Implementation of the fine print of the Patient Protection and Affordable Care Act has resulted in a bit of a squabble among money interests in the federal government.
As part of its role in the PPACA rollout, the Internal Revenue Service is charged with monitoring taxpayer returns to make sure they're in compliance with section of the act. For instance, are taxpayers' household incomes too high or low to justify any premium subsidies they may have received? Have they purchased or at least applied for coverage as require by law?
IRS's solution to gathering and analyzing this data: the Coverage Data Repository, where states were to funnel the necessary data for the 2014 tax season.
Recommended For You
But how well was IRS performing this role? Another branch of Treasury dropped by to find out.
The Inspector General for Tax Administration (TIGTA) reviewed the CDR and was quite disappointed with what it found. Here's a couple of snippets from the snippy report it sent to IRS and others in the Obama administration.
On why it performed the audit:
"The overall objective was to determine how systems development risks for the CDR Project were being mitigated and whether established business and information technology requirements were being met. Specifically, TIGTA evaluated CDR testing processes, including interagency, release-level, and project-level functional testing controls as well as security and audit trail controls."
In other words, was the database complete and was the data secure? Had IRS thoroughly tested the system for flaws?
Here's what TIGTA had to say about that:
"TIGTA found that risks could not be effectively mitigated by CDR testing processes. Interagency testing with the Federal and State Exchanges was not completed. As of November 21, 2014, the IRS had only received EPD from three States. Subsequent to our fieldwork, the IRS received additional data, but it still had not yet received all required [state exchange input].
"Release-level testing was completed but not prior to initiating interagency testing with the Centers for Medicare and Medicaid Services. During project-level testing, system developers did not always demonstrate CDR functionality to business owners and did not maintain complete records verifying business participation."
TIGTA made several recommendations aimed at tightening up security, speeding up the data collection process and ensuring smoother interface with other government agencies.
The IRS took shots at a couple of the "flaws" the report called out, claiming it had done the best it could do under difficult circumstances and that it stood by a lot of its work. But in the end, it agreed to try to do better next time.
But as always happens, those who write the reports get the last word. Said TIGTA: "Because the IRS plans to rely on the CDR as its sole authoritative source for all ACA data, TIGTA maintains that improvements are needed to ensure adequate risk mitigation practices in each of these areas."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Dan Cook
Dan Cook is a journalist and communications consultant based in Portland, OR. During his journalism career he has been a reporter and editor for a variety of media companies, including American Lawyer Media, BusinessWeek, Newhouse Newspapers, Knight-Ridder, Time Inc., and Reuters. He specializes in health care and insurance related coverage for BenefitsPRO.
