Nearly 1M Doctors Affected by BCBS Data Breach
A laptop computer that held a file containing information on every physician in the country contracted with a BlueCross BlueShield-affiliated insurance plan was stolen out of a BCBS employee’s car Aug. 27, creating a possible data breach concern.
The file contained names, addresses, tax identification numbers and national provider identifier (NPI) numbers for about 850,000 physicians, said Jeff Smokler, spokesman for the Chicago-based Blues assn.
Some 16-22 percent (about 187,000) of those physicians used their Social Security numbers as a tax ID or NPI number, Smokler said.
Breach Notification Requirements
BCBS notified its affiliates about the possible breach a week after the theft occured, and put them in charge of notifying network physicians. It took the 39 member plans over a month to start notifying physicians of the incident “because of the way we’re set up,” Smokler said.
As of mid-October, some physicians still had not received letters about the data breach, Smokler said. Doctors whose Social Security numbers were not included in the data might not be informed at all.
The new HIPAA privacy breach notification regulation enacted in August does not apply here because personal health information (PHI) was not contained in the file.
Unlike with patient data, there are no state and federal laws that require physicians to be told in a specified number of days of a data breach involving their personal information, according to American Medical News.
Read the complete story (Berry, Oct. 19) on amednews.com.