Whether you support the Affordable Care Act (ACA) or not, one thing is clear - whoever designed and implemented the healthcare.org site must not be a big fan. In this day and age it is hard to believe the government could not build a scalable, elastic website that is in essence just one big form. But my "adventure" in trying to enroll has been an unmitigated disaster. I only hope that the health coverage they offer was not designed by the same folks who designed this website.
Like many of you probably have, I tried to log into the site and see if this controversial program could help my family and me with an affordable health insurance solution. I logged in after midnight on Monday night. I guess I wasn't the only one trying that maneuver, as it said the site was busy and I could not log in. I chalked it up to trying to be early and figured I would just wait until the morning.
Tuesday morning I tried to log in and this time I received a different screen but the same message - the site was getting slammed and I could not log in. I am a somewhat patient man, though, and figured if Apple's servers can get slammed on account of iOS 7, there is no reason to blame the government for the first day of eligibility slamming their servers.
I assumed they must be housing this in some sort of Fed Cloud and they obviously had some elasticity that would soon kick in to handle the load. Give it some time, I told myself. That evening, around 10 p.m. I was finally able to log in and create an account. It wasn't easy. I had to keep reloading, but I had an account. I was sent an email to verify my email address. I knew I was in trouble when I clicked on the verification and received a page that said I had waited too long to verify my address. It couldn't have been more than a minute after I received the email!
Now I had to go back to go and start over again. After an hour or two, I was never able to get back to that account creation page again and gave up for the night. The next morning I logged in and went to create an account again. Bingo, it went right through! At the end, though, I received a message that an account with that user name already existed. Wow, did someone pick my unique username combination of letters and numbers? That is weird.
Just for giggles I tried to log in with my username and password that was not verified last night. Of course it worked! I guess my email verification worked after all. OK, next I had to fill out an application. I was filling out for my family and I needed the kids' Social Security numbers. That meant I had to wait until I got home. So after dinner and a little TV I sat down to fill out my application. I logged into the site (it was working now) with my username and password and got busy.
Since I already know I don't qualify for tax credit or subsidy, my forms on the site were really easy. Just name, address, date of birth, social security and relationship of my dependents. I flew through that pretty quickly. At the conclusion, I clicked save and continue. Now they told me I had to verify my identity. Clicking through to identity verification they asked me a series of true/false questions about places, people and things from my background. Typical kinds of questions pulled from public data sources. The odd thing was when I was done they said I failed identity verification. I had to go back to go ;-( I repeated this series of steps a few times. Finally, I received a message that I had exceeded the allowed number of attempts to verify. I could either call the 800 number or upload an identity verification document to be reviewed.
Since I dreaded calling the 800 number, I scanned my driver's license and attempted an upload. That failed. Tried again, failed again. No choice but to call the 800 number. I called and was connected to Experian Identity Verification service. Unfortunately, the office was closed and I was told to call back tomorrow. Par for the course.
I woke up the next day and called the 800 number. In no time, I was speaking to a real live person and told her my story. She checked and said she was not sure why I was calling, but they showed my identity as already verified. Hm, OK.
Now I had filled out the application, was assured my identity was verified, can't wait to see what the insurance premiums are and what I get. Right? Wrong. I log in and show my application is in process but incomplete. I then go in and refill the application. Click save and continue, uh oh, an error message. I rinse and repeat this steps oh, about 12 or 18 times, and got same result. One day into the next, it was the same thing.
Finally, I call the general 800 number today and was surprised how quickly a live person answered. I tell them my problem and the person says to hold on, she will change my password for me. I say hold on, my password is fine. It is just not saving my application. Very sorry, I am told, we have had some problems with the website. Well thank you, Captain Obvious! I explain again in as simple a way as I can what the issue is. She said now she understands and would love to help me, but her computer systems are down and they can't connect to the web servers either. Would I mind waiting a few days and just start the whole thing over? Are you kidding me? But what choice do I have?
My issue is this site had to have been in progress for well over a year. The information they are collecting is simply some forms. Budget wasn't the issue. In this day and age you couldn't build a scalable web form collector? Really? It boggles my mind.
The only thing I can think of is this must be deliberate sabotage. The website must be built and hosted by someone or some organization dedicated to overturning Obamacare. What else could explain this? What kind of confidence level can I have of you providing my health insurance if you can't even build a simple form collection website?
You would think with the spotlight on, a government shutdown in progress and everything else, they would get the technology down flawlessly. Shoot, if we were going to the moon with this kind of technology performance poor Neil Armstrong would have never taken any small steps.
The bottom line is we should all expect better from our politicians, from our government, our healthcare providers and, most of all, from the people designing these websites!
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.