Overview
- State Auditor Tina M. Cannon publicly released a privacy review and presented it to the Social Services Appropriations Committee on Feb. 11.
- Auditors found the DCFS SAFE database and Utah State Hospital’s eChart allowed broad internal access to highly sensitive records without adequate monitoring.
- About 1,222 users could access SAFE’s roughly 6 million child-welfare records covering 2,020,726 individuals, and 823 employees had eChart access to 10,587 patient records.
- The review cited weak incident response, limited oversight and training, under-reported privacy incidents, documented policy breaches, mistaken disclosures, and no well-known anonymous reporting channel.
- Auditors urged stricter access controls, better monitoring, and improved training; DHHS says remediation began after August 2025, expects policy updates by March, and reports no confirmed misuse found by the audit.