As a fundamental principle in software system security, it is considered wrong to expose anything about protected data in a system in the error messages that are returned to those who are not authorized to access that data.
For example, if one enters an incorrect username and/or password, you do not tell them whether the username or password is incorrect. Confirming that a username exists is useful information to someone who is trying to gain unauthorized access: it allows them to narrow their attack to a known username and/or combine the username with other info to aid in guessing or otherwise gaining access to the password. Such information is useful in social engineering.
GIVEN that not disclosing information to the unauthorized in error messages is a practice that is expected of any competent web application developer
AND that Healthcare.gov is a system many are required by law to use
AND that Healthcare.gov contains private information,
THEN let's take a look at what we get from Healthcare.gov :
PS: Given a real constraint on unique user names obfuscating the fact that a username exists may not be easy. However, one could at least present a more ambiguous error message along the lines of "That username is invalid. Please try another." Or, let the system generate the usernames in a way that no conflicts are created. (See comment below.)