Privacy & Technology Standards
Anthem is committed to safeguarding the personal information we receive from our consumers, customers and associates. We impose standards to maintain the confidentiality of personal information, and we use physical, technological and administrative safeguards to protect it.
Our comprehensive program of security procedures, programs and protocols is designed to ensure that:
- Our consumers’ personal information is secure;
- Anthem associates are well trained in our security program;
- Everyone involved is encouraged to actively ensure that Anthem and its vendors are meeting the high standards we set;
- Our vendors meet or exceed the security requirements prescribed by Anthem so that we can put our full faith and trust in their products and services; and
- Our associates are personally safe, both physically and in the virtual world.
Anthem uses the Health Information Trust Alliance (HITRUST), an industry-leading security framework, and undergoes regular reviews by trusted third parties to provide independent confirmation of our cybersecurity program. The HITRUST Common Security Framework is designed to meet International Standards Organization and International Electrotechnical Commission guidelines. It also follows other federal, state and industry healthcare regulations for information security.
Information Security and Risk
Information security and risk are managed by a team of professionals whose primary goal is to ensure that our consumers’ personal information remains secure. These talented professionals address all aspects of the issue, including application security, infrastructure security, security architecture and forensic investigations. The Detection Analytical Response Team uses cybersecurity hunting, cyberthreat and intelligence analytics to research, analyze, respond to and remediate cyberthreats to Anthem.
Cybercrime is more sophisticated than ever, and Anthem equips associates with the tools and skills needed to uphold our high standards of information security. Mandatory annual security-awareness training is one of the ways Anthem helps ensure that associates understand potential threats.
Our enhanced training covers social engineering, phishing, password protection, Anthem’s Workforce Information Security Program, data protection, asset use and mobile security.
Physical Security Training
In 2017, the Anthem Corporate Security team was honored with a United States Outstanding Security Performance Award from the American Society for Industrial Security.
The award recognized the team’s situational awareness training initiative for Anthem associates. This training elevates associates’ awareness of physical security and the steps they can take to stay safe regardless of workspace or location. The comprehensive online training program and corresponding “meeting in a box” address such security issues as active-shooter scenarios; safety working at home; personal safety; tips for visiting nurses; hostile-intruder situations; and domestic and international business travel.
Vendor Oversight Programs
When Anthem engages outside vendors to help provide quality healthcare solutions for our consumers, protecting their personal information is a top priority. Anthem’s vendors must follow state and federal privacy and information-security laws, and we enforce these laws through contractual requirements, our own internal oversight and the use of administrative, physical and technological safeguards.
Anthem operates in a highly regulated industry; federal and state laws and contractual commitments regulate the collection, use and disclosure of protected health information and personally identifiable information. Our success depends on maintaining a high level of trust among consumers, customers, providers, regulators and our associates. Protecting this information is crucial; this is reflected in our Standards of Ethical Business Conduct and privacy policies.
Our Privacy Office formulates Anthem’s privacy policies, reviews proposed laws and helps business leaders implement new privacy requirements. We also deliver privacy training and communications and identify and monitor risks.
We are focused on continuous improvement. Our policies are updated at least annually. We explore new ways of training and communicating with our associates to make sure they have the information and tools they need. For example, our interactive decision-making guides for call-center associates provide real-time counsel, and we have used humorous videos and games to help make the trainings “stick.”
Our comprehensive privacy-incident response and prevention program educates associates on the importance of reporting all incidents immediately. Each incident is reviewed, and action is taken to address every issue, mitigate the impact and assess our obligations to notify individuals, clients, regulators, the media and others. Anthem can offer the affected individuals identity-protection and credit-monitoring services. We learn from each experience and use what we learn to help prevent future incidents.