Categories
Press Releases

TennCare: Anthem Data Breach May Have Impacted Amerigroup Members

Press release from the Bureau of TennCare; March 6, 2015:

Members to be notified and offered identity theft protection services

NASHVILLE – TennCare members potentially impacted by the recent data breach of Anthem’s information technology system will begin receiving notification letters from Amerigroup on March 25, 2015.  Anthem owns Amerigroup which is one of the health plans operating within the TennCare Managed Care Organization network.

As soon as Anthem officials became aware of the breach they began taking steps to determine the scope of the breach, notify members of the issue and offering all members with 24 months of free identity theft protection services.  Anthem estimates more than 246,000 TennCare Amerigroup members have been impacted by the data breach discovered on Jan. 29, 2015.The information affected may include names, dates of birth, social security numbers, healthcare identification numbers, addresses and employment information.   No credit card or banking information or medical information such as claims, diagnostics or test results are believed to have been affected.

TennCare and the Tennessee Department of Commerce and Insurance encourage Amerigroup members to enroll in free identity theft repair and credit protection services to protect themselves from potential fraud and identity theft. Anthem is offering 24 months of free identity theft repair and credit monitoring services to current or former Tennessee members of an affected Anthem plan, dating back to 2004. Members do not have to wait to receive a notification letter to sign up for the services.  Members can sign up or obtain more information by visiting www.anthemfacts.com  or calling 1-877-263-7995.

While Anthem is coordinating with the FBI and taking other measures to investigate the breach, the Bureau of TennCare is working with Amerigroup to ensure all members’ personal information, including protected health information, is secure.  If members have questions regarding their Amerigroup membership status they can contact Amerigroup customer service at 1-877-263-7995.

Categories
Press Releases

Black: Anthem Data Breach Highlights Healthcare.gov Privacy Risks

Press release from U.S. Rep. Diane Black; R-Tenn. 06; February 5, 2015:

Washington, D.C. – Today Congressman Diane Black (R-TN-06), a member of the Ways & Means Health Subcommittee and nurse for more than 40 years, released the below statement on the Anthem Inc. data breach, which has been called “the largest health care breach to date.”

“While the Anthem Inc. data breach is deeply concerning, I am pleased that the company immediately reported the breach to authorities and informed their customers as required by law. Unfortunately, the Obama Administration continues to play by a different set of rules than those they impose on the private sector. Today, if your healthcare information is compromised under Healthcare.gov, the government is under no obligation to inform you. This comes on top of the news that Healthcare.gov was hacked last year and that the Obama Administration has been sharing users’ personal data with third party vendors. That is why I recently introduced the Federal Exchange Data Breach Notification Act of 2015, legislation to bring basic diligence to the Obamacare exchanges by requiring the government to notify users if their information is breached when using Healthcare.gov,” said Congressman Diane Black.

Congressman Black added, “The Anthem data breach should be a teachable moment for the Obama Administration. We all know of the privacy risks that occur in today’s information age but the American people expect their government to mitigate those risks, not make them worse. If the Obama Administration has any regard at all for Americans’ privacy and data security, they will work with me to advance this critical right-to-know legislation.”

Background:
In addition to authoring the Federal Exchange Data Breach Notification Act of 2015,Congressman Black recently led a letter to the Department of Health and Human Services (HHS) and the Centers for Medicare and Medicaid Services (CMS) demanding information on the Obama Administration’s practice of sharing consumers’ private information through Healthcare.gov. You can read a copy of the letter here.

Categories
Press Releases

Black Files Legislation to Require Feds Notify Consumers if Data Breached on Healthcare.gov

Press release from U.S. Rep. Diane Black, R-Tenn. 06; January 27, 2015:

Washington, D.C. – Today Congressman Diane Black (R-TN-06) and Congressman Patrick Meehan (R-PA-07) led a letter to Department of Health and Human Services (HHS) Secretary Sylvia Mathews Burwell and Centers for Medicare and Medicaid Services (CMS) Administrator Marilyn Tavenner demanding information on the Obama Administration’s practice of sharing consumers’ private information through Healthcare.gov. You can read a copy of the letter here. Reps. Black and Meehan also introduced the Federal Exchange Data Breach Notification Act of 2015. This legislation would simply require the government to notify consumers if their personal information is breached on the Healthcare.gov exchanges. Currently there is no such requirement under federal law – despite similar standards being in place for the private sector and state-run exchanges.

The Associated Press reported last week that numerous third-party vendors were given access to consumers’ personal data – including age, income, zip code, and smoking and pregnancy status – through Healthcare.gov. Rep. Black immediately responded to the report, citing “inherent security flaws” in the Healthcare.gov website and calling for data-breach notification legislation to protect users’ personal information when accessing the federal healthcare exchanges. Last Friday, the Obama Administration announced that it would “scale back” data sharing on Healthcare.gov, however it is still unclear what information will continue to be transmitted and what is done with information that was already collected.

As Reps. Black and Meehan point out in their letter to HHS and CMS, the Obama Administration’s practice of disseminating users’ personal information directly contradicts Healthcare.gov’s own privacy policy which states, “No personally identifiable information is collected.” Reps. Black and Meehan released the following statements on their letter and newly introduced legislation:

“I have warned for over a year now of security and privacy concerns under Healthcare.gov. Sadly, from the website’s hacking last summer, to these latest revelations of data-sharing without users’ knowledge or consent, the Obama Administration continues to show that our concerns are well-founded and that Americans’ personal information on this site remains at risk,” said Congressman Diane Black. “Americans deserve the highest standards of privacy and confidentiality when enrolling in health insurance, and they certainly shouldn’t be left holding the bag for this Administration’s failure to maintain a secure website. That is why my letter to the Administration demands answers on Healthcare.gov’s privacy and security standards and seeks information on what data was collected by Healthcare.gov, how long it was stored, and in what way it was secured.”

Congressman Black added, “In light of the Obama Administration’s latest failing, I am proud to reintroduce the Federal Exchange Data Breach Notification Act of 2015. This commonsense legislation will simply require the government to notify affected consumers if their personal information is compromised on Healthcare.gov. It defies all logic that this basic requirement is not already law. I was pleased to carry this legislation in the last Congress and will fight once again for its passage so that Americans can take action to protect themselves in the event of an Obamacare security breach.”

“It is unacceptable that security and privacy failures keep happening with Healthcare.gov,”said Congressman Patrick Meehan. “No American should have to fear their data will be exploited or compromised through HealthCare.gov. The data on the exchanges is among families’ most private, and it should not be shared without a user’s consent. The legislation we have introduced today will ensure that the feds live up to their obligation to disclose data breaches on the federal exchange and come clean with consumers.”

Resources: