A lack of sufficient security policies and procedures has placed NJ Medicaid participant's sensitive information in jeopardy. The state has failed to adequately monitor access to key personal information in the Medicaid Management Information System (MMIS) which could expose participants to fraud, abuse and misuse.

In a series of three recent audits by the NJ Office of State Legislature, the Department of Health Service's Medicaid program was harshly criticized for inadequate information security planning, auditing, management, edit controls and monitoring capabilities. The most recent audit, released April 24, 2008 indicated that the Department fails to properly monitor access to Medicaid participant's information such as social security, tax identification numbers and birth dates in the MMIS. The MMIS supports the $9 billion program by processing claims for more than one million participants. Previous audits found that individuals earning as much as $295,000 were enrolled in the program which targets low-income populations. Other findings included questionable medical equipment purchases. Recommendations for improvement included an enhanced audit trail, such as a department log to access information.

The legislative reprimand comes as the state is gearing up for a re-bid of the MMIS and will likely have a major impact on the scope of work and system requirements. In particular, emphasis will likely be placed on audit trail capabilities and security measures. The incumbent contract with Unisys is scheduled to expire August 23, 2008. Further information on the MMIS re-bid project from INPUT can be found here.