AMA House of Delegates

AMA meeting: Better data protection needed from Blues

■ New AMA policy says the national insurer needs to expand its offer of credit protection for doctors whose information was on a stolen laptop.

By Damon Adams — Posted Nov. 23, 2009

Houston -- The BlueCross BlueShield Assn. should expand credit protection and increase identity theft insurance to physicians affected when a laptop computer containing doctors' personal information was stolen from an employee's car, according to policy adopted by the American Medical Association House of Delegates.

The new policy calls for the Blues association to offer at least five years of credit protection for all affected physicians, offer more than one company for protection, raise the amount of ID theft insurance and publicly report confirmed cases of identity theft.

The national Blues plan also should provide affected physicians easy access to credit-monitoring reports without cost, and give legal protection and indemnification to doctors for any losses resulting from the breach.

"It's really unconscionable that you could be so negligent in handling someone's data," said Michael Simon, MD, a Poughkeepsie, N.Y., anesthesiologist and alternate delegate for the American Society of Anesthesiologists, who spoke on his own behalf in committee testimony.

Dr. Simon and other delegates said the measures are necessary to protect physicians from thieves. "They can now set up a practice using your name and number on paper and send out bills," Dr. Simon said.

A file containing unencrypted, identifying information for every physician nationwide who contracts with a BlueCross BlueShield-affiliated insurance plan was on the stolen employee-owned computer.

The Blues association told affiliated plans one week after the Aug. 25 theft. But the 39 member plans did not start informing the affected 850,000 doctors until October. Connecticut Attorney General Richard Blumenthal is investigating the data breach and whether the delay in notifying physicians violated state law. In a statement Nov. 9, Blumenthal also said affected physicians should get at least two years of credit monitoring and protection.

The Blues said it would provide a free year of credit monitoring only for those doctors listed in the file whose Social Security number is also their National Provider Identifier or tax identification number.

Blues spokesman Jeff Smokler said the association is working with the AMA to address physicians' concerns. It has contacted the Centers for Medicare & Medicaid Services to ensure that the agency knows which physician IDs have been compromised in case fraudulent billing is suspected. After the laptop was reported stolen, he said, the delay in getting the word to doctors was a result of "the way we're set up."

"We regret that this unfortunate and rare occurrence took place, and we are working to rectify the situation as swiftly and responsibly as possible," Smokler said. "We take very seriously our commitment to our provider partners and are committed to working with the AMA to protect physicians' information and to prevent such a security breach from happening again."

The new AMA policy also says insurers should store personal information about physicians and other health care professionals electronically only in encrypted form to reduce the chance of a data security breach. If a breach occurs, insurers should notify physicians immediately.

The AMA will study the problems of such breaches and report back at its Annual Meeting in June 2010.

ADDITIONAL INFORMATION

Meeting notes: Other actions

Issue: Courts may judge physicians in medical liability cases by developing new standards based on clinical and practice guidelines, risk management, utilization review and other cost-containment efforts -- especially if congressional health reform legislation does not contain language counterbalancing such arguments. Such federal legislation also could preempt effective state liability reforms.

Proposed action: Advocate for legislative language protecting both existing effective state medical liability reform programs and states' ability to enact such reforms. Lobby for legislation to establish a noneconomic damage cap of $250,000 or lower. [Adopted]

Issue: The potential savings to the health system from national medical liability reform legislation is not known.

Proposed action: Contract with an independent, third-party organization to estimate the impact national tort reform legislation would have on the system, with an update every 10 years. [Adopted]

Issue: The Medicare Modernization Act of 2003 authorized federal payments to states for emergency care for undocumented immigrants. But this support will end in May 2010.

Proposed action: Support congressional legislation to extend federal support for such emergency care. [Adopted]

Issue: Physicians who issue only paper prescriptions for patients in Medicare Part D will face pay cuts starting in 2012, but the U.S. Drug Enforcement Administration still requires prescriptions for many controlled substances to be written on paper. The DEA issued a proposed rule in June 2008 that would establish standards for electronic ordering of such drugs, but the rule has not been finalized.

Proposed action: Report the AMA's progress in advocating for electronic prescribing of controlled substances and on DEA efforts to issue reasonable requirements for electronic prescribers. [Adopted]

Issue: Forty state medical boards ask about physicians' history of mental illness, potentially discouraging doctors from seeking appropriate treatment for psychiatric disorders.

Proposed action: Work with the Federation of State Medical Boards and others to develop less discriminatory application language that is consistent with boards' mission to protect public health. [Adopted]

Issue: Cosmetics makers are not required to disclose the ingredients in their products, and there is no legally required testing to make sure they are safe.

Proposed action: Support pending legislation that would require ingredient disclosure, adverse-event reporting and good manufacturing practices. [Referred]