The Internal Revenue Service (IRS) rushed a major Patient Protection and Affordable Care Act (PPACA) tax form checking system into use earlier this year without putting it through a complete security assessment process, a watchdog agency official says.
In addition, because of IRS PPACA system project management problems, the tax form checker was using outmoded, potentially dangerous versions of the Java Runtime Environment program when the IRS started using the tax form checker, the official says.
Michael McKenney, the deputy inspector general for audit, an official at the Treasury Inspector General for Tax Administration (TIGTA), presented those conclusions in a report on the state of security at the Affordable Care Act Verification Service (AVS).
TIGTA, like other Obama administration agencies, refers to the health care law as the ACA.
The PPACA exchange system began offering consumers health insurance premium tax credits in 2014. Starting with the 2015 tax filing year, tax credit users were supposed to use IRS Form 8962 to report on the use of the new premium tax credits.
The IRS developed the AVS system to check the math, completeness and consistency of 8962 forms; check whether 8962 form users who reported receiving premium tax credits had actually enrolled in exchange plan coverage; and identify taxpayers who had received premium tax credits, but had not yet filed 8962 forms.
Originally, the IRS wanted to complete project-level AVS testing by June 2014. They hoped to start final integration testing, including security testing, in September 2014. But coders developed the AVS system code late, and that caused a series of project-level testing delays, McKenney writes in the TIGTA report.