Jan. 29, 2007
State Auditor Will Review Information Technology Processes at UIHC
University of Iowa Interim President Gary Fethke today announced that State Auditor David Vaudt has agreed to conduct an audit of information systems security access at the University of Iowa Hospitals and Clinics. Vaudt will determine the scope of the audit and report the results to the UI and to the Board of Regents, State of Iowa, the governing board for Iowa's public universities.
"We are constantly auditing and reviewing how we control access in our information technology systems to ensure that those processes are up to date and as effective as possible in protecting electronic records and documents," Fethke said. "However, we recently had an incident at UI Hospitals and Clinics which leads me to believe that an objective, external review of our processes is well advised, so I'm pleased that the state auditor has agreed to take on this task."
The computer security incident did not expose confidential patient records in any way, nor was it a case of a hacker gaining access to records or the use of UI computer systems, Fethke stressed.
"Our own investigation indicates that this was a case in which a university employee violated our policy on the acceptable use of information," Fethke explained. "However, the fact that this incident occurred in the administrative area of the hospital requires us to review whether our processes there can be improved to prevent future occurrences."
Vaudt cautioned that is it too early in the process to know when the audit will be completed.
"The time and resources it will take to complete the audit and prepare a report to the regents and the University of Iowa will depend on the scope," he said.
Vaudt added that Todd Stewart, director of Internal Audit for the Board of Regents, will assist his office.
STORY SOURCE: University Relations, 101 Jessup Hall, Iowa City, Iowa 52242-1000.
MEDIA CONTACT: Steve Parrott, firstname.lastname@example.org, phone 319-335-0552, cell 319-530-6972