Yeah, well I’ll go right along with damn stupid on Anthem’s part. and I hope their CEO and IT dudes get kicked out on their keisters. Absolutely no excuse for not encrypting the SS#. None. Actually, not a whole lot of reason for insisting on having it in the first place. I’m hoping that several of the more active state attorney generals will slam them with a hunking big set of charges. Grrrr…
CA has disallowed requiring SSN as a form of medical ID for quite a few years now. However, many many doc’s forms still request this info. I think people put it down because they think it is mandatory. I have had some pushback from front office personnel when I refused to provide my SSN. I am finding this to be less and less the case as time goes on.
^^ Again, you seem to be missing who was hacked. It wasn’t providers. It wasn’t healthcare.gov. It was Anthem.
And fwiw, Medicare has been telling people for decades to check their records for fraud.
Actually, I think the health insurer needs to have the social in order to prepare the sec. 6055 information report - see http://www.irs.gov/Affordable-Care-Act/Questions-and-Answers-on-Information-Reporting-by-Health-Coverage-Providers-Section-6055 — that is a provision of ACA, although it the filing requirement only begins in 2016 – but basically they need the social for the same reason your employer needs it. However, it’s not as if the health insurance companies weren’t asking for the social security number before --way back when, they used to use it as the insurance ID number- I’m guessing it was about 15 years ago when they stopped doing that, but I’m getting old maybe it was earlier. But again, encrypting that field is pretty much a no-brainer, certainly not a difficult programming task.
No, it wasn’t healthcare.gov that was hacked in this instance. No-one seems to be mistaking that they were, instead they’ve pointed out that a reduced overhead leaves less fat for IT and that medical records being stolen aren’t something that’ll be obvious on a monthly billing statement.
When - when, not if - healthcare.gov records show up for sale on eastern European websites, I’ll assume we’ll all still be expected to blame the profit motive?
Here is how the data breach is being treated on Anthem’s homepage. Not exactly prominently; this is in a small box in the lower right corner, the last place you’d see if you were reading the page like a newspaper:
So first, they were a “victim.” Their sloppy IT practices had nothing to do with it. Also, although I guess it’s good that my health data wasn’t compromised, they somehow forgot to mention that everything needed to steal my identity is out there. And finally, how very generous of them to offer me free credit services! There’s no mention that I’ve been able to find as to how long they’re willing to do that. Standard practice in these cases is a year, and Anthem isn’t known for going above and beyond on behalf of their members (obviously), so that’s probably what it’ll be. However, my data which they so carelessly lost will be valuable to bad guys for the rest of my life. I can’t cancel my SSN as I would a breached credit card or bank account. So after the year is up, it’s on me to pay for being vigilant about the mess they created for me.
It’s not just our credit we have to worry about:
[The Most Worrisome Part of the Anthem Hack](The Most Worrisome Part of the Anthem Hack)
Yeah, but the identity thieves would still have to find an in-network Anthem provider to use the stolen medical ID numbers…
@ LasMa #382…I completely understand who was hacked this time. I think you are missing my point. Let me try again…healthcare information is very interesting to identity hackers. Healthcare information is more vulnerable since the original systems were not set up to be financial transactions systems. The traditional financial transaction systems had data security as an integral part of their design…they EXPECTED to be hacked. (Exactly what the quote in #387 validates). And, users keep track of their CC and bank accounts on a regular basis. They do not regularly check their healthcare accounts. Only if they get an EOB or a docs bill. And, unlike VISA or Master Card, a health insurance company, or even a docs office, will not call you and say…'hey was it really you that had that XYZ procedure on this date at this office?". A CC company will often catch fraud and inform the consumer - my family is evidence of this. My CC company caught fraud 3 times in the past 2 years and re-issued a new card number. I can’t imagine Blue Shield ever doing that.
The newest healthcare data collection system has clear and ongoing security issues…that system is Healthcare.gov. The article I to which I linked is from the Kaiser organization (not an ACA detractor). The fact that a NEW system with such far reaching collection ability has been brought online with know security issues is a problem. Again, it is easier to design something from the ground up which has the latest security traps in place.
In addition Healthcare.gov and all the associated State exchanges are signing up a group of people who may not be as savvy about identity theft as those who have been traipsing around in that arena for most of their adult lives. This make a potential breech even more nefarious since people just won’t even know they’ve been hit. And, this data base will have information links (or information relating too) IRS data.
@Dietz I’m just learning about medical identity theft; I’m sorry to say that I had no idea. I now understand why a couple of providers have wanted to take my picture when I was a new patient. It sounds like a nightmare if it happens.
It’s my understanding that the exchanges, including healthcare.gov, do not have medical information. They do have names, addresses, and SSNs – which, don’t get me wrong, is bad enough. But I don’t believe they have medical ID numbers or health records.
In fact, once when I was talking to the exchange and asked the rep to document how a medical issue was being affected by an enrollment snafu, the rep said, “That’s HIPAA protected information. All I can do is mark the enrollment ‘medically urgent.’”
Why couldn’t Anthem simply cancel every single member # and issue brand new ones, voiding all those old medical file numbers?
@somemom Because that would cost money. I’ve been dealing with Anthem for 20+ years and believe me, they do not do anything to benefit their members unless forced to by law or by a court.
Btw several years ago my DH was the beneficiary of a court forcing Anthem to do the decent thing in a class action judgment. I suspect we will be again in this case. Anthem never seems to learn that it would be cheaper in the end to simply do the right thing in the first place; in this case, encrypt their members’ data even if it costs a little more.
I find the timing of this more than a little suspicious. Anthem first noticed these hackers on December 10, toward the beginning of open enrollment. They only announced the breach on February 4, toward the end of open enrollment (and apparently did nothing to beef up security after December 10). Can you imagine the enrollment catastrophe for Anthem if the insurance-buying public had known about the breach on December 11, in plenty of time to choose a different carrier for 2015? Anthem could, and I’m sure that’s something they wanted to avoid at all costs.
They probably would have preferred to wait until February 16 to reveal the hack (because people can still switch until February 15), but their hand was forced by a blogger:
http://www.thestate.com/2015/02/06/3974205/hackers-may-have-breached-anthem.html
Ah, those corporate emails. They’ll get you every time.
I remember that Target also didn’t reveal their hack voluntarily. Someone tattled to the media, and they too were forced to admit it.
Recently my providers have started requiring a photo ID along with seeing my insurance card each and every time. I’m glad they are taking these additional precautions.
Me too, dietz. Glad I now know the reason.
Reality is setting in…
http://www.scpr.org/news/2014/12/09/48572/federal-investigators-find-many-medicaid-doctors-a/
dStark #363 linked to an article where CA is starting the process of legislating wait times etc. The problem is, at this point at least, they can’t regulate supply. The promise of ‘free’ or very inexpensive healthcare was a great selling point…but someone is going to have to pay. Any guesses who this will be? Cost shifting will of course be the easiest and quickest method. Which, ironically, is exactly the problem we’ve had for all these years.
I love the third link! I don’t quite understand what a chocolate souffle cake with caramel sauce has to do with the ACA, but I’m all in favor of it. If the ACA has a little-known provision that mandates chocolate souffle cakes with caramel sauce on Valentine’s Day, sign me right up.
I have the list of every doctor that takes new medi-cal patients in my area.
If medi-.cal ever becomes important to any poster, and you live in one of 14 counties, you can contact Partnership HealthPlan of California.
Oh my… that’s what happens when one has too many windows open at the same time. But, yes…chocolate is always good medicine…and available without a prescription.
This was the San Jose Mercury link I’d intended to post…
Looks like the non-emergency ER load is not going to be reduced any time soon.
The question remains as to how CA is going to improve access and reduce waiting times when the supplier of the product is just not available. I guess the State can mandate all docs take all plans…but that could reduce the supply even further.