OIG: Medicare enrollment database needs bolstering
The Centers for Medicare and Medicaid Services needs to improve existing information technology controls to enhance the resiliency of the Medicare program’s enrollment system.
That’s the finding of an audit by the Department of Health and Human Services’ Office of Inspector General, which assessed whether CMS implemented sufficient security controls within its Enrollment Database (EDB) to protect the confidentiality, integrity and availability of Medicare enrollee data.
According to OIG, the database is the primary source of Medicare enrollment information for the entire population of beneficiaries who have ever received benefits under the program.
“We found that CMS could improve its risk management oversight and the current controls in place to ensure the availability of the EDB,” state the auditors. “Based on CMS officials’ estimates, we calculated the daily financial impact of a nonfunctional EDB to be approximately $47 million.”
Auditors provided a restricted report, with information for official use only, to CMS that included five recommendations—all of which the agency concurred with, according to the OIG.
In its response to the report, CMS “stated the current system is being integrated into a larger Medicare system,” the auditors noted. However, OIG said that it does not believe the agency’s system consolidation will have a “significant impact” on the report’s findings and “actionable recommendations for CMS to implement in an effort to timely mitigate the vulnerabilities we identified.”