Monday, June 21, 2010

Into the Breach: Anthem and PHI

According to the Department of Health and Human Services (HHS), Protected Health Information (PHI) is "(i)nformation your doctors, nurses, and other health care providers put in your medical record ... Conversations your doctor has about your care or treatment with nurses and others ... Information about you in your health insurer’s computer system," even most billing information that providers might have on hand. For providers (and insurers, as well), keeping this private information, well, private is a big deal.

Unfortunately, it's not always possible to prevent its unauthorized disclosure; according to email that hit my inbox this morning:

"Anthem Blue Cross recently learned of a situation in which a small number of individuals ... gained unauthorized access to certain private information." They did this by hacking the online tool that one can use to track the status of one's insurance application. The irony is that, according to the email that hit my inbox this morning, the "vast majority of the manipulation and the resulting unauthorized access occurred at the hands of certain attorneys ... conducted to support a class action lawsuit ... over the very breach they were committing."

Oy.

The carrier has now "made the necessary security changes to prevent it from happening again."

They hope.

As a goodwill gesture (and, perhaps, to mitigate the potential damages caused by the unauthorized access), Anthem will "will (offer) identity protection services for one year at no cost" to those affected by the virtual break-in.

If you've recently applied for individual health insurance with Anthem, it might be a good idea to check back with your agent (or the carrier) to see if your information has been compromised. After all, better safe...
blog comments powered by Disqus