The Internal Revenue Service (IRS) has not properly secured its system that determines fees for health insurers and pharmaceutical companies under Obamacare, an inspector general report found.
The Affordable Care Act requires the IRS to process premiums from insurers and sales data from drug manufacturers for certain government-subsidized programs. The ACA Information Returns System, or AIR system, then calculates the annual fees to charge the companies.
{mosads}That system recently came under the scrutiny of the Treasury Inspector General for Tax Administration. The inspector general released a report Tuesday that concluded the IRS failed to check the source code for bugs or mend several security vulnerabilities.
“These security control weaknesses could impact the AIR system’s ability to reliably process the electronic form reports and to accurately determine the applicable fees,” the report said. “Improvements are needed to ensure the long-term success of the AIR system.”
The IRS mostly agreed with the IG’s findings.
“Your team’s feedback was very timely,” the agency said in response. “Immediately upon receiving it, we inserted additional IRS oversight on this contractor-staffed team and completely re-executed a portion of our testing prior to system deployment.”
The IG cited 25 total “critical and major failures and errors.” The IRS has given details on its plan to address 23 of these issues, the IG said.
The IG also pushed the agency to move more quickly. Fourteen failures are not scheduled to be fixed until fall 2015.
“Our review found that some of these … weaknesses can be mitigated now,” the report said.
Many have criticized the security of the technology underlying Obamacare. The original launch of Healthcare.gov was plagued with glitches. Many cybersecurity experts later discovered blatant vulnerabilities on the site.
Ahead of November’s second round of open enrollment on the site, the administration went to great lengths to emphasize the enhanced testing and security measures on the site.
In a statement Wednesday, the IRS noted the system analyzed in the report does not deal with individuals trying to sign up for a healthcare plan through Healthcare.gov.
It also pointed out, “there ahve been no data breaches involving information sharing in this system.”
— Updated 2:31 p.m.