Audit of the Department of Mental Health
August 1, 2019 · Department of Mental Health · Read the full official report on mass.gov ↗
source
“DMH did not effectively manage the discharge of some clients from its psychiatric hospitals to less restrictive community-based settings.”
Read the plain-English breakdown
This is a Massachusetts State Auditor performance audit of the Department of Mental Health, covering July 1, 2016 through September 30, 2018.
“This report details the audit objective, scope, methodology, findings, and recommendations for the audit period, July 1, 2016 through September 30, 2018.”
Auditors looked at whether clinically stable patients were being discharged on time to less restrictive places, such as community-based settings.
“In this performance audit, we examined DMH’s protocols for the discharge of clients from DMH-funded state psychiatric hospitals.”
Delays can hurt patients and also keep scarce hospital beds from people who need them.
“Not ensuring that all clients who are ready for discharge are placed in a timely manner may negatively affect clients’ mental health and may deprive other clients of the opportunity to be placed in DMH facilities.”
If you or someone you care about needs state mental health services, this matters because timely discharge and secure records affect patient care, privacy, and access to limited beds.
“As a result, there is an increased risk of terminated employees improperly accessing and/or altering personal information in MHIS, such as clients’ names, addresses, dates of birth, and medical records.”
The Auditor concluded DMH needed better tracking and controls for discharge planning, and better controls for shutting off former employees’ system access.
“DMH should establish monitoring controls to ensure that anticipated discharge dates are properly recorded or that discharge is as timely as possible.”
The issue is significant because Massachusetts has far fewer continuing-care psychiatric beds than it used to, and people were already waiting about 79 days for admission during the audit period.
“The reduction of beds over the years raises concerns over bed availability.”
MHIS means the Mental Health Information System, the database DMH uses for patient records, admissions, discharges, and treatment-plan information.
“MHIS contains all client records, including those of clients who have been admitted to, and discharged from, DMH hospitals.”
What the Auditor checked
- Did not comply Are clinically stable clients discharged in a timely manner to less restrictive environments?
What the Auditor found
Why it matters: Delayed discharge can negatively affect clients' mental health, limit availability of beds for other clients, and prevent DMH from monitoring and fixing discharge process problems.
Standard: Section 27.09(1)(a), 104 CMR 27.05(4), and 104 CMR 27.11(6), plus facility discharge planning procedures. ( Section 27.09(1)(a) of Title 104 of the Code of Massachusetts Regulations; 104 CMR 27.05(4) and 27.11(6) )
2 recommendations
- DMH should modify its standard protocol to include identifying and/or modifying the anticipated discharge date in the treatment plan meeting notes as the client approaches discharge.agency: agreed
- DMH should establish monitoring controls to ensure that anticipated discharge dates are properly recorded or that discharge is as timely as possible.agency: agreed
Agency response & Auditor reply
Agency: "DMH disagrees with the finding that DMH “did not effectively manage the discharge of some clients from its psychiatric hospitals to less restrictive community-based settings.”"
Auditor: "As noted above, our audit showed that in some cases, DMH did not effectively manage the discharge of clients living in its facilities to less restrictive settings."
Why it matters: Untimely access removal increases the risk that former employees could improperly access or alter clients' personal and medical information.
Standard: DMH's Information Security Handbook and the Massachusetts Executive Office of Technology Services and Security Access Management Standard. ( DMH Information Security Handbook )
1 recommendation
- DMH should establish a formal process for disabling former employees' network access as soon as possible and monitoring controls to ensure the process is followed.agency: agreed
Agency response & Auditor reply
Agency: "The Department agrees with the Audit Finding concerning not revoking the access of 13 former employees to MHIS in a more timely manner."
More audits of this entity
Other Office of the State Auditor reports on Department of Mental Health .
-
Audit of Cybersecurity Awareness Training Compliance Across Multiple State Agencies - Department of Mental Health (November 8, 2024)State Agency / Office · November 8, 2024 -
Audit of Settlement Agreements and Confidentiality Clauses Across Multiple State Agencies - Department of Mental Health (January 28, 2025)State Agency / Office · January 28, 2025