Washington’s Prescription Monitoring Program (PMP) was compromised by an unauthorized user, according to the state Department of Health.
The unauthorized user obtained enough identity information on a doctor to set up an account with the PMP, and was able to send out 34 letters to patients, according to the health department.
Established last year, the PMP is aimed at monitoring and tracking the prescribing of medications that fall under the “controlled substance” label, which would include narcotic painkillers like Oxycontin and Vicodin.
The intent is to allow doctors to monitor their patients’ prescription histories, and to help stop things like “doctor shopping,” where those addicted to drugs like Oxycontin and Vicodin move from doctor to doctor until they find one willing to prescribe the medications they seek. Outside of these concerns, the DOH cites an sharp increase in deaths involving “unintentional prescription pain medication overdoses,” which increased from 24 in 1995 to 490 in 2009.
“Maintaining the privacy of personal health information is a priority for the Department of Health,” said Assistant Secretary Karen Jensen. “Our Prescription Monitoring Program and our information technology security officer are working together to see what else can be done, look for ways to improve security, and prevent future attempts to create fake accounts.”
The health department urges physicians to review their accounts to make sure they haven’t been used fraudulently. Prescribers without accounts are being asked by the department to register immediately to make sure a repeat of this situation doesn’t occur.
According to the DOH, as soon as officials learned the account was fraudulent, it was deactivated. One of the tip-offs for DOH officials was that the account had put patient information into a file that was easily downloadable and distributable.
According to the DOH, the patients and doctors affected by the security breach have been notified, and law enforcement is investigating the incident. Those patients affected by the breach have been urged to contact health insurers and providers to make sure that no unauthorized services have been used under their names.
Providers are also being urged to work on “safeguard(ing) their professional and personal identifiers to help avoid this problem.”
The PMP is already used by over 10,000 health care providers in the state.
While mostly used by doctors and pharmacists, the PMP is accessible to other groups, such as law enforcement and health licensing boards.