Wednesday, October 7, 2009

850,000 doctors' personal data stolen

It’s usually patients’ information practices and companies work hard to protect and that you hear about being stolen. This time it’s doctors’ personal data.

A file containing identifying information for every doc in the country contracted with a Blues-affiliated insurance plan was on a laptop stolen from a BlueCross BlueShield employee, according to American Medical News. The computer contained information on about 850,000 doctors -- and all of the data were unencrypted.
Read more
Names, addresses, tax ID numbers, and national provider identifier numbers for about 850,000 physicians were on the computer. And as many as 187,000 used their Social Security number as a tax ID or NPI number.

Apparently a company employee downloaded the unencrypted data — did I mention it was unencrypted? — onto his personal computer to work on it from home, which officials said was a big company no-no.

It’s not clear yet whether there has been any identity theft from the data.
It kind of makes you stop and think for a second whether you are protecting sensitive data on your laptop. It’s a topic next month’s Tech Doctor column addresses. (Sign up for the e-newsletter to receive the column, which goes out on the 15th of each month.)

The more mobile we become, the more our laptops becomes our portable office. But it’s far too easy to obtain sensitive data from a stolen laptop. Think about the spreadsheets and documents that could contain health or personal information on your patients. If that’s the case, perhaps it’s time to look into disk encryption software. As our Tech Doctor will tell you, you can just do a search for disk encryption applications and you will find a range of solutions.

In the meantime, consider some of these tips on from a recent story on computer network security:

1. Install a firewall to restrict outside access to your system.
2. Encrypt e-mails when sending messages to people outside of your network, and establish a Web site for patients to log in to access their personal information.
3. Ask your software vendors what security measures they offer.
4. Establish firm guidelines for employee computer use and stick to them.

1 comment:

  1. Forget the protections! How do I get in on the class action lawsuit against Blue Cross for this intentional, thoughtless disregard for my information????