Sign In
Upcoming Event
Free Newsletter
Cybersecurity a constant concern for health insurance agencies
Listen to this articleInformation stored electronically and stolen from major retailers in recent years certainly has caused consumers headaches as they closed accounts and signed up for credit monitoring. Now, a whopping 80 million customers of health insurance company Anthem Inc. must make decisions about their response to a breach affecting names, dates of birth, Social Security numbers and more.
Omar Khawaja spends every workday trying to ensure Highmark Inc. does not experience a similar breach.
“We are constantly being attacked. That is true for most big enterprises,” said Khawaja, Highmark’s chief information and security officer.
Highmark’s chief privacy officer, Lisa Martinelli, compared the company’s efforts to those undertaken by national security agencies.
“We have to constantly be on guard for the data terrorists,” she said.
HIPAA and HITECH
Array
For health insurance companies, much of their federal oversight in regards to cybersecurity falls under the Health Insurance Portability and Accountability Act (HIPAA). There also is a Health Information Technology for Economic and Clinical Health (HITECH) Act.
State regulations in Pennsylvania set fairly broad standards for safeguarding customers’ information.
“Basically, it requires a person or entity licensed by the insurance department to protect the security, confidentiality and integrity of customers’ information,” said Ronald G. Ruman, spokesman for the Pennsylvania Insurance Department.
The regulations call for assessing the likelihood and potential damage of threats, assessing the sufficiency of safeguards and identifying “reasonably foreseeable internal or external threats.” The requirements apply to both printed and electronic records.
