Midwest Health System: Information System Risks and Controls
(8 pages of text)
In 2017, the chief information officer (CIO) of Midwest Health System (Midwest), a major health care provider in a central town in the United States, noticed that incorrect billing, data theft, waste, fraud, and abuse in the health care industry had increased over the years. Compliance requirements related to various rules and regulations had also posed increasing challenges. The CIO wanted to meet with his colleagues in the information systems and audit groups to review risks related to information technology and the billing and collection process—the most critical process in terms of its impact on Midwest’s operations and financial statements. His plan was to modify and strengthen existing controls and to institute new ones to mitigate the significant risks identified. The CIO believed that better controls would enable Midwest to improve patient satisfaction and reduce loss of revenues due to incorrect billing, fraud, and other factors by ensuring better security processes while complying with various rules and regulations.
This case is intended for use in both undergraduate- and graduate-level courses in auditing, management information systems, and accounting information systems. The case can also be used in a graduate information systems auditing course. By working through the case and assignment questions, students will have the opportunity to do the following:
- Describe a hospital’s operations and information technology systems.
- Outline general information technology risks and controls.
- Identify risks and envision controls related to the billing and collection process.
- Explain how to test the operating effectiveness of controls in the billing and collection process.
- Define the concept of residual risks and identify such risks.
Health Care Services
United States, Large, 2017
$5.30 CAD / $5.00 USD Printed Copy
$4.50 CAD / $4.25 USD Permissions
$4.50 CAD / $4.25 USD Digital Download