Medicaid IT problems plague N.C.
May 24, 2013 in Medical Technology
The North Carolina State Auditor has found several problems with the state Department of Health and Human Services’ implementation of a new Medicaid information management system, such as security and testing verifications.
The North Carolina Department of Health and Human Services is replacing a 25-year-old legacy system with an MMIS called NCTracks, which was initially intended to go live in August 2011 and has been in the development phase for more four years on a contract with CSC worth $484 million through 2020.
As DHHS gets set to transition entirely to NCTracks in July, the Office of State Auditor Beth Wood found a few causes for concern, with the agency deviating from North Carolina’s Statewide Information Security Manual and partly “increasing uncertainty about project readiness.”
As of March, key decisions about adding 1,500 user accounts and their security procedures had not been made, according to the auditor, and DHHS had not reported the pass or fail status of 285 of 834 priority tests for key business processes, including pharmacy claims, provider claims and managed care organization claims.
In other areas of testing by the primary and secondary vendors, the auditor found that DHHS hadn’t established necessary benchmarks to measure progress. DHHS also “created a conflict of interest for CSC by asking the vendor to propose the acceptance criteria for production testing,” the state auditor said, and another vendor hired for independent validation to ensure federal certification for the MMIS “relied exclusively on the test result reports of other vendors to conduct its own test case analysis.”
The auditor placed some blame for that on North Carolina’s Enterprise Project Management Office, which consistently rated the NCTracks project as “green” for a year, whereas it should have been rated “yellow” to indicate its mediocre risk management. Bypassing “the development of formal corrective action plans,” the Enterprise Project Management Office (EPMO) “increased the perception that this project, with a compressed timeline, has no issues or risks as it nears go-live,” the auditor said. The EPMO also never requested the verification vendor to test the system independently through the SILK repository tool.
And with the system expected to be in full use on July 1 — and ready to pay some $12 billion in claims annually for the 1.5 million North Carolinians on Medicaid — the auditor argued that DHHS had no formal criteria to determine whether it’s actually ready to go live.
Among other things, the auditor recommended that DHHS determine gaps in testing and develop a plan to fill them before July; decide unresolved questions about access and security; review the verification work of vendors to ensure it will meet CMS certifications; and develop an official framework for taking the system live in July.