Minnesota Office of the Legislative Auditor
Financial Audit Division

Menu

Minnesota Office of the Legislative Auditor Menu

Report Summary
Department of Human Services
Medicaid Management Information System Security Controls

 

Financial Audit Division Report 07-14 Released June 7, 2007

Conclusion:

The Department of Human Services had controls to protect the integrity and confidentiality of its Medicaid Management Information System’s data. However, the department had several security weaknesses.

Key Findings:
  • The department did not adequately document the system’s application level security.  As a result, some people had incompatible computer access.

  • The department did not adequately restrict the ability to administer the system’s mainframe security.

  • The department had poor controls over mainframe batch processing.

The report contained seven findings relating to internal control weaknesses.
   Audit Scope:

We assessed the Medicaid Management Information System’s security controls as of September 2006.


Background:

Over 600,000 low-income Minnesotans receive health care through the state’s three publicly funded basic health programs: Medical Assistance, General Assistance Medical Care, and MinnesotaCare.  Through these programs, and others, the state pays all or part of enrollees’ medical bills. 

The Department of Human Services processes health care claims and pays enrollees’ medical bills to medical providers through its Medicaid Management Information System.  This medical payment system is the largest public health care payment system in Minnesota.  In recent years, the department developed computer processes that allow medical providers to submit claims via the Internet and receive payments electronically. The system processes about 40 million claims each year, with payments totaling nearly $6 billion to over 40,000 medical providers.

 

     
More Information

Office of the Legislative Auditor ♦ Room 140, 658 Cedar St., St. Paul, MN 55155