Theodore J. Kobus III and Lynn Sessions answer some of the questions employers are likely to ask about their responsibilities in light of the Anthem breach.
I’m pleased to note that they also addressed the error I saw in all-too-many media reports that claimed that this wasn’t a HIPAA breach. They write:
The media is saying this is not a HIPAA breach, is that accurate? The HIPAA Privacy Rule protects all individually identifiable health information, including demographic information and common identifiers such as name, address birth date and Social Security Numbers associated with a health plan. The fact that this incident may not involve medical records or clinical information does not mean it is not a HIPAA breach. Plan sponsors should carefully review any communications from Anthem to fully understand the scope of this breach and its HIPAA implications.
Read more on BakerHostetler Data Privacy Monitor.