RENEE MONTAGNE, HOST:
And now you can add security to the long list of problems plaguing HealthCare.gov - the enrollment site for the new health insurance exchanges.
As NPR's Elise Hu reports.
ELISE HU, BYLINE: How safe is the data you enter on HealthCare.gov? That's a question on the minds of some lawmakers, like Michigan Republican Mike Rogers.
REPRESENTATIVE MIKE ROGERS: Has each piece of that code that's been introduced into the system been security tested?
HU: The memo leaked to the AP and The Washington Post shows an audit raised an unspecified high-risk security concern before the health care marketplace opened. But officials signed off on a temporary certificate to operate anyway. Rogers criticized Health and Human Services Secretary Kathleen Sebelius for that decision during a Wednesday hearing.
ROGERS: You accepted a risk of every user of this computer that put their personal financial information at risk.
HU: The personal information going into HealthCare.gov include birthdate, Social Security number, and an estimated income range. Sebelius says her team was OK with the temporary go-ahead because additional security controls were in place.
Waylon Krush is the head of Lunar Line, a cybersecurity firm that does work with dozens of federal government agencies.
WAYLON KRUSH: They get to make those decisions and those tradeoffs.
HU: He says HHS - which administers Medicare and Medicaid - actually has a lot of experience with data security.
KRUSH: They process, store, manage, review a lot more sensitive data than what, you know, your general citizen is going to put on HealthCare.gov, so I would say, from a risk perspective, it's pretty low, actually,
HU: But the agency's technological credibility is dwindling as programmers rush to fix ongoing issues with the error-riddled system. Now, programmers have to make sure they don't introduce new security risks with each patch. Again, Sebelius.
SECRETARY KATHLEEN SEBELIUS: I know they're doing simultaneous testing as new code is loaded.
HU: Krush says this attention on security presents a good reminder for all of us.
KRUSH: Everyone should always ask those questions whether it's commercial or government, how are you protecting my data?
HU: An important question, as more and more pieces of our lives exist online.
Elise Hu, NPR News, Washington.