BC/BS Laptop Loss May Compromise Personal Physician Data
The AMA has informed the physician community that a file containing identifying information for every physician in the country contracted with a Blues-affiliated insurance plan was on a laptop computer stolen from a BlueCross/BlueShield Association employee. It is not yet known whether any identity theft has resulted from the data breach.
The file included the name, address, tax identification number and national provider identifier number for about 850,000 doctors. Some 16% to 22% of those physicians listed -- as many as 187,000 -- used their Social Security numbers as a tax ID or NPI number.
The AMA has met with BlueCross/BlueShield Association to express their concerns and learn what steps are being taken to protect physicians in the wake of this information breech.
Based on information provided by BlueCross/BlueShield Association, the AMA posted the following message to physicians.
Subject: Blue Cross and Blue Shield Association Data Breach Alert From: AMA President J. James Rohack, MD
You may have heard reports about a data breach at the Blue Cross and Blue Shield Association (BCBSA) involving provider identifiers. We are working with BCBSA to recommend steps that it can take to help mitigate the risk of identify theft resulting from this data breach.
The breach involved a data set containing names, addresses, taxpayer ID numbers, and NPI numbers of physicians and other health care professionals. The data is used in performing internal matching analyses to compare BCBS provider networks to the networks of other health plans for employer groups. Since some practitioners use their Social Security number as their taxpayer ID number, BCBSA is taking steps to protect these physicians.
It is important to understand that the identifying information was not the intended target of the theft. The data set was stored on a laptop that was stolen from a car, which was one of several cars in the immediate vicinity that were vandalized. There is no reason to believe that the thief intends to use the data to commit identity theft. However, as a precaution, BCBSA is offering credit monitoring services to those providers whose Social Security number was exposed.
Local BCBS Plans in each area are in the process of sending out notifications to affected physicians. If you receive a letter from your local BCBS Plan offering credit monitoring services, we encourage you to take advantage of those services that BCBSA is providing through Experian.
Utilizing these services will help BCBSA monitor trends to see if identity theft may be occurring as a result of the breach and could help locate the source of any such identity theft. If you have not been notified directly or if the letter you receive does not include the offer of such services, then it was determined that your Social Security number was not exposed.
We also encourage all physicians to be vigilant in protecting themselves from those who may try to use their identity as a physician to submit fraudulent prescriptions or fraudulent claims. If you receive any suspicious calls or reports erroneously suggesting that you have ordered or prescribed certain goods or services, you should follow up promptly, and notify your local BCBS plan immediately if you confirm that your identity has indeed been stolen.
If you have questions about the data breach, please contact your local BCBS Plan at their regular customer service number. AMA staff will continue to be in contact with BCBSA and will provide further information as it becomes available.
---
James McNally, CPC
Health Care Consultant Services