July 14, 2014
Area(s) of Interest: Public Payors Patient Privacy
The Department of Managed Health Care (DMHC) has notified physicians of a data breach that disclosed the social security numbers as well as names, business addresses, telephone numbers, medical groups and practice areas of over 18,000 physicians who contract with Blue Shield of California for their Covered California/mirror product.
DMHC discovered that Blue Shield of California had inadvertently included physician social security numbers in public provider rosters provided to DMHC. These rosters are generally public documents and subject to disclosure under the Public Record Act (PRA). As a result, DMHC produced the rosters, including the social security numbers, in response to 10 PRA requests made to DMHC between March 2013 and April 2014.
DMHC and Blue Shield have instituted additional protections to prevent any future disclosures of confidential physician personal information and recommend that physicians place fraud alerts on their credit files. Blue Shield is also offering affected physicians one-year of credit monitoring services though Experian's ProtectMyID Alert. Affected physicians are encouraged to take advantage of the free credit monitoring services offered by Blue Shield.
DMHC's data breach notification letter which includes contact information for three nationwide credit reporting agencies can be found here.
Physicians who received the letter and have questions or those who did not receive a letter but are concerned they were affected can contact Blue Shield at (877) 853-1707.
For more information on how to protect yourself from identity theft, see CMA On-Call document #1104, "Who's Got Your Number: How Physicians Become The Victims." This document, as well as the rest of the California Medical Association's online health law library, is available free to members in CMA's online resource library. Nonmembers can purchase documents for $2 per page.
Contact: CMA's reimbursement helpline, (888) 401-5911 or firstname.lastname@example.org.