Monday, June 9, 2014

Data breach at Access Health CT, troubling for APCD future

Friday afternoon a backpack was found on a Hartford street with sensitive information on about 400 Access Health CT customers. The backpack included four notepads with handwritten names, social security numbers and dates of birth, as well as internal Access Health CT papers. People whose information was breached have been contacted and offered credit monitoring and resolution services. Access Health CT says they will find out how this happened and make changes to see that it isn’t repeated. Access Health CT testified against a bill this session requiring enhanced background checks for people handling sensitive information. The bill did not pass.

Unfortunately this is the same organization is being given responsibility for even more sensitive information in our medical records. Access Health Analytics, a unit of Access Health CT, will soon be collecting our medical records, across all insurers and government programs in an all-payer claims database (APCD). The plan is to use the information for health planning and, hopefully, to give consumers the information they need to make better health care choices. It could be a very effective tool to improve our health system. However, unlike Rhode Island’s APCD, Access Health Analytics has decided not to include an opt-out provision giving people control over their most sensitive information. Reportedly a very small number of people have chosen that option in Rhode Island, but just having it builds trust. Connecticut should re-visit this poor decision that undermines trust in a system that is not perfect.