Health Insurance Data Breach & HIPAA
Did you receive emails from Anthem Blue Cross and Blue Shield informing of their external cyber attack that potentially put your or your employee’s information at risk? Are you freaking out or worried? Do you know what this means for your company?
If you’re in a management or HR position, here are a few items to consider in response:
1. Understand your company’s HIPAA responsibilities. Do you self insure, and, if so, do you handle claims administration in house or outsource to a third party administrator (TPA)?
2. If you have a group plan, such as through Anthem, rely on your insurance agent. An insurance agent worth his/her salt will be feeding your company’s designated benefits administration person the info needed to pass on to employees.
3. Be careful in your benefits administration role not to play the role of the insurance agent. Benefits administration has limited HIPAA obligation as long as it’s “pass through”. Assisting an employee with filing a claim can be construed as claims administration and potentially obligated your company to maintain strict HIPAA compliance.
4. In general, whether required to or not, it’s good to have physical & data security procedures in place.