As questions swirl around the state's new health insurance exchange, the agency responsible for safeguarding Minnesotans' private data expressed confidence Friday that ample protections are in place and that citizens "should trust the system."
"We have the latest tools and technology that we can bake into every level of the system," said Carolyn Parnell, commissioner of the state's information security department, known as MN.IT. "Even when the [MNsure] system is launched, security never ends."
Parnell appeared at a meeting of the MNsure exchange's board, which was seeking answers about a recent privacy breach in which a MNsure employee sent an e-mail containing the names and Social Security numbers of 1,600 insurance brokers. (Officials previously said the number was 2,400 but have since determined that some brokers were listed twice.)
With fewer than two weeks to go until consumers start shopping on the exchange, MNsure Executive Director April Todd-Malmlov drew a distinction between the errant e-mail and the website that consumers will use to access the exchange.
"I want to be very clear," Todd-Malmlov said. "The data incident was in no way related to MNsure's IT system."
Rep. Peggy Scott, R-Andover, said the explanation of the security breach and measures to protect consumer privacy fell short.
"Notably absent at today's MNsure Board meeting was any sort of apology to the Minnesotans whose personal information was violated," Scott said in a statement. "Today's meeting only raised more questions about MNsure's lack of data security procedures."
Todd-Malmlov said the employee who sent the e-mail to an independent broker had been trained in security measures along with all staff. But the information was kept on the employee's desktop computer and was not encrypted, in violation of policy.