It is not our fault .. it is their fault…

pointingfingers

Report: State of Indiana prescription tracking system (INSPECT) is in ‘crisis’

http://www.courierpress.com/news/state/report-state-prescription-tracking-system-is-in-crisis_65884893

INDIANAPOLIS — A state system for tracking prescriptions has been “in crisis” and created a risk of exposing patients’ personal information, according to a state-commissioned report that Gov. Mike Pence’s administration tried to keep under wraps.

The system, intended to help the state fight prescription drug abuse and doctor-shopping, faces “significant threats and weaknesses that are compromising the integrity of the program,” said the report obtained by TheStatehouseFile.com.

It attributes the problems to staff vacancies — which state officials say are now largely filled — as well as a “tug-of-war” within Pence’s executive branch over who’s in control: The Indiana Professional Licensing Agency or the Indiana Board of Pharmacy.

But Nick Goodwin, director of legislative affairs for the Professional Licensing Agency, insists no such data threats exist, and he said a second, outside analysis proves it.

Goodwin also said the initial report’s claims about management, administration, staff and governance “were not accurately represented and were unsubstantiated by an absence of data validation other than conjecture from interviews with stakeholders.”

Still, lawmakers, who had to obtain a copy of the report through back channels after the Pence administration sought to force them to sign non-disclosure agreements to read it, remain so concerned about the program that they’ve sent the governor a bill that gives the pharmacy board more authority. The bill also creates a new oversight committee made up of the system’s users.

“With so much private consumer information at stake, we simply can’t afford to shortchange the program,” said House Public Health Chair Ed Clere, R-New Albany.

And state Rep. Steve Davisson, a pharmacist and Republican from Salem, said change is necessary given the initial report’s criticism of the program’s management and its importance in providing appropriate health care.

The “program is an important tool for physicians and prescribers and pharmacists around the state,” Davisson said. “It’s one of the most important tools we have in controlling prescription drug abuse.”

At stake are millions of prescriptions written by Hoosier doctors that are tracked through INSPECT, which stands for Indiana Scheduled Prescription Electronic Collection and Tracking Program.

INSPECT collects data from pharmacies about prescriptions of narcotics, opioids and other addictive drugs and lets doctors, pharmacists and police get information from the database to track whether patients are obtaining more pills than they should.

The information in the system includes names, dates of birth, addresses, driver’s license numbers and details about prescriptions for controlled drugs — information that must be kept secure, Davisson said.

But Netlogx, the outside vendor the Professional Licensing Agency hired for more than $100,000 to produce the initial assessment, couldn’t verify whether the agency had the systems in place to ensure the information was safe.

“The risk and the consequences from exposure of sensitive data is the most significant threat to the INSPECT Program overall,” the report said.

Goodwin argues the Netlogx report was not technical in nature and therefore not an accurate assessment of the security of patient information.

Still, the initial report raised enough questions that the agency ordered a second, more in depth technical review.

That one came from Indianapolis-based information security consultant Pondurance, and aimed to determine the extent that personal data may be at risk. The second report — released just this week — found some areas for improvement, particularly in the state’s compliance with federal health care privacy rules, but it generally determined the data is safe, said Eric Burton, the agency’s application system analyst.

“We did pretty good,” Burton said. The Pondurance report said the agency is “on the right track to meet and comply with all the security requirements” of federal laws.

But Netlogx says that at the time of its report, which was dated Dec. 31, 2014, the state had left INSPECT’s quality assurance analyst position open for almost a year. That position is “critical to data integrity and protection.”

Goodwin said that’s not true. He said INSPECT did not previously have a quality assurance position and that those duties have fallen under the director since 2013. He said the agency has since created a separate quality assurance position and is now in the process of filling it.

Netlogx conducted its assessment of INSPECT over six weeks, reviewed documents and policies, and interviewed 37 people, including program staff, users and state leaders.

The report found the INSPECT program:

Was understaffed. At the time of the report, two staff members were covering five full-time positions. Goodwin said it was actually four positions and two of those have since been filled.

Has a director, Holly Walpole, who is “held in high regard” among her colleagues nationally. They were impressed by the director’s “ability to manage the INSPECT program despite crippling staff shortages.”

Is “neglected in key areas and over-managed in others causing significant problems in organization.” The director is both isolated in her duties and still responsible to two different groups — the agency administrators and the pharmacy board, which often conflict.

The report talks repeatedly about the agency’s staffing problems, which lawmakers said occurred even though the General Assembly had appropriated enough money for a full staff.

Goodwin said the positions stayed open longer than usual because two people hired to fill them opted later not to take the jobs. He said the timing of the openings just happened to coincide with the Netlogx report.

That report also said the program suffers because there’s no clear understanding of who’s in charge. The report said the Professional Licensing Agency has conflicting organizational charts and that the INSPECT director isn’t included in weekly agency director meetings.

“At the core of these issues is confusion regarding who has the authority over” the program, the report said.

Goodwin said the structure is set by law, not by the agency. And he said the director always is included in meetings dealing with her program.

The legislature intended to give the pharmacy board general oversight of the system, Davisson said. But the board is staffed by the Professional Licensing Agency, which also controls the program’s budget and staffing.

“Currently there seem to be a tug of war between both entities, and the minimal staff of INSPECT is in the middle struggling to manage operations,” the report said.

Davisson said he’s hopeful the report and the changes approved by the legislature will make a difference. But he and Clere said it has been difficult to get information from the licensing agency. In fact, just getting a copy of the Netlogx report, which the agency has deemed confidential under state public records law, proved problematic.

Initially, lawmakers said, the agency declined to give them the report, citing concerns about security.

Then, Clere and Davisson said the Pence administration asked them to sign non-disclosure agreements simply to review the report’s contents. The lawmakers said they refused, obtained the report from other sources, and then shared it with members of the House Public Health Committee.

“There’s not enough transparency,” Clere said. “No one is suggesting they ought to release information or details that are of a truly sensitive nature from a security standpoint. But most of what we’re talking about here has nothing to do with specific or proprietary security information.

“The report deals with management issues and oversight issues and other things like that,” Clere said. “It would be good for INSPECT and good for the legislative process and good for the state if there was more transparency.”

2 Responses

  1. Unless the system reports back to the pharmacist real time-on line it should be replaced. As for who should be in charge, it should be the State health department. This will eliminate turf wars and avoid what some may see as professional protection be it either the prescribers or the dispensers.

Leave a Reply

%d bloggers like this: