Menendez Talks Data Breaches at Financial Data Privacy Hearing

June 13, 2019 posted by

just last week we learned of a breach concerning a medical billing company America medical coalition agency that may have exposed the personal financial and even medical data of 20 million patients who are customers of quest diagnostics and LabCorp so let me ask you miss Dixon our people are rightly concerned that some of their personal data is now exposed and could be used against them can data brokers legally compile aggregate or sell data that has been acquired through an illegal hack I have I am NOT an attorney so I think that's a question an attorney could better answer you but my first best guess is I don't think you can use improperly infer me information that has been disclosed in an unauthorized manner for your own business purposes that seems like that would be really out of bounds start to exactly do you have any idea that I don't know the answer but I can certainly find out yeah well I appreciate that should people be concerned that data not otherwise covered by HIPAA is ending up in the hands of data brokers even in the absence of a hack our building companies like America medical coalition agencies selling non HIPAA data to brokers this is an ongoing area of grave concern for us there are actual scores of health data there's a frailty score that can predict very closely how sick you are and when you might possibly die I think that there are all sorts of scores and products that related to I want to check on that but that that's pretty frightening is it is and hell you know health data that is not covered under HIPAA is become an increasing area so let me ask you this when hackers gained access to non HIPAA data like in the quest data breach can data brokers apply machine learning to these data points to infer a reconstruct sensitive HIPAA protected medical data I actually don't think that they need to acquire unauthorized data in order to do that they can just look at our purchase histories and get an awful lot of data about us but in terms of what's happening with this entire area the data breaches of medical data actually can lead to forms of identity theft and medical identity theft that are very very difficult to cure and can have extremely meaningful consequences in people's life ask you then hip is nearly 25 years old and the 2009 high tech I provided updates which were concerning health information technology but I'm still concerned that we're playing catch-up when it comes to protecting patients and you know of all the information that should be private and privileged to you your health standing should be extraordinary because there are all types of consequences in that in employment and discrimination and a whole host of things are there gaps in HIPAA and other data security laws that need to be addressed to better protect people today in this 21st century threat what's coordination is missing between existing legal protections I I do think there's gaps and the biggest gaps that exist right now are the gaps that exist between the sectoral protections and I don't think the answer is to just rip out the sector protections that exist such as a Fair Credit Reporting Act or HIPAA or sarbanes-oxley etc but to find a way to fill those gaps in for example victims of medical identity theft can use their Fair Credit Reporting Act rights to get their financial information corrected but under HIPAA they are it is it's not possible for them because it doesn't exist in this statute it's not possible for them to get a deletion similar to the FCRA in their health files so they could actually carry around inaccurate information which can really have an impact on their treatment and insurance costs and there's not a solution yet so this is the kind of gap we need to address lastly there's one breach that compromised the personal information of 20 million patients that's pretty troubling one data broker has that around 300 million consumers we're still reeling from the Equifax breach which affected one hundred and forty five and a half million consumers if the information of 300 million consumers were to be compromised we might start calling for private information public information because at the end of the day that's the result of it what's the ramifications for consumer if a data broker is breached and should we hold them to a higher standard of security especially because their volume is so consequential data broker breaches are very significant so my my assessment of this is that the the various state data breach laws are doing a pretty good job especially in some cases where the data breach law is quite strong in forcing disclosures and and notices but I think we need to do more to ensure that all of the information held that is sensitive and health related etc is duly notified to the consumer the problem with the data brokers is what they will say is oh wait wait we don't have a direct relationship with the consumers we can't notify them and I think that is a gap that needs to be resolved now the state of Vermont has resolved that gap they could they could they could reach back to the entity that provided them the data in the first place and they could notify could they not I believe that that could happen all right I just think they should be held to a higher standard of security because of the consequences of incredible numbers of Americans that are subject to having their privacy breached and their healthcare breached is just beyond a acceptance thank you Jim Thank You senator rounds

No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *