Further updates regarding the security breach of Anthem's online application tracker program.
As of today, 470,000 individual subscribers have been notified of a potential compromise. 230,000 are in California, the rest across the various Anthem states.
There are some disturbing bits of information surfacing.
Apparently the breach went on for quite some time and was only discovered in March when an attorney who breached the system filed a class action lawsuit regarding the breach. I have at least two clients who were breached as far back as November, 2009.
Perhaps the most troubling is that, according to the Atlanta Journal-Constitution, a company investigation has yet to identify 10 computer addresses (IPs) that accessed information. This is of concern as this would indicate that these 10 breaches were not conducted by the attorney(s) and are IP addresses of unknown hackers.
I will update when I receive additional information. Questions for California subscribers should be addressed to Anthem individual membership at 800-333-0912.
Some current press articles on the Wellpoint/Anthem breach:
Reuters
Associated Press
Wednesday, 30 June 2010
Tuesday, 29 June 2010
CA Temporary Federal Risk Pool Approved
Yesterday, two legislative bills were passed in Sacramento which will allow for California to run a temporary risk pool using federal funds (under PPACA). The risk pool will provide coverage on a temporary basis until January, 2014.
The two bills, SB 227 (Alquist) and AB 1887 (Beall) will provide both parity for mental health and substance abuse (AB 1887) as well as the temporary risk pool for uninsurable California residents (SB 227). Passage of SB 227 was predicated on prior passage of AB 1887.
California will receive $761,000,000 of federal funds for the risk pool. State sources indicate that the risk pool will not use any California state funds.
Details including qualification requirements, insurance plans (will be PPO style) and rates should be forthcoming from the MRMIB. MRMIP will run the program alongside the state major risk program.
The two bills, SB 227 (Alquist) and AB 1887 (Beall) will provide both parity for mental health and substance abuse (AB 1887) as well as the temporary risk pool for uninsurable California residents (SB 227). Passage of SB 227 was predicated on prior passage of AB 1887.
California will receive $761,000,000 of federal funds for the risk pool. State sources indicate that the risk pool will not use any California state funds.
Details including qualification requirements, insurance plans (will be PPO style) and rates should be forthcoming from the MRMIB. MRMIP will run the program alongside the state major risk program.
Monday, 28 June 2010
Anthem Security Breach Update
Article from the Orange County Register indicating that more than 200,000 affected so far by the security breach of the Anthem Blue Cross Online Application Tracker.
Orange County Register Article
According to the article, the attorneys who breached the system have returned all of the improperly obtained private information to a custodian of the court system. I expect that means that everyone who was affected by the breach can be assured that their private information is now safeguarded.
For clarification to the majority of my clients, this security breach does not impact HIPAA applications (nor small group). The application tracker program allows applicants (and apparently others) for individual & family plans to view a PDF of the electronic application. This PDF file contains the full application information including PHI and financial information.
HIPAA applications, like other "paper" applications, are not rendered to PDF for viewing and list on agent services as "application not submitted online -- not available for viewing". They are also not eligible for the application tracker program even though an e-mail is generated indicating it's availability.
Orange County Register Article
According to the article, the attorneys who breached the system have returned all of the improperly obtained private information to a custodian of the court system. I expect that means that everyone who was affected by the breach can be assured that their private information is now safeguarded.
For clarification to the majority of my clients, this security breach does not impact HIPAA applications (nor small group). The application tracker program allows applicants (and apparently others) for individual & family plans to view a PDF of the electronic application. This PDF file contains the full application information including PHI and financial information.
HIPAA applications, like other "paper" applications, are not rendered to PDF for viewing and list on agent services as "application not submitted online -- not available for viewing". They are also not eligible for the application tracker program even though an e-mail is generated indicating it's availability.
Sunday, 27 June 2010
MRMIB Moving Forward on Fed Risk Pool
MRMIB (California's Major Risk Medical Board) is putting together the federal major risk pool program for California. According to the most recent document, MRMIB is targeting PPO model coverage plans allowing for provisions to match the new federal PPACA guideline (no annual or lifetime caps, lower deductibles (under $1500) and so on).
According the the MRMIB, target date for the risk pool to be operating is September, 2010.
According to information provide by Pricewaterhouse Coopers (PwC) to the MRMIB, enrollment in the new risk pool could be approximately 25,000 California residents.
For comparison, MRMIP (California's Major Risk Insurance Plan) enrolls a total enrollment of about 7,100.
The risk pool funding will be a combination of premium from subscribers and federal dollars. No state monies will be used to fund the California federal risk pool.
More information as soon as I get it. Remember, the two primary conditions a person must meet to participate in the federal risk pool are:
1. Uninsured for six months or longer and unable to obtain private, group or public health insurance
2. Must have a health condition determined by the pool as a qualifying condition (these have not been published yet)
According the the MRMIB, target date for the risk pool to be operating is September, 2010.
According to information provide by Pricewaterhouse Coopers (PwC) to the MRMIB, enrollment in the new risk pool could be approximately 25,000 California residents.
For comparison, MRMIP (California's Major Risk Insurance Plan) enrolls a total enrollment of about 7,100.
The risk pool funding will be a combination of premium from subscribers and federal dollars. No state monies will be used to fund the California federal risk pool.
More information as soon as I get it. Remember, the two primary conditions a person must meet to participate in the federal risk pool are:
1. Uninsured for six months or longer and unable to obtain private, group or public health insurance
2. Must have a health condition determined by the pool as a qualifying condition (these have not been published yet)
Tuesday, 22 June 2010
Anthem Security Breach Update
I have a couple of updates regarding the security breach of the Anthem Blue Cross "Application Tracker" system.
1. Anyone who submitted an application for a minor child/children only that was breached and has received ID theft protection for the minor(s) will, if there was information breach for the parent/guardian, also receive the protection. Anthem is currently sorting applications on minors-only to determine if any breach of the parent/guardian information also occurred. This may take a bit of time as the original determinations were made based on the applicants. Anthem will have to research applications in full to determine who else may have had PHI or private information compromised in regard to that application. You can contact member services at 800-333-0912 at Anthem Blue Cross for assistance.
2. It is important to bear in mind that, while Anthem Blue Cross has ultimate responsibility with regard to this hacker manipulation, the responsible party(s) is/are mainly attorneys who are looking to file a law suit against Anthem. Yes, the carrier is ultimately responsible for 100% security of your information, as are we agents.
3. I have never really understood the need for an "application tracker" program in the first place. Anthem has provided this "link" to track you own application online and, unfortunately, this is an unintended result. The application generates e-mail updates (which are secure) at any change of application status for any applicant who provides a valid e-mail address. Since you have to provide a valid e-mail address and select opt-in on e-mail notification to even receive the application tracker link, you will automatically receive the e-mail updates anyway. Unless you have a burning desire to view the PDF of your application, anything else will automatically be communicated by secure e-mail, thus rendering the application tracker program redundant.
This hack was not of an agent's database or agent log in access to the insurance company web site. This hack was on a program designed to let anyone who applies for individual coverage online with Anthem to track their own application. It is not necessary unless you have applied direct with the carrier since your independent agent will be monitoring progress and advising you (or should be!).
1. Anyone who submitted an application for a minor child/children only that was breached and has received ID theft protection for the minor(s) will, if there was information breach for the parent/guardian, also receive the protection. Anthem is currently sorting applications on minors-only to determine if any breach of the parent/guardian information also occurred. This may take a bit of time as the original determinations were made based on the applicants. Anthem will have to research applications in full to determine who else may have had PHI or private information compromised in regard to that application. You can contact member services at 800-333-0912 at Anthem Blue Cross for assistance.
2. It is important to bear in mind that, while Anthem Blue Cross has ultimate responsibility with regard to this hacker manipulation, the responsible party(s) is/are mainly attorneys who are looking to file a law suit against Anthem. Yes, the carrier is ultimately responsible for 100% security of your information, as are we agents.
3. I have never really understood the need for an "application tracker" program in the first place. Anthem has provided this "link" to track you own application online and, unfortunately, this is an unintended result. The application generates e-mail updates (which are secure) at any change of application status for any applicant who provides a valid e-mail address. Since you have to provide a valid e-mail address and select opt-in on e-mail notification to even receive the application tracker link, you will automatically receive the e-mail updates anyway. Unless you have a burning desire to view the PDF of your application, anything else will automatically be communicated by secure e-mail, thus rendering the application tracker program redundant.
This hack was not of an agent's database or agent log in access to the insurance company web site. This hack was on a program designed to let anyone who applies for individual coverage online with Anthem to track their own application. It is not necessary unless you have applied direct with the carrier since your independent agent will be monitoring progress and advising you (or should be!).
Friday, 18 June 2010
Blue Shield CA To Hold Current Rates For July 2010
Blue Shield of California announced today that the company would make no rate or benefit changes to individual & family health plans in California at this time.
Blue Shield's "product cycle" normally allows adjustments of rates and plan benefit changes two times per year, in January and July.
Communication to agents indicates that everything will remain as current in terms of price and benefits until the next product cycle, which will be announced at a later date.
Blue Shield's "product cycle" normally allows adjustments of rates and plan benefit changes two times per year, in January and July.
Communication to agents indicates that everything will remain as current in terms of price and benefits until the next product cycle, which will be announced at a later date.
Anthem Blue Cross Security Breach (Individual Health)
Anyone who has recently applied for individual health insurance with Anthem Blue Cross and been assigned an online application tracker link needs to be aware of the following unauthorized security breach. Affected applicants will receive notification with details and one year of free identity protection services. No agent has been or likely will be notified of specific applicants (if any) who were affected.
PHI Breach by Individual Applicant, Attorneys
Anthem Blue Cross recently learned of a situation in which a small number of individuals manipulated the web address within the website we use to allow people to track the status of their Individual insurance applications. Through this manipulation, some of these individuals gained unauthorized access to certain private information.
The vast majority of the manipulation and the resulting unauthorized access occurred at the hands of certain attorneys, who were representing an applicant. We believe that this manipulation was conducted to support a class action lawsuit against Anthem Blue Cross or its parent company - over the very breach they were committing.
The ability to manipulate the web address (URL) was available for a relatively short period of time following an upgrade to the system. After the upgrade was completed, a third party vendor validated that all security measures were in place, when in fact they were not. As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again.
Anthem has worked since discovery of this matter to analyze the data in an effort to identify all individuals whose information may have been impacted and prepared to communicate directly to affected members and applicants as soon as possible.
We have received no indication that any information has been used in a way that is detrimental to the applicant; however, out of an abundance of caution, all appropriate applicants will receive a detailed notification from Anthem explaining what happened, and will be offered identity protection services for one year at no cost.
Note: This does not impact Group, Senior or State-Sponsored Business.
Sunday, 13 June 2010
California MRMIP Enrollment Waiting List
Recently I posted that MRMIP (California's State Major Risk Program) had eliminated the waiting list for enrollments. Apparently they have filled all of the open enrollment slots and now have a 1-month waiting list to enroll.
For information on MRMIP including plans, benefits and rates, visit my California Health Plans page.
For information on MRMIP including plans, benefits and rates, visit my California Health Plans page.
Thursday, 3 June 2010
CA SB 890 (Alquist)
There is a current California Senate Bill (SB 890) which I find intriguing.
SB 890 is currently under consideration and, if implemented ahead of full reform, would drastically change the landscape of individual health insurance in California.
Essentially, the bill would require all health insurance companies to offer a "standardized" portfolio of plans which would be limited to 5 PPO plans and 5 HMO plans. Any deviation from these 5 plan designs would be illegal to sell after July 2011. These plan designs generally mirror the design concept of the plans which will be available in the exchanges by 2014.
The plans would be designated as "Gold, Silver, Bronze, Platinum and Catastrophic". They would have a proscribed benefit level and include maternity coverage. By the way, there is another bill out there right now which would require all individual health plans to include maternity benefits again. No more non-maternity plans.
The ten standardized plans (5 PPO 5 HMO) would also function similarly to Medicare Supplements in terms of both standardization and the ability to move from one plan to another. Under SB 890, a subscriber may, at each policy anniversary, move to a plan of equal or lesser coverage on a guaranteed-issue basis. This is very similar to the California "birthday rule" for Medicare Supplement plans.
Another interesting note included in the text of SB 890 is the medical loss ratio information for California's health insurance carriers. Remember, on Jan 1 2011 carriers must comply with the new healthcare reform MLR requirements of 80% for individual and small group and 85% for large group.
You can read the text of SB 890 here
SB 890 is currently under consideration and, if implemented ahead of full reform, would drastically change the landscape of individual health insurance in California.
Essentially, the bill would require all health insurance companies to offer a "standardized" portfolio of plans which would be limited to 5 PPO plans and 5 HMO plans. Any deviation from these 5 plan designs would be illegal to sell after July 2011. These plan designs generally mirror the design concept of the plans which will be available in the exchanges by 2014.
The plans would be designated as "Gold, Silver, Bronze, Platinum and Catastrophic". They would have a proscribed benefit level and include maternity coverage. By the way, there is another bill out there right now which would require all individual health plans to include maternity benefits again. No more non-maternity plans.
The ten standardized plans (5 PPO 5 HMO) would also function similarly to Medicare Supplements in terms of both standardization and the ability to move from one plan to another. Under SB 890, a subscriber may, at each policy anniversary, move to a plan of equal or lesser coverage on a guaranteed-issue basis. This is very similar to the California "birthday rule" for Medicare Supplement plans.
Another interesting note included in the text of SB 890 is the medical loss ratio information for California's health insurance carriers. Remember, on Jan 1 2011 carriers must comply with the new healthcare reform MLR requirements of 80% for individual and small group and 85% for large group.
You can read the text of SB 890 here
Tuesday, 1 June 2010
California Moving Forward With Reform
According to a Mercury News article today, the California Legislature is moving forward with several reform bills in the coming weeks.
The legislation, which may include as many as 20 bills, would, amongst other things, create state health insurance exchanges, do away with denials for pre-existing health conditions, extend coverage to children and uncap benefit limits on health plans.
Governor Schwarzenegger has indicated that he wants many reforms in place in California before January, 2011, including health insurance exchanges.
The two most major bills are SB 900 (Alquist) and AB 1602 (Perez). Both bills would create a California insurance exchange which would operate similar to the Massachusetts Connector program.
It appears that California intends to at least try to get systems and programs in place well ahead of the final dates set by federal reform laws.
Current Version of SB 900
Current Version of AB 1602
The legislation, which may include as many as 20 bills, would, amongst other things, create state health insurance exchanges, do away with denials for pre-existing health conditions, extend coverage to children and uncap benefit limits on health plans.
Governor Schwarzenegger has indicated that he wants many reforms in place in California before January, 2011, including health insurance exchanges.
The two most major bills are SB 900 (Alquist) and AB 1602 (Perez). Both bills would create a California insurance exchange which would operate similar to the Massachusetts Connector program.
It appears that California intends to at least try to get systems and programs in place well ahead of the final dates set by federal reform laws.
Current Version of SB 900
Current Version of AB 1602
Subscribe to:
Comments (Atom)