Federal and state officials need to make sure that they protect the security of confidential tax information belonging to people seeking benefits on Obamacare’s health insurance exchanges, federal investigators said Thursday.
Government agencies that operate health insurance exchanges — where consumers can shop for private coverage under the Affordable Care Act (Obamacare) — should be required to get independent assessments of “security controls” protecting tax information the IRS sends them, according to the report by the Treasury Inspector General for Tax Administration, which audits the IRS.
The Inspector General’s audit was initiated to determine whether the IRS Office of Safeguards has “implemented sufficient policies and procedures to ensure that ACA Exchanges are adequately protecting federal tax information,” the report says.
IRS: Agencies Will Submit Security Assessments
IRS management has agreed with the Inspector General’s recommendations to tighten controls and development third-party reviews.
“The IRS plans to require agencies to submit an initial independent security assessment and signed system security authorization,” the report said. “The IRS also plans to develop procedures to use the independent security assessment to validate that controls are implemented …”
In a written statement, the IRS asserted that there has been no breaches of tax data the agency has provided to exchanges.
“The IRS has a long and proven track record of safely and securely transmitting federal tax information through data sharing agreements to nearly 300 federal and state agencies on a regular basis,” the agency said.