"My Credit Card is Being Used Fradulently after Anthem Blue Cross HIPAA Data Breach"
As an Internet based company dealing with healthcare organization I don't often see the personal side of privacy and security. I comment I just received on my blog about the Anthem Blue Cross data breach brought it all home to me. Here is the opening paragraph of an anquished person dealing with a huge problem.
"Three days ago, my credit card number was used fraudulently. Today I received a letter from Anthem telling me a breach had occured, leaking my social security number, name & credit card number. I have not been a customer with Anthem for over a year (since February 2009, I believe). When I called Anthem to ask about this, I was told this leak had occured a year ago. When I asked why I was not informed a year ago, when the leak occured, I was told they did not find out about until just now. When I asked why Anthem had my private information still stored in their database when I have not been an Anthem customer for over a year - I was told they had no way of knowing why my private information was still being kept (mind you - without my knowledge or permission) in their database"
I won't even start on all the things that are wrong about this situation, but suffice it to say that this breach should have never happened and when it was revealed it should have been dealt with in an entirely different manner.
Healthcare organizations who are dealing with HIPAA regulations for the first time often ask me why Congress did this to them. The answer is above. If this industry does not convince patients that their data is safe the whole electronic medical record revolution will not happen. We must get better at protecting data and handling the fall out when those efforts fail.