The Social Security Act requires that each Medicare administrative contractor (MAC) have its information security program evaluated annually by an independent entity. The Centers for Medicare & Medicaid Services (CMS) contracted with Guidehouse, LLP (Guidehouse), to evaluate information security programs at the MACs, using a set of agreed-upon procedures (AUPs). HHS OIG must submit to Congress annual reports on the results of these evaluations, to include assessments of their scope and sufficiency. This report fulfills that responsibility for fiscal year 2018.
Report File
Date Issued
Submitting OIG
Department of Health & Human Services OIG
Other Participating OIGs
Department of Health & Human Services OIG
Agencies Reviewed/Investigated
Department of Health & Human Services
Report Number
A-18-19-11300
Report Description
Report Type
Audit
Agency Wide
Yes
Additional Details