thought the data services hub would be ready. it was indeed was ready. i don't think we had -- >> did you express any concerns about readiness to c.m.s.?

>> all of the concerns and risks we saw based on the testing that we did and didn't see that was unrelated to our work, our work, as a matter of fact, we felt was on track and we expressed that to them as well. >> ms. campbell, my time's up. would you submit those memorandum communications to us within 24 hours, please? >> once again, under our contract with c.m.s., if we have permission to do so -- they are not memorandums. i'm not even -- i have to go back and see what we do have for you. >> thank you, mr. chairman. i yield back. >> mr. green. >> thank you, mr. chairman. some of us have been on the committee a good while. i don't know if any of you had experience, because we also had problems in 2003 when we created the prescription drug program and this committee did that. with much fewer participants. so what we're seeing now is it sounds like we have a success, we just don't have a computer to deal with it. i support the affordable care

act. i know how dependable and affordable insurance coverage is to our families in our district. the stories i've heard from people are excited to sign up for the coverage remind me why this law is important. thousands of people in our district has been denied coverage in the past because of pre-existing conditions, are paid -- or pay for expensive coverage they couldn't rely on. that's why we need the affordable care act's new benefits and protection. that's why it's so frustrating that healthcare.gov has not worked the way we were promised. especially after hearing such optimistic testimony from these organizations in september. ms. campbell, i know you've been asked before but repetition helps us learn. were you, too, optimistic in your prediction before our committee on october 1? >> i don't believe so, sir. >> well, what happened then, because obviously you're optimistic but in the last, you know, 23 days it's been a problem?

>> you asked about september 10. september 10, we were quite optimistic that the -- that our portion of the system would work effectively when the system went live. >> well, again, it may have been too optimistic. mr. slavitt, mr. lau, and ms. spellecy, were you, too, optimistic in your earlier testimony before the committee? >> congressman, we believe we have been prudent and cautious all the way through this project. we did express confidence to the subcommittee on september 10 that the data services hub would be ready on october 1 and it was. >> no, sir, our portion of the system has worked as we testified it would on september 10. >> the paper processing capability has been up and running since october 1 as well. >> well, obviously there's a problem and it's not like an

ostrich, we can bury our head in the sand -- we have to deal with it. we need to fix this problem. if you don't accept there's a problem, it's hard to fix it. >> sir, we do accept there are challenges. there is no question, there are problems, and we are working together to solve those problems. >> well, mr. chairman, hopefully we'll follow up in another month or so, so we can see what's happening and so we can do our oversight like we're supposed to do. mr. slavitt, one problem that many people identified qssi's registration and access management to the website, the gateway of setting up an account, was this system overwhelmed by volume when healthcare.gov went live? >> so let me explain what happened and where things stand today with the registration tool. first of all, the registration tool utilizes leading commercial software. it's widely deployed and it works in other settings across the -- >> i only have a minute and 48 seconds left. can you tell me, was the system overwhelmed? >> the system -- the registration system was overwhelmed with concurrent

users. >> and have those problems been fixed? >> we have expanded the capacity greatly in the registration tool since then, yes. >> ok. are there any other problems in the data hub or the registration gateway managed by qssi that you're working to fix? >> i think problems come up, discreet problems come up routinely. our team has early warning systems. they addressed those problems and there's none that i am aware of outstanding. >> ms. campbell, c.g.i. is responsible for healthcare.gov website, now that the registration gateway has been fixed, we hope, are you encountering new problems? >> we are. we are looking at those problems and making those corrections as they come up. >> and can you give us a background on those problems? if you would, give it to us in writing. do you have a privacy agreement with h.h.s., i think we can take care of that if we have to, on making sure this committee gets

the information. do you expect to continue to make improvements and fix problems over the coming weeks? >> in a is our commitment, sir. >> well, as we know, we're all impatient. some of us on our side who believe in the affordable care act and didn't start from day one trying to repeal it want it to work and we want to make sure and i hope we have a majority support for if we need to do things to fix it that it will get done and so -- but i look forward to continuing to see -- i don't know if we need to put a parking space out front, mr. chair, but until we get this fixed we need to do that and i yield back my time. >> mr. walden. >> thank you very much, mr. chairman. i want to thank all the panelists for their testimony today. i was in small business for 22 years in the radio business. we do with software upgrade and changes. i am feeling a lot of those motions come back today because when we put a new system in, there would be multiple vendors,

and every one of them -- systems operated perfectly except when they came together. and then they would all pointed fingers at some yells. i am feeling a lot of that today. only as the person who represents three quarters of a million people and $500 million on the line, it is why we are here, to figure out what went wrong. why we are here to figure out what went wrong. i'd just like to know on this whole end to end thing. it sound like each of you has said that you designed your system and tested it to the specifications you were given by cms is that accurate? yes or no. miss campbell? >> that is correct. >> mr. slavitt? >> yes. >> our systems are not integrated. >> you get not quite as much student here today. i want to go then to the first two. if you designed it to c.m.s.'s

specifications and tested it and felt it was good to go, where did this break down? when would you have preferred that the end to end testing had been done by c.m.s.? miss campbell? >> see if i can get all those questions -- >> i'll make it simple. when should the end to end test have started? >> there's never enough testing for sure. >> when did it occur? >> the last two weeks in september. >> so you think that's an adequate time frame for a system that mammoth, 1/6 of the nation's economy and millions of people coming into it, did that give your company adequate time to make sure everything was integrated and work? >> it would have been better to have more time. >> how much more time would you have preferred? >> i don't have -- >> did you make any recommendations to cms about the

need for end to end testing that occurred sooner than the last two weeks before it went live? >>dy not. >> did anyone in your company. >> i have to go back. >> i'd like to know that. >> ideally integrated testing would have occurred well before that date. >> how far in advance? >> with enough time to correct the flaws -- i couldn't give you an exact date. >> do you do any work outside of c.m.s. where end to end test something required? >> yes. >> in those situations are they private or government? >> both. >> in those situations what's the standard protocol? what's the recommended industry standard for end to end test before rolling up a major website like this? >> months would be nice. >> miss campbell is that accurate for your company as well? >> that's correct. >> you were given two weeks and yet months would have been nice. is that what -- if you were to do a contract for a system like this, what would you ask for in terms of doing the end to end

test? >> we were given two weeks. that was c.m.s. who decided to conduct that test. >> you want your company come out of this looking good not spending your time with us as much as i'm sure you're enjoying it, but what should the industry standard called for -- have you ever undertaken -- bringing up a website, being part of something this big affecting this many people's lives? >> have you ever done one this big? >> of this complexity? >> correct. >> i -- this is by far, i think, the most complex in our country in a very long time. >> i think you're right. where should the end to end test have been done.

if you could have had -- if your company could have made that decision, what would you have made a recommendation for the complete integrated end to end testing to begin? when should that have started? >> it would have had -- we would have loved to have had months. >> months. that's the same -- i was hearing that from people on the outside that this all was coming together, i chair the subcommittee on communications and technology, as i would reach out and ask, how do you think this is going to work, this is exactly how outside people predicted it would turn out. here we are today. this isn't a partisan issue about health care. people expect this thing to work. i went through this in oregon with our d.m.v., department of motor vehicles spent, i think, it was $50 million or $60 million back in the late 1980's and finally scrapped the whole system because it was a failure. we said stop. i don't want this to be a failure. but i don't -- i want you-all to get it fixed. i'm very disturbed that c.m.s. did not give you the adequate time that would be an industry

standard to test this before every american said, ok, they tell me it's ready, i'm ready to go, because you came here and told us. and through us the american people. it was good to go. and it wasn't. >> ms. degette. >> thank you very much, mr. chairman. miss campbell, you testified before the house subcommittee on september 10, correct? >> that's correct. >> and at that committee you --

at that hearing you testified that c.g.i. federal was confident that it would deliver the functionality that c.m.s. directed qualified individuals to begin enrolling in coverage correct? >> that's correct. >> in your written testimony today, you also testified that c.g.m. and others developed this and it passed the eight required technical reviews before going live on october 1, correct? >> that is correct. >> either at that hearing on september 10 or until just now you have never testified that there was insufficient integrated testing to know whether the exchange was going to work, correct? >> there were -- >> i never saw any of your testimony that you ever said in those hearings that more testing was needed. and i was there. >> is your question whether i testified -- >> that's correct. did you ever tell this committee that more testing was needed to make sure it would work? >> i don't believe i actually -- >> thank you, mr. slavitt, you were our only witness who was not here on september 10 but mr. finkle from your organization was. and on september 10 mr. finkle testified, quote, our delivery milestones for data service hub completion of being met on time respect c.m.s. data service hub will be ready as planned by october 1, correct? >> i believe that's correct. >> in your written testimony

today, you echoed that if completed code for data services hub in june, you did the testing, there was an inpent security risk assessment completed on august 30, is that correct? >> correct. >> today in your testimony you said that you shared the problems that you identified with c.m.s. were those problems shared after september -- after the september 10 hearing, then? >> yes. >> ok. and i would request that you would supplement your testimony today by telling us the problems that you identified to c.m.s. will you please do that for us within 20 days? >> be happy to get back to you. >> thank you very much. did your organization do testing with a number of 200 people and that testing failed? that's what we have been seeing in the press accounts. >> i'm not familiar with all of the accounts from the press. what i think you're referring to

is the testing that occurred in the final days leading up to the october 1 launch. >> was that done with only 200 people? >> that was -- i know that was a test -- my understanding it was a test that failed. once the systems began to be finally put together for the first time. >> ok. but were there tests done with more people coming into it as well? >> yes. >> ok. now, there's one more thing i want to talk about in the time i have and that's this issue of privacy. because in my opening statement i said that i was really touched by the people on the other side of the aisle trying to work with us, but when i heard my friend and colleague, mr. barton's statement, i saw which fortunately i got a copy of since i couldn't see it, i realize that in fact a lot of people don't want the affordable care act to work and they are raising all of these specters, and this privacy issue is a specter because mr. barton's

questions -- sorry he's not still here because his questions came from an article in "the weekly standard" where there apparently is a line of code which says, it's not visible to the user. it's somehow in there. it says you have no reasonable expectation of privacy regarding any communication or data transitting or stored on this information system. so this is sort of some standard boilerplate, but mr. barton is assuming this violates hipaa but it would only violate hipaa if people were putting their personal medical information into the application. so i want to ask a couple of questions about that. as i understand it you don't need any medical information to enroll people other than the question do you smoke, is that correct, miss campbell? >> that is correct. >> is that correct, mr. slavitt? >> my understanding. >> is that correct ms. spellecy? >> we wouldn't have visibility into that. >> what about you, mr. lau? >> that is correct. >> people aren't putting

confidential medical information on to the internet so therefore they wouldn't be violating hipaa. i am disappointed that my friend would go down this road. i would ask unanimous consent to put that article in the record mr. chairman. >> without objection. >> i have one last question. when can these exchanges be ready and when can people get on them with reliability? miss campbell? >> soons possible, we are working as hard as we can. >> mr. slavitt? >> two of our systems are currently ready. we are doing everything we can to maintain and we'll do everything we can to assist. >> i want to say, mr. chairman my health care aide went on to the national extension in virginia last night, she was able to register, she was able to research plans. i hope this happens for all the rest of america. >> i just want -- went on my ipad and i was able to access choices of plans to my constituents in california. in the five, 10-nint period.

>> it the gentlelady's time has expired. mr. terry. >> thank you, mr. chairman. miss campbell, first two questions are more -- yes and no questions. did you or anyone from your company consult with or discuss today's testimony and your answers to potential questions with anyone from c.m.s. to prepare for this hearing ms. campbell. >> we talked to c.m.s. about our testimony. but not any details at all. >> who did you discuss that with? >> i don't recall. i didn't discuss it with anyone myself. i have to find out. >> your people -- there's always intermediaries. mr. slavitt. >> no.

>> miss spellecy. >> no. >> mr. lau. >> no. >> that's good. did your company begin from ms. campbell on to my right, did your company or any of your subsequent, use any people who worked outside of the united states to assist in your respective parts or your contract with c.m.s., otherwise known as outsourcing? >> no. we are very proud of the fact we created jobs all in the united states. >> all of them. >> all of them. >> ok. >> no. >> no. >> no, sir. >> very good. are you -- i'm concerned about the front door of the -- of this system, of this website. now, is this system able to track how many people are accessing what we call the front door? ms. campbell? >> we are not responsible for the front door.

>> it's very confusing because in your testimony on the 10th you did suggest, and somehow that piece of paper is missing right now, in your testimony that you provided that you said eligibility and enrollment will serve as the front door for consumers to fill out the online health insurance application as one of the responsibilities. i'm confused by that. >> i understand. we are the face of, if you think about a house, we are the outside structure, but the front door that you go into -- >> the siding that was put up? >> i don't know -- my dad did construction all his life. he had a small business construction. i kind of think in those terms. >> all of the accessing is mr. slavitt's world. >> ask the question again. >> mr. slavitt are you responsible for the front door? >> i think the front door is -- we supply a tool --

>> i have very little time. i'm not trying to be rude. what i'm trying to get to is which of you was responsible for the application that allows c.m.s. to know how many people are actually accessing this website? is that you, mr. slavitt? >> we have access to the data which shows how many people are coming through the registration tool. >> all right. under that data that's then compiled of how many people, can you break it down to say how many people from nebraska, since we don't have a state exchange like california does and have to go to the national, can you determine how many people from nebraska have tried to access? >> i don't know. >> do you know how many people have tried to access on any particular day? do you have that data, mr. slavitt? >> i don't. >> does your company? >> yes. >> are you allowed to share that

data with us? >> i will follow up right away. >> you are able to give us that data? >> we'll follow up and see if we can do that. >> has c.m.s. made any instructions to you regarding your ability to provide us the data of how many people have tried to access through the front door? >> no. not to me and not to my knowledge. >> all right. ms. campbell, do you have access to the information of how many people have tried to access -- >> we have access to that data as well. >> has c.m.s. instructed you not to give that information to us? >> we have under our c.m.s. contract, we have to have permission from c.m.s. first to provide that information. >> ok. has c.m.s. allowed you to provide that information yet? >> no. >> if i ask you, you will deny -- say that you can't answer that question. even though we are a panel of

members of congress. >> i would say based on our contract that we have with c.m.s. we would have to get permission. >> mr. slavitt, are you under the same contractual obligation with c.m.s.? >> i don't know. >> will you still provide us the information because you under oath and we asked for that information. >> if we can we will. >> that was a good not answer. >> the gentleman's time has expired. just remind colleagues that the order of questions is the order of seniority when the gavel falls on that side. with that we recognize mr. butterfield. >> thank you very much, mr. chairman. thank all of you for your testimony today. it's been very enlightening. i will associate myself with the comments made by my colleagues throughout this hearing. let me tell you i represent like mr. hall said a few minutes ago, 700,000 people down in north carolina.

more than 100,000 of those have no insurance whatsoever. they are eager to get enrolled and we've got to get this thing right. and soon. miss campbell, let me start with you. on monday, congressman darrell issa, the chairman of the house oversight committee, wrote a letter, which was publicly released, accusing the white house of injecting politics into decisions about the website. the reason i want to ask you about this is because chairman issa says that the source for his accusation is you and your company, c.g.i. according to chairman issa's press release, the white house made, quote, the political decision to mask the sticker shock of obamacare to the american people. he is talking about the decision by h.h.s. to disable the anonymous shopper function on

health care.gov website, but he suggests this decision was made, instead, by the white house for political reasons. chairman issa wrote this letter after receiving a briefing from c.g.i. last week. according to mr. issa's letter quote, c.g.i. officials told committee staff that c.m.s. officials and employees constantly mention the white house when discussing matters with c.g.i. although c.g.i. officials were not able to identify who within the administration made the decision to disable the anonymous shopping feature evidence is mounting, and this is mr. issa speaking, evidence is mounting that political consideration motivated the decision. i would like to ask you a few questions about this. first, did c.g.i. provide a briefing to mr. issa's staff last week? >> i was not there myself, but i believe that meeting did occur. >> the meeting did take place to the best of your knowledge. >> i think did it. but i'd have to confirm. i'm not close enough to the situation. >> do you know how many from your team participated in that meeting? >> i do not. >> you did not participate. >> i did not. >> who do you answer to within your organization?

>> the president of c.g.i. federal, donna ryan. >> do you know if mr. ryan participated in that discussion? >> i don't believe so but i don't know for sure. >> let me ask you this directly, are mr. issa's allegations correct? did the white house ever order your company for political reasons to mask the sticker shock of obamacare by disabling this anonymous shopper function? >> let me answer two things, one, i don't believe that members of c.g.i. actually made those statements direct in that manner. i think they may have been taken out of context, but i think i'd have to get back to you with confirmation of that. and to my knowledge, no, the white house has not given us direct instructions. >> i would like to get that information from you. it's a very serious allegation for the chairman of an oversight committee to make such a callous accusation. based on the meeting with your

company last week, mr. issa's letter wrote that, quote evidence is mounting that political considerations motivated this decision. do you have any evidence, you just alluded to it, do you have any evidence that political considerations motivated this decision? >> i'm not privy to anything of that sort. >> do you have any knowledge of any white house role in specific decisions relating to the website? >> not to my knowledge. >> are you aware of any political intervention by this white house relating to your work on healthcare.gov. >> i am not. thank you, you have been very dined. mr. chairman, we need to work together to make this program function efficiently and effectively. i urge my colleagues to work with us and let's work with these witnesses to get it right. thank you. i yield back. the speaker pro tempore: mr. rogers.

>> thank you for being here today. i have a series of quick questions i'd like to get to. miss campbell, how many change orders have you -- either formally or inenvelopely leading up to the launch, what function they wanted you to perform? >> we received approximately eight change orders. >> eight. when was the most recent? >> i believe as recent as august of this year. >> mr. slavitt? >> i don't know the answer to that, but i think it was a low number, if any. i don't know the answer. >> ok. are you both making changes now with code in order to fix any of the so-called glitches or nonperformance issues? ms. campbell, yes or no? >> that would be yes. >> mr. slavitt? >> we made modifications along the way. >> how many organizational boundaries between the piece of information traveling from the united states government to the web portal, how many boundaries, how many organizational boundaries, including the states and their access to information, does that piece of information cross? >> i'd have to get back to you

with that answer. >> an estimate? large number? >> when you say organizational boundaries are you talking about like homeland security, i.r.s.? >> veterans, you have states that have access to other -- cross other boundaries to get pieces of information. but a significant number? >> i'd have to get back. >> please get back for the record. >> mr. slavitt. >> all i'm familiar with comes from a trusted data source such as a government entity. passes through the data services hub to those who request the query. >> that concerns me a little bit, you don't know the answer to that. when you did a security verification by an independent contractor, i assume on august 30, ms. campbell, did you do the same? >> that's correct. >> was that an end-to-end system test that crossed every organizational boundary? or was that by the segment of which you controlled in the process? your segment of the contract? ms. campbell? >> i would have to go back and

find out exactly, but i believe it was from wherever our system touched other parts of secure systems within -- >> mr. slavitt? you don't know the answer to that. >> we had a complete test -- that meets the standards i believe misty. our systems as matter of source don't hold data. they transport the data through it. >> you're familiar with the various levels of cyberweaknesses in any system, right? a boundary being the weakest point. so when you say you don't hold information, that is a very low standard in order to protect information. i don't have to be where it's held to obtain t are you aware that have? >> correct. >> what are you doing for security on advanced persistent threats? how is that checked? who is your independent contractor? did you red team any of this in the last weeks before the launch of your system?

>> i'm not familiar. i can certainly check about whether there are any security concerns. none were brought to my attention or made available. i believe it was mitre corporation who provided the independent security risk assessment. >> who certifies your system is shall on a daily basis, is secure from external threat? cyberthreat? >> let me get back to you. >> c.m.s. or private contractor? who certifies you are doing this? >> let me get back to you. >> there is an ongoing security check into your particular system. >> i believe there is. >> you don't know. >> i want to get back to you on the details. >> i don't know the answer. >> ms. campbell do you know the answer? >> similar answer. mine was the independent security testing contractor -- mitre was the independent security testing contractor. >> who certifies it is secure -- >> c.m.s. >> c.m.s. secures their own system, certifies their own system is secure, is that correct? >> with the support of mitre is my understanding.

>> i understand that. but that's to your understanding. the information flows from these systems, it goes to the daa hub, you have designed systems to transport information, is that correct? that's what your design is. ms. campbell your infrastructure is designed to take a piece of information from the hub and get it to a -- an end user which would be whatever navigator is in front of that screen, is that correct? you built the infrastructure for that to happen? >> that's correct. a portion of it, yes. >> mr. slavitt, you wrote the code for that to happen. >> data hub, yes. >> in less than two weeks you are telling me you are constantly changing code, you are introducing new code, you can't quite tell me how that's secure, in any system i have ever seen, two months for a functionality test is not appropriate. let alone a security check on this information. i am more nervous today than i

was when i got here. i am shocked, shocked that on august 30 you get an independent check that says the system is fine and you have introduced new code to that system probably daily, probably in terms of hundreds of thousands of lines at least tens of thousands of lines of new code which creates new vulnerabilities in system, and you don't even know the answer. and number two you are not even sure if your piece is end-to-end ongoing security tested. i have to tell you, mr. chairman, this is a significant event. you don't have to like obamacare. you can hate it, love it, can't wait to get in it. you cannot expose this much information with this low threshold of security in a day when there is 1.5 million people ripped off every day in cybersecurity. where the folks who are systems administrators and people who sit in front of those portals, are they trained in spearfishing, one of the most basic helves of security level.

do you know, ms. campbell? >> i have to push back a little in terms of -- to give the impression that c.g.i. is putting willy-nilly code on a daily basis -- >> ma'am, you know better than that. i am not suggesting that. >> we are -- we have -- >> reclaiming my time. makes me more nervous. you don't have to have willy-nilly code. you can have the best code in the world. every cybersecurity expert understands that when you introduce new code it has other implications on a broader system. even beyond your borders. that's what we are worried -- we are not worried you are putting bad code in. we are worried you may be accidentally, as we no with the functionality of your system doesn't work, it would be only logical to conclude if the functionality of the system doesn't work when it all came together, you cannot compose security. >> the gentleman's time has expired. >> i need the answers to all

those questions by 9:00 a.m. tomorrow. >> the gentlelady from illinois, miss schakowsky. >> i want to clarify one key point. the c.g.i. system crash in a test with only a few hundred people in the days before october 1? >> there was an end-to-end test that occurred, and the system did crash with about that number. i don't have the exact number. but it was part of the end-to-end test. >> thank you. i wanted to emphasize that the website has to be fixed. but it is not, as the republicans contend, a fatal flaw, a contention that ignores millions of people who have already benefited and the tens of millions of people that will benefit from the new coverage, and the first three weeks there have been over 19 million unique visits to healthcare.gov and almost half a million applications have benefited nationwide. some people are getting through. susan, constituent of mine wrote, thank you. i was able to successfully access the website yesterday.

i'm pleased that the cost of my coverage will be dropping approximately $5,000 a year when compared to my current individual coverage. ironically the same provider blue cross blue shield. or david who said seven years ago i was diagnosed with melanoma. last year i spent $11,000 on health care. a.c.a. will save me $4,000 per year. i need this prafment -- program. i know this because if i had no health insurance i would be dead. every day since the passage of obamacare, the republicans have undertaken obstructionist efforts, including shutting down the government, that amount to congressional malpractice. i want to flash back to when the bush administration was implementing medicare part d, a law which many democrats opposed because of the doughnut hole which of course obamacare will close, secretary levitt said at the time -- first of all, on a launch, november 8, 2005, for

enrollment, january 1 the program enrolled, began actually signing people up. february 22nd secretary levitt said, quote, we are now at the 53rd day since the implementation of medicare prescription drug coverage. after reviewing the numbers and experiences to date, i can report that we are seeing solid progress. we continue to work aggressively to solve the problems that inevitably occur in transitions this size. that was medicare part d. despite the glitches in medicare part d, democrats worked with republicans to ensure that the law was a success and that all medicare beneficiaries had the information necessary to take advantage of medicare part d.