An OIG audit of the Utah Department of Health's information systems found the department overseeing the state's Medicaid systems and data implemented weak security management practices and put individuals and organizational operations at risk.
Utah's Department of Technology Services provides the state's DOH with the information system resources and technical expertise to support and operate Medicaid eligibility determination and claims processing data.
The audit found DTS management had not established a proper security policies and procedures related to access controls management, configuration management, security operations, security program planning and security continuity.
The OIG had also issued previous reports that found 39 "high-impact, reportable weaknesses" of the information system general controls. The audit says these issues and weaknesses put Medicaid data at risk of unauthorized disclosure.
"These findings are high impact because the loss of data's confidentiality, integrity or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets or individuals," according to the audit.
More articles on health IT:
The 3 things Google's Larry Page and Epic's Judy Faulkner have in common
Cerner Data Center breach compromises NCH Healthcare employee data
Epic named No. 1 Overall Software Suite by KLAS for 6th year