IRS enables Americans to download their tax transcripts over the Internet

UPDATE: This service was taken offline after IRS security was compromised.

UPDATE: Learn how to download your tax transcript from IRS.gov.

button_online_transcript

Earlier today, at the White House Education Datapalooza, an official from the United States Department of the Treasury informed a packed theater and livestream that students, parents and citizens would finally be able to do something simple and profoundly useful over the Internet: download a transcript of their tax return from the Internal Revenue Service.

“I am very excited to announce that the IRS has just launched, this week, a transcript application which will give taxpayers the ability to view, print, and download tax transcripts,” said Katherine Sydor, a policy advisor in the Office of Consumer Policy of the Treasury, “making it easier for student borrowers to access tax records he or she might need to submit loan applications or grant applications.” [VIDEO]

Previously, filers could request a copy of the transcript (not the full return) but would have to wait 5-10 business days to receive it in the mail. For people who needed more rapid access for applications, the delay could be critical. A White House fact sheet subsequently confirmed the news, under the rubric of “streamlining application paperwork,” and a quick follow up with an official secured the correct URL for the new IRS Web application to get a tax transcript.

irs-transcript

I created an account, which involved jumping through the  hoops familiar from establishing online access bank accounts — choosing pass phrase, pass image and security questions — and then answered a number of questions that made it pretty clear that the IRS knew exactly who I was and where I had lived. (It’s not clear whether they hold this information or used a credit bureau, from the consumer-side.)

When I tried to actually download the transcript, though, I ran into some issues: first, a browser error in Chrome — “This XML file does not appear to have any style information associated with it. The document tree is shown below.” Using Firefox, however, I was able to at least get the page where I could choose from various years of transcripts.

irs-transcript-purposes

Unfortunately, clicking any of the links delivered a file that my Macbook was unable to parse. I was, however, able to log into IRS.gov and easily download last year’s tax return with one click to my iPhone. Success!

While the technical problems I ran into suggest that Apple computer users might run into some issues, I have a funny feeling that (the vast majority) of people who are running Internet Explorer on a Windows machine will fare better.

The fact that American citizens could not access their own tax returns online in 2014 might seem jarring but, until this week, that was the status quo. This advance represents the sort of somewhat mundane but important shift that the Obama administration’s approach to digital government have enabled over the past five years.

While the troubles behind the botched launch of Healthcare.gov have shaken the confidence of many citizens in the capacity of this administration to deliver effective digital services and months of headlines about digital surveillance by the National Security Agency have diminished trust in government overall, the ability of the “tech surge” to fix the site and the success of the technology team at the Consumer Financial Protection Bureau not only offers a guide for how to avoid similar issues but highlights a less salacious and boring reality that will generate no headlines nor heated rhetoric on cable news shows: most public officials and civil servants are quietly working to deliver better customer service for citizens.

Being able to download a tax transcript online is not, however, without risks. The Internal Revenue Service will need to continue to be vigilant about security. The new functionality will almost certainly inspire fraudsters to create mockups of the government website that look similar and then send phishing emails to consumers, urging them to “log in” to fake websites.

Perhaps most problematically, people will download tax transcripts to mobile devices and laptops and then not take steps to protect them with encryption. If you do download your transcripts or personal health information, make sure to also install full disk encryption on every machine you own. Leaving your files unprotected there is like leaving the door to your house unlocked with your tax returns and medical records on the kitchen table.

I have asked the IRS for comment on the new feature, browser and operating system and security guidance and will update this post if and when I receive any.

Update: comment from the IRS on follows.

How much time and technical resources did the IRS invest in deploying the feature? Has the IRS increased the capacity of the website for more demand?

From establishing the business case and receiving funding plus approval to start the work to implementation took approximately one year. Additional time was spent in ideation, innovation, and confirming requirements of the product prior to receiving approval.

I had trouble downloading my transcript on an Apple computer using Chrome and Firefox. (I was able to get it through my iPhone.) What browsers and operating systems does the new function officially support?

As a web application, Get Transcript is supported on most modern OS/browser combinations. While there may be intermittent issues due to certain end-user configurations, IRS has not implemented any restrictions against certain browsers or operating systems. We are continuing to work open issues as they are identified and validated.

A side note: For the best user experience, taxpayers may want to try up-to-date versions of internet explorer and a supported version of Microsoft windows; however, that is certainly not a requirement.)

Does the IRS have any guidance for ensuring that Americans connect securely to the website and then protect tax returns on their home computers once they have downloaded them?

The IRS has made good progress on oversight and enhanced security controls in the area of information technology. With state-of-the-art technology as the foundation for our portal (e.g. irs.gov), we continue to focus on protecting the PII of all taxpayers when communicating with the IRS.

However, security is a two-way street with both the IRS and users needing to take steps for a secure experience. On our end, our security is comparable to leaders in private industry.

Our IRS2GO app has successfully completed a security assessment and received approval to launch by our cybersecurity organization after being scanned for weaknesses and vulnerabilities.

Any personally identifiable information (PII) or sensitive information transmitted to the IRS through IRS2Go for refund status or tax record requests uses secure communication channels that meet or exceed federal requirements for encryption. No PII is passed back to the taxpayer through IRS2GO and no PII is stored on the smartphone by the application.

When using our popular Where’s My Refund? application, taxpayers may notice just a few of our security measures. The URL for Where’s My Refund? begins with https. Just like in private industry, the “s” is a key indicator that a web user should notice indicating you are in a “secure session.” Taxpayers may also notice our message that we recommend they close their browser when finished accessing your refund status.

As we become a more mobile society and able to link to the internet while we’re on the go, we remind taxpayers to take precautions to protect themselves from being victimized, including using secure networks, firewalls, virus protection and other safeguards.

We always recommend taxpayers check with the Federal Trade Commission for the latest on reporting incidents of identity theft. You can find more information on our website, including tips if you believe you have become the victim of identity theft.

Does the IRS have any plans to provide Americans with access or insight to estimated tax returns online in the future? Now that we have the ability to establish user accounts, would it ever be possible, for instance, for people with simple taxes (1040EZ, etc) to log in, review an estimated return, make any required edits, and then e-file it on IRS.gov?

IRS: The IRS is considering a number of new proposals that may become a part of the online services roadmap some time in the future. This may include a taxpayer account where up to date status could be securely reviewed by the account owner.

Note: This post has been updated throughout to make it clear that the IRS has provided online access to tax transcripts, not the entire return. You can read up on the difference between a tax transcript and tax return here.

United Kingdom looks to put 50 million health records online and increase patient data rights

This Monday, Minister of Parliament Jeremy Hunt, the United Kingdom’s Secretary of State for Health, delivered a keynote address at the fourth annual Health Datapolooza in Washington, DC. In a rhetorical turn that would be anathema for any national conservative politician on this side of the Atlantic, Hunt commended the United States for taking steps towards providing universal health insurance to its people.

Hunt outlined three major elements in a strategy to improve health care in the UK: 1) applying data more effectively 2) improving transactional capabilities and 3) putting patients in the “driver’s seat” of their own health care. He pointed to several initiatives that support that strategy, from extending electronic health records to 50 million people to sequencing the genomes of 100,000 people and developing telemedicine capabilities for 3 million patients. Given the focus of the datapalooza, however, perhaps his most interesting statement came with respect to personal data ownership:

After the keynote, I interviewed Secretary Hunt and Tim Kelsey, the first national director for patients and information in the National Health Service. Our discussion, lightly edited, follows.

What substantive steps has the UK taken to actually putting health data in the hands of patients?

Hunt: Basically, I have given an instruction that everyone should be able to access their own health record online before the next general election, which means that I will be accountable for delivering that promise. There’s no wiggle room for me. That’s a big change, and it’s also a big change for the system because, basically, it means that every hospital and every general practitioner has to get used to the idea that the data they write about patients will be able to be accessed by patients. It’s a small but very significant first step.

There’s sometimes a disconnect between what politicians direct and what systems actually do. What’s happening with the UK’s long-delayed EHR system?

Hunt: I’ve given a pretty accountable timeframe for this: May 2015. I’ll be facing a general election campaign then. If we don’t deliver, then my head’s going to be on the block. I think it is a valid question, because of course once you set these objectives, then you start to look underneath it. One of the questions that we have to ask ourselves is how many have actually used this. We want everyone to be able to use this, but in practice, if the way they use it is they’re going to have to go into their GP, they’ve got to sign a consent form, there’s some complex procedure, then actually it’s not going to change people’s lives. The next question is about take-up, and that’s what we’re exploring at the moment.

Are there any aspects of the U.S. healthcare system that you think might be worth adopting and bringing back to the U.K.? Or vice versa?

Well, it’s quite interesting. We just had a really good meeting with [US CTO] Todd Park. I don’t think the differences are so great. I mean, on one level, yes, hospitals here are private or charitable, so they can’t be mandated by the government to do anything. And yet, they’ve succeeded in getting 80% of them to adopt EHRs through setting a standard and a certain amount of financial incentive. We can tell our hospitals to do things, but actually, as you said earlier, that’s not the same as them actually doing it.

I think in the end, in both countries, what you have to do is make it so that it’s in the hospitals’ own interest. In our case, the way that we’re doing that is trying to demonstrate that sensibly embracing the technology agenda has a massive effect on reducing mortality rates and improving clinical outcomes. By publishing all of the data about those outcomes, we’re creating competition between hospitals. That, I hope, will drive this agenda.

At the same time, we need to change public awareness. This is the big challenge – this sense that you can actually be in charge of your own health is just, surprisingly, absent in large numbers of people. There’s a very strong sense that lots of people have that “health is something that’s done to me” by NHS.

In the U.S has released data on the disparities in pricing for hospital procedures and comparisons of hospital quality — but you still need to go to places that take your health insurance. In the NHS, is that as much of an issue?

Hunt: That’s a really good question to ask because, in the U.K, for virtually any procedure, you have the right to have it done in any hospital in the country — and yet, very few people avail themselves of that right. So, by publishing surgical survival rates, we’re hoping to create pressure, where people actually say “I’m going to have this heart operation, and I’m not going to go to my local hospital, I’m going to go to this one a bit farther away that has higher success rates.” At the moment, people don’t actually do that; they tend to go where they’re recommended to. That’s where this information revolution can take hold.

What is the most unexpected thing that has happened since the U.K. began releasing more open data about health?

Tim Kelsey: I don’t know if this is unexpected or not, but the most startling thing is that we’ve moved from having one of the worst heart surgery survival rates in Europe to being the best. Heart surgery is the only speciality where we’ve published comparative data by heart surgeons across the whole country.

Do you think that’s an accident?

Tim Kelsey: No, I don’t think it’s an accident at all. Within that data, if you look at what has actually happened, the assumption of the geniuses who actually pioneered the program was that the gap between the best surgeons and the worst surgeons would narrow, because the weaker surgeons would raise their game. That didn’t happen. What happened was that the best surgeons got even better, and the underperforming surgeons also raised their game. The truth is that they want to be the winner, and open data has had a massive impact in driving outcomes and standards.

What are the most important principles or substantive steps that you’re applying at the NHS to mitigate risks or harms from privacy breaches?

Hunt: We have to carry the public with us. We have a very strong free press, as you do, and we’re very proud of that. If they believe that people’s data is going to be used to infringe their privacy, then public confidence in the huge revolution that the dataaplooza is all about will be shaken and lack a massive impact. I think that there’s a very simple way that you maintain public confidence, which is by making it absolutely clear that you own that data. You can choose, if you don’t want that data to be used, in even in an anonymized form, you can say I’m not going to share my data. I think once you do that, you create a discipline in the system to make sure that the anonymization of data is credible, because people can withdraw their consent if they don’t believe it.

Also, you put people in the driver’s seat, because I think people’s motives are different. You and I, as young and hopefully healthful individuals, we’re thinking about privacy. If somebody’s got terrible cancer, he’s actually thinking, ‘well, I would really like my data to be used for the benefit of humanity.’ They’re actually very, very happy to have their data shared. They have a different set of concerns.

I don’t think you’ll have any trouble, for example, getting 100,000 people to consent to have their genome sequenced. These will be people who have cancer, and once you have cancer, you think, ‘what can I do to help future generations conquer cancer?’ The mentality changes. We have to maintain people’s confidence.

I think the best analogy, though, is banking. Perhaps the second thing people care about most after their health is their money, and the banks have been able to maintain people’s confidence. They’re actually doing banking online, so that you can access your bank account from any PC, anywhere in the world. It’s something you can do with confidence. They’ve done that because they’ve thought through the procedures.

In the U.S., you’re entitled to access a free copy of your credit report once a year. Consumers, however, still don’t have access to their own data across much of the private sector. Will the British government support “rights to data for its citizens?”

Hunt:: We are hoping to preempt the worry about that by instructing the NHS that everyone has a right of veto over the use of their own data. You own your own medical record. If you don’t want that shared, then that’s your decision, and you’re able to do that. If we didn’t do that, I think the courts might make us do that.

Kelsey: Just to clarify that point: The Data Protection Act, which is effectively a European piece of legislation, says that people have the right to object to data being shared, in any context, private sector or health or otherwise, or to opt out. We’ve said, because of the rights priority we’re giving to patients as the de facto owner of the data, which is different from the American situation so far.

We’re setting a global standard here, which will be interesting experiment for the rest of the world to watch, that people will have the right to say “I don’t want my data shared” — and people will respect that. Now, at the moment that is not a legal right, that is a de facto right that will be expected. It may well be that we’ll need to simply write down a law that this is an individual’s data and rights flow from that. At the moment, there’s no law that gives an individual patient the right to their own data nor to opt out out of its sharing.

Who are the open data entrepreneurs?

reagan-quoteDay by day, we are gaining better maps and tools to navigate the complexities of world around us. The ways that open data is finding its way into the hands of citizens and consumers were described today in a new report from a federal interagency task force on “smart disclosure.”

Smart disclosure, for those unfamiliar, is a term of art for when a private company or government agency provides you with access to your own data in a format that enables you to put the data to use.

When distributed this way, personal data ownership improves market transparency, empowers consumers and drives the nascent open data economy.

According to federal officials, this report from the National Science and Technology Council is the “first comprehensive description of the Federal Government’s efforts to promote the smart disclosure of information that can help consumers make wise decisions in the marketplace.” If you’re interested in the topic, it’s one of the most clearly written government documents I’ve come across lately: give it a read.

As Alex Fitzpatrick pointed out in his post on the ways companies are using government data, however, the report didn’t include the names of specific companies.

Given my research on the open data economy, I think I can fill in a few more of them, looking across sectors. (The administration itself identified Billguard, OPower and iTriage in February, in a post on open government data and jobs.)

In education, check out startups like Better Lesson and SoFi.

In energy, look at WattzOn, PlotWatt, SimpleEnergy and FirstFuel, in addition to OPower.

In consumer finance, evaluate HelloWallet, Brightscope and CalcBench, in addition to Billguard.

In real estate, look to Zillow and Trulia.

In healthcare, consider mHealthCoach, Kyruus or the growing number of health care apps and services on display at next week’s “Health Datapalooza.”

The administration’s top IT officials — chief information officer Steven VanRoekel and chief technology officer Todd Park — say that open data is good for America. If its release supports or leads to the creation of more startups that create products and services that improve people’s lives, that assertion will be born out.

If you recognize other startups from the descriptions in Alex’s post, please drop him a comment or a tweet — and if you use open government data in your startup, nonprofit or enterprise, please let us know in the comments.

Putting personal open data in the hands of consumers targets transparency where it matters

“…a few companies are challenging the norm of corporate data hoarding by actually sharing some information with the customers who generate it — and offering tools to put it to use,” writes Natasha Singer in the New York Times. “It’s a small but provocative trend in the United States, where only a handful of industries, like health care and credit, are required by federal law to provide people with access to their records.”

I’m a little perplexed by this story. It’s like the author goes out of her way to be skeptical of “open data” but then writes a piece that explored how data is being (wait for it) opened up to consumers.

On the one hand, Singer is 100% right: much of the data collected about consumers is not available to them, from shopping to telecom to energy to healthcare, much less data collected in the business of government. For them, an “open data society” is a long way off. On the other hand, I’m perplexed about where this society has been proposed or by whom. There’s a bit of a whiff of straw here.

All that being said, that Singer identified consumer data disclosure as a trend in the New York Times Sunday Business section is notable, given the influence of that perch.

Of course, if you’ve been reading Radar, you knew about smart disclosure and targeted transparency, knew personal data ownership was a trend to watch, and learned more about the acceleration of consumer data releases this February.

If you missed those pieces, I hope they’re useful to you today.

Personal data ownership is an idea that numerous people have been advancing and advocating for years. (I was glad to see Doc Searls cited in the Times). It’s an important principle.

The idea of a “right to data” has also received high-level support (if not legislation and regulation): last year, former Federal Trade Commission chairman Leibowitz said that American citizens should be able to learn see what information is held by them and “have the right to correct inaccurate data,” much as they do with credit reports.

While there’s still a long way to go before a majority of the private sector acknowledges such access as an a privilege, there’s good reason to see a shift that will benefit consumers in the long-run.

Over time, it’s even possible that such open data will benefit society. (Just don’t go overboard on the hoopla about it.)