United States Flag

An official website of the United States government. Here's how you know >

U.S. Flag An official website of the United States government.
Skip Navigation Change Font Size

Inadequate Security Management Practices Left Utah Department of Health Sensitive Medicaid Data at Risk of Unauthorized Disclosure

The Utah Department of Technology Services' management had not established an effective enterprise security control structure to ensure that adequate information system general controls were implemented in conformance with Federal requirements over the systems used to support the Utah Department of Health's Medicaid eligibility determination and claims processing. These inadequate security management practices put Medicaid systems and data at risk.

We identified 39 high-impact, reportable weaknesses during our earlier comprehensive information system general controls audit of the systems used to support the Utah Department of Health's Medicaid eligibility determination and claims processing.

In written comments on our draft report, the auditee concurred with our recommendations and described corrective actions that it had taken or planned to take.

Copies can also be obtained by contacting the Office of Public Affairs at Public.Affairs@oig.hhs.gov.

Download the complete report.

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201