Dive Brief:
- Anthem's record-breaking breach of 80 million individuals' data will legally impact nearly 60 health insurance plans, legal experts tell Modern Healthcare.
- Anthem is tied to other Blues plans across the US and to the Chicago-based Blue Cross and Blue Shield Association through agreements that facilitate their "BlueCard" reciprocal claims payment network.
- The plans may be found to have legal responsibility for the breach under HIPAA and state laws, and may face the more than 50 class-action lawsuits already filed (although those suits are likely to be consolidated this summer, experts say).
Dive Insight:
The root of the issue, and of much of the current legal concern, appears to come down to vulnerability created by the storage of vast BlueCard network data.
As modern Healthcare suggests, this is a likely explanation for how Anthem, which has 37.5 million members, had data stolen for so many more people.
"We have serious concerns about the vast amount of data that Anthem is storing about not even its own insured," Lynn Toops, a lawyer with the Indianapolis firm of Cohen & Malad, told Modern Healthcare.
She asks why that data is being retained, particularly in an unencrypted fashion.