Audit at Community Health indicates risky data policies in Medicaid

Auditors have found that Georgia’s Department of Community Health “exposes itself to unnecessary risk of error, misuse, fraud or loss of data’’ that could significantly affect the reliability of claims and payment processing of Medicaid benefits.

The audit findings were reported in a document at the DCH board’s September Audit Committee meeting, obtained by Georgia Health News under the Georgia Open Records Act.

The audit report surfaced at a time when rumors about past financial issues at Community Health have spread among health care industry officials. The agency replaced key budget and financial officials last December.

A Community Health spokeswoman said Thursday that the agency does not comment on rumors or on personnel matters.

A separate report from a Community Health official, presented at a recent meeting with health industry leaders, cited complaints to Georgia legislators “about large [payment] recoupments associated with clerical errors which put many providers in jeopardy of going out of business.”

The Community Health spokeswoman, Fiona Roberts, said the recoupment conversation involved pharmacy audit legislation from the past General Assembly session, and that it applied to all health care providers in the Medicaid program.

The state Medicaid program covers more than 1.8 million Georgians. Community Health’s base budget of $14.8 billion is dominated by Medicaid expenditures.

The September audit report recommended the agency ‘’should allocate necessary resources to implement a formal risk management program to allow management to gain reasonable assurance [that the Department of Community Health] will achieve its objectives in complying with operational, financial reporting, and compliance requirements.”

DCH board members were told last month that significant progress has been made to implement the audit’s recommendations.

Those improvements included strengthening security controls and taking steps to “effectively manage organizational risk,’’ according to the DCH document.

The chairman of the agency’s board, Norman Boyd, said last month at a board meeting that the 2016 audit findings were related to internal controls, cybersecurity and IT issues.

A state audit for fiscal year 2016 said Community Health relies extensively on data processing controls within computer systems and business processes of vendors to process payment claims for Medicaid.

“Internal controls over services provided by vendors and their related computer systems and business processes are essential for ensuring the reliability and integrity of Medicaid payment data,” the state audit says.