A laptop computer that held a file containing information on every physician in the country contracted with a BlueCross BlueShield-affiliated insurance plan was stolen out of a BCBS employee’s car Aug. 27, creating a possible data breach concern.

The file contained names, addresses, tax identification numbers and national provider identifier (NPI) numbers for about 850,000 physicians, said Jeff Smokler, spokesman for the Chicago-based Blues assn.

Some 16-22 percent (about 187,000) of those physicians used their Social Security numbers as a tax ID or NPI number, Smokler said.

Breach Notification Requirements

BCBS notified its affiliates about the possible breach a week after the theft occured, and put them in charge of notifying network physicians. It took the 39 member plans over a month to start notifying physicians of the incident “because of the way we’re set up,” Smokler said.

As of mid-October, some physicians still had not received letters about the data breach, Smokler said. Doctors whose Social Security numbers were not included in the data might not be informed at all.

The new HIPAA privacy breach notification regulation enacted in August does not apply here because personal health information (PHI) was not contained in the file.

Unlike with patient data, there are no state and federal laws that require physicians to be told in a specified number of days of a data breach involving their personal information, according to American Medical News.

Read the complete story (Berry, Oct. 19) on amednews.com.

4 Responses to “Nearly 1M Doctors Affected by BCBS Data Breach”

1. Alex Cielo Says:
   October 21st, 2009 at 5:48 pm

   Something is wrong with this picture! Why do people leave a laptop or any valuable object in their car? A company owned lap top with information like this is left in a car? Careless, dumb, inexcusable are only a few words I can think of to describe this type of behavior. Vandals break into cars for NO reason, so why trust they won’t break into your car and put thousands of people at risk by leaving a lap top in the car? Even if the lap top had no information in it that’s still very careless. I don’t get it. Does such behavior get disciplined in any way? I would expect and agree with severe punishment if I did anything like this.

2. Jo Burt, CPC Says:
   October 22nd, 2009 at 7:27 am

   I agree with Mr. Cielo, a severe punishment is in order. Regardless of the computer not containing patient PHI, our physicians should have their Personal information protected as well, and a careless employee who is allowed to remove a company laptop loaded with valuable information and have a total disregard for its welfare should be dealt with by removing them from their position.

3. Elsa, CPC Says:
   October 22nd, 2009 at 7:39 am

   Our practice has yet to be informed of the breach. How ridiculous and incredibly irresponsible for an emplyee to leave such sensitive information unattended. I was just thinking; what if the thief had half an idea of what they had in their hands? For lack of a better word…OMG!

4. F.Glover-Bell Says:
   October 29th, 2009 at 9:31 am

   This is just another example of how people don’t think beyond this moment. There should be no reason in this day and time for anyone to leave anything that can be seen visably in your car and especially this sensitive. WOULD THE PERSON HAD LEFT THEIR SOCIAL SECURITY NUMBER IN NEON LIGHTS ON THEIR WINDSHIELD FOR THE WORLD TO SEE? I’m sure this is how some the providers may have felt or still are feeling, “THEIR LIFE IS ON DISPLAY”

Add a Comment

Name (required)

Email Address (will not be published) (required)

Attention: AAPC does not regularly monitor comments posted here. For customer service issues, contact us. In addition, we recommend posting your questions to the AAPC forums.

CAPTCHA Code *