Free Newsletters

   All InfoWorld Newsletters

MORE ENTRIES
Tech Watch | InfoWorld Staff » WellPoint's missing data shows up

March 15, 2007 | Comments: (0) | TrackBacks: (3059)

WellPoint's missing data shows up

TAGS: Data Management, Encryption, Privacy, Security

Executives at WellPoint -- the nation's largest managed health care services provider -- are breathing a lot better today, and not just because they're keeping an eye on their diet and maintaining an optimal level of physical fitness.

Last week, the Indianapolis-based firm began the process of informing some 75,000 of its customers that it had lost a CD that carried unencrypted data including their health records and other personal data, however, the company claims it has now found the missing information.

In a statement released late Wednesday, the firm's New York-based Empire Blue Cross Blue Shield insurance unit said that the missing CD, which had been shipped to business partner Magellan Behavioral Health Services via UPS, by Health Data Management Solutions (HDMS), a third party vendor to Magellan, was discovered.

The company offered few details of the recovery other than to say that the CD had merely been misplaced in transit. Something tells me that WellPoint might swap overnight companies from Big Brown to FedEx, or fire some of its mailroom employees.

The incident highlights the challenges faced by corporations in meeting the increasingly strict terms of emerging data exposure reporting laws. As part of the statement on the misplaced -- and more importantly unencrypted -- CD the company couldn't help but give itself a little pat on the back saying that it "accelerated member notification as our members' security and trust are our highest priority."

Kudos to the firm for not actually losing the information, but it could have easily avoided the entire situation by somehow protecting the data. However, Empire Blue Cross said that it did have policies in place to prevent such incidents.

"The information was not transferred in accordance to our contractual terms with Magellan, who did not require HDMS to encrypt or password protect the data," the company said. "We are addressing these issues and we have made it clear to both HDMS and Magellan that their security practices with respect to the data transfer were unacceptable."

Magellan will now only transmit personal health information electronically over a secure network, eliminating CDs and the use of a delivery service, WellPoint said.

I'm betting that the employee who failed to follow said rules is somewhere considering their job options right now.

Posted by Matt Hines on March 15, 2007 05:39 PM


RATE THIS ARTICLE:





 

  •  
  • COMMENTS



Blog Profile for krails
Add to Technorati Favorites

 

TOP STORIES

 


 

ADDITIONAL RESOURCES

 

 


Technology White Papers

 

InfoWorld Technology Marketplace

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert
Find out when the latest white paper is available:
 
 
» BUY A LINK NOW

Sponsored Technology Links

Copyright © 2007, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service.
All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses,
phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.