Inadequate Security Management Practices Left Utah Department of Health Sensitive Medicaid Data at Risk of Unauthorized Disclosure
The Utah Department of Technology Services' management had not established an effective enterprise security control structure to ensure that adequate information system general controls were implemented in conformance with Federal requirements over the systems used to support the Utah Department of Health's Medicaid eligibility determination and claims processing. These inadequate security management practices put Medicaid systems and data at risk.
We identified 39 high-impact, reportable weaknesses during our earlier comprehensive information system general controls audit of the systems used to support the Utah Department of Health's Medicaid eligibility determination and claims processing.
In written comments on our draft report, the auditee concurred with our recommendations and described corrective actions that it had taken or planned to take.
Copies can also be obtained by contacting the Office of Public Affairs at Public.Affairs@oig.hhs.gov.
Download the complete report.
Let's start by choosing a topic
Priority recommendations summarized.
FY 2017 Work Plan
OIG projects planned for 2017.
Significant OIG activities in 6-month increments.