Mississippi Division of Medicaid Security Assessment Audits
Mississippi’s Division of Medicaid (DOM) selected SLI to deliver Security Assessment Audits of its Medicaid system. DOM chose SLI to conduct annual assessments as defined by MARS-E 2.0, Volume III, Catalogue of Minimum Acceptable Risk Security and Privacy Controls for Exchanges.
The assessments incorporate a comprehensive review of specified privacy controls including but not limited to, administrative controls, technical controls and physical safeguards employed to protect the proper handling of PII. In addition, a full and comprehensive review of information security controls interrelated to privacy controls are assessed to verify information collected, used, maintained, shared and disposed of by programs and systems are being handled and managed in accordance with the Standard.
Privacy controls are assessed with reference to the Fair Information Practice Principles (FIPP) as designed to build public trust in the privacy practices of public organizations.
The annual security and privacy attestation process includes the following activities by the independent assessor:
- Review DOM’s policies and procedures and attest to their
- Determine security and privacy controls to be
- Review and evaluate the ACA Information Systems security and privacy documentation by the Administering Entity. The assessment and resulting attestation report must be submitted to
- Review the Privacy Impact Assessment (PIA) to verify that privacy controls are documented, privacy risks are assessed, and control implementations have not
- Review legal agreements with CMS and other business partners to ensure they are current.
Upon completion of the assessment, DOM will receive a detailed Privacy and Security Assessment Report compliant to MARS-E 2.0 standards and requirements.