Data breaches in Vermont and in Oregon's health insurance exchanges also make news.
Los Angeles Times: Anthem Blue Cross Posts Social Security, Tax Numbers Of 24,500 Doctors
In a departure from most medical privacy cases, Anthem Blue Cross said it accidentally posted online Social Security or tax identification numbers for about 24,500 California doctors. ... Anthem, a unit of insurance giant WellPoint Inc., said the private information was mistakenly included with its online provider directory for about 24 hours late last month. The state's largest for-profit health insurer said once it identified the error, it removed the information from its website. Anthem said this breach didn't involve any patient data (Terhune, 11/25).
The Washington Post: Vermont Health-Care Web Site Security Breached
Vermont confirmed Friday that a security breach of the state’s health care exchange Web site gave at least one user access to another resident’s Social Security number, a disclosure that has the exchange's top official in hot water. The Vermont Health Connect's privacy watchdog reported the security breach in a letter to the federal Centers for Medicare & Medicaid Services. The Associated Press obtained the report under Vermont's public records law (Wilson, 11/25).
The Associated Press: State Confirms Health Website Security Breach
The consumer, whom officials would not identify, reported that he received in the mail — from an unnamed sender — a copy of his own application for insurance under the state exchange. “On the back of the envelope was hand-written ‘VERMONT HEALTH CONNECT IS NOT A SECURE WEBSITE!’ This was also (written) on the back of the last page of the printed out application,” said the incident report (Gram, 11/22).
The Oregonian: Cover Oregon: Health Exchange Workers Committed Three Data Breaches Last Week
Officials at Oregon's health exchange are reviewing privacy protections after workers there committed three personal data breaches in three days. On Nov. 20, Valarie Henderson of Salem opened her mail from Cover Oregon to find a packet that included not just a copy of her application she'd filled out weeks before, but personal information from two other people that included name, address and social security numbers (Budnick, 11/25).