Inspector General Uncovers 'High-Risk Security Vulnerabilities' in State Medicaid Systems
8:11 AM, Apr 1, 2014 • By JERYL BIER
The office of the inspector general (OIG) for the Department of Health and Human Services (HHS) has uncovered seventy-nine "high-risk security vulnerabilities" in the information processing systems of ten state Medicaid agencies that "raise concerns about the integrity of the systems used to process Medicaid claims." While the ten states are not identified by name, the OIG said that the investigation "suggests that other State Medicaid information systems may be similarly vulnerable," though the results could not be conclusively applied to all fifty states. Now that the expansion of Medicaid under the Affordable Care Act has taken effect in 2014, millions of new enrollees will be added to these same state systems, ready or not.
While the number of findings range from a low of three in one state to a high of seventeen in another, a chart accompanying the report illustrates the pervasiveness of the problems throughout the states, as well as the widespread nature of the vulnerabilities:
The OIG provided specific examples of the vulnerabilities exposed by the investigation:
In the report's conclusion, the OIG repeated the warning of the "serious vulnerabilities" found in the ten states studied. The state Medicaid agencies told the OIG that the vulnerabilities were being addressed. The OIG said that "management should make information system security a higher priority," and that the inspector general was continuing to investigate in this area.
With full implementation of the Affordable Care Act (ACA) in 2014, Medicaid will see a massive increase in enrollment even with only about half of states participating in the ACA-related expansion. As many as 8.9 million low-income Americans will meet the revised income threshold for eligibility. With the personal information of nearly 9 million more Americans running through state Medicaid systems, the increased strain on the system and workload of state personnel serve to increase the urgency of addressing these serious security shortcomings.
Recent Blog Posts