Insurer slow to close debate on masking personal health info

Tools

Blue Cross and Blue Shield of North Carolina periodically does something that just may be concerning to its customers: it shares their personal health information with a third-party company employed to design the company's software, according to documents and interviews compiled by the Charlotte News-Observer.

In the article, it is explained how the internal documents show a discussion within the 3.7 million member Blue Cross of NC, deciding whether to scramble or mask the data--which includes names, addresses, Social Security numbers and medical information--before it goes to the third party. So far, the payer is not doing that.

Blue Cross, according to the article, uses several different tools to ensure member privacy, such as contractual agreements and limited access to the data. Additionally, officials from the company told the News-Observer, it has never had a security breach.

Susan Adams, a lawyer and privacy expert at Dartmouth, told the newspaper that the increasing use of electronic medical records will probably increase the sharing of private health information, but said that it should be done as little as possible.

"Outsourcing is everywhere," Adams told the News-Observer. "The key is to use the minimum information necessary for the purpose."

Others wonder why the information hasn't been masked yet, such as Dana Cope, director N.C. State Employees Association, whose members' health plan is administered by Blue Cross. He's concerned about the use of unmasked data.

"Masking data is a reasonable request," he told the News-Observer. "Maybe there's a reason why it can't be done."

The U.S. Department of Health and Human Services just penalized WellPoint $1.7 million for potentially violating the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules when weaknesses in its system left the 612,402 individuals' electronic health information accessible to unauthorized use.

WellPoint said they have taken steps to remedy the breach.

To learn more:
- read the article in the Charlotte News-Observer

Related Articles:
Searching for health info online? Beware of tracking
Lost computer chip jeopardizes info for more than 2,100 patients
GOP to Sebelius: ACA data hub raises privacy concerns
HHS rule would give federal exchanges 1 hour to report data breaches
Patient data protection: Let's get back to basics