Is Your Patient Health Information Protected?

Posted by Donna Craig in Feb, 2015

Last week we woke up to the news that the second largest health insurance company in the country, Anthem Insurance Company, had its patient database hacked into by cyber attackers.  While it is too early to know the full scope and impact of Anthem’s security breach, it does raise questions as to what security measures were in place and how the cyber attackers were able to penetrate Anthem’s security measures.  Unfortunately Anthem is no stranger to security breaches.  Anthem was previously known at Wellpoint, Inc. when in 2010 Wellpoint had over 600,000 of its insureds health information breached on the internet.  The government’s investigation indicated that WellPoint did not implement appropriate administrative and technical safeguards as required under the HIPAA Security Rule.

 Insurance companies, hospitals, clinics, and even the sole physician practice must comply with HIPAA’s Privacy and Security Rules.  HIPAA’s Privacy Rule provides federal protections for patient’s health and demographic information, while giving patients certain rights with respect to their information.  HIPAA’s Security Rule regulates the same patient information when it is electronically stored and transmitted.  Under the Security Rule, specific administrative, physical, and technical safeguards must be in place to assure the confidentiality, integrity, and availability of electronic patient health and demographic information.

Contact The Health Law Center if you have questions regarding the requirements of HIPAA’s Privacy and Security Rules.