“The Centers for Medicare and Medicaid Services (CMS) has discovered a bug in its Blue Button 2.0 API exposed the protected health information of around 10,000 Medicare beneficiaries. Access to the Blue Button API has been temporarily suspended while the CMS completes a comprehensive code review. The CMS has not produced a timeline for when the Blue Button 2.0 service will be resumed…”
“The CMS determined the anomaly was due to a coding bug. That bug potentially allowed data to be shared with incorrect Blue Button 2.0 applications and the wrong beneficiaries. The CMS determined 30 applications have been impacted by the bug…”
“The error and why it resulted in the impermissible disclosure of claims data are perfectly understood, what was not initially clear was how the bug was introduced and why it was not found in time to prevent the exposure and disclosure of sensitive beneficiary data.
There are three takeaways from the initial findings of the investigation related to code reviews, testing, and cross team collaboration…” Read the full article here.
Source: CMS Blue Button 2.0 Coding Bug Exposed PHI of 10,000 Medicare Beneficiaries – December 19, 2019. HIPAA Journal.
