Lessons from the Anthem Breach - Health Works Collective

Anthem experienced a major data breach last week, and reportedly some records (Social Security Numbers and other identifying information, but not health data) of up to 80 million members and employees were obtained by hackers.

There is much to be said (and much has already been said) about the need for privacy and security and protections in the case of Anthem, just as “helpful hints” have been provided after the fact to victims of all significant data breaches. My reaction, when reading about the unencrypted SSNs that were accessed in this attack, was: Why in the world are we using social security numbers as ID numbers? It doesn’t have to be this way.

The social security number is the only universal unique identifier we have at our disposal in this country. It’s easy to ask for, and to use, but … it’s not supposed to be used for anything other than administration of Social Security benefits. Until not all that long ago, states used SSNs as driver’s license numbers. No longer (at least around these parts). Most of us get asked for the last 4 (or 5 or 6) digits of our SSNs constantly for all kinds of reasons. How many of us refuse every time?

Way back in 1998, as folks were trying to figure out how to implement HIPAA, the question arose: Gee, why don’t we establish a unique patient identifier system so that we can be assured that each electronic health record is properly tied to the right individual? (Check out this vintage HHS white paper on the Unique Health Identifier, published as prologue to a rulemaking process that never went anywhere.) Eventually, that approach was taken for providers (UPIN, then NPI), but not for patients. In fact, every year since then, Congress has included a special line in the HHS budget that says Thou Shalt Not establish a unique patient identifier system.

READ

Top 6 Birth Injuries That Could Occur When Giving Birth

This approach has spawned a sub-industry that scrubs data sets to ensure that an individual patient doesn’t have duplicate records, each including only a part of the whole, by triangulating from all the data points used to perpetrate identity theft: SSN, DOB, name, address, etc. All those data points are needed in order to make sure that we’re talking about the right Mr. Jones. If the only identifier attached to the health data were the patient ID number, then health records would suddenly become much less valuable to identity thieves — and it would be easier to determine which record belongs to whom.

Using patient ID numbers (which could be encrypted and thus protected — because, after all, who wants to get a new patient ID number? Getting a new credit card number after some system or other gets hacked is bad enough, and remember, you can’t get a new SSN just because your health records have been hacked) would be one element of a data minimization approach designed to lessen the likelihood of damage resulting from a breach. Couple that with the auditing capabilities that allowed Anthem to notice its breach in short order (vs. some breaches which were exploited over the course of years before anybody noticed), and we’d be looking at some real improvements to health data security.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

5 Strategies For A Calm Staff Management During Covid-19 Crisis In Your Facility

CEO’s Sleep: How Many Hours do Entrepreneurs Sleep?

5 Smart Ways To Save Money For Medical Bills

How To Handle Medical Office Customer Service This Holiday Rush

5 Smart Ways To Save Money For Medical Bills

Sustainable Tips For Financial Management In Medical Practice

An Important Guide To Budgeting For Doctor Appointments

Try These Tips On How To Handle Medical Expense Debt

5 Strategies For A Calm Staff Management During Covid-19 Crisis In Your Facility

How To Handle Medical Office Customer Service This Holiday Rush

How Medical Professionals Should Handle Waste During COVID-19

Sustainable Tips For Financial Management In Medical Practice

Medicare Needs To Set Policy To Drive Telehealth Interconnectivity

The Benefits Of Apps That Help You Stay Fit

4 Reasons Why Medical Device Compliance Matters

A Detailed Guide On Developing A Female Healthcare Tracking App

The Importance Of Medical Labels And Supplement Labels

The Benefits Of Updating Your Hospital’s Systems

Reasons Why HIPAA Is Vital For The Healthcare Industry

Hospitals Suffer From Denied Claims – Can Proper Patient Identification Help?

A Detailed Guide On Developing A Female Healthcare Tracking App

The Top Trending Health Care Apps In 2020

How Wearable Tech Insights Are Improving Healthcare

The Roles Of AI, IoT, And Cybersecurity In Transforming Healthcare

Medicare Needs To Set Policy To Drive Telehealth Interconnectivity

Why You Need To Know The Risks Of Self-Diagnosis

Technological Advancements in The Medical Field That You Should Keep An Eye On

mHealth Apps And Digital Doctors: The Future Of The Healthcare Sector?

7 Tips To Make Sure Your Medical Practice Is Found Online

4 Top Reasons Why App Developers Love Apple Health Records API

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

Understanding and Embracing the Benefits of Simulation Training in Healthcare

The Technologies That Are Re-Shaping Orthodontics

The Benefits Of Apps That Help You Stay Fit

Third Party Lab Testing Plays Crucial Role In CBD Decision Making

The Important And Powerful Role Of Portable Oxygen Concentrators

3 Promising New Medical Alert System Technologies To Know About

The Keys To Maintaining Safety With Medical Equipment

Sports Medicine: Preventing Sports Injuries With Wearable Sensors

What Innovations are Transforming the Medical Transcription Industry

4 Important And Helpful Medical Advancements For 2020

The Importance Of Medical Labels And Supplement Labels

How Clinical Trials Are Changing Cancer Outcomes

9 Effective Ways To Keep Your Joints Healthy And Thriving

Coronavirus and Animals: What You Should Know

Why Automated Appointment Reminders Should be the Norm Among Healthcare Providers

How Can You Best Calculate Your Healthy Eatery’s Food Cost?

Common Alcohol Detox Mistakes to Avoid

How COVID-19 Impacted The Dental Industry As A Whole

Tips On How To Stop Your Eyesight From Deteriorating

Is Collagen Therapy a Worthwhile Treatment for Aging Adults?

The Technologies That Are Re-Shaping Orthodontics

CPR And Cardiac Arrest Management Of Patients Amid COVID-19

4 Important Tips To Maintain Your Cardiovascular Health

Top AED Models To Minimize Risks Of Cardiac Arrest 2019

3 Things To Consider When Looking For A Heart Doctor

How COVID-19 Impacted The Dental Industry As A Whole

Tips For Ensuring Your Teeth And Gums Remain Healthy

Dental Care: Understanding Restorative Dentistry And Cosmetic Dentistry

How AI Technology Is Shaping The Dental Industry

4 Clever Ways To Manage Your Diet With Diabetes

Are There Important Links Between Diabetes And Joint Pain?

Everything You Need To Know About Managing Diabetes In Later Life

How Technology Is Making Diabetes Management Easier

Tips On How To Stop Your Eyesight From Deteriorating

Try These Helpful Tips For Preventive Eye Maintenance

How Can I Maintain And Monitor My Eye Health?

Your Helpful Guide To Recovering After Cataract Surgery

Take These 4 Important Steps For Healthy And Happy Aging

Living Alone When You’ve Been Diagnosed With Alzheimer’s

A Guide To Healthy Aging And Happier Golden Years

10 Early Dementia Signs You Need To Be Aware Of

The 4 Biggest Reasons You’re Not Sleeping Through The Night

Can CBD Help You Sleep Better? Here’s What To Know

Sleep And Immunity: What Is The Connection?

Understanding Hypnosis For Sleep And Its Major Benefits

Quarantine Weight Gain: Should You Worry About It?

Uncontrollable Overeating: 5 Often Overlooked Causes

Your Helpful Guide To Coolsculpting And How It Works