OIG audits security controls over confidential HHS information
The audit assessed the design and effectiveness of selected security controls over confidential HHS System information stored and processed by Aetna Better Health of Texas.
Access to confidential HHS System information must be managed in accordance with HHS Information Security Controls (IS-Controls). Aetna’s processes for managing certain accounts with access to confidential HHS System information in its claims management system did not meet all HHS IS-Controls requirements. OIG offered recommendations to Aetna to ensure access to confidential information in its claims management application is managed in accordance with HHS IS-Controls requirements.
The audit also examined business continuity and disaster recovery plans for operations relating to confidential HHS System information. Overall, Aetna implemented controls to safeguard confidential HHS System information and developed procedures to ensure the continuation of the operations necessary to deliver services to members in the event of an emergency or disaster.