Lessons Learned from Anthem Security Breach and Beyond

Broken red lock security concept on a wall with blue padlocks in a row composed of a rectangle pattern

With technology comes great risk and greater responsibility, particularly for the healthcare industry, which is gathering and digitizing more data from individuals than ever before.

The February 2015 breach of Anthem Inc.’s database is particularly alarming. Anthem is the second largest health insurer in the U.S., according to a report by Reuters, and company officials are still trying to determine how many people were impacted by the cyberattack.

Anthem has reported as many as 78.8 million customers may have had their personal information compromised, including an estimated 8.8 million to 18.8 million people who weren’t Anthem customers but had their data shared with Anthem by their insurer, Blue Cross Blue Shield.

Hackers accessed names, birthdays, social security numbers, medical identification numbers, street addresses, email addresses, employment information and more, according to a report on PR Newswire.

As more people become insured and seek medical treatment, and more electronic health records are compiled by healthcare and insurance providers, the industry itself must address how that data is safely and securely stored.

The American Health Information Management Association, or AHiMA, has addressed this timely issue on its website with a detailed report on best practices for ensuring the security of confidential, sensitive medical data.

According to the association, the most sensitive data collected includes medical test results, specific medical conditions and the records of high-profile patients and minor patients.

By law, some medical diagnoses or medical conditions are afforded special protection. Mental health records, for example, have a higher degree of confidentiality. Patients suffering from a sexually-transmitted disease, or HIV/AIDS is another. Safeguards should be in place to prevent disclosure of such records without patient consent.

The healthcare industry currently lacks a standard method for identifying patients and linking individuals to their respective medical records. Certain records, such as high-profile or celebrity patients, domestic violence victims and children, should be stored in a manner to restrict access and provide anonymity where required. Proper safeguards also can help prevent identity theft, fraud and abuse, according to the AHiMA.

Similarly, certain procedures, such as abortions, genetic testing and cosmetic surgeries, require a stricter standard.

In addition, in its report, AHiMA outlined several key areas that healthcare industries must take into account.

When choosing a product or provider for maintaining electronic health records, agencies should consider specific features for storing high-risk data that provide adequate screening controls such as the ability to redact sensitive information, designate a unique user identification code to allow for thorough auditing to identify everyone who accessed specific records, and other features, such as time-date stamps, for new documents created.

Health information managers must make sure that any electronic records system includes adequate functionality to meet internal operational and regulatory record-keeping requirements.

Finally, with regards to security, such issues as network access by outside users, encrypted data transmissions, IT support and system override authorization should be considered.

Industry professionals and concerned consumers can learn more about electronic health records, security risks, regulation and other important issues through HealthIT.gov, a national resource website for health information technology.

The website is divided into sections for providers and professionals, patients and families, and policy researchers and implementers. There are tabs on the benefits of electronic health records, privacy and security, certification, case studies and more.

The website is an invaluable tool for practitioners and consumers alike to understand the myriad issues involved in gathering, storing, accessing and protecting medical information.

YES! Please send me a FREE guide with course info, pricing and more!
Facebook
Twitter
LinkedIn

Academic Calendar

SPRING II – 2024

Application Deadline February 16, 2024
Start Date March 4, 2024
End Date April 28, 2024

SUMMER I – 2024

Application Deadline  April 12, 2024
Start Date  April 29, 2024
End Date  June 23, 2024

SUMMER II – 2024

Application Deadline June 7, 2024
Start Date June 24, 2024
End Date August 18, 2024

FALL I – 2024

Application Deadline  August 2, 2024
Start Date  August 19, 2024
End Date  October 13, 2024

FALL II – 2024

Application Deadline September 27, 2024
Start Date October 14, 2024
End Date December 8, 2024

Get Our Program Guide

If you are ready to learn more about our programs, get started by downloading our program guide now.