To protect unauthorized disclosure in case of a cybersecurity attack, the Federal government will be issuing new Medicare cards as of April 1, 2018. The rollout and transition will be over a one-year basis.
The Medicare Access and CHIP Reauthorization Act (MACRA) of 2015, requires The Centers for Medicare and Medicaid Services [CMS] to remove Social Security Numbers (SSNs) from all Medicare cards by April 2019. A new Medicare Beneficiary Identifier (MBI) will replace the SSN-based Health Insurance Claim Number (HICN) on the new Medicare cards for Medicare transactions like billing, eligibility status, and claim status. You can find more details in a CMS 5/30/17 press release and latest Open Door Forum slides.
The workers' compensation community, under new Federal rules, will also be required to maintain better cyber hygiene, have better application update procedures and establish an adequate plan to respond to breaches. Client and governmental agencies will require more secure networks and procedures for handling data transmission, access, and storage.
Historically workers' compensation systems nationally utilized Social Security numbers to identify workers' compensation claims, unemployment disability claims, and unemployment claims. Documents and pleadings exchanged throughout the workers' compensation included that data. With cyber-attacks, state governments, and stakeholders, including insurance companies, health providers, law firms and injured workers' have prohibited and to sharing such Personally Protective Information (PPI).
"Law firms must remain diligent to protect their client's information. Procedures should be established to prevent human error, accidents, disruption of infrastructure services, have plans in place for natural disasters. RPC 1.6 Confidentiality of Information. A lawyer must take reasonable efforts to prevent inadvertent or unauthorized access to client information. Lawyers may be required to take special security precautions to protect client information against inadvertent or unauthorized disclosure when an agreement with the client, or the law, or the nature of the information requires an elevated degree of security. ABA Formal Op. 2017-477 (May 11, 2017)" Gelman, Jon L, Workers' Compensation Law, 38 NJPRAC 34.11 (Thomson-Reuters 2018).