With the importance of protecting our healthcare information and the HIPAA law that mandates the data’s protection, recent attempts at implementing the Affordable Care Act, using the “healthcare.gov” website have failed on many levels. Shengru Tu, Professor of Computer Science at the University of New Orleans, stated in the article “Problems with Affordable Care Act website not unusual for government” posted 10/22/13 by Bruce Alpert of The Times-Picayune on Nola.com, that he “believes the ‘back-end software’ for healthcare.org did not go through adequate stress tests.” This creates a situation whereby the website fails on two different fronts (1-SDLC and 2-HIPPAA). Is one failure more severe than the other? Does the HIPAA failure bring more light to type of failure that occurs every day? As consumers, should we accept the SDLC failure simply as part of life or should we be making a bigger issue of it?
One failure is more severe than the other. The HIPAA violation is the most prominent, as it violates the users expectation of privacy. Not to diminish the betrayal that is the SDLC violation, but that is infrastructure, and while in a perfect world, you would expect the machinations of government to work as intended, a healthcare website violating the privacy of it’s patients is akin to a voting machine casting the wrong vote, or a traffic system causing accidents. The HIPAA failure is a glaring example of the shortcomings in government software development, and should really bring to the forefront the importance of appropriate software engineering. However, I am not convinced that that importance has come to appropriate light. As consumers, we should not accept any SDLC failure from the very organization that controls our safety, security, and taxes. We should make a much bigger issue of this violation of trust and privacy, as we would if our local DMV donated citizen’s phone numbers, addresses, and social security numbers to the public Library.