Lessons Learned from Anthem Security Breach and Beyond

Broken red lock security concept on a wall with blue padlocks in a row composed of a rectangle pattern

With technology comes great risk and greater responsibility, particularly for the healthcare industry, which is gathering and digitizing more data from individuals than ever before.

The February 2015 breach of Anthem Inc.’s database is particularly alarming. Anthem is the second largest health insurer in the U.S., according to a report by Reuters, and company officials are still trying to determine how many people were impacted by the cyberattack.

Anthem has reported as many as 78.8 million customers may have had their personal information compromised, including an estimated 8.8 million to 18.8 million people who weren’t Anthem customers but had their data shared with Anthem by their insurer, Blue Cross Blue Shield.

Hackers accessed names, birthdays, social security numbers, medical identification numbers, street addresses, email addresses, employment information and more, according to a report on PR Newswire.

As more people become insured and seek medical treatment, and more electronic health records are compiled by healthcare and insurance providers, the industry itself must address how that data is safely and securely stored.

The American Health Information Management Association, or AHiMA, has addressed this timely issue on its website with a detailed report on best practices for ensuring the security of confidential, sensitive medical data.

According to the association, the most sensitive data collected includes medical test results, specific medical conditions and the records of high-profile patients and minor patients.

By law, some medical diagnoses or medical conditions are afforded special protection. Mental health records, for example, have a higher degree of confidentiality. Patients suffering from a sexually-transmitted disease, or HIV/AIDS is another. Safeguards should be in place to prevent disclosure of such records without patient consent.

The healthcare industry currently lacks a standard method for identifying patients and linking individuals to their respective medical records. Certain records, such as high-profile or celebrity patients, domestic violence victims and children, should be stored in a manner to restrict access and provide anonymity where required. Proper safeguards also can help prevent identity theft, fraud and abuse, according to the AHiMA.

Similarly, certain procedures, such as abortions, genetic testing and cosmetic surgeries, require a stricter standard.

In addition, in its report, AHiMA outlined several key areas that healthcare industries must take into account.

When choosing a product or provider for maintaining electronic health records, agencies should consider specific features for storing high-risk data that provide adequate screening controls such as the ability to redact sensitive information, designate a unique user identification code to allow for thorough auditing to identify everyone who accessed specific records, and other features, such as time-date stamps, for new documents created.

Health information managers must make sure that any electronic records system includes adequate functionality to meet internal operational and regulatory record-keeping requirements.

Finally, with regards to security, such issues as network access by outside users, encrypted data transmissions, IT support and system override authorization should be considered.

Industry professionals and concerned consumers can learn more about electronic health records, security risks, regulation and other important issues through HealthIT.gov, a national resource website for health information technology.

The website is divided into sections for providers and professionals, patients and families, and policy researchers and implementers. There are tabs on the benefits of electronic health records, privacy and security, certification, case studies and more.

The website is an invaluable tool for practitioners and consumers alike to understand the myriad issues involved in gathering, storing, accessing and protecting medical information.

YES! Please send me a FREE guide with course info, pricing and more!
Share on facebook
Share on twitter
Share on linkedin

Academic Calendar

SUMMER 1 – 2021

Application Deadline April 16, 2021
Start Date May 3, 2021
End Date June 27, 2021

SUMMER 2 – 2021

Application Deadline June 11, 2021
Start Date June 28, 2021
End Date August 22, 2021

FALL 1 – 2021

Application Deadline August 6, 2021
Start Date August 23, 2021
End Date October 17, 2021

FALL 2 – 2021

Application Deadline October 1, 2021
Start Date October 18, 2021
End Date December 12, 2021

SPRING 1 – 2022

Application Deadline December 17, 2021
Start Date January 10, 2022
End Date March 6, 2022

Get Our Program Guide

If you are ready to learn more about our programs, get started by downloading our program guide now.