Ex-Vernal officer accused of using state database to commit burglary for prescription drugs

See full story in the Salt Lake City Deseret News.

“VERNAL — Two Vernal residents say they intend to sue the state of Utah and the city of Vernal, claiming that a police detective improperly accessed a prescription drug database and used the information he obtained to steal painkillers from them…

That system is the Utah Controlled Substance Database, according to Walker, which was first created in 1995 and then expanded two years ago. It collects and tracks all information on prescription drugs dispensed by pharmacies in Utah. Its use is restricted to doctors, pharmacists and law enforcement officers for the purpose of identifying patients or doctors who might be overusing, over-prescribing or abusing prescription drugs.

Police can access the database by providing an active case number, and they are supposed to have probable cause before accessing an individual’s prescription information.

Former Vernal police detective Ben M. Murray ignored those requirements when he looked up Smithey and Holmes’ information and went to their home several times in 2011, Walker said.

“The officer used that system freely and was able to track these individuals and figure out when they got their prescriptions, how many pills they had,” the attorney said. “He comes in gun, badge, uniform (and) tells them he’s there for a ‘pill count’ and … while they’re talking and distracted, he’s grabbing pills and putting them in his pocket.”"

Re: Utah’s Medical Privacy Breach – Nearing 1 Million!

The Utah Dept of Health didn’t protect close to one million patients’ sensitive health data. Utah handles health information the way 80% of the US healthcare sector does: very poorly. Weak passwords and unencrypted health information are typical. Just last November, an SAIC/Tricare data breach of 4.9 million unencrypted records was reported.

The US healthcare industry has ignored federal law requiring encryption since 2005. Encryption is well-known to be the standard for protecting health data. But why do it if there is no enforcement and the cost of a fine or settlement is so low?

Instead of expanding electronic health records systems and exchanging millions more sensitive health records, the federal government should enforce the law and require the massive security flaws in existing health data systems be fixed. And whenever there are breaches, victims should have the technology tools to verify whether future claims are genuine to prevent medical ID theft and someone else’s record from receive credit monitoring for at least 3 years.

Learn more about the lack of health data privacy and security. Register to attend or watch the 2nd International Summit on the Future of Health Privacy, “Is there an American Health Privacy Crisis” on live streaming video at: http://www.healthprivacysummit.org