By Josh Moon
Alabama Political Reporter
Alabama Medicaid has another problem with data security.
The U.S. Department of Health and Human Services Office of Inspector General recently released a report detailing Alabama Medicaid’s failure to “adequately secure its Medicaid Management data and Information System (MMIS).” It also failed to “implement specific controls over its MMIS data and information system” and failed “to provide sufficient oversight” to ensure its vendor maintained security.
The HHS OIG report noted that the data of Medicaid patients, including their health records, could have been in danger. Luckily, the report stated, no data breach occurred. A breach also could have wreaked internal havoc for Medicaid offices.
The report comes just over a year after APR initially reported on potential security issues within Alabama’s CARES program, which Medicaid utilized.
Robin Rawls, an Alabama Medicaid spokesperson, said the reporting in the 2016 story references a different entity and a different problem.
“That’s really comparing apples to oranges,” Rawls said.
The OIG report, which was released in late September, also oddly noted the contentious relationship between HHS and Alabama Medicaid. According to the report, the state challenged HHS naming its state report “Alabama Did Not Adequately Secure Its Medicaid Data and Information Systems.”
“However, we identified significant vulnerabilities, which increased the risks of Medicaid data and information being exploited,” the OIG report states.
The report concludes: “We did not change the title of our report.”