The Behavioral Health Executive Council (Council) established processes and
related controls to ensure that it complied with requirements related to
processing expired and denied license applications; reviewing, investigating,
and resolving complaints; and making the disciplinary information of licensees
available to the public. However, the Council should implement controls to
ensure that it checks the National Practitioner Data Bank before issuing license
renewals and license upgrades and that it checks Federal Bureau of Investigation
fingerprint criminal history records before issuing license upgrades.
Additionally, the logical access controls for the Council's information technology (IT) systems had
significant weaknesses. The Council also did not establish certain application controls in its regulatory
tracking system, VERSA Regulation, to ensure the integrity of its data, and it did not have policies and
procedures for its IT functions.