Wednesday, November 25, 2009

BlueCross BlueShield Data Theft

[UPDATE 2]:

Check out my December follow-up to this story.

[UPDATE]:

Although the theft occurred Oct. 2, as of Thanksgiving weekend BCBS-TN customers, including employers, had yet to be notified of the theft. Maybe they were hoping no one would notice.

---------------------------------------------------

Someone needs to explain to me why computers with peoples’ personal information on it are still being treated like they’re harmless office supplies. If it’s got Social Security numbers, birth dates, etc., then it needs to be kept under lock and key. And don’t put it on every freaking computer hard drive in the office.

So now BlueCross BlueShield of TN is the latest to compromise people’s personal information:
CHATTANOOGA, Tenn. -- BlueCross BlueShield of Tennessee will provide free credit monitoring for any customers whose personal information could be at risk after 57 computer hard drives were stolen from an office at the state's largest health insurer.

BlueCross spokeswoman Mary Thompson said work is continuing to determine how many of the Chattanooga-based insurer's 3.1 million customers are affected.

The hard drives were taken Oct. 2 from a closet at the BlueCross Eastgate Town Center training center, where employees are preparing to relocate to the insurer's new state headquarters in downtown Chattanooga.

BlueCross earlier reported that 68 hard drives were taken.

Glad to hear those nine showed up somewhere. As a BCBS-TN customer, let me say the one year of free Equifax monitoring doesn’t restore my confidence that you folks know what the hell you are doing. Frankly, I never understood why Social Security numbers needed to be part of my medical file anyway. I’m sure I just don’t understand how medical billing works.

Even worse, a lot of this shit is for sale. We live in this Big Brother world of corporate information gathering where companies specializing in data mining harvest all sorts of information that drives decision making to maximize profits. It’s the free hand of the market at its worse, looking over doctors’ shoulders at what prescriptions they are writing:

The practice is known as "prescription data mining." Medical data firms annually blend several billion prescription records purchased from pharmacies and health insurers with physician data from the American Medical Association and other sources and sell the results to drug companies.

The result, according to critics of the practice, is increased prescribing of the newest and costliest, though not necessarily more effective, drugs.

The health insurance companies are selling this information? Ohhh goodie, yet another revenue stream. It’s bad enough they deny claims from paying policy holders; now they’re making money by selling the private information from those claims they do allow. Great. So glad we are asked to waive our HIPAA rights every time we check in at the doctor’s office.

Anyway, I thought some of the 3 million+ BCBS-TN customers should know that their personal information may have been compromised, because I certainly didn’t get a phone call from my insurance company about it. Thank you, local media: you did your job this time.