Lessons from the Anthem Breach - Health Works Collective

Anthem experienced a major data breach last week, and reportedly some records (Social Security Numbers and other identifying information, but not health data) of up to 80 million members and employees were obtained by hackers.

There is much to be said (and much has already been said) about the need for privacy and security and protections in the case of Anthem, just as “helpful hints” have been provided after the fact to victims of all significant data breaches. My reaction, when reading about the unencrypted SSNs that were accessed in this attack, was: Why in the world are we using social security numbers as ID numbers? It doesn’t have to be this way.

The social security number is the only universal unique identifier we have at our disposal in this country. It’s easy to ask for, and to use, but … it’s not supposed to be used for anything other than administration of Social Security benefits. Until not all that long ago, states used SSNs as driver’s license numbers. No longer (at least around these parts). Most of us get asked for the last 4 (or 5 or 6) digits of our SSNs constantly for all kinds of reasons. How many of us refuse every time?

Way back in 1998, as folks were trying to figure out how to implement HIPAA, the question arose: Gee, why don’t we establish a unique patient identifier system so that we can be assured that each electronic health record is properly tied to the right individual? (Check out this vintage HHS white paper on the Unique Health Identifier, published as prologue to a rulemaking process that never went anywhere.) Eventually, that approach was taken for providers (UPIN, then NPI), but not for patients. In fact, every year since then, Congress has included a special line in the HHS budget that says Thou Shalt Not establish a unique patient identifier system.

READ

Should Healthcare Care About Branding?

This approach has spawned a sub-industry that scrubs data sets to ensure that an individual patient doesn’t have duplicate records, each including only a part of the whole, by triangulating from all the data points used to perpetrate identity theft: SSN, DOB, name, address, etc. All those data points are needed in order to make sure that we’re talking about the right Mr. Jones. If the only identifier attached to the health data were the patient ID number, then health records would suddenly become much less valuable to identity thieves — and it would be easier to determine which record belongs to whom.

Using patient ID numbers (which could be encrypted and thus protected — because, after all, who wants to get a new patient ID number? Getting a new credit card number after some system or other gets hacked is bad enough, and remember, you can’t get a new SSN just because your health records have been hacked) would be one element of a data minimization approach designed to lessen the likelihood of damage resulting from a breach. Couple that with the auditing capabilities that allowed Anthem to notice its breach in short order (vs. some breaches which were exploited over the course of years before anybody noticed), and we’d be looking at some real improvements to health data security.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

Should Healthcare Care About Branding?

Expanding Your Reach: 4 Quick Ways Personal Trainers Can Market Their Business

ICD-11 – The Next-Generation Coding System

5 Ways to Use Texting in Healthcare Marketing and Engagement

Entrepreneurs Must Integrate Mission-Driven Strategic Investors

6 Healthcare Financial KPIs You Need for 2017

Determining the ROI on Aquatic Therapy in Your PT Practice

How to Monetize Mobile Healthcare Apps

When The Doctor Is Hurting: Ergonomic Solutions For Medical Professionals

Stressing Employee Sleep and How It Can Impact Your Practice, Hospital, and Overall Productivity

Are Patients Being Informed Of Alternatives To Medication?

Enhancing Cultural Competency In Healthcare Settings

Mobile Medical Apps: A Game Changing Healthcare Innovation

The Impact of Big Data In Healthcare Analytics Career

Are We Failing Female Patients?

Should Healthcare Care About Branding?

Medical Data & Patient Privacy: An Update

Tackle Telemedicine Coding With These CPT® and CMS Pointers

What Is Interoperability and Why Is It Important in Healthcare?

Facebook Reported to Have Attempted to Acquire Users’ Medical Records

Mobile Medical Apps: A Game Changing Healthcare Innovation

What Is Interoperability and Why Is It Important in Healthcare?

How a New Patient Experience Model Will Drive the Future of Connected Healthcare?

mHealth: The New Future of Healthcare

EHR For Rural Hospitals: Criteria And Access

How Big Data Can Be Used To Prevent Fatal Heart Attack

Patient-Generated Health Data: a Shift in Care Delivery?

How Financial Barriers are Slowing Down Telehealth Adoption

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

How to Handle Negative Physician Reviews and Feedback

5 Effective Ways to Market Healthcare to Millennials

Mobile Medical Apps: A Game Changing Healthcare Innovation

Important Medical Procedures for Those in Their 50s

The Impact of Big Data In Healthcare Analytics Career

The Outreach Mindset: How Doing Crisis Care Improves Medical Practice

Important Medical Procedures for Those in Their 50s

5 Life-Changing Assistive Technologies for the Visually Impaired

How AI Influences the Plastic Surgery

Healthcare Meets Technology: Future-Ready 2018 Innovations

Nanobots: The Bright Future of Surgical Robotics

Emerging Diabetes Technology Promises to Make Life Easier

How a New Patient Experience Model Will Drive the Future of Connected Healthcare?

Meeting The Healthcare Demands of an Aging Population

Minimizing Data Chaos in the Healthcare Industry

How a New Patient Experience Model Will Drive the Future of Connected Healthcare?

Vitiligo: Why it Happens to You, and How to Treat it?

Top 3 Ways to Gain Muscle Mass Fast

Healthcare Data Breaches: What Are the Risks?

Ethical Promotion Of Complementary Medicine: A Guide For Doctors

Why Dental Check-Up for Kids are Important

The Surprising Connection Between the Microbiome and Childhood Development

The Complicated Rise of Interventional Cardiologists

The Complicated Rise of Interventional Cardiologists

How Big Data Can Be Used To Prevent Fatal Heart Attack

Peripheral Vascular Stenting to 2020

In Praise of FDA Collaboration: The Cardiac Safety Example

Understanding Alzheimer’s Disease: What’s Next? [Infographic]

Why Primary Care Physicians Are the Next Phase in CCRC Care

The Dos and Don’ts of Handling Elderly Patients

Five Fields In Healthcare That Are Quickly Growing

The Weight Conscious Doctor: Why Sensitivity Matters

Top 5 Reasons Why you’re Not Losing Weight on Your Diet

Starting a New Eating Plan? What you Need to Know about Macro and Micronutrients

Should You Recommend Bariatric Surgery to Obese Patients?

Do it like Disney: Developing Orthopedic Centers of Excellence

Lessons on Building a Great Ortho Team from The Avengers

What Orthopedic Patients Want this Holiday Season

Use The Force: 4 Ways to Improve Orthopedic Service Lines

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week

2015 CPT Coding Changes and Your Radiology Practice

When Can Genetic Carrier Screening Be Performed?

Important Medical Procedures for Those in Their 50s

Eating Healthy on a Budget: How to Make Nutritiously Fiscal Decisions

Ethical Promotion Of Complementary Medicine: A Guide For Doctors

Eating Healthy on a Budget: How to Make Nutritiously Fiscal Decisions

Ethical Promotion Of Complementary Medicine: A Guide For Doctors

5 Health Benefits of Keto Diet