Joseph Neff reports:
Blue Cross and Blue Shield of North Carolina periodically shares the private personal and health information of hundreds of thousands of clients with a third-party company that designs the insurance company’s software system, documents and interviews show.
Internal documents obtained by The News & Observer reveal an ongoing discussion within Blue Cross about whether to scramble or “mask” the data before sending it outside the company’s secure production area. The company so far has decided that isn’t feasible.
Some computer experts and insurers say that Blue Cross should obscure the data before sharing the information, which includes names, addresses and Social Security numbers in addition to medical information. One of Blue Cross’ competitors does not send private data to third-party vendors, while a second does.
Read more on Charlotte News & Observer.
N.B. The story includes the statement, “And Blue Cross officials say they have never had a security or privacy breach.” There are 5 breaches listed for Blue Cross Blue Shield of North Carolina in DataLossDB.org’s database, although I would note that none of them involving hacking, and most involved mailing errors.