News of the data breach suffered by Anthem continues to dominate the news (here, here, and here for example). And, further raising the stakes, class action lawsuits from individuals whose information has potentially been compromised are beginning to roll into courthouses across the country (California, Alabama, Indiana, Georgia, California (again), and California (again). Because health care data is such a hot commodity on the black market, hackers often target health care providers and other entities who have health care data. Data breaches aimed at health care information were way up last year, and attempted data breaches are only expected to increase.

Encryption, which Anthem didn’t have according to news reports, goes a long way toward securing this sensitive data. However, even with encryption, it is worthwhile for  providers large and small to review existing data security/breach response policies or institute new ones targeted at current technologies.   Considerations include:

  • Organize your data network and know what information you have and where it is (including technologies like cloud computing, printer/copiers, and employees’ mobile devices);
  • Update encryption, password, and remote access policies and ensure they are followed;
  • Perform a risk assessment (and document it);
  • Create a protocol to monitor unauthorized attempts to access data;
  • Develop a plan to respond to a data breach, including technical, legal, and business continuation considerations;
  • Plan for disclosures to employees, shareholders, individuals effected, media, and/or federal regulators as required
  • Review state laws that may apply for additional reporting or safeguard requirements