Phia Group

rss

Phia Group Media


Anthem Data Breach Implications for Employers

By Chris Rylands & Carrie Byrnes

As has now been widely reported, Anthem, Inc. was the unfortunate target of a cyber-attack potentially impacting 80 million current and former customers. Some reports have indicated that the HIPAA breach notification rules will not apply to this breach. However, the information stolen appears to include individually identifiable information, potentially including health plan enrollment information. Enrollment information, in the hands of a health plan, is protected health information (PHI), so it is possible that the HIPAA data breach notification rules are applicable. As such, both insured and self-funded customers utilizing Anthem as their TPA should review information concerning the Anthem breach carefully before concluding that the HIPAA breach notification rules do not apply.


Read more…