Skip to Main Content

State medicaid agency strengthens application development technology for MMIS

Client Description

State Medicaid agency


Due to an MMIS programming error, a state Medicaid agency incorrectly mailed health plan enrollment letters, resulting in a HIPAA breach. Steps were taken to notify program participants and the federal government, but the state needed to resolve the error that caused the breach and assess other potential risks.


BerryDunn experts:

  • Identified and assessed security risks related to the development and operation of the MMIS, with a focus on privacy, integrity, and availability of critical, personally identifiable data in the context of HIPAA and other laws
  • Developed a realistic action plan to mitigate identified risks
  • Identified opportunities for strengthening the application development methodology used for the MMIS


The state received recommendations for strengthening the application methodology used for the operational maintenance and development of the MMIS, with a systematic approach for conducting routine security risk assessments that can be executed by state personnel to maintain and continuously improve security policies and practices.

Related Industries

Related Services