Medical-Data Breach With Keystone Mercy HealthPlan (A Subsidiary of Independence Blue Cross)–Lost or Stolen Flash Drive Wi
Posted Oct 21 2010 9:24am
We still keep hearing stories like this and some folks continue to carry medical information around on flash drives and when they get lost, well there goes protecting any privacy. Insurers bill themselves as the data experts today and yet where are the breaches coming from in the news of late, insurers. Someone needs to update the way they do business and storing such information on a secured server and accessing with a VPN sure beats the heck out of carrying around a hardware device.
From the website:
“Headquartered in Philadelphia, Keystone Mercy Health Plan is a mission driven, health care ministry of the Sisters of Mercy with more than 25 years of experience. Its corporate parent partners are Mercy Health System and Keystone First, a subsidiary of Independence Blue Cross.”
What I found to be odd too is that is was noted that this drive was carried around and used at health fairs? That is strange and surely someone is asleep at the wheel here as again take a wireless notebook, connect to the secured VPN and access information as needed if that were the case. We sure have some big problems and education needed with how to secure data according to HIPAA rules and regulations. This somewhat shows too where priories lie with marketing perhaps trumping the use of technology security rules and laws.
This is not what we are talking about when it comes to sharing records (grin), and a very unfortunate incident for the patients by all means. BD
Oct. 21--A computer flash drive containing the names, addresses, and personal health information of 280,000 people is missing -- one of the largest recent security breaches of personal health data in the nation.
"We deeply regret this unfortunate incident," said Jay Feldstein , the president of the two affiliated Philadelphia companies, Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan.
The breach, which involves the records of Medicaid recipients, is the first such Medicaid data breach in Pennsylvania since at least 1997, according to the state's Department of Welfare, which has oversight.
The security failure, one of the several largest in nearly two years, involves nearly two-thirds of the insurers' subscribers. It became known only after The Inquirer requested information Tuesday evening. The insurers said the drive was missing from the corporate offices on Stevens Drive in Southwest Philadelphia. It noted that the same flash drive was used at community health fairs.