Audit Cites Financial Problems With Maryland Health Exchange
ANNAPOLIS, Md. (AP) -- Maryland's health care exchange, plagued by a website crash the day it opened in 2013, suffered from a host of problems -- including how it paid companies and secured sensitive personal information, according to a state audit released Friday.
The audit also noted that the exchange's board violated open meetings law seven times between June 2011 and March 2014, according to the State Open Meetings Compliance Board. The violations related to untimely notification and inadequate disclosures. The content of closed sessions also exceeded the scope of topics allowed by state law, the audit said.
Auditors found the exchange did not comply with policies for buying goods and services in five contract awards totaling $96.5 million. For example, the audit noted the exchange solicited only a single vendor for some work.
"Also, relevant procurement and contract documentation, such as evidence of negotiating for best price and terms, could not be provided," the audit said.
In a response, exchange officials disagreed with the finding, because the policy calls for soliciting responses "from as many vendors as practicable."
"This provision expressly recognizes that it may not always be practical to conduct a competitive selection or even a quasi-competitive selection in emergent circumstances," the exchange said in its response, noting the failure of the original website, as well as federal implementation deadlines and open enrollment mandates.
While exchange officials did not agree with some of the audit's findings, its executive director wrote that the exchange largely concurred with recommendations made by the Office of Legislative Audits. Carolyn Quattrocki wrote that the exchange was still a young agency during the audit period, and it has made progress in enhancing infrastructure and operations, accountability, security and transparency.
"The agency has either implemented, or taken significant steps towards implementing, all of these recommendations," Quattrocki wrote.
The fiscal compliance audit covered the period from June 1, 2011, to July 23, 2014.
Among other findings in the 51-page audit:
--There were "numerous security and control issues" with the exchange information systems. Specifically, the audit noted that personally identifiable information, such as full name, date of birth, social security number and household income of 591,858 people was not appropriately safeguarded. The exchange responded that it protected confidential data with "substantial and effective mitigating controls," though it was unable initially to implement an encryption solution due to time constraints.
--The exchange did not obtain or evidence its review of certain documentation to substantiate vendor billings. Auditors said their tests disclosed that the exchange made payments totaling $8.2 million to vendors for hourly services without first obtaining time and payroll records to verify the propriety of the labor charges billed.
--The exchange had not verified the propriety $23.4 million in fiscal year 2014 grant expenditures incurred by six entities that provided outreach and enrollment services under the Connector Program.
--The exchange did not submit federal fund reimbursement requests in a timely manner, resulting in the loss of interest income of $199,000. For expenditures incurred during the period of April 2011 through Sept. 2014, the exchange submitted six federal fund reimbursement requests totaling $73.9 million from one to 32 months after the claims could have been submitted.
--The exchange had not implemented procedures to account for and control its equipment inventory, including computer equipment purchased for the original exchange system.
(Copyright 2015 by The Associated Press. All Rights Reserved.)
