Obamacare is more than the Department of Health and Human Services’ fumbling. Last week, the Treasury Department’s Inspector General for Tax Administration listed the top management and performance challenges for the IRS. Number two is “Implementing the Affordable Care Act.” As explained in the memo [emphasis mine]:
The Affordable Care Act (ACA) contains an extensive array of tax law changes that will present a continuing source of challenge for the IRS in coming years. The Affordable Care Act provides incentives and tax breaks to individuals and small businesses to offset health care expenses. It also imposes penalties, administered through the tax code, for individuals and businesses that do not obtain health care coverage for themselves or their employees. The Affordable Care Act represents the largest set of tax law changes in more than 20 years.
Starting in Calendar Year 2014, the IRS will be responsible for implementing the Advanced Premium Tax Credit, as well as implementing the penalty on applicable individuals for each month they fail to have minimum essential health care coverage. These two issues have a far-reaching impact on the IRS and will require significant resources, particularly customer service resources, as taxpayers turn to the IRS with questions and issues about the Affordable Care Act. Customer service has been declining in recent years, with fewer taxpayers being served at local IRS offices and the IRS answering fewer telephone calls.
The IRS’s implementation plan for the ACA includes providing information on eligibility and enrollment, developing calculations for the Advanced Premium Tax Credit, reconciling Premium Tax Credits with reported taxable income, and developing new ACA information collection and processing systems. These provisions require development of new computer systems, modification of existing systems, revision and/or creation of new fraud detection systems, and deployment and testing of new interagency communication portals to support ACA operations.
Obamacare implementation money has run out, so “all implementation efforts in FY 2013 and beyond will be funded solely from the IRS’s operating budget,” the memo states.
Based on a 2012 report on the agency’s lack of cybersecurity, we should be concerned:
During the past year, the Internal Revenue Service did not install critical fixes for software vulnerabilities, allowed unauthorized access to accounting programs and failed to ensure contractors received security training, according to the auditors’ auditors.
Around tax time in 2007, 2008, 2009, 2010, 2011 and now this year, the Government Accountability Office has identified similar, recurring weaknesses that could expose sensitive taxpayer information and agency financial data, according to archived GAO reports.
“IRS had never installed numerous patch releases for the Unix operating system” that had been in operation since March 2009, stated the most recent report, released Friday. By not patching security holes on a timely basis, the “IRS increases the risk that known vulnerabilities in its systems may be exploited.”
The key reason IRS computers are susceptible to tampering is the tax agency has yet to institute a mandatory information security program, GAO officials have said for five years. Under federal cybersecurity law, agencies must deploy a departmentwide initiative that, among other things, trains personnel to comply with security policies and tests technical protections.
In 2012, auditors observed that IRS personnel determined whether safeguards were functioning by looking at documents, rather than physically running the programs, according to the GAO. “In one case, testers concluded that encryption was in place by reviewing a diagram and interviewing key staff rather than performing system testing,” the report stated.
Hopefully the IRS’ implementation, especially computer systems, is more successful than how they blew through $5 billion in system upgrades and involves more testing than Healthcare.gov.