Lessons from the Anthem Breach - Health Works Collective

Anthem experienced a major data breach last week, and reportedly some records (Social Security Numbers and other identifying information, but not health data) of up to 80 million members and employees were obtained by hackers.

There is much to be said (and much has already been said) about the need for privacy and security and protections in the case of Anthem, just as “helpful hints” have been provided after the fact to victims of all significant data breaches. My reaction, when reading about the unencrypted SSNs that were accessed in this attack, was: Why in the world are we using social security numbers as ID numbers? It doesn’t have to be this way.

The social security number is the only universal unique identifier we have at our disposal in this country. It’s easy to ask for, and to use, but … it’s not supposed to be used for anything other than administration of Social Security benefits. Until not all that long ago, states used SSNs as driver’s license numbers. No longer (at least around these parts). Most of us get asked for the last 4 (or 5 or 6) digits of our SSNs constantly for all kinds of reasons. How many of us refuse every time?

Way back in 1998, as folks were trying to figure out how to implement HIPAA, the question arose: Gee, why don’t we establish a unique patient identifier system so that we can be assured that each electronic health record is properly tied to the right individual? (Check out this vintage HHS white paper on the Unique Health Identifier, published as prologue to a rulemaking process that never went anywhere.) Eventually, that approach was taken for providers (UPIN, then NPI), but not for patients. In fact, every year since then, Congress has included a special line in the HHS budget that says Thou Shalt Not establish a unique patient identifier system.

READ

The Value And Criticism Of Robot-Assisted Heart Surgery

This approach has spawned a sub-industry that scrubs data sets to ensure that an individual patient doesn’t have duplicate records, each including only a part of the whole, by triangulating from all the data points used to perpetrate identity theft: SSN, DOB, name, address, etc. All those data points are needed in order to make sure that we’re talking about the right Mr. Jones. If the only identifier attached to the health data were the patient ID number, then health records would suddenly become much less valuable to identity thieves — and it would be easier to determine which record belongs to whom.

Using patient ID numbers (which could be encrypted and thus protected — because, after all, who wants to get a new patient ID number? Getting a new credit card number after some system or other gets hacked is bad enough, and remember, you can’t get a new SSN just because your health records have been hacked) would be one element of a data minimization approach designed to lessen the likelihood of damage resulting from a breach. Couple that with the auditing capabilities that allowed Anthem to notice its breach in short order (vs. some breaches which were exploited over the course of years before anybody noticed), and we’d be looking at some real improvements to health data security.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

How Do I Become A Clinical Documentation Specialist?

Top 5 Points You Need To Know About Medical Marketing

4 Tips For Home Health Care Agencies To Survive The Worker Shortage

How To Get Capital For New Equipment For Your Healthcare Business

How Do I Become A Clinical Documentation Specialist?

How To Get Capital For New Equipment For Your Healthcare Business

Financial Benefits For People Suffering From Dementia

Cautious Health Care Lending Can Prove Lucrative For The Lenders

4 Tips For Home Health Care Agencies To Survive The Worker Shortage

Top Tips For A More Eco-Friendly Healthcare Facility

Why Mobile Apps Are Indispensable For Telemedicine

Why It’s Key To Take Care Of Medical Debt To Avoid Health Issues Later

7 Beneficial Ways Technology Can Impact Your Fitness

What To Know About How mHealth Apps Benefit Heart Patients

How Appropriate Technology Enhances Physician Answering Services

Patient Engagement Helps Healthcare Systems And Patient Outcomes

7 Reasons You Need Digital Marketing For Your Medical Practice

Why It’s Key To Take Care Of Medical Debt To Avoid Health Issues Later

Tips To Follow To Help Avoid Surprise Medical Bills

The Global Eye Tracking System Market Is Expected To Skyrocket In The US

Patient Engagement Helps Healthcare Systems And Patient Outcomes

The Future Of Real Time Location Systems In Healthcare

The Global Eye Tracking System Market Is Expected To Skyrocket In The US

Why HIPAA Matters To mHealth Apps More Than Ever

Why You Need To Know The Risks Of Self-Diagnosis

Technological Advancements in The Medical Field That You Should Keep An Eye On

mHealth Apps And Digital Doctors: The Future Of The Healthcare Sector?

EHR For Rural Hospitals: Criteria And Access

7 Tips To Make Sure Your Medical Practice Is Found Online

4 Top Reasons Why App Developers Love Apple Health Records API

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

Importance Of CRM Software In The Healthcare Industry

5 Healthcare Technologies Transforming Aging In Place

7 Beneficial Ways Technology Can Impact Your Fitness

What To Know About How mHealth Apps Benefit Heart Patients

5 Healthcare Technologies Transforming Aging In Place

Here’s Why Plastic Surgery Shouldn’t Be Taboo Anymore

How Tech And Medical Equipment Is Changing The Patient Approach

The Value And Criticism Of Robot-Assisted Heart Surgery

7 Beneficial Ways Technology Can Impact Your Fitness

Is Virtual Reality the Next Big Thing for Mental Health?

Patient Engagement Helps Healthcare Systems And Patient Outcomes

Here’s Why Plastic Surgery Shouldn’t Be Taboo Anymore

How to Get Started with Volunteering to Take Care of Animals Abroad

What The CVS Healthcare Expansion Means For Medical Practices

The Status Of Child Health And Wellness In America Today

What Are Home DNA Tests And How Do They Change Our Life?

Why The Psoriatic Arthritis Treatment Market Is Set To Grow

How To Find A Good Alcohol Treatment Center

Seniors Should Let the Sunshine In, But Don’t Overdo It

Benefits And Common Questions About Dental Implants

Here’s Why To Choose A Home Gym For Your Fitness Routine

The Value And Criticism Of Robot-Assisted Heart Surgery

Here’s What To Know About Sleep And Heart Health

Is It Time to See a Cardiologist?

Can Artificial Intelligence Diagnose Illnesses Better Than Other Methods?

Benefits And Common Questions About Dental Implants

Try These Dental Hygiene Tips For A Healthy Lifestyle

11 Overlooked Flossing and Brushing Mistakes that Cause Oral Health Issues

Healthy Teeth is not an Option! It’s a way of Healthy Life

Take These 4 Important Steps For Healthy And Happy Aging

Living Alone When You’ve Been Diagnosed With Alzheimer’s

A Guide To Healthy Aging And Happier Golden Years

10 Early Dementia Signs You Need To Be Aware Of

Here’s Why To Choose A Home Gym For Your Fitness Routine

How Serious Is Sugar Addiction, And Should You Be Worried About It?

5 Ways Meditation Can Help You With Weight Loss

Fueling Your Exercise Goals

Your Guide to Foot Gains: The 7 Best Foot Exercises for Stronger and More Flexible Feet

Causes Of Lower Leg Pain And Sore Calves To Know About

How To Take Care Of Your Bone Health In Your Forties

Body Pain: Causes, Prevention, And Treatment Tips To Know

3 Nutritious Foods To Eat During Your Second Trimester Of Pregnancy

A High Fiber Diet During Pregnancy May Reduce Celiac Risk In Children

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week

2015 CPT Coding Changes and Your Radiology Practice

5 Healthcare Technologies Transforming Aging In Place