CMA Says AMA MasterFile, Digital ID System Vulnerable to Hackers
The California Medical Association is raising concerns about the American Medical Association's MasterFile, a nationwide physician database, and its digital identification program, "charg[ing]" that both systems are "open to hacking and unauthorized changes over the Internet," the Chicago Sun-Times reports. Physicians are "at risk for identity theft," and unauthorized users could gain access to physicians' personal and financial information, as well as patient records, according to the CMA. Dr. Jack Lewin, CEO of the CMA, said, "The real crux of the issue is that in the AMA's quest for non-dues income, it lacks the sophistication of what it is doing with respect to the MasterFile and its digital identity program." He added that CMA members are "disturbed" that the AMA sells nonmember and member physicians' information, including telephone numbers, addresses and Social Security numbers, to other organizations. Due to the concerns, the CMA is proposing a number of resolutions, which will be discussed at the AMA's annual meeting starting on Sunday. The resolutions include:
- giving doctors the right to be left out of the database;
- obtaining written authorization to collect, maintain and distribute physicians' Social Security numbers;
- licensing the list "only for uses from which improper or inaccurate identity of the physician will not cause the physician any economic loss, personal hardship or risk of identity theft."
Although the AMA has a policy not to comment on pending resolutions, the association "defended the integrity" of its systems. Dr. Thomas Sullivan, chair of the AMA's Online Oversight Panel, "dismiss[ed]" the resolutions as "unjustified attacks on the AMA's legitimate use of its MasterFile." He "argued" that the CMA's "true agenda" was to promote its competing digital identity system. The CMA is the "majority investor" in the MEDePass digital ID program, which generates digital certificates that allow physicians to access patient information, make insurance claims and obtain products online. The AMA offers a digital identity program through VeriSign Inc. Sullivan said, "This is a sad, potentially harmful internecine battle. Each association should be able to do what is best for its members. There's no reason we can't co-exist in a professional manner." Robert Musacchio, an AMA senior vice president in charge of Internet and database operations, said that MasterFile is secure, calling it the industry's "gold standard" for verifying physicians' identities. The Sun-Times reports that CMA and AMA agree that the digital ID market is "big enough" for both groups. Musacchio added, "There is not one solution. This is a good old-fashioned case of competition. The market will determine who the winner is" (Wolinsky, Chicago Sun-Times, 6/14).This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.