Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

June 20, 2024

State insurance exchange audit finds deficiencies, compliance issues

PHOTO | CT MIRROR An Access Health CT office.

Access Health CT, the state’s health insurance exchange, has internal control problems, does not comply with some laws, regulations or policies, and needs to improve its practices and procedures, according to a new report.

The 22-page report, dated May 15, was produced by the state Auditors of Public Accounts, John C. Geragosian and Craig A. Miner. It lists six recommendations for corrective action, including three repeated from a previous audit.

The audit looked at the fiscal years ended June 30, 2020, and June 30, 2021. It found:

  • The exchange and five contractors incurred 51 breaches affecting client data from July 2021 through April 2023. The exchange also paid for a year of security monitoring for clients. The finding had previously been cited in an audit report for the fiscal years 2018-19. The new report recommends the exchange promptly notify auditors and the state Office of the Comptroller of any breaches and ensure “that it has sufficient internal controls to safeguard” client information.
  • The exchange did not track or monitor eligibility and coverage overrides, and did not require supervisors to approve them.

According to the audit, the exchange and the state Department of Social Services (DSS) generated 23,252 overrides in fiscal 2020 and 2021, and it states that a “lack of internal controls increases the risk that clients receive improper health insurance coverage or are enrolled in programs they are not eligible for.” 

The auditors said this also was reported in a prior audit, and recommend the exchange “establish and implement internal controls to track and monitor system overrides.”

The report cites four other findings, including:

  • Weaknesses in the exchange’s purchasing process that include not following required policies and procedures and which had been cited in a previous audit; 
  • Failing to properly document and conduct criminal background checks for the Navigator grant program, which provides educational and enrollment assistance to uninsured state residents; 
  • Inadequate overtime monitoring, and
  • A lack of compliance with statutory reporting requirements.

A spokesperson for the exchange did not respond to a request for comment. The audit report, though, included exchange responses for each finding. Among them, the exchange said it “recognizes the importance of strong information security controls,” especially given the sensitive nature of the data it handles, and has amended its vendor agreement to include additional breach reporting requirements.

For the eligibility and coverage overrides, the exchange said, “Written policies delineate when eligibility and coverage overrides are permitted, and periodic reports of overrides are reviewed by Exchange managers and supervisors on a regular basis.”

The exchange also said that, concerning the unauthorized OT, it has “internal controls in place to detect abuses.” 

On Friday, the state legislature’s Insurance and Real Estate Committee will hold an informational forum about the report from 10 a.m. to noon in Room 2D of the Legislative Office Building at 300 Capital Ave. in Hartford. The forum will include an opportunity for the public to ask questions.

Sign up for Enews


Order a PDF