North America

TIGTA recommends IRS address security vulnerabilities for ACA reporting

Sovos
December 10, 2014

This blog was last updated on June 27, 2021

The U.S. Treasury Inspector General of Tax Administration (TIGTA) has published a report detailing weaknesses in the IRS system for collecting tax information returns related to the Affordable Care Act (ACA). Specifically, TIGTA examined the ACA Information Returns (AIR) Release 1 Project.

TIGTA generated the report to determine how well the IRS can mitigate risk in regard to ACA reporting. This included issues relating to fraud detection, security and testing. Based upon security assessments conducted by the IRS, TIGTA provided several recommendations for how the agency’s chief technology officer should address weaknesses found within AIR.

Here are a few of TIGTA’s suggestions:

  • There should be systems in place to find and mitigate risks. Additionally, the IRS should run vulnerability scans on all databases.
  • Current vulnerabilities must be immediately resolved.
  • The agency must develop ACA plans of action and milestones to ensure the risks are mitigated within required timeframes.
  • Third-party contractors that conduct testing processes must be managed by the IRS information technology testing and implementation organization.

The IRS did not agree with TIGTA’s assessment in all regards. However, it did issue a statement to demonstrate its commitment to developing more secure systems and addressing vulnerabilities. 

“The IRS is committed to ensuring the security of our information technology systems and maintaining appropriately configured databases,” the IRS said. “[TIGTA’s] report acknowledges our security practices and makes several recommendations that upon implementation, will contribute to our shared objective of identifying and mitigating security vulnerabilities.”

The importance of securing taxpayer data
Though the TIGTA report focused on the IRS, it points to the importance of protecting taxpayer data as it is transmitted for the health care law’s new tax information reporting requirements. Insurers, large employers and self-insured employers must all ensure they have a secure system in place for collecting necessary data that is to be furnished to the IRS.

This is particularly true as more consumers become concerned about their data, and there is a growing risk of breaches. Additionally, experts predict there will be a large-scale breach in 2015 that will give more attention to the necessity of information security for consumer health care information, according to EHR Intelligence.

Furthermore, several new tax forms were introduced and organizations are scrambling to determine which department will be responsible for ACA reporting. There is general confusion about the health care law’s provisions; therefore, employers and insurers should take steps now to ensure accurate reporting that doesn’t put member information at risk.

Check out our education section for more about ACA reporting requirements for insurerslarge employers and self-insured employers.

Sign up for Email Updates

Stay up to date with the latest tax and compliance updates that may impact your business.

Author

Sovos

Sovos is a global provider of tax, compliance and trust solutions and services that enable businesses to navigate an increasingly regulated world with true confidence. Purpose-built for always-on compliance capabilities, our scalable IT-driven solutions meet the demands of an evolving and complex global regulatory landscape. Sovos’ cloud-based software platform provides an unparalleled level of integration with business applications and government compliance processes. More than 100,000 customers in 100+ countries – including half the Fortune 500 – trust Sovos for their compliance needs. Sovos annually processes more than three billion transactions across 19,000 global tax jurisdictions. Bolstered by a robust partner program more than 400 strong, Sovos brings to bear an unrivaled global network for companies across industries and geographies. Founded in 1979, Sovos has operations across the Americas and Europe, and is owned by Hg and TA Associates.
Share this post

Supreme Court Peters v. Cohen
North America Unclaimed Property
August 5, 2025
Supreme Court Petition Challenges State Unclaimed Property Laws: Peters v. Cohen

This blog was last updated on August 5, 2025 Supreme Court Peters v. Cohen: Major Unclaimed Property Case By Freda Pepper, General Counsel, Unclaimed Property Sovos regulatory team is tracking the latest Supreme Court Peters v. Cohen, a landmark case that raises fundamental questions about how state unclaimed property laws handle dormant assets and the […]

NAUPA III file format
North America Unclaimed Property
August 5, 2025
NAUPA III File Format: What Compliance Teams Need to Know

This blog was last updated on August 5, 2025 The National Association of Unclaimed Property Administrators (NAUPA) has approved a major update to their electronic reporting standards with the introduction of the NAUPA III file format. This significant advancement in unclaimed property reporting represents a modernization effort that aims to streamline the submission process while […]

See for yourself how the Sovos Compliance Cloud can meet your business' unique tax compliance challenges.
Book a Demo
© 2025 Sovos Compliance, LLC. All rights reserved.
Why Sovos?
Resources
About
Products
Indirect Tax Suite
Information Reporting and Withholding Suite
Specialty Products
Solutions
By Tax or Document Type
By Industry
By Team or Initiative
By Region