So how are you determining if your Business Associate or vendor has a rogue employee who may be stealing or misusing your patients’ protected health information? A notification from Anthem regarding an incident that affected more than 18,000 Medicare members in 21 states is a timely reminder that out of sight cannot mean out of mind or out of audit/logging….
LaunchPoint Ventures LLC (LaunchPoint) recently discovered an event which may affect the security of personal information of Anthem companies and subsidiaries (“Anthem”) Medicare members. LaunchPoint provides insurance coordination services to Anthem. On April 12, 2017, LaunchPoint, learned that one of its employees was likely involved in identity theft related activities. LaunchPoint hired a forensic firm to investigate. On May 28, 2017, LaunchPoint learned that some other, non-Anthem data, may have been misused by the employee. LaunchPoint then learned the employee emailed a file with information about Anthem companies’ members to his personal email address on July 8, 2016. This action violated LaunchPoint’s policies. The investigation is on-going. LaunchPoint does not know if the email was related to a legitimate work purpose.
On June 12, 2017, LaunchPoint confirmed the file included the Protected Health Information (“PHI”) of Anthem members and reported the incident to Anthem on June 14, 2017. LaunchPoint does not have any information to suggest that the data on the file was misused. The personal information on the file primarily included Medicare ID numbers (HICN) which includes a Social Security number, Health Plan ID numbers (HCID), Medicare contract numbers, and dates of enrollment. A very limited number of last names and dates of birth were also included. LaunchPoint is in the process of contacting these individuals.
LaunchPoint has terminated the employee, hired a forensic expert to investigate, and is working with law enforcement. The employee has been incarcerated and is under investigation by law enforcement for matters unrelated to the e-mailed Anthem file. LaunchPoint is reinforcing existing policies and protocols and is evaluating additional safeguards to prevent any similar incidents from occurring in the future.
LaunchPoint is providing those impacted with information on how to better protect against potential identity theft and fraud, as well as access to two years of credit monitoring and identity theft restoration services with AllClear ID at no cost. For information on how to enroll in the credit monitoring services, please call the toll- free dedicated assistance line at 1-855-836-1563. This toll-free line is available Monday through Saturday, from 8:00 am to 8:00 pm CDT, excluding major national holidays.
It is important that individuals impacted routinely review statements from their accounts and from time to time get their credit report from one or more of the national credit reporting companies. An individual may get a free copy of their credit report annually in these ways:
- Online at annualcreditreport.com
- Call toll-free 1-877-322-8228
- Mail an Annual Credit Report Request Form (forms are on the website at annualcreditreport.com) to:
ANNUAL CREDIT REPORT REQUEST SERVICE PO BOX 105281
ATLANTA GA, 30348-5281Individuals also may get a copy of their credit report from one or more of these three national credit reporting companies:
Equifax
PO BOX 740241 ATLANTA GA 30374-0241 1-800-685-1111 equifax.com
Experian
PO BOX 9532 ALLEN TX 75013 1-888-397-3742 experian.com
TransUnion
PO Box 2000 CHESTER, PA 19022 800-916-8800 transunion.com
To place a credit freeze with one or more of the three national credit reporting companies, please contact the company below:
###
Anthem Media Contact
Gene Rodriguez, 317-488-6168 or 317-677-5946 [email protected]