Another example of a lost laptop storing sensitive information:
A file containing identifying information for every physician in the country contracted with a Blues-affiliated insurance plan was on a laptop computer stolen from a BlueCross BlueShield Assn. employee. It is not yet known whether any identity theft has resulted from the data breach.
The file included the name, address, tax identification number and national provider identifier number for about 850,000 doctors, Jeff Smokler, spokesman for the Chicago-based Blues association, said Oct. 6. That number represents every physician who is part of the BlueCard network, which allows Blues members to access networks in other states, Smokler said.
Some 16% to 22% of those physicians listed — as many as 187,000 — used their Social Security numbers as a tax ID or NPI number, Smokler said.
The association updates its file of BlueCard network physicians weekly, Smokler said. An unidentified employee downloaded the unencrypted file onto his personal computer to work on it at home, a practice that is against company policy, he said.
“We are re-evaluating that protocol and how we prevent this from happening again,” Smokler said.
This is why we’ve required and checked that our EMR software doesn’t store any PHI on our computers. It’s all stored on the server.