Secretary of State John Kerry shakes the hands of Peace Corps volunteers in Guatemala. (State Department photo/Glen Johnson)

The federal government should be able to get the health insurance exchange data hub running by Oct. 1, but it might not have time to test it very well, according to one watchdog agency.

One huge hurdle will be connecting so many different federal and state agencies, including state health departments, the Centers for Medicare & Medicaid Services and the Internal Revenue Service.

The hub also will have spokes reaching out to agencies with less obvious health insurance relationships, such as the U.S. Office of Personnel Management, the Department of Homeland Security and the Peace Corps.

Gloria Jarmon, deputy inspector general for audit services at the U.S. Department of Health and Human Services Office of Inspector General, summarized the findings in a memo.

CMS is developing the hub to let exchange program players share information, to help determine whether applicants are eligible to use the exchanges, or for other health programs or subsidies, such as Medicare, Medicaid, the Children’s Health Insurance Program.

Getinsured.com and eHealth Inc. said they have negotiated agreements to get access to some hub data through “Web broker entity” agreements.

CMS already has negotiated the “service level agreements” needed to define responsibilities and guarantees with the IRS and the Department of Homeland Security, and it is expecting to sign an SLA with the Social Security Administration by Sept. 27, Jarmon wrote in the summary memo.

CMS hub builders hope to sign SLAs with the Veterans’ Health Administration, Defense Department and Peace Corps. by Sept. 20, Jarmon said.

“CMS is working with very tight deadlines to ensure that security measures for the hub are assessed, tested, and implemented by the expected initial open enrollment date of October 1, 2013,” Jarmon said. “If there are additional delays in completing the security assessment and testing, the CMS [chief information officer] may have limited information on the security risks and controls when granting the security authorization of the Hub.” 

See also: