The MDH Office of Internal Controls, Audit Compliance & Information Security (IAC/S) serves to ensure that MDH operational units comply with legal, regulatory, and policy requirements. The IAC/S divisions include Audit Follow-Up, Audit Liaison, Compliance and Privacy, Institutional Review Board, the Strategic Data Initiative (SDI), Information Security (InfoSec), and Operations, Technology, and Risk Assessment.
What we do
Audit Follow-Up helps ensure MDH compliance with external audits conducted by the Office of Legislative Audits (OLA) and all other external auditors. MDH auditors and analysts confirm whether corrective actions have been implemented and if any modifications to policies and procedures are effective based on the external audit recommendations and MDH objectives. Special audits may be performed upon request from leadership or as the result of a risk assessment or survey performed by MDH.
Audit Liaison facilitates communication between MDH leadership and outside auditors, including the OLA; OIG/Health; Health and Human Services OIG (HHS OIG); Center for Medicare and Medicaid (CMS); and all other external audit organizations. In this role, Audit Liaison advocates on behalf of MDH while also helping to ensure MDH responds promptly to external audit recommendations.
Compliance and Privacy helps ensure that the Department complies with the Code of Conduct, Corporate Compliance policies, privacy policies, and the Health Insurance Portability and Accountability Act (HIPAA).
The Institutional Review Board (IRB) is responsible for reviewing research to ensure that the rights, safety, and dignity of human subjects are protected.
The Strategic Data Initiative (SDI) is responsible for updating MDH data protection and usage policies and reviewing data-related agreements for adherence to those policies.
The Information Security Program (InfoSec)
The Information Security (InfoSec) program was established to protect MDH’s ability to continually provide secured mission-critical operations. Through personnel, policies, procedures and standards, it ensures the availability of organizational information, confidentiality, integrity, and compliance with HIPAA, CMS, DoIT Security Manual, and
federal and State mandates.