State of Maryland fails OIG security audit, Medicaid data at risk

OIG performed a vulnerability assessment scan to determine if there were existing vulnerabilities on the MMIS (Medicaid Management Information System) network, devices, websites and database. And while OIG officials found the state adopted a security program for the system, there were “significant system vulnerabilities.”

Officials did not disclose details of the vulnerabilities found, but said that they were significant enough to "have allowed unauthorized access and exposed Medicaid data and the disruption of critical Medicaid operations.”

The State said there was no evidence of a breach or unauthorized access. And, while a security program was in place, the control were not sufficient to keep the systems protected. Recommendations were made to the state to update the security program and systems to meet federal requirements. 

Supreme Court may revisit a False Claims Act decision

The Supreme Court may revisit a a key False Claims Act decision and the results may impact pending and new cases. According to an article published today in McKnight's Long Term Care News,  "At issue is whether a False Claims allegation automatically fails when the government continues to approve services or pay for products after learning of alleged infractions. "

Any healthcare revenue cycle professional knows that allegations or initial audit results alone don't put a stop to payment of claims by Medicare or Medicaid. If that were the case, providers who ultimately prevail in their disputes and found innocent of wrong-doing could have a hollow victory if the process ultimately bankrupted their organization. Claims payment is automated, very few claims are reviewed by an actual person before payment unless an organization is on the rare pre-payment review or the claim fails for a technical or coding reason. The operational realities of how claims are paid mitigates the effectiveness of the argument that any claim paid by the Federal or a State government after an investigation is initiated or allegations are put forth is 'approval' of the misdeed.