Esme Murphy reports:
A nurse with a history of narcotics theft illegally accessed a state database that contains prescription drug records for 1 million Minnesotans, all under the supervision of government entities that cost taxpayers hundreds of millions of dollars annually.
A WCCO-TV investigation found that, despite the nurse’s background, he was given access to the database by both the Minnesota Department of Human Services and the state’s largest insurer, Blue Cross and Blue Shield.
You really need to read the entire article, as it raises questions about access control, background checks, and so much more. What’s really concerning is that it’s not clear from the state’s response that they have taken effective steps to prevent a recurrence of this type of breach.
So we have Blue Cross and Blue Shield, who hired a nurse with a criminal record and gave him access to the state’s prescription database under their arrangement with the state. That’s on them. It’s also on them that after they removed him from the position that gave him access, they didn’t follow up to ensure that his access to the database was terminated. That’s also on the state. But I think it’s on the state to ensure that whoever it makes arrangements with to access a state database with personal and sensitive information has adequate policies and procedures in place – and that they are being followed.
This is another one of those cases where I’d love to see HHS/OCR do something to send a strong message.