The audit found that inmates who worked for Maryland Correctional Enterprises had access to the social security numbers while they were processing Medicaid claims as part of an inmate work program, according to a report by the Baltimore Sun.
A computer program was supposed to redact the social security numbers, but in some cases it did not, the audit found. Social security numbers that appeared in the proper spot on the forms were automatically redacted, but sometimes the numbers for the recipient and/or the provider appeared in other locations on the form and "remained accessible to the inmates", the audit said.
Rick Binetti, a spokesman for the Department of Public Safety and Correctional Services, told the newspaper that this occurred in roughly 3 out of 3,000 cases reviewed, when doctors' offices mistakenly used a patient's social security number as the account identifier.
Binetti said there was no evidence to suggest inmates even noticed the numbers, and he stressed that there was "strict security in the room where this data entry took place," including four cameras and supervisory staff.
Maryland Correctional Enterprises no longer provides Medicaid form processing for the Maryland Department of Health and Mental Hygiene, the newspaper noted.