Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Custom Media Event: ESG Summit
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Transformation Summit
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain Revenue Cycle
    • - Hospital at Home
    • - Workplace of the Future
    • - Virtual Health
    • - Future of Healthcare Staffing
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Information Technology
December 18, 2019 01:07 PM

Blue Button 2.0 bug may have exposed Medicare beneficiary data

Jessica Kim Cohen
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    Getty Images / Modern Healthcare Illustration

    The CMS has temporarily shut down access to its Blue Button 2.0 data-sharing tool after discovering a bug that may have exposed some beneficiary information.

    The CMS suspended access to the Blue Button 2.0 API, or application programming interface, after a third-party app developer reported a "data anomaly" on Dec. 4. It's unclear when the service, which allows Medicare beneficiaries to share their claims data with third-party apps, will be restored, the agency shared in a blog post this week.

    "Access to BB2.0 remains closed while we conduct a full review. Restoration of service is pending resolution of the issue," the CMS wrote.

    Earlier this year, the CMS said more than two dozen organizations had launched Blue Button 2.0 apps for Medicare beneficiaries to download, such as programs to help users organize their medication lists.

    The bug—a coding error that was added last year—may have inadvertently shared some beneficiaries' protected health information with an incorrect user or to an incorrect Blue Button 2.0 app.

    "The technical issue is contained to less than 10,000 Blue Button authorized users and 30 authorized apps," a CMS spokesperson wrote in an emailed statement.

    The CMS said it will notify affected beneficiaries and app developers about the issue in the coming weeks.

    The CMS linked the privacy issue to Blue Button 2.0's process for identifying beneficiaries.

    An identity management system assigns beneficiaries randomly generated user IDs to connect claims data to the correct third-party app. However, the Blue Button 2.0 tool was truncating user IDs to be shorter in length, which made them "not sufficiently random to uniquely identify a single user, " according to the CMS' blog post, leading the same shorted user IDs being assigned to multiple people.

    That means any data exposure from the bug was contained to Blue Button 2.0 beneficiaries and developers, and does not involve intrusions by outside entities, according to the CMS.

    "This issue only impacts BB2.0, not Plan Finder, Medicare.gov, or any other system," the CMS wrote. "We have not detected any intrusion by unauthorized users and system integrity has not been compromised by any external source."

    News of the bug comes as the CMS and HHS' Office of the National Coordinator for Health Information Technology are working to finalize their companion interoperability proposals. The rules would require healthcare providers and insurers to allow patients to request their health data via APIs and third-party apps, raising privacy concerns among some provider groups.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Cerner_fullsize_AP_i.jpg
    Cerner to pay $1.8M to resolve racial discrimination allegations
    Allscripts logo_i copy_i.png
    Allscripts new CEO looking for payer, life sciences acquisitions
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2022. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Transformation Summit
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain Revenue Cycle
        • - Hospital at Home
        • - Workplace of the Future
        • - Virtual Health
        • - Future of Healthcare Staffing
      • Custom Media Event: ESG Summit
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing