The Centers for Medicare & Medicaid Services has completed testing part of the "data hub" that's supposed to sit at the heart of the new exchange system.
CMS hopes to complete the rest of the testing by the end of August.
CMS Administrator Marilyn Tavenner gave Congress an update on data hub testing progress Wednesday at a hearing on the "Obamacare information sharing apparatus," organized by a House Oversight and Government Reform Committee subcommittee and a House Homeland Security Committee subcommittee.
CMS is developing the data hub to help the exchanges use IRS tax data and other federal government data to verfiy applicants eligibility.
CMS spent about $394 million between 2010 and March 31 to develop and test the hub, with $303 million of the funding going to 10 major contractors, witnesses said.
The agency began testing the hub connections with the IRS about a year ago, and 95 percent of the testing was done by the end of June, Tavenner said. CMS started testing integration with some state exchanges in February.
It also started testing integration with Social Security Administration, Department of Homeland Security and other state exchange systems earlier this summer, and that should be done by the end of August, Tavenner said.
Lawmakers at the hearing said they fear problems with implementing PPACA and setting up the hub could lead to data security and health information privacy problems.
Rep. James Lankford, R-Okla., said he sees the potential for users to commit acts of intentional fraud, in addition to honest mistakes.
Rep. Jackie Speier, D-Calif., a PPACA supporter, said she objects to "sweeping allegations" by PPACA opponents who want to sabotage implementation.
But "I believe that the hub has a giant bull's eye on it," Speier said later in the hearing. "The potential for it being hacked is great."
Rep. Michelle Lujan Grisham, D-N.M., countered that state Medicaid programs have been using, storing and exchanging similar types of information for years without running into noteworthy data security or privacy breach problems.
Daniel Werfel, an IRS deputy commissioner, said any agency that wants to get access to IRS data will have to use a 61-page "Safeguard Procedures Report" template and get into an IRS data protection program that involves regular on-site inspections.
Lujan Grisham said lawmakers with a sincere interest in protecting any IRS data or other data shared with the exchange data hub should support moves to protect the IRS budget against the effects of a 24 percent sequestration cut.