Audit targets confidential information security

The OIG completed an audit to assess the effectiveness of selected security controls over confidential Texas Health and Human Services (HHS) information stored and processed by El Paso Health. The audit also focused on business continuity and disaster recovery plans for operations relating to the processing and storage of confidential HHS System information by the provider.

Audit results indicated that El Paso Health complied with HHS Information Security requirements related to information security oversight, information system monitoring, risk management, and workforce training, business continuity and disaster recovery planning, information system monitoring and physical security. El Paso Health also complied with requirements related to business continuity and disaster recovery planning. The OIG recommended El Paso Health should further strengthen controls related to user access, configuration management and media protection.

Auditors offered recommendations to El Paso Health which, if implemented, will result in El Paso Health strengthening its user account management and risk management control areas. Read the full details in the OIG’s audit.