Friday, December 20, 2013

HCAI Security Breach

The definition for the HCAI has been defined in the 2013 Annual Report of the Office of the Auditor General of Ontario. HCAI is an online database and billing portal to which health-care providers are required to submit billings for injury claims before they are forwarded to insurers for payment.

According to the Privacy statement on the HCAI website ( ) health Claims for Auto Insurance Processing (HCAIP) is responsible for the operation of the electronic processing system (HCAI) for automobile insurance claims. This system allows health care facilities and insurers to communicate with each other by facilitating the transmission of Ontario claim forms (OCFs).

The HCAI system contains sensitive personal health information. Protecting this information is the job of HCAIP. In order to protect the confidentiality of personally identifiable information (PII) HCAIP commits to maintain appropriate technical and administrative safeguards to protect the data in the HCAI system and any third parties that HCAI contracts to take prompt action in the instance of a privacy breach and protect PII from unauthorized disclosure in paper, electronic or verbal format.

So after reading about the HCAI you would think our personal information is protected, right?

The following document shows that there was in fact a breach of security at the HCAI online database on November 14, 2011.

Clearly the Access to a claimants file in the database by the “Anonymous Web User” logged in to the SecureDox HCAI online database justifies an explanation by its administrators at the HCAI system, and the IBC.

How has an Anonymous user logged into the HCAI online database been allowed to download personal health information?

It doesn't surprise me that our personal health information is at risk by the powers that be.

Insurance Doctors ( wordhirlings) interrogating victims of crashes using their personal computers. Using unsecured email to transfer our personal health information to unsecured servers.

Why is there no legislation to force our personal information be deleted from all the Laptops filled with claimants personal files that wordhirlings bring to the interrogation rooms. And all those emails sent back and forth between the assessment mills and interrogators.

Who monitors our personal health information,  transferred so freely and unsecured, from so many different sources?

Surviving a Collision.


Anonymous said...

According to Calomel SSL Validation the Security:
the health Claims for Auto Insurance website has a
The security is "Very Weak (red 42%)

Bearsworld Blog said...

You are correct.
I wonder if the “Anonymous Web User” logged in and downloading my health claims file used the lack of security to gain access.

Anonymous said...

welcome to the future, healthcare is not muffed up enough already, and now this!!!

Post a Comment

Thank you for your interest.
Note: Surviving a Collision does not necessarily endorse any of the views posted. By submitting your comments, you acknowledge that Surviving a Collision has the right to reproduce, broadcast and publicize those comments or any part thereof in any manner whatsoever.

Please use the comment form on the bottom of this page: