Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Review of Medicare administrative contractor information security program evaluations for fiscal year 2022
Review of Medicare administrative contractor information security program evaluations for fiscal year 2022
Why OIG Did This Audit. The Social Security Act requires each Medicare administrative contractor (MAC) to have its information security program evaluated annually by an independent entity. CMS contracted with Guidehouse, LLP, to evaluate information security programs at the MACs using a set of agreed-upon procedures (AUPs). HHS OIG must submit to Congress annual reports on the results of these evaluations and include assessments of their scope and sufficiency. This report fulfills that responsibility for fiscal year (FY) 2022. Our objectives were to assess the scope and sufficiency of MAC information security program evaluations and report the results of those evaluations. How OIG Did This Audit. We reviewed Guidehouse’s working papers to determine whether Guidehouse sufficiently addressed all areas required by the AUPs. We also determined whether all security-related weaknesses were included in the Guidehouse reports by comparing supporting documentation with the reports. We determined whether all gaps in the Guidehouse reports were adequately supported by comparing the reports with the Guidehouse working papers.
Copyright:
The National Library of Medicine believes this item to be in the public domain. (More information)