WASHINGTON -- The battle over the government's problem-plagued health care website escalated Wednesday, as Republicans attacked the Obama administration over an array of emerging issues involving the health law, including potential security vulnerabilities on the site and complaints from Americans facing cancellations of existing policies.
At a congressional hearing, Health and Human Services Secretary Kathleen Sebelius apologized for the flaws of HealthCare.gov, which was not functioning for most of the day. Conceding that navigating the health portal has been "a miserably frustrating experience for way too many Americans," she told lawmakers: "Hold me accountable for the debacle. I'm responsible."
President Barack Obama, meanwhile, acknowledged for the first time that some Americans will have to switch health plans under the law. But he said these people now have "cut-rate plans" from "bad-apple insurers" -- a situation the health care law was designed to change. He urged consumers to "shop around" to "get a better deal" under the law.
The cancellations have become a big issue for Republicans, in part because Mr. Obama had repeatedly said people would be able to keep their plans if they liked them.
Mr. Obama delivered his remarks Wednesday at Boston's historic Faneuil Hall, where his 2012 Republican presidential opponent, Mitt Romney, years ago signed the state law that became a model for the federal health care overhaul.
During the House Energy and Commerce Committee hearing, which featured Ms. Sebelius as the sole witness, critical Republicans seized on evidence that the administration knew that HealthCare.gov had security flaws days before it went live. Rep. Mike Rogers, R-Mich., quoted a Sept. 27 memo to Medicare administrator Marilyn Tavenner from her staff that warned of "inherent security risks" stemming from inadequate testing.
"You accepted a risk on behalf of every user ... that put their personal financial information at risk because you did not even have the most basic end-to-end test on security of this system," Mr. Rogers said.
Ms. Sebelius acknowledged that HealthCare.gov launched with at least one security weakness that would allow hackers to obtain personal information entered into the site. But no breach occurred, she said, and the problem has since been corrected.
At a briefing later in the day, Julie Bataille, spokeswoman for the Centers for Medicare and Medicaid, the agency within HHS that has charge of HealthCare.gov, said the site was still undergoing security testing. But she said consumer information is safe. Separate security testing for the website's federal data hub, which helps determine eligibility for financial aid by verifying data with many federal agencies, has been completed, and the hub has a permanent security certification, Ms. Bataille said. She could not immediately answer why one part of the system had completed security testing and another part had not.
Ms. Sebelius, in her testimony, also addressed what she said was a key flaw in the health law technology: transmissions of inaccurate or incomplete enrollment data to health plans. Without accurate information, insurers will not know who has signed up for coverage, and who should be billed.
"The system isn't functioning, so we're not getting that reliable data," she said when pressed to provide enrollment numbers. "We have prioritized that specific fix."
Legislators also seized on the wave of cancellation notices that have begun arriving in hundreds of thousands of mailboxes across the nation.