Midwest Health System: Information System Risks and Controls
In 2017, the chief information officer (CIO) of Midwest Health System (Midwest), a major health care provider in a central town in the United States, noticed that incorrect billing, data theft, waste, fraud, and abuse in the health care industry had increased over the years. Compliance requirements related to various rules and regulations had also posed increasing challenges. The CIO wanted to meet with his colleagues in the information systems and audit groups to review risks related to information technology and the billing and collection process-the most critical process in terms of its impact on Midwest's operations and financial statements. His plan was to modify and strengthen existing controls and to institute new ones to mitigate the significant risks identified. The CIO believed that better controls would enable Midwest to improve patient satisfaction and reduce loss of revenues due to incorrect billing, fraud, and other factors by ensuring better security processes while complying with various rules and regulations. Reza Espahbodi is affiliated with Christopher Newport University. Ganesh Vaidyanathan is affiliated with Roosevelt University.