A look back at technical issues with

Five years ago Congress passed the Patient Protection and Affordable Care Act into law. An estimated 12 million people have enrolled in the exchanges created by the law. Despite these recent successes there is little doubt that the launch of was marred with many serious failures. A recent report from the Government Accountability Office (GAO) provided some insights into the factors contributing to the launch issues and steps that are necessary to prevent future problems.

CMS lacked management

Prior to the launch of, the Centers for Medicare and Medicaid Services (CMS) eschewed four management practices recommended by the Software Engineering Institute and the GAO: scheduling, estimating the effort needed for project tasks, data management monitoring practices, and milestone project reviews. The initial CMS master schedule did not include many development activities or a design timeline. Even though the CMS Requirements Management Plan dictates that planning documents should estimate the effort needed to complete a project, it was missing from two major components of the project. Similarly, a guideline for managing project data was developed but not followed by CMS and its contractors when storing key development documents. Project progress and milestone reviews were incomplete.

More importantly, many of these issues remain today. After the failed launch CMS re-evaluated their development schedule, but the new plan still has key flaws. Project component deadlines weren’t properly aligned. In some cases the plan called for certain activities to be completed months before it was necessary. New policies and practices were developed to fix some of these problems but many of them were either not implemented or not officially documented.

HHS had a limited oversight role

The Health and Human Services (HHS) Secretary had appointed a Chief Information Officer (CIO) to manage information technology projects. The HHS CIO was supposed to work with an IT Investment Review Board to review, validate, and approve selected IT investments. In an August 2011 memorandum, OMB stressed that the CIO should assume responsibility for all IT projects.

However, the CIO claimed to have limited oversight role during the development of, arguing that the concerns about the project were not raised during the monthly meetings with senior leadership from each operating division. Moreover, the Investment Review Board hadn’t been active for years and the department was too large to manage effectively. HHS expanded its oversight role after the initial failure, but the CIO reiterated claims about lacking the authority to manage at the operating division level. In addition the review board is still not active.

OMB review

OMB is responsible for analyzing, tracing, and evaluating the risk of major capital investments. Similarly to HHS, OMB did not take an active role in overseeing the development of Prior to the launch, OMB only coordinated with CMS and other agencies, clarified policies, and oversaw the budget. In 2009 OMB launched the Federal IT Dashboard to evaluate major IT investments. Later OMB started to conduct TechStat sessions to intervene on low performance IT investments. Despite a designation on the IT Dashboard as a high-risk project, the initiative was not selected by OMB to be reviewed through TechStat. Officials in OMB claimed that it was HHS’s responsibility to select the project for TechStat for the more rigorous intervention.

OMB established U.S. Digital Service in August 2014 partially as a response to the initial failure. The U.S. Digital Service will improve and simplify the online interaction between individuals or private firms and federal government. Currently the service is working closely with the CMS system team to further support  

Many oversight problems contributed to the initial failure of Surprisingly the GAO report calls attention to several management issues that caused that disastrous launch. Unless CMS, HHS, and OMB address those weaknesses and fully implement best practices future federal IT projects may suffer a similar fate.

Yikun Chi contributed to this post