The U.S. Treasury Inspector General of Tax Administration (TIGTA) has published a report detailing weaknesses in the IRS system for collecting tax information returns related to the Affordable Care Act (ACA). Specifically, TIGTA examined the ACA Information Returns (AIR) Release 1 Project.
TIGTA generated the report to determine how well the IRS can mitigate risk in regard to ACA reporting. This included issues relating to fraud detection, security and testing. Based upon security assessments conducted by the IRS, TIGTA provided several recommendations for how the agency’s chief technology officer should address weaknesses found within AIR.
Here are a few of TIGTA’s suggestions:
- There should be systems in place to find and mitigate risks. Additionally, the IRS should run vulnerability scans on all databases.
- Current vulnerabilities must be immediately resolved.
- The agency must develop ACA plans of action and milestones to ensure the risks are mitigated within required timeframes.
- Third-party contractors that conduct testing processes must be managed by the IRS information technology testing and implementation organization.
The IRS did not agree with TIGTA’s assessment in all regards. However, it did issue a statement to demonstrate its commitment to developing more secure systems and addressing vulnerabilities.
“The IRS is committed to ensuring the security of our information technology systems and maintaining appropriately configured databases,” the IRS said. “[TIGTA’s] report acknowledges our security practices and makes several recommendations that upon implementation, will contribute to our shared objective of identifying and mitigating security vulnerabilities.”
The importance of securing taxpayer data
Though the TIGTA report focused on the IRS, it points to the importance of protecting taxpayer data as it is transmitted for the health care law’s new tax information reporting requirements. Insurers, large employers and self-insured employers must all ensure they have a secure system in place for collecting necessary data that is to be furnished to the IRS.
This is particularly true as more consumers become concerned about their data, and there is a growing risk of breaches. Additionally, experts predict there will be a large-scale breach in 2015 that will give more attention to the necessity of information security for consumer health care information, according to EHR Intelligence.
Furthermore, several new tax forms were introduced and organizations are scrambling to determine which department will be responsible for ACA reporting. There is general confusion about the health care law’s provisions; therefore, employers and insurers should take steps now to ensure accurate reporting that doesn’t put member information at risk.
Check out our education section for more about ACA reporting requirements for insurers, large employers and self-insured employers.
