HIPAA under review
after massive data breach
at Anthem
>> AMONUMENTAL
data breach at one of the
nation’ largest insurance
providers has spurred
bipartisan effort to
reexamine the Health
Insurance Portability
and Accountability
Act (HIPAA), possible
adding a costly
and cumbersome
requirement to encrypt
health records.
The Senate Health,
Education, Labor and
Pensions committee
announced that it
is planninga new
bipartisan initiati
to examine the security
‘of all health information
technology and the
healthcare industry's
preparedness against eyber
attacks.
“Patients, hospitals,
insurers—all Americans
‘who value the safety and
privacy of thei sensitive
personal information—have
aright to be alarmed by
reports that their electronic
records might be vulnerable
to acyber attack’ says
committee chairman Lamar
Alexander (R-Tenn.)
‘The goal ofthe
committee
electronic health records,
hospital records, network
connected medical devices
and more in regard to
their healt
technology.
The launch of the
initiative comes in the
to examine
formation
‘The Senate announced
that it is planning a
bipartisan initiative
to examine the security
of all health information
technology and the
healthcare industry's
preparedness against
cyber attacks,
wake ofa security breach
at Anthem—the nation’s
second largest insurer—
that affects up to 80 million
clients. The breach is the
largest HIPAA violation in
hi
alleged theft of security
credentials from a system
administrator to access
Anthems client database,
While the company
encrypts data it exports,
the data was stolen at
the company level and
srypted. But
even ifit was, the systems
administrator credentials
that were stolen still could
have been used to access
enerypted client data.
Data stolen during the
break includes names,
dates of birth, member ID)
Social Security numbers,
addresses, phone numbers,
email addresses and
employment information.
jory and involved the
Anthem says no
diagnosis, treatment,
or financial data was
accessed during the
breach. comniet,
sitaquatatur molor
apernate ommolupictur
alit voluptatio. Dolor
sum dis imus excesequi
aut dus et a simus
solecatquat.
Eneryption isn't
ceurrentiy required
under HIPAA, nor
under the 2009 HITECH
Act, although HITECH
does offer incentives for
ceneryption. Encrypting
data is costly and does
not guarantee that records
cannot be penetrated by
cyber attacks. Regardless,
some industry watchdogs
and HIT experts are calling
‘on healthcare systems to
take a more serious look at
encryption as a preemptive
‘measure against future
ceyber-attacks.
The Office of Civil Rights
(OCR) under the US,
Department of Health and
Human Services—whieh is
investigating the Anthem
breach—reports that
roughly 60% of healthcare
data breaches since 2009
involved that that could
have been prevented
through encryption. And
4.2014 report by Forrester
Research estimates that
‘only 59% of healtheare
‘organizations have
implemented any type of
data encryption.
theVitals
TASK FORCE
FORMED TO
ACCELERATE
SHIFT TO
VALUE-BASED
CARE
Agroup of the top U.S.
health systems, payers
and stakeholders has
formed the Health
Care Transformation
Task Force, aprivate-
sector alliance aimed
ataccelerating the
healthcare industry's
‘transformation to value-
based are,
Task Force members,
which include six of the
nation’s top 1Shealth
systems and four of the
top 25 health insurers,
are committed to
allocating 75% of their
business into valu
based arrangements
that focus onthe Triple
‘Aim of better health,
better care and lower
costs by 2020.
This move came
daysafter the federal
‘government announced
that Medicare would
shift 50% of its
provider payments into
alternative payment
arrangements such
asaccountable care
organizations (ACOs) or
bundled payments by
2018. Together, thetwo
announcements send
clear signalthat the
publicand private sector
arealigning around
‘anew trajectory for
healthcare payments
that moves away from
fee-for-serviceandinto
alternative payment
models.
MedicalEconomies.com