Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it's official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

California Implemented Security Controls Over the Web Site and Databases for Its Health Insurance Exchange but Could Improve Protection of Personally Identifiable Information

04-30-2015 | Audit (A-09-14-03005) | Complete Report

Related Content

See all Affordable Care Act Reviews

Covered California, California's health insurance exchange, implemented security controls over the Web site and databases for its health insurance exchange, but improvements are needed to fully comply with Federal requirements and to increase protection of personally identifiable information (PII).

We reviewed Covered California's information security controls in place as of June 2014. We found that Covered California had implemented security controls, including policies and procedures, to protect PII on its Web site and databases but had not performed a vulnerability scan in accordance with Federal requirements. Also, Covered California's security plan did not meet some of CMS's minimum requirements for protection of marketplace systems, and Covered California did not have secure settings for some user accounts.

We recommended that Covered California implement our detailed recommendations to address the specific findings we identified.

Filed under: Centers for Medicare and Medicaid Services