HIPAA under review after massive data breach at Anthem >> AMONUMENTAL data breach at one of the nation’ largest insurance providers has spurred bipartisan effort to reexamine the Health Insurance Portability and Accountability Act (HIPAA), possible adding a costly and cumbersome requirement to encrypt health records. The Senate Health, Education, Labor and Pensions committee announced that it is planninga new bipartisan initiati to examine the security ‘of all health information technology and the healthcare industry's preparedness against eyber attacks. “Patients, hospitals, insurers—all Americans ‘who value the safety and privacy of thei sensitive personal information—have aright to be alarmed by reports that their electronic records might be vulnerable to acyber attack’ says committee chairman Lamar Alexander (R-Tenn.) ‘The goal ofthe committee electronic health records, hospital records, network connected medical devices and more in regard to their healt technology. The launch of the initiative comes in the to examine formation ‘The Senate announced that it is planning a bipartisan initiative to examine the security of all health information technology and the healthcare industry's preparedness against cyber attacks, wake ofa security breach at Anthem—the nation’s second largest insurer— that affects up to 80 million clients. The breach is the largest HIPAA violation in hi alleged theft of security credentials from a system administrator to access Anthems client database, While the company encrypts data it exports, the data was stolen at the company level and srypted. But even ifit was, the systems administrator credentials that were stolen still could have been used to access enerypted client data. Data stolen during the break includes names, dates of birth, member ID) Social Security numbers, addresses, phone numbers, email addresses and employment information. jory and involved the Anthem says no diagnosis, treatment, or financial data was accessed during the breach. comniet, sitaquatatur molor apernate ommolupictur alit voluptatio. Dolor sum dis imus excesequi aut dus et a simus solecatquat. Eneryption isn't ceurrentiy required under HIPAA, nor under the 2009 HITECH Act, although HITECH does offer incentives for ceneryption. Encrypting data is costly and does not guarantee that records cannot be penetrated by cyber attacks. Regardless, some industry watchdogs and HIT experts are calling ‘on healthcare systems to take a more serious look at encryption as a preemptive ‘measure against future ceyber-attacks. The Office of Civil Rights (OCR) under the US, Department of Health and Human Services—whieh is investigating the Anthem breach—reports that roughly 60% of healthcare data breaches since 2009 involved that that could have been prevented through encryption. And 4.2014 report by Forrester Research estimates that ‘only 59% of healtheare ‘organizations have implemented any type of data encryption. theVitals TASK FORCE FORMED TO ACCELERATE SHIFT TO VALUE-BASED CARE Agroup of the top U.S. health systems, payers and stakeholders has formed the Health Care Transformation Task Force, aprivate- sector alliance aimed ataccelerating the healthcare industry's ‘transformation to value- based are, Task Force members, which include six of the nation’s top 1Shealth systems and four of the top 25 health insurers, are committed to allocating 75% of their business into valu based arrangements that focus onthe Triple ‘Aim of better health, better care and lower costs by 2020. This move came daysafter the federal ‘government announced that Medicare would shift 50% of its provider payments into alternative payment arrangements such asaccountable care organizations (ACOs) or bundled payments by 2018. Together, thetwo announcements send clear signalthat the publicand private sector arealigning around ‘anew trajectory for healthcare payments that moves away from fee-for-serviceandinto alternative payment models. MedicalEconomies.com