The Centers for Medicare and Medicaid Services (CMS) released details of the latest contract with Terremark Federal Group covering "open market items" required for the ongoing operation of Healthcare.gov. The documents include an itemized list of computing and network services, fees, licenses and computing capacity. The total comes to $19,755.465.98 and covers four months:
The expenditures appear to relate to the increased capacity that CMS has said was being added in anticipation of increased interest in obtaining Marketplace insurance as the March 31 deadline nears. The government had previously announced that Terremark, a subsidiary of Verizon, was being replaced by Hewlett-Packard. However, since the switch-over was scheduled for the end of March just as open enrollment is ending, CMS awarded Terremark a $58,000,000, seven-month extension back in January.
The two contracts mentioned above are just the latest in a string of contracts awards, solicitations, and sources-sought notices by CMS since Health and Human Services (HHS) Secretary Kathleen Sebelius announced the creation of a new Chief Risk Officer (CRO) position at CMS on December 11, 2013. Sebelius described the new CRO's initial task as follows:
The Chief Risk Officer’s first assignment will be to review risk management practices when it comes to IT [information technology] acquisition and contracting, starting with identifying the risk factors that impeded the successful launch of the HealthCare.gov website. I will ask this individual to report back to me in 60 days with recommendations for strategies to mitigate risks in future large-scale, CMS contracting and IT acquisition projects.
Three and a half months have passed since Sebelius instructed CMS Administrator Marilyn Tavenner to create the position, but both HHS and CMS have been silent about it during that time. No announcements or press releases have discussed the position, and as we first reported back on February 7, the organizational chart for CMS lists no Chief Risk Officer. Nevertheless, CMS has continued to contract for tens of millions of dollars in IT goods and services, the very expenditures for which the new CRO was to submit "recommendations for strategies to mitigate risks" within 60 days of being appointed.
Numerous emails to HHS and CMS inquiring about the position have gone unanswered.