DMHC, Blue Shield Announce Data Breach Affecting 18K Calif. Doctors
The Social Security numbers of about 18,000 California physicians were accidentally released with other data by Blue Shield of California and the state Department of Managed Health Care, Medical Daily reports (Wolford, Medical Daily, 7/9).
Details of Incident
The incident occurred after Blue Shield of California included doctors' Social Security numbers in required monthly filings to the state Department of Managed Health Care. The filings also included doctors':
- Business addresses;
- Business phone numbers;
- Medical group names;
- Names; and
- Practice areas.
Those records then were available to the public under the state's public records law. DMHC distributed the filings in response to 10 public records requests without removing the doctors' Social Security numbers (Williams, Computerworld, 7/7). The requests were from other insurers, the insurers' attorneys and two members of the media (Jayanthi, "Hospital CIO," Becker's Hospital Review, 7/9).
Blue Shield, DMHC Response
In a letter to affected doctors, Sarah Ream with DMHC wrote, "As a result of this incident, the DMHC and Blue Shield have instituted additional protections to safeguard against future inadvertent disclosure of confidential personal information."
Ream said there is no evidence that the data have been used for identity theft, but the agency is offering a no-cost subscription to a fraud-alert service. In addition, DMHC is implementing software to scan files for private data and issuing reminders to insurers about not including Social Security numbers in monthly filings (Medical Daily, 7/9).
According to Computerworld, DMHC also is contacting the entities that requested the public files and asking that they destroy the CD's data in exchange for a new CD that does not include the Social Security numbers (Computerworld, 7/7).
Meanwhile, Blue Shield is revising its policies for preparing and submitting the monthly filings to DMHC, according to Ream's letter (Medical Daily, 7/9). Sean Barry, a Blue Shield spokesperson, said the insurer also is offering affected providers one year of no-cost credit monitoring (Computerworld, 7/7).This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.