Should HIPAA be overhauled? Anthem data breach raises alarm for privacy advocates

Should HIPAA be overhauled? Anthem data breach raises alarm for privacy advocates

HIPAA, which was passed in the 1990s before the Internet was commonplace, does not require data to be encrypted, which could have prevented the release of information of 80 million people in Anthem's database.

Insurers have no requirement to encrypt the data of its consumers as part of a federal law from the 1990s — which may mean the law could be in need of some updating for the Internet age after a recent massive data breach of Anthem, the second-largest U.S. health insurer.

Encryption protects data by scrambling it using mathematical formulas, so that anyone who does get their hands on it will not be able to figure out what it says. However, the data of 80 million people that was stolen from Anthem’s database was not encrypted, according to an Associated Press report.

The federal law in question is the well-known Health Insurance Portability and Accountability Act, or HIPAA. While the law encourages encryption, it stops short of mandating it.

This latest data breach could cause the public to lose confidence in the ability of the government to protect data even as it increases the computerization of medical records and tries to increase electronic information sharing among hospitals.

David Kibbe, CEO of nonprofit advocacy group DirecTrust, was quoted in the report as saying that maybe it’s time to update HIPAA.

Kibbe argued that any data that identifies the patient should be encrypted, and that it should make no difference whether that information is transmitted over the Internet or is simply sitting in a company database — the latter being the case with Anthem.

The incident has gotten the attention of federal lawmakers, as the Senate Health, Education, Labor and Pensions committee will take a look at encryption requirements as part of a review of health information security.

Be social, please share!

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Leave a Reply

Your email address will not be published. Required fields are marked *