The glitches of the Health Insurance Marketplace website shine a spotlight on the need for solution providers to ensure customer rollouts are fully baked and customer information is secure.
Where is a good VAR when you need one?
So I am watching the Congressional hearings on the glitches, kinks, ghosts in the machine or whatever you want to call it related to the pitiful online rollout of the Affordable Care Act (a.k.a., Obamacare). I am watching representatives grill the IT contractors regarding when they knew the website was not ready to be rolled out, who they told, and why they didn’t test it further, and I couldn’t help but wonder what would a true solution provider would have done.
This blog is not going to get into the pros or cons of the new healthcare law or talk about the political posturing on both sides of the aisle. Rather, I am using this as an opportunity to shine a spotlight on the importance of not only delivering what you are contracted to build, but also doing it in a secure manner.
A true solution provider would never turn over the keys to the kingdom without exhaustive testing that said keys would actually work. They don’t have that luxury. Their reputation and customer’s business is on the line.
But possibly even more important, with any technology deployment, information cannot be compromised. Ever. Information is money. Information is power. Information is dangerous. Information needs to be protected. No one knows this more than the solution provider community.
Solution providers know that one security breach at the customer level could lead to the end of that contract, ruin their reputation and jeopardize their business going forward. That’s why with every project—whether it be hosted services, data center virtualization, cloud migration, storage and backup, whatever—data security needs to be Job One.
So even more troubling than the government healthcare website not working, causing frustrations for potentially hundreds of thousands of interested parties, is that whatever information was actually entered could be at risk.
During the hearing, Rep. Joe Barton (R-Texas) pointed to specific wording in the website’s source code which states, “You have no reasonable expectation of privacy regarding any communication or data transiting or stored on this information system.” Wow. Really?
There was an argument that followed regarding whether the information entered actually falls under HIPPA compliance, which protects patient privacy. However, that is not really the point.
The point is that personal information such as name, address, birthdate and Social Security number in the wrong hands is dangerous. Identity theft is one of the fastest-growing crimes worldwide, costing billions of dollars a year. All personal information needs to be protected, not just medical records.
The IT contractors on Capitol Hill were passing the blame, saying it was the government’s responsibility to fully test the system before going live. They put the IT industry to shame. I don’t know any solution provider that would not take accountability. Solution providers should use this as an opportunity to reassure their customers that they stand behind their services and data security is their priority.
Where is a good VAR when you need one? Look around, they're everywhere.
Knock 'em alive!