Get Full Government Meeting Transcripts, Videos, & Alerts Forever!
State auditor rates DHHS access controls "critical," flags whistleblower retaliation and incident-response gaps
Summary
A state auditor's data-privacy audit found excessive, poorly controlled access to DHHS records (1,222 users with access to millions of records), inadequate incident response and reported retaliation against whistleblowers; DHHS agreed with most findings and outlined technical fixes and policy changes.
A state auditor's office audit presented to the Social Services Appropriations Committee described critical data-privacy and security weaknesses at the Utah Department of Health and Human Services (DHHS), including broad user access to highly sensitive records, insufficient incident-response procedures and evidence of retaliation against whistleblowers.
"Across the state, you have 1,222 users that have access to 6,000,000 records covering over 2,000,000 people," an auditor told the committee, calling the excessive-access finding "critical." Auditors said they withheld some technical details from the public…
Already have an account? Log in
Subscribe to keep reading
Unlock the rest of this article — and every article on Citizen Portal.
- Unlimited articles
- AI-powered breakdowns of topics, speakers, decisions, and budgets
- Instant alerts when your location has a new meeting
- Follow topics and more locations
- 1,000 AI Insights / month, plus AI Chat
