TIGTA Seal graphic

Treasury Inspector General for Tax Administration

Press Release

October 23, 2014
TIGTA - 2014-34
Contact: David Barnes
(202) 622-3062

Additional Measures Needed to Provide Greater Assurance That Tax Information Provided to Health Exchanges Is Protected

WASHINGTON – The Internal Revenue Service (IRS) is authorized to disclose limited tax information to Affordable Care Act Exchanges when an applicant seeks financial assistance in obtaining health insurance. To protect the confidentiality of Federal Tax Information (FTI), the IRS has established safeguards the Exchanges must employ.

While the IRS has provided staff to facilitate the readiness of ACA Exchanges to receive FTI, additional procedures are needed to provide greater assurance that FTI will be protected prior to the IRS approving its release. That is the conclusion of a report publicly released today by the Treasury Inspector General for Tax Administration (TIGTA).

TIGTA reviewed whether the IRS Office of Safeguards has implemented sufficient policies and procedures to ensure that ACA Exchanges are adequately protecting FTI received from the IRS.

"The IRS must do more to ensure that Federal Tax Information submitted to the ACA Exchanges is protected and prevent its unauthorized disclosure," said J. Russell George, Treasury Inspector General for Tax Administration.

TIGTA found that additional procedures are needed to provide greater assurance that FTI will be protected prior to approving its release. Specifically, IRS procedures did not require the Exchanges or other agencies to submit an initial independent security assessment that could help to evaluate risk levels and the status of required security controls. The current documentation on which the Office of Safeguards bases its approval decision for release of FTI does not provide sufficient evidence that required controls have been implemented.

TIGTA recommended that the IRS ensure that the Office of Safeguards receive and review independent assessments of security controls and system authorizations before approving the release of FTI. Additionally, the Office of Safeguards should prioritize reviews of agencies that have deployed new systems according to risk.

IRS management agreed with TIGTA’s recommendations and plans to take appropriate actions.

Read the report.


Note: The difference between the date TIGTA issues an audit report to the Internal Revenue Service and the date TIGTA publicly releases the report is due to TIGTA's internal review process to ensure that public release is in compliance with Federal confidentiality laws.

A special plugin is required to view PDF documents. To obtain the free PDF reader, please visit the Adobe web site.