Audit: R.I. IT risks significant, result in unsecure tax data, overpayments

A RECENTLY released by the state Auditor General found Rhode Island has not sufficiently addressed computer security risks..
A RECENTLY released by the state Auditor General found Rhode Island has not sufficiently addressed computer security risks..

(Updated 12:35 p.m.)
PROVIDENCE – A report by the state Auditor General found Rhode Island has not sufficiently addressed computer security risks, and needs to direct more funding to complete its upgrading of statewide accounting systems.
In total, the report issued Monday by Auditor General Dennis E. Hoyle identified five strategic issues that need to be addressed, 15 instances of significant deficiencies in internal controls, three findings concerning accounting compliance, eight findings reported by auditors of state programs and 17 less significant issues for managers.
One issue relates to an apparent overpayment of federal funds. Medicaid managed care organizations were overpaid about $208 million in fiscal 2015 due to the overstatement of capitation rates for the newly expanded Medicaid population, according to Hoyle. Of that amount, some $133 million remained due to the state as of June 30, 2015, funds that would then be returned to the federal government from which they came originally, according to his report.
Under a revised contract, the managed care organizations were allowed to keep additional funds through increased efficiencies, such as improved coordination of services. But the significant amount due to the state, in this instance, resulted from the excessive capitation amounts, Hoyle wrote.
The amount due has been recognized within the state’s Medicaid program as “program receivables.”
“The managed care organizations are unintentionally benefitting from a significant and extended no-interest cash flow infusion,” Hoyle wrote.
According to a note from the Deputy Director of the Medicaid program, the state on Feb. 10 notified the Medicaid managed care organizations that the state will recoup, over a three-month period beginning in April, 80 percent of the balance.

Peter M. Marino, president and CEO of Neighborhood Health Plan, released a statement regarding the findings that Medicaid-managed care organizations were overpaid more than $200 million in federal funds. Marino said they are aware of the issue and “are partnering with EOHHS to repay these federal funds according to the schedule EOHHS requested.”
Marino said this issue arose when EOHHS set the Medicaid expansion rates, effective Jan. 1, 2014.

“EOHHS did not have previous utilization data for this new population associated with the Affordable Care Act. Once the actual utilization data became apparent, EOHHS worked with the health plans and the federal government to adjust the payments and to begin the process of returning funds,” Marino said.

“There are no adverse financial issues for Neighborhood associated with the auditor general’s findings. We continue to successfully manage the health of our Medicaid expansion members, improving access to care and outcomes while controlling costs,” Marino added.

- Advertisement -

Among other findings was what the report characterized as a repeated “material weakness” relating to electronic transmission of tax payments and tax information received by the Division of Taxation. The report states:

    “Generally, these electronic files are in an open text format that allows, rather than restricts, manipulation of data prior to recording in Taxation’s mainframe systems. Additionally, the files reside in an unprotected network folder prior to and after upload. These electronic files should be in a file format that is secure and configured to facilitate an efficient upload to Taxation’s systems without need for manual intervention.”

The report noted that the Division of Taxation was working with the Division of Information Technology, but that the issue had not been resolved.

In addition, the auditor noted that certain state Division of Motor Vehicles revenue and receipts were not recorded by the agency during the fiscal year, although they were tracked by the bank. Some $1.8 million collected and deposited by the bank were not recorded as revenue or receipts by the DMV, due to a formula error in a state spreadsheet.
The DMV has since taken corrective action.

The full report is available HERE.

No posts to display