Department of Health

General and Application Controls Over the Health Information Network (Follow-Up Review)

The Health Information Network is a web-based information system maintained by the Department of Health for users in the Department and local health departments throughout New York State. In our prior audit report 2001-S-4, we examined whether confidential information in the Network was adequately protected against access by unauthorized individuals. We found that the controls for preventing such access were generally adequate, but improvements could be made in certain controls to provide even better protection. In addition, actions were needed to prevent service interruptions and a loss of information from power failures, natural disasters and other such events. In our follow-up review, we found that Department officials had made progress in implementing the recommendations contained in our prior report.

For a complete copy of Report 2002-F-17 click here.
For a copy of the 90-day response click here.