Weaknesses in Idaho's Information System General Controls Over Its Medicaid Claims Processing System Increase Vulnerabilities
The Idaho Department of Health and Welfare (State agency) did not implement adequate information system general controls over its Medicaid claims processing system. We identified 19 reportable weaknesses, which we consolidated into 5 findings and grouped into access controls, configuration management, and security management categories. The State agency had inadequate access controls for network logical access and facility physical access, inadequate configuration management settings for its network devices, and inadequate security management policies and procedures for security controls and personnel. We recommended that the State agency implement adequate information system general controls over its Medicaid claims processing system.
Filed under: Center for Medicare and Medicaid Services