TIGTA recommends IRS address security vulnerabilities for ACA reporting

Sovos
December 10, 2014

This blog was last updated on June 27, 2021

The U.S. Treasury Inspector General of Tax Administration (TIGTA) has published a report detailing weaknesses in the IRS system for collecting tax information returns related to the Affordable Care Act (ACA). Specifically, TIGTA examined the ACA Information Returns (AIR) Release 1 Project.

TIGTA generated the report to determine how well the IRS can mitigate risk in regard to ACA reporting. This included issues relating to fraud detection, security and testing. Based upon security assessments conducted by the IRS, TIGTA provided several recommendations for how the agency’s chief technology officer should address weaknesses found within AIR.

Here are a few of TIGTA’s suggestions:

  • There should be systems in place to find and mitigate risks. Additionally, the IRS should run vulnerability scans on all databases.
  • Current vulnerabilities must be immediately resolved.
  • The agency must develop ACA plans of action and milestones to ensure the risks are mitigated within required timeframes.
  • Third-party contractors that conduct testing processes must be managed by the IRS information technology testing and implementation organization.

The IRS did not agree with TIGTA’s assessment in all regards. However, it did issue a statement to demonstrate its commitment to developing more secure systems and addressing vulnerabilities. 

“The IRS is committed to ensuring the security of our information technology systems and maintaining appropriately configured databases,” the IRS said. “[TIGTA’s] report acknowledges our security practices and makes several recommendations that upon implementation, will contribute to our shared objective of identifying and mitigating security vulnerabilities.”

The importance of securing taxpayer data
Though the TIGTA report focused on the IRS, it points to the importance of protecting taxpayer data as it is transmitted for the health care law’s new tax information reporting requirements. Insurers, large employers and self-insured employers must all ensure they have a secure system in place for collecting necessary data that is to be furnished to the IRS.

This is particularly true as more consumers become concerned about their data, and there is a growing risk of breaches. Additionally, experts predict there will be a large-scale breach in 2015 that will give more attention to the necessity of information security for consumer health care information, according to EHR Intelligence.

Furthermore, several new tax forms were introduced and organizations are scrambling to determine which department will be responsible for ACA reporting. There is general confusion about the health care law’s provisions; therefore, employers and insurers should take steps now to ensure accurate reporting that doesn’t put member information at risk.

Check out our education section for more about ACA reporting requirements for insurerslarge employers and self-insured employers.

Sign up for Email Updates

Stay up to date with the latest tax and compliance updates that may impact your business.

Author

Sovos

Sovos is a global provider of tax, compliance and trust solutions and services that enable businesses to navigate an increasingly regulated world with true confidence. Purpose-built for always-on compliance capabilities, our scalable IT-driven solutions meet the demands of an evolving and complex global regulatory landscape. Sovos’ cloud-based software platform provides an unparalleled level of integration with business applications and government compliance processes. More than 100,000 customers in 100+ countries – including half the Fortune 500 – trust Sovos for their compliance needs. Sovos annually processes more than three billion transactions across 19,000 global tax jurisdictions. Bolstered by a robust partner program more than 400 strong, Sovos brings to bear an unrivaled global network for companies across industries and geographies. Founded in 1979, Sovos has operations across the Americas and Europe, and is owned by Hg and TA Associates.
Share this post

Climate Related Events Insurance Premium IPT
EMEA IPT
July 18, 2024
The Impact of Climate-Related Events on Insurance Premium Tax (IPT)

Climate related events impact all industries; the insurance industry is no exception. Here’s how it’s affecting Insurance Premium Tax.

Hungary tax penalty
EMEA North America VAT & Fiscal Reporting
April 15, 2025
Hungary: Tax Penalty Regime

This blog was last updated on April 15, 2025 Hungary’s tax penalty consequences of non-compliance with tax requirements are governed by the Act on Rules of Taxation. The law outlines a range of sanctions for non-compliance, including tax penalties, default penalties, late payment interest and self-revision fees. This blog will provide an overview of each […]