Office of the Legislative Auditor - Financial Audit Division

The Department of Human Services had controls to protect the integrity and confidentiality of its Medicaid Management Information System’s data. However, the department had several security weaknesses.

• The department did not adequately document the system’s application level security.  As a result, some people had incompatible computer access.

• The department did not adequately restrict the ability to administer the system’s mainframe security.

• The department had poor controls over mainframe batch processing.

We assessed the Medicaid Management Information System’s security controls as of September 2006.

Background:

Over 600,000 low-income Minnesotans receive health care through the state’s three publicly funded basic health programs: Medical Assistance, General Assistance Medical Care, and MinnesotaCare.  Through these programs, and others, the state pays all or part of enrollees’ medical bills. 

The Department of Human Services processes health care claims and pays enrollees’ medical bills to medical providers through its Medicaid Management Information System.  This medical payment system is the largest public health care payment system in Minnesota.  In recent years, the department developed computer processes that allow medical providers to submit claims via the Internet and receive payments electronically. The system processes about 40 million claims each year, with payments totaling nearly $6 billion to over 40,000 medical providers.