Where is the Blue Button?

[somarco]

At one time you could download the Blue Button @ MyMedicare. If it's there I can't find it.

Now it appears there are dozens of Blue Button apps
Medicare's Blue Button apps | Medicare

Carriers have their own BB apps. Companies I have never heard of offer BB apps.

Apps are extremely insecure and can easily be hacked. Yet CMS wants us to download one or more versions of the BB app to our phone, laptop, tablet etc so we can share PHI with providers, carriers, whoever.

How secure is that mobile app?

Malware Discovered in Popular Android App CamScanner

Android Warning As 32 Million 'Harmful' Apps Downloaded From Google Play In July

Even if WANTED to use Blue Button I can't find a "pure" version of the app, only those developed privately for specific entities.





Empowering Medicare members with medical claim data

Just when you think things can't get worse you figure out just how out of touch the folks at CMS are with the real world

 

[somarco]

Just read a NAHU report where they appear to like the Blue Button because you can access Rx history.

Appears they don't know the BB can also access patient medical history.

 

[craig_ritter]

If you log into MyMedicare.gov and click on your name in the upper right, you get a drop down. From there, you can either click on "My Account" or "Get a Report of my Data". To see your claims data, use the "Get a Report" option and you can select which claims data you want to see.

Blue Button is primarily an API which allows third party developers to access MB's claims data with their permission. I'm going to go through this with CMS to get approved for use, so I'll see exactly how difficult it is!

 

[somarco]

Thanks Craig

A few years ago you could download a Blue Button app for your phone. Don't see that option any more. Seems like you have to go through Google Play or Ios and pick one.

Wasn't impressed years ago. Even less so now.

As I understand, once you set it up you no longer have to login to access your records. Or maybe you just use your BB pw to gain access.

I see this as a HUGE security risk. Apps can easily be hacked and then the bad guys have access to all your PHI.

What could possibly go wrong?

 

[Yagents]

Thanks Craig

A few years ago you could download a Blue Button app for your phone. Don't see that option any more. Seems like you have to go through Google Play or Ios and pick one.

Wasn't impressed years ago. Even less so now.

As I understand, once you set it up you no longer have to login to access your records. Or maybe you just use your BB pw to gain access.

I see this as a HUGE security risk. Apps can easily be hacked and then the bad guys have access to all your PHI.

What could possibly go wrong?

Blue Button 2.0 bug may have exposed Medicare beneficiary data

The CMS has temporarily shut down access to its Blue Button 2.0 data-sharing tool after discovering a bug that may have exposed some beneficiary information.

The CMS suspended access to the Blue Button 2.0 API, or application programming interface, after a third-party app developer reported a "data anomaly" on Dec. 4. It's unclear when the service, which allows Medicare beneficiaries to share their claims data with third-party apps, will be restored, the agency shared in a blog post this week.

"Access to BB2.0 remains closed while we conduct a full review. Restoration of service is pending resolution of the issue," the CMS wrote.

Earlier this year, the CMS said more than two dozen organizations had launched Blue Button 2.0 apps for Medicare beneficiaries to download, such as programs to help users organize their medication lists.


The bug—a coding error that was added last year—may have inadvertently shared some beneficiaries' protected health information with an incorrect user or to an incorrect Blue Button 2.0 app.

"The technical issue is contained to less than 10,000 Blue Button authorized users and 30 authorized apps," a CMS spokesperson wrote in an emailed statement.

The CMS said it will notify affected beneficiaries and app developers about the issue in the coming weeks.

The CMS linked the privacy issue to Blue Button 2.0's process for identifying beneficiaries.

An identity management system assigns beneficiaries randomly generated user IDs to connect claims data to the correct third-party app. However, the Blue Button 2.0 tool was truncating user IDs to be shorter in length, which made them "not sufficiently random to uniquely identify a single user, " according to the CMS' blog post, leading the same shorted user IDs being assigned to multiple people.

That means any data exposure from the bug was contained to Blue Button 2.0 beneficiaries and developers, and does not involve intrusions by outside entities, according to the CMS.

"This issue only impacts BB2.0, not Plan Finder, Medicare.gov, or any other system," the CMS wrote. "We have not detected any intrusion by unauthorized users and system integrity has not been compromised by any external source."

News of the bug comes as the CMS and HHS' Office of the National Coordinator for Health Information Technology are working to finalize their companion interoperability proposals. The rules would require healthcare providers and insurers to allow patients to request their health data via APIs and third-party apps, raising privacy concerns among some provider groups.

 

[somarco]

CMS has temporarily shut down access to its Blue Button 2.0 data-sharing tool after discovering a bug that may have exposed some beneficiary information.

Shocked!

Apps are notoriously suspect and easy prey for hackers. With 30 or so companies developing interface apps that work with the Blue Button tool is it any wonder they have a problem?

CMS Hall of Shame

healthcare.gov
Medicare Plan Finder 2.0
Blue Button

Since PF2 uses the same login credentials as MyMedicare, how long before that database is breached?