Who does this?!!!! Why are they trusting INDIA to handle PHI? I hope they get the biggest breach….after I leave soon. She just paid a hefty settlement for a breach. Just look at the customer reviews. They’ll keep customer service here so it seems like it’s all handled here. Guys PLEASE check the other BIG insurance companies . These people aren’t the only ones around and can’t be trusted.
5 replies (most recent on top)
Reply to @5sye+1bgr9loC. Do the SUBSCRIBERS know their information is shared with offshore people? Pretty sure MEDICAID AND MEDICARE can’t. Pretty sure another breach is underway.
One of many reasons I dropped employer health insurance for my spouse's plan. This and the fact that in house accounts are handled by vendors as well (stateside, but still utterly useless). Anthem clearly never learned their lesson from the 2015 breach.
Don’t shoot the messenger, but offshoring of PHI is allowed for most states and groups. A few are restricted and must be retained onshore (and those remain in the US), but most are not. It’s up to each state and group to determine whether or not PHI can be processed offshore, and most do not have a restriction. Data is always stored onshore, but the processing is what drives the location of the people.
If you want to influence change, write to state legislators. The states have all of the power here.
Id turned this into compliance before because I felt this was a violation of contracts with government business. They never responded. Worthless. Ethics and compliance is a joke. They only care about it if it's someone taking something from them....no problem with the company being unscrupulous and LYING to state health plans about who is doing the work.
Its been bad for awhile. A lot of these companies including Anthem are skirting close to big time regulations and fines but keep lining pockets and finding loopholes. There is no way even with https, all the credentialing, and supposed security measures can they prevent a non US citizen to get your member data when they flat out open it up. Its wrong. The data breach Anthem had and others are big freaking doors they leave open in cyber space and then some one who is supposedly legit can harvest it. Its just that easy. Best sageguards in place would be to eliminate offshore all together and get back to protecting data by not kidding themselves.