The Department of Health and Human Services Office of Inspector General recently issued two reports separately reviewing whether New Mexico and North Carolina each implemented adequate information system general controls for their Medicaid-related systems in accordance with federal requirements.
In both states, OIG found weaknesses that the watchdog agency declined to describe in the public reports due to sensitivity. But they appear to be similar to the kinds of issues OIG has previously spotlighted in several recent security reviews of other states’ Medicaid systems, including Virginia and Colorado.
For instance, just as was noted in OIG’s new reports about New Mexico and North Carolina, OIG’s recent security reviews on Virginia and Colorado cited vulnerabilities that increased the risk to the confidentiality, integrity and availability of those states’ Medicaid data.
The challenges that states face in securing the data and systems of Medicaid programs are similar to the woes faced by many healthcare entities, says Keith Fricke, principal consultant at tw-Security.
“States struggle with security weaknesses much the same way any organization in any industry does – keeping up with the criminals and vulnerabilities in new and existing technology, while managing budgetary constraints and competing priorities,” he says.