According to a report by the Treasury Inspector General for Tax Administration (TIGTA), the IRS needs to make improvements to strengthen security and to test controls for the Affordable Care Act Information Returns Project. The IRS is required to calculate and collect annual fees based on reports provided by health insurance providers and pharmaceutical manufacturers and importers. The IRS conducted security activities to identify weaknesses, and it conducted testing activities to validate that its systems would function as designed prior to being placed in production; however, TIGTA made some recommendations based on its evaluations of IRS’s key management controls and processes for risk management. The IRS agreed with the majority of TIGTA’s recommendations, and it plans to implement corrective actions.
The IRS has taken aggressive steps to ensure the protection of federal tax data needed for administering the Affordable Care Act, including the security of information reports. The system mentioned in this report does not deal with receiving health insurance through a Marketplace, individual insurance coverage information or anything related to people filing their tax returns in early 2015. The system described in the report supports the effort to collect annual fees based on forms provided by health insurance providers and pharmaceutical manufacturers and importers. There have been no data breaches involving information sharing in this system. TIGTA’s recommendations will contribute to further identifying and preventing security risks and increase contractor oversight to ensure the best possible outcome during system testing.