Office of Internal Controls and Audit Compliance

The MDH Office of Internal Controls and Audit Compliance (IAC) serves to ensure that MDH operational units comply with legal, regulatory, and policy requirements. The IAC divisions include Audit Follow-Up, Audit Liaison, Compliance and Privacy, Institutional Review Board, the Strategic Data Initiative (SDI), and Operations, Technology, and Risk Assessment.​

What we do

  • Promptly make recommend​​ations to correct internal control weaknesses identified in audits or other reviews
  • ​Conduct follow-up reviews and testing to ensure that corrective actions recommended by external auditors have been implemented and are working effectively
  • Serve as liaison between Departmental units and the Office of Legislative Audits (OLA); OIG/Health; Health & Human Services OIG; and all other external audit organizations
  • Receive and review allegations regarding employee conduct and other compliance issues
  • Track and report on MDH compliance with secondary employment and financial disclosure requirements
  • Receive and review potential violations of the MDH privacy policy and the Health Information Portability & Accountability Act (HIPAA)
  • ​Coordinate the activities of the MDH Institutional Review Board
  • Review data-related agreements and update data use policies to ensure that MDH data is protected​

Audit Follow-Up helps ensure MDH compliance with external audits conducted by the Office of Legislative Audits (OLA) and all other external auditors. MDH auditors and analysts confirm whether corrective actions have been implemented and if any modifications to policies and procedures are effective based on the external audit recommendations and MDH objectives. Special audits may be performed upon request from leadership or as the result of a risk assessment or survey performed by MDH.

Audit Liaison facilitates communication between MDH leadership and outside auditors, including the OLA; OIG/Health; Health and Human Services OIG (HHS OIG); Center for Medicare and Medicaid (CMS); and all other external audit organizations. In this role, Audit Liaison advocates on behalf of MDH while also helping to ensure MDH responds promptly to external audit recommendations.

Compliance and Privacy helps ensure that the Department complies with the Code of Conduct, Corporate Compliance policies, privacy policies, and the Health Insurance Portability and Accountability Act (HIPAA).

The Institutional Review Board (IRB) is responsible for reviewing research to ensure that the rights, safety, and dignity of human subjects are protected.

The Strategic Data Initiative (SDI) is responsible for updating MDH data protection and usage policies and reviewing data-related agreements for adherence to those policies.  ​
​Contact us
Maryland Department of Health
Office of Internal Controls and Audit Compliance​
201 W. Preston Street
Baltimore, MD 21201
410-767-5314 office 
410-333-7194 fax  
MDH.IAC@Maryland.gov​