Apparently, even Medicare struggles with data security and protecting patients’ data, reports suggest. Details: One of the Centers for Medicare & Medicaid Services’ (CMS) third-party associates discovered a “data anomaly” in its Blue Button 2.0 API (BB2.0), an agency blog post states. After looking into the incident, a bug in the BB2.0 codebase was found, and it may have exposed some Medicare beneficiaries’ protected health information (PHI). “BB2.0 was truncating a 128-bit user ID to a 96-bit user ID,” CMS explains. “The 96-bits remaining were not sufficiently random to uniquely identify a single user. This resulted in the same truncated user ID being assigned to different beneficiaries.” CMS continues, “Because BB2.0 was truncating the user ID provided by the identity management system, some beneficiaries with the same truncated ID were passed data pertaining to other users via BB2.0.” Though the technical issue impacted less than 10,000 individuals and only 30 BB2.0 apps, CMS instituted more in-depth code reviews, testing, and cross team collaboration. After a full review, CMS “corrected the faulty code, implemented additional protections, and is resuming normal operations of the system,” the agency said in a Dec. 27, 2019 update. Find out what apps were impacted at https://bluebutton.cms.gov/blog/bbapi-update.html.