A Maryland corrections division that provides inmate labor has backed out of a data entry contract with the health department after state auditors found that prisoners had access to some patients’ personal information. The findings were included in a legislative report three months after Maryland Correctional Enterprises stopped providing the services to the Department of Health and Mental Hygiene, the Baltimore Sun reports.
The report said the agency used inmate labor to enter physician Medicaid reimbursement claims into a database. Social Security numbers that appeared in the proper spot in the upper right corner of the forms were automatically redacted, or “blacked out.” But “infrequently, Social Security numbers for the recipient and/or the provider appeared in other locations on the form” and “remained accessible to the inmates,” the report said. Agency spokesman Rick Binetti said this occurred in 3 out of 3,000 cases reviewed, when doctors’ offices mistakenly used a patient’s Social Security number as the account identifier. He said there was no evidence to suggest inmates even noticed the numbers, and he stressed that there was “strict security in the room where this data entry took place,” including four cameras and supervisory staff.