Close Menu
The Baylor Lariat
    Facebook X (Twitter) Instagram YouTube LinkedIn
    Trending
    • Baylor community unites in flash flood relief efforts
    • Baylor rescinds LGBTQIA+ inclusion research grant after backlash
    • Students react to emergency alert following campus lockdown
    • Baylor shelter-in-place lifted following police pursuit of robbery suspects
    • Baylor graduate charged after killing cats with pellet gun, hanging bodies over utility lines
    • Baylor Football’s Alex Foster dies at 18
    • Board of Regents confirms budget, renovations, new leadership in May meeting
    • How facilities responds to storms, flooding in campus buildings
    • About us
      • Spring 2025 Staff Page
      • Copyright Information
    • Contact
      • Contact Information
      • Letters to the Editor
      • Subscribe to The Morning Buzz
      • Department of Student Media
    • Employment
    • PDF Archives
    • RSS Feeds
    Facebook X (Twitter) Instagram YouTube LinkedIn
    The Baylor LariatThe Baylor Lariat
    Subscribe to the Morning Buzz
    Thursday, July 10
    • News
      • State and National News
        • State
        • National
      • Politics
        • 2025 Inauguration Page
        • Election Page
      • Homecoming Page
      • Baylor News
      • Waco Updates
      • Campus and Waco Crime
    • Arts & Life
      • Wedding Edition 2025
      • What to Do in Waco
      • Campus Culture
      • Indy and Belle
      • Sing 2025
      • Leisure and Travel
        • Leisure
        • Travel
          • Baylor in Ireland
      • Student Spotlight
      • Local Scene
        • Small Businesses
        • Social Media
      • Arts and Entertainment
        • Art
        • Fashion
        • Food
        • Literature
        • Music
        • Film and Television
    • Opinion
      • Editorials
      • Points of View
      • Lariat Letters
    • Sports
      • March Madness 2025
      • Football
      • Basketball
        • Men’s Basketball
        • Women’s Basketball
      • Soccer
      • Baseball
      • Softball
      • Volleyball
      • Equestrian
      • Cross Country and Track & Field
      • Acrobatics & Tumbling
      • Tennis
      • Golf
      • Pro Sports
      • Sports Takes
      • Club Sports
    • Lariat TV News
    • Multimedia
      • Video Features
      • Podcasts
        • Don’t Feed the Bears
      • Slideshows
    • Advertising
    The Baylor Lariat
    Home»News»National

    Senate looks to revamp healthcare privacy law to protect patient information

    webmasterBy webmasterFebruary 9, 2015Updated:February 9, 2015 National No Comments5 Mins Read
    In this Feb. 5, 2015 file photo, the Anthem logo hangs at the health insurer's corporate headquarters in Indianapolis. Insurers aren't required to encrypt consumers' data under a 1990s federal law that remains the foundation for health care privacy in the Internet age _ a striking omission in light of the cyberattack against Anthem, the nation's second-largest health insurer. (AP Photo/Michael Conroy)
    Share
    Facebook Twitter LinkedIn Pinterest Email

    In this Feb. 5, 2015 file photo, the Anthem logo hangs at the health insurer's corporate headquarters in Indianapolis. Insurers aren't required to encrypt consumers' data under a 1990s federal law that remains the foundation for health care privacy in the Internet age _ a striking omission in light of the cyberattack against Anthem, the nation's second-largest health insurer. (AP Photo/Michael Conroy)
    In this Feb. 5, 2015 file photo, the Anthem logo hangs at the health insurer’s corporate headquarters in Indianapolis. Insurers aren’t required to encrypt consumers’ data under a 1990s federal law that remains the foundation for health care privacy in the Internet age _ a striking omission in light of the cyberattack against Anthem, the nation’s second-largest health insurer. (AP Photo/Michael Conroy)

    By RICARDO ALONSO-ZALDIVAR
    Associated Press

    WASHINGTON — Insurers aren’t required to encrypt consumers’ data under a 1990s federal law that remains the foundation for health care privacy in the Internet age — an omission that seems striking in light of the major cyberattack against Anthem.

    Encryption uses mathematical formulas to scramble data, converting sensitive details coveted by intruders into gibberish. Anthem, the second-largest U.S. health insurer, has said the data stolen from a company database that stored information on 80 million people was not encrypted.

    The main federal health privacy law — the Health Insurance Portability and Accountability Act, or HIPAA — encourages encryption, but doesn’t require it.

    The lack of a clear encryption standard undermines public confidence, some experts say, even as the government plows ahead to spread the use of computerized medical records and promote electronic information sharing among hospitals, doctors and insurers.

    “We need a whole new look at HIPAA,” said David Kibbe, CEO of DirectTrust, a nonprofit working to create a national framework for secure electronic exchange of personal health information.

    “Any identifying information relevant to a patient … should be encrypted,” said Kibbe. It should make no difference, he says, whether that information is being transmitted on the Internet or sitting in a company database, as was the case with Anthem.

    Late Friday, the Senate Health, Education, Labor and Pensions committee said it’s planning to examine encryption requirements as part of a bipartisan review of health information security. “We will consider whether there are ways to strengthen current protections,” said Jim Jeffries, spokesman for chairman Lamar Alexander, R-Tenn.

    The agency charged with enforcing the privacy rules is a small unit of the federal Health and Human Services Department, called the Office for Civil Rights.

    The office said in a statement Friday that it has yet to receive formal notification of the hack from Anthem, but nonetheless is treating the case as a privacy law matter. Although Anthem alerted mainline law enforcement agencies, the law allows 60 days for notifying HHS.

    The statement from the privacy office said the kind of personal data stolen by the Anthem hackers is covered by HIPAA, even if it does not include medical information.

    “The personally identifiable information health plans maintain on enrollees and members — including names and Social Security numbers — is protected under HIPAA, even if no specific diagnostic or treatment information is disclosed,” the statement said.

    A 2009 federal law promoting computerized medical records sought to nudge the health care industry toward encryption. Known as the HITECH Act, it required public disclosure of any health data breach affecting 500 or more people. It also created an exemption for companies that encrypt their data.

    Encryption has been seen as a controversial issue in the industry, particularly with data that’s only being stored and not transmitted. Encryption adds costs and can make day-to-day operations more cumbersome. It can also be defeated if someone manages to decipher the code or steals the key to it.

    In fact, Anthem spokeswoman Kristin Binns said encryption would not have thwarted the latest attack because the hacker also had a system administrator’s ID and password. She said the company normally encrypts data that it exports.

    But some security experts said a stolen credential by itself shouldn’t be an all-access pass to encrypted data.

    Martin Walter, senior director at RedSeal Networks, a Silicon Valley cybersecurity firm, said encryption can be tuned to limit the data that even authorized users can view at one time. That makes it harder for an outsider to copy a whole stockpile of records.

    Under the HITECH law, the government set up a public database listing major breaches, known informally as the “hall of shame.” Breaches on that list affected more than 40 million people over a decade, meaning that the Anthem case could be twice as damaging as all previous reported incidents combined.

    Indiana University law professor Nicolas Terry said it seemed at the time of the 2009 law that the government had struck a reasonable balance, creating incentives for encryption while stopping short of imposing a one-size-fits-all solution. Now he’s concerned that the compromise has been overtaken by events.

    “In today’s environment, we should expect all health care providers to encrypt their data from end to end,” said Terry, who specializes in health information technology.

    If the voluntary approach isn’t working, “HHS should amend the security rule to make encryption mandatory,” he said.

    ___

    Associated Press writers Brandon Bailey, Ted Bridis and Tom Murphy contributed to this report.

    webmaster

    Keep Reading

    Baylor community unites in flash flood relief efforts

    Baylor rescinds LGBTQIA+ inclusion research grant after backlash

    Students react to emergency alert following campus lockdown

    Baylor shelter-in-place lifted following police pursuit of robbery suspects

    Baylor Football’s Alex Foster dies at 18

    Board of Regents confirms budget, renovations, new leadership in May meeting

    Add A Comment

    Comments are closed.

    Recent Posts
    • Baylor community unites in flash flood relief efforts July 9, 2025
    • Baylor rescinds LGBTQIA+ inclusion research grant after backlash July 9, 2025
    About

    The award-winning student newspaper of Baylor University since 1900.

    Articles, photos, and other works by staff of The Baylor Lariat are Copyright © Baylor® University. All rights reserved.

    Subscribe to the Morning Buzz

    Get the latest Lariat News by just Clicking Subscribe!

    Follow the Live Coverage
    Tweets by @bulariat

    Facebook X (Twitter) Instagram YouTube LinkedIn
    • Featured
    • News
    • Sports
    • Opinion
    • Arts and Life
    © 2025 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.