Audit of the Plymouth County Sheriff’s Department - A Review of Healthcare and Inmate Deaths (March 15, 2023)
March 15, 2023 · Plymouth County Sheriff's Department · Read the full official report on mass.gov ↗
source
“Our audit revealed no significant instances of noncompliance by PCSD that must be reported under generally accepted government auditing standards.”
Read the plain-English breakdown
This is a Massachusetts State Auditor performance audit of the Plymouth County Sheriff’s Department, focused on inmate healthcare and deaths during the audit period.
“I am pleased to provide this performance audit of the Plymouth County Sheriff’s Department.”
The audit was done to see whether the department followed required rules for inmate deaths, healthcare vendor meetings, medical intake screenings, physical exams, and responses to sick-call requests.
“Below is a list of our audit objectives, indicating each question we intended our audit to answer and the conclusion we reached regarding each objective.”
County jails hold people in government custody, so the public has an interest in whether inmates receive required medical care and whether deaths are handled properly and documented.
“A death in custody is one that occurs during this period of incarceration.”
For residents, this report is a check on whether a public law-enforcement agency is operating safely, spending public money under oversight, and protecting people in custody.
“According to PCSD’s Internal Control Policy 301, its mission is to “protect the public from criminal offenders by operating a safe, secure and progressive correctional facility while committing to crime prevention awareness in the community.””
The main audit areas passed: the auditor concluded the department met the reviewed requirements. The important exception is that the auditor said the department needs stronger IT policies, planning, training, and user-access controls.
“Our audit revealed no significant instances of noncompliance that must be reported under generally accepted government auditing standards.”
The report says the department should act quickly to strengthen controls over its computer systems, including continuity planning, disaster recovery, cybersecurity training, and review of user permissions.
“In the opinion of the Office of the State Auditor, PCSD should take immediate measures to improve the internal controls over its IT systems.”
The audit’s biggest warning is not about the sampled healthcare work, but about technology risk: weak IT controls can make sensitive jail and medical information easier to misuse or attack.
“Inadequate or nonexistent controls make the information in PCSD’s IT systems more vulnerable to unauthorized access and use by employees and to cyberattacks that could result in financial and/or reputational losses.”
CorEMR means the electronic medical record system used for inmate health information. OMS means the system used to track inmate custody and booking information. A sick call is how an inmate asks for healthcare.
“The Correctional Electronic Medical Records (CorEMR) System is a Web-based application that is used to record all health-related inmate information such as medical history, treatments, mental health status, medications, and scheduled appointments.”
What the Auditor checked
- Complied Did PCSD comply with and implement the requirements of Section 932.17(2) of Title 103 of the Code of Massachusetts Regulations (CMR) and PCSD’s Policy 622 (Serious Illness, Injury & Death) regarding the deaths of inmates in its custody?
- Complied Did PCSD hold quarterly meetings with its healthcare vendor and review quarterly reports for inmates’ healthcare services in accordance with 103 CMR 932.01(3)?
- Complied Did PCSD provide medical receiving screenings to its inmates upon admission, and intake physical examinations, in accordance with Sections IV and VII of PCSD’s Policy 630 (Medical Services) and Sections IV and VII of PCSD’s Procedure 630 (Medical Services)?
- Complied Did inmates at PCSD’s facility receive medical care after submission of a Sick Call Request Form in accordance with Section XII of PCSD’s Policy 630 and Section VII of PCSD’s Procedure 630?
What the Auditor found
Why it matters: Inadequate or nonexistent controls increase the risk of unauthorized access, cyberattacks, and financial or reputational losses.
Standard: National Institute of Standards and Technology Special Publication 800-53r5 ( National Institute of Standards and Technology’s Special Publication 800-53r5; National Institute of Standards and Technology Special Publication 800-53r5 )
1 recommendation
- PCSD should take immediate measures to improve the internal controls over its IT systems.
More audits of this entity
Other Office of the State Auditor reports on Plymouth County Sheriff's Department .
- Audit of the Plymouth County Sheriff's DepartmentSheriff · May 23, 2019