A watchdog agency says the Internal Revenue Service (IRS) needs to beef up the process it uses to protect a key public health insurance exchange database system, the Coverage Data Repository.
Terence Milholland, the chief technology officer at the IRS, says the IRS believes it's already using a strong testing strategy.
The watchdog agency, the Treasury Inspector General for Tax Administration (TIGTA), is telling the IRS to apply the full testing process to a limited, temporary information-sharing effort that was simply used to help public exchange managers set up their systems, IRS officials say.
TIGTA officials talk about their concerns in a report on Patient Protection and Affordable Care Act (PPACA) data repository risks.
TIGTA gave the report to the IRS in June, but it waited until this week to make the report available to the public, and it blacked out some portions due to security concerns.
The data repository covered in the report holds PPACA exchange plan applicants' family size and income data, not personal health information. The IRS uses the data to verify taxpayers' PPACA exchange plan premium tax credit claims.
TIGTA investigators looked at how the IRS worked with other agencies when it was developing the systems, how the IRS handled security concerns, and whether the IRS put in the audit trails it needs to see whether authorized system users or intruders got unauthorized access (UNAX) to personal exchange user information.