Audit Of Medicaid Computer System Security Mostly Positive

LANSING – A performance audit of the security and access controls in the state’s main database for the Medicaid program generally showed effective management, but also highlighted some weaknesses that need shoring up.

The audit of the Community Health Automated Medicaid Processing System, known as CHAMPS, showed that the Department of Technology, Management and Budget did not fully establish effective security and access controls for the operating system of servers that ensure CHAMPS data is protected from unauthorized modification, loss or disclosure.

Auditors said they sampled five of the 14 servers with CHAMPS data and application files and identified potentially vulnerable operating system configurations on all five.

The audit also indicated that the Department of Community Health had not fully established effective security and access controls to prevent inappropriate access and modification of CHAMPS production data. Auditors found potentially vulnerable configurations of CHAMPS databases. For security reasons, they did not state those vulnerabilities in the audit and instead provided the information directly to DCH.

Further, auditors noted that DCH did not limit the ability of CHAMPS users to modify verification of certain Medicaid claims data. The audit found some users with permitted access to this system who did not need such access to do their jobs.

DCH officials indicated they agreed with the audit and would implement the changes.

This story was provided by Gongwer News Service. To subscribe, click on Gongwer.Com